How to 4 Life

Mysql 5 JOIN

Jun 25

Posted by Eugene Kashperovetsky in PHP/Mysql

It may be the case that your application is old enough to don’t use the queries considered as *standard* nowadays.

For the most instances it’s about the order of tables, which can be corrected by updating the query code.

For example, your query looks like this:

SELECT f.* from forums f ,categories c LEFT JOIN admin m
ON (f.id=m.forum_id) WHERE f.category=c.id

The error you’d receive: unknown column “f.id” on…

To fix it, we need to change the order of table references ie

SELECT f.* from categories c,forums f LEFT JOIN admin m
ON (f.id=m.forum_id) WHERE f.category=c.id

It’s still strongly recommended to review the details at

http://dev.mysql.com/doc/refman/5.0/en/join.html

to understand all differences in JOIN syntax for newer versions of Mysql.

Tags: Mysql 5 Join syntax, Mysql upgrade join syntax

2 Comments

Modify scripts to use on Mysql 5

Jun 25

Posted by Eugene Kashperovetsky in PHP/Mysql

1. Invision Board (IPB)

Error: Unknown column ‘f.id’ in ‘on clause’…

Cause: upgrade of the mysql from v.4.x to 5.x

Fix:

go to

IPB_install_dir / sources /

take a copy of the original file “Boards.php”, save it as Boards.php_original or w/e name you prefer

Modify Boards.php on ~ line 66:

Code

from ibf_forums f,ibf_categories c

change to

from ibf_categories c,ibf_forums f

Save the file and test the IPB again

The files difference is showed below:

diff Boards.php Boards.php_original

======

72c72
< from ibf_categories c,ibf_forums f
—
> FROM ibf_forums f, ibf_categories c

=======

2. Zen Cart, OS Commerce, OSCMax, Creloaded

Error: 1054 – Unknown column ‘p.products_id’ in ‘on clause’

Cause: upgrade of the mysql from v.4.x to 5.x

Fix for OSCmax

File: index.php

Code:

“p.products_id = s.products_id”

replace with

“p2c.products_id = s.products_id “

Fix for Creloaded and Os Commerce

Code:

// Get the category name and description
$category_query = tep_db_query(“select cd.categories_name, cd.categories_heading_title, cd.categories_description, c.categories_image from ” . TABLE_CATEGORIES . ” c, ” . TABLE_CATEGORIES_DESCRIPTION . ” cd where c.categories_id = ‘” . $current_category_id . “‘ and cd.categories_id = ‘” . $current_category_id . “‘ and cd.language_id = ‘” . $languages_id . “‘”);
$category = tep_db_fetch_array($category_query);

// show the products of a specified manufacturer
if (isset($HTTP_GET_VARS['manufacturers_id'])) {
if (isset($HTTP_GET_VARS['filter_id']) && tep_not_null($HTTP_GET_VARS['filter_id'])) {
// We are asked to show only a specific category
$listing_sql = “select ” . $select_column_list . ” p.products_id, p.manufacturers_id, p.products_price, p.products_tax_class_id, IF(s.status, s.specials_new_products_price, NULL) as specials_new_products_price, IF(s.status, s.specials_new_products_price, p.products_price) as final_price from ” . TABLE_PRODUCTS . ” p, ” . TABLE_PRODUCTS_DESCRIPTION . ” pd, ” . TABLE_MANUFACTURERS . ” m, ” . TABLE_PRODUCTS_TO_CATEGORIES . ” p2c left join ” . TABLE_SPECIALS . ” s on p.products_id = s.products_id where p.products_status = ’1′ and p.manufacturers_id = m.manufacturers_id and m.manufacturers_id = ‘” . (int)$HTTP_GET_VARS['manufacturers_id'] . “‘ and p.products_id = p2c.products_id and pd.products_id = p2c.products_id and pd.language_id = ‘” . (int)$languages_id . “‘ and p2c.categories_id = ‘” . (int)$HTTP_GET_VARS['filter_id'] . “‘”;
} else {
// We show them all
$listing_sql = “select ” . $select_column_list . ” p.products_id, p.manufacturers_id, p.products_price, p.products_tax_class_id, IF(s.status, s.specials_new_products_price, NULL) as specials_new_products_price, IF(s.status, s.specials_new_products_price, p.products_price) as final_price from ” . TABLE_PRODUCTS . ” p, ” . TABLE_PRODUCTS_DESCRIPTION . ” pd, ” . TABLE_MANUFACTURERS . ” m left join ” . TABLE_SPECIALS . ” s on p.products_id = s.products_id where p.products_status = ’1′ and pd.products_id = p.products_id and pd.language_id = ‘” . (int)$languages_id . “‘ and p.manufacturers_id = m.manufacturers_id and m.manufacturers_id = ‘” . (int)$HTTP_GET_VARS['manufacturers_id'] . “‘”;
}
} else {
// show the products in a given categorie
if (isset($HTTP_GET_VARS['filter_id']) && tep_not_null($HTTP_GET_VARS['filter_id'])) {
// We are asked to show only specific catgeory
$listing_sql = “select ” . $select_column_list . ” p.products_id, p.manufacturers_id, p.products_price, p.products_tax_class_id, IF(s.status, s.specials_new_products_price, NULL) as specials_new_products_price, IF(s.status, s.specials_new_products_price, p.products_price) as final_price from ” . TABLE_PRODUCTS . ” p, ” . TABLE_PRODUCTS_DESCRIPTION . ” pd, ” . TABLE_MANUFACTURERS . ” m, ” . TABLE_PRODUCTS_TO_CATEGORIES . ” p2c left join ” . TABLE_SPECIALS . ” s on p.products_id = s.products_id where p.products_status = ’1′ and p.manufacturers_id = m.manufacturers_id and m.manufacturers_id = ‘” . (int)$HTTP_GET_VARS['filter_id'] . “‘ and p.products_id = p2c.products_id and pd.products_id = p2c.products_id and pd.language_id = ‘” . (int)$languages_id . “‘ and p2c.categories_id = ‘” . (int)$current_category_id . “‘”;
} else {
// We show them all
$listing_sql = “select ” . $select_column_list . ” p.products_id, p.manufacturers_id, p.products_price, p.products_tax_class_id, IF(s.status, s.specials_new_products_price, NULL) as specials_new_products_price, IF(s.status, s.specials_new_products_price, p.products_price) as final_price from ” . TABLE_PRODUCTS_DESCRIPTION . ” pd, ” . TABLE_PRODUCTS . ” p left join ” . TABLE_MANUFACTURERS . ” m on p.manufacturers_id = m.manufacturers_id, ” . TABLE_PRODUCTS_TO_CATEGORIES . ” p2c left join ” . TABLE_SPECIALS . ” s on p.products_id = s.products_id where p.products_status = ’1′ and p.products_id = p2c.products_id and pd.products_id = p2c.products_id and pd.language_id = ‘” . (int)$languages_id . “‘ and p2c.categories_id = ‘” . (int)$current_category_id . “‘”;
}
}

Rpleace with

// show the products of a specified manufacturer
if (isset($HTTP_GET_VARS['manufacturers_id'])) {
if (isset($HTTP_GET_VARS['filter_id']) && tep_not_null($HTTP_GET_VARS['filter_id'])) {
// We are asked to show only a specific category
$listing_sql = “select ” . $select_column_list . ” p.products_id, p.manufacturers_id, p.products_price, p.products_tax_class_id, IF(s.status, s.specials_new_products_price, NULL) as specials_new_products_price, IF(s.status, s.specials_new_products_price, p.products_price) as final_price from (” . TABLE_PRODUCTS . ” p, ” . TABLE_PRODUCTS_DESCRIPTION . ” pd, ” . TABLE_MANUFACTURERS . ” m, ” . TABLE_PRODUCTS_TO_CATEGORIES . ” p2c ) left join ” . TABLE_SPECIALS . ” s on p.products_id = s.products_id where p.products_status = ’1′ and p.manufacturers_id = m.manufacturers_id and m.manufacturers_id = ‘” . (int)$HTTP_GET_VARS['manufacturers_id'] . “‘ and p.products_id = p2c.products_id and pd.products_id = p2c.products_id and pd.language_id = ‘” . (int)$languages_id . “‘ and p2c.categories_id = ‘” . (int)$HTTP_GET_VARS['filter_id'] . “‘”;
} else {
// We show them all
$listing_sql = “select ” . $select_column_list . ” p.products_id, p.manufacturers_id, p.products_price, p.products_tax_class_id, IF(s.status, s.specials_new_products_price, NULL) as specials_new_products_price, IF(s.status, s.specials_new_products_price, p.products_price) as final_price from (” . TABLE_PRODUCTS . ” p, ” . TABLE_PRODUCTS_DESCRIPTION . ” pd, ” . TABLE_MANUFACTURERS . ” m) left join ” . TABLE_SPECIALS . ” s on p.products_id = s.products_id where p.products_status = ’1′ and pd.products_id = p.products_id and pd.language_id = ‘” . (int)$languages_id . “‘ and p.manufacturers_id = m.manufacturers_id and m.manufacturers_id = ‘” . (int)$HTTP_GET_VARS['manufacturers_id'] . “‘”;
}
} else {
// show the products in a given categorie
if (isset($HTTP_GET_VARS['filter_id']) && tep_not_null($HTTP_GET_VARS['filter_id'])) {
// We are asked to show only specific catgeory
$listing_sql = “select ” . $select_column_list . ” p.products_id, p.manufacturers_id, p.products_price, p.products_tax_class_id, IF(s.status, s.specials_new_products_price, NULL) as specials_new_products_price, IF(s.status, s.specials_new_products_price, p.products_price) as final_price from (” . TABLE_PRODUCTS . ” p, ” . TABLE_PRODUCTS_DESCRIPTION . ” pd, ” . TABLE_MANUFACTURERS . ” m, ” . TABLE_PRODUCTS_TO_CATEGORIES . ” p2c) left join ” . TABLE_SPECIALS . ” s on p.products_id = s.products_id where p.products_status = ’1′ and p.manufacturers_id = m.manufacturers_id and m.manufacturers_id = ‘” . (int)$HTTP_GET_VARS['filter_id'] . “‘ and p.products_id = p2c.products_id and pd.products_id = p2c.products_id and pd.language_id = ‘” . (int)$languages_id . “‘ and p2c.categories_id = ‘” . (int)$current_category_id . “‘”;
} else {
// We show them all
$listing_sql = “select ” . $select_column_list . ” p.products_id, p.manufacturers_id, p.products_price, p.products_tax_class_id, IF(s.status, s.specials_new_products_price, NULL) as specials_new_products_price, IF(s.status, s.specials_new_products_price, p.products_price) as final_price from ((” . TABLE_PRODUCTS_DESCRIPTION . ” pd, ” . TABLE_PRODUCTS . ” p) left join ” . TABLE_MANUFACTURERS . ” m on p.manufacturers_id = m.manufacturers_id, ” . TABLE_PRODUCTS_TO_CATEGORIES . ” p2c) left join ” . TABLE_SPECIALS . ” s on p.products_id = s.products_id where p.products_status = ’1′ and p.products_id = p2c.products_id and pd.products_id = p2c.products_id and pd.language_id = ‘” . (int)$languages_id . “‘ and p2c.categories_id = ‘” . (int)$current_category_id . “‘”;
}
}

Tags: mysql upgrade php scripts modify version OScommerce ZenCart IPB Creloaded

No Comments

CDO – sample script with SMTP authentication enabled

Feb 5

Posted by Eugene Kashperovetsky in Htaccess

Due to the fact CDONTS technology is deprecated on win2k3 servers, it’s been brought to my attention the users are looking for the sample codes of asp scripts with CDO involved. Here’s the one you might use to authenticate on the server and process the emails from your contact forms:

=====================

<%
‘Dimension variables
Dim objCDOSYSCon

‘Create the e-mail server object
Set objCDOSYSMail = Server.CreateObject(“CDO.Message”)
Set objCDOSYSCon = Server.CreateObject (“CDO.Configuration”)

‘Out going SMTP server
objCDOSYSCon.Fields(“http://schemas.microsoft.com/cdo/configuration/smtpserver”) = “localhost”
‘SMTP port
objCDOSYSCon.Fields(“http://schemas.microsoft.com/cdo/configuration/smtpserverport”) = 25
‘CDO Port
objCDOSYSCon.Fields(“http://schemas.microsoft.com/cdo/configuration/sendusing”) = 2
‘Timeout
objCDOSYSCon.Fields(“http://schemas.microsoft.com/cdo/configuration/smtpconnectiontimeout”) = 60

objCDOSYSCon.Fields.Update

‘Update the CDOSYS Configuration
Set objCDOSYSMail.Configuration = objCDOSYSCon

objCDOSYSMail.From = ”
from@anydomain.com This e-mail address is being protected from spambots. You need JavaScript enabled to view it
”
objCDOSYSMail.To = ”
to1@anydomain.com This e-mail address is being protected from spambots. You need JavaScript enabled to view it
,
to2@anydomain.net This e-mail address is being protected from spambots. You need JavaScript enabled to view it
”
objCDOSYSMail.Subject = “Testing CDOSYS Mail Component”
objCDOSYSMail.HTMLBody = “Test mail from support”
objCDOSYSMail.Send

‘Close the server mail object
Set objCDOSYSMail = Nothing
Set objCDOSYSCon = Nothing
%>
===============

Tags: CDO ASP script formmail send email

2 Comments

WildCard subdomains

Dec 3

Posted by Eugene Kashperovetsky in Htaccess

The brief explanation:

If you desire to be able to reach the content of

http://www.yourdomain.com

by browsing

*.yourdomain.com

dsfhgsdff.yourdomain.com

wwwwldmdm.yourdomain.com

will load exactly the same content

Solution:

1) If it’s cPanel based host, simply add the subdomain through cPanel control panel, use “*” instead of the subdomain name

2) You can add the wildcard entries manually to both, web server config and DNS zone of the domain. The description below applied to Apache+Bind type of web/dns services, although the idea is the same for IIS/MSDNS.

a) Considering your’re hosted on the server you have no access to, please request your host the following modifications to be done to httpd.conf /dns file

Apache config:

In <VirtualHost> container for the domain you’re applying the wildcard to, add the following entry:

=====

ServerAlias *.yourdomainforwildcard.tld

=====

DNS zone:

=====

* 14400 IN CNAME *.yourdomainforwildcard.tld.

=====

Please note “.” (dot) after “tld”, it’s important

That’s it, if it’s applied correctly, you should be able to browse the website using the links like the ones above once the DNS changes are propagated over Internet

Tags: wildcard subdomains how to

6 Comments

mod_rewrite

Nov 24

Posted by Eugene Kashperovetsky in Htaccess

All examples are supposed to be put inside .htaccess file of the website to be applied.

Please be aware, more complex rules require additional testing.
Don’t use all samples at once unless you’re sure it’s fine.

1. In case you want to redirect visitors of your website to another page/folder/subfolder on the same website:

RewriteEngine on

RewriteCond %{HTTP_HOST} ^yourdomainishere.com$ [OR]

RewriteCond %{HTTP_HOST} ^www.yourdomainishere.com$

RewriteCond %{REQUEST_URI} !^/somefolder
RewriteRule ^(.*)$ http://yourdomainishere/somefolder/ [R=301]

where “yourdomainishere.com” – your own domain name you wish to redirect users for
“somefolder” – a folder/page, which exists on the website “yourdomainishere.com”

The brief explanation:

whenever a visitor types yourdomainishere.com in the browser address bar and hits “enter”,
webserver redirects such requests to http://yourdomainishere/somefolder/

2. In case you want all visitors to be redirected from “yourdomainishere.com” to “www.yourdomainishere.com”:

RewriteEngine on
RewriteCond %{HTTP_HOST} ^ yourdomainishere.com$
RewriteRule ^(.*) http://www.yourdomainishere.com%{REQUEST_URI} [R=301]

The same scheme as in the example #1

3. For some types of the websites, especially those that use e-commerce software, would be helpful to
redirect visitors to a secure port, so all payment details are encrypted

It can be done with the redirect below:

RewriteEngine On
RewriteCond %{SERVER_PORT} !=443
RewriteRule ^ https://yourdomainishere.com%{REQUEST_URI} [NS,R,L]

The brief explanation:

insecure connection uses the port 80,
the secure one is supposed to be on the port 443 (by default). The rule above checks whether your visitor uses secure connection or not by verifying the port number
If it’s an insecure one – the client is redirected to https://yourdomainishere.com/

4. In case your host doesn’t allow to change DocumentRoot for the website to get the files loaded from another folder whenever users visit your website, mod_rewrite helps there too

For example: we have a website http://yourdomainishere.com/, which loads all files from

your public_html directory of the account, but you want it to load the files from public_html/folder/ without adress bar link chnaged

ie http://yourdomainishere.com/folder/ doesn’t supply your needs, but http://yourdomainishere.com/ loads files from “folder”

Here’s the mod_rewrite rule you can use in .htaccess file:

RewriteEngine on
RewriteBase /
RewriteRule ^$ /folder/ [L]

It tells webserver to dynamically change basedir of the website to “folder”

5. Wildcard subdomains

The following mod_rewrite sample is to show how you can retrieve the pattern of the queried URL and use it to determine the document root of the host. It’s useful when you use so called “wildcard subdomains”.

RewriteEngine On
RewriteCond %{HTTP_HOST} .
RewriteCond %{HTTP_HOST} !^www\. [NC]
RewriteCond %{HTTP_HOST} ^([^.]+)\.example\.com(:80)?$
RewriteCond %{REQUEST_URI} !^/%1/
RewriteRule (.*) /%1/$1 [L]

The first two Cond rules are in place to make sure the URL doesn’t contain www or empty.

The third Cond is set to retrieve the subdomain part of the URL for the future use, by discarding the port number, if present..

The 4th Cond is to make sure we’re not already in the folder we’re going to be redirecting to, that prevents the loop of the redirection.s.

And finally – the actual rewrite rule to change the location of the document root to the pattern retrieved as “([^.]+)“.

Tags: mod rewrite mod_rewrite samples code .htaccess

No Comments

How to point your domain to another IP only for local users

Oct 2

Posted by Eugene Kashperovetsky in Htaccess

Introduction:

Sometimes you don’t want to repoint your domain to the new server until it’s fully functional.
However some software may require a fully functional domain to show the actual styles, themes etc

“Hosts” file solution

For those who wants to check it before the nameservers are switched. You can have your machine read website from the new server.

It can be done by editing the local hosts file (on your workstation, not on the server LoL ).

If you run Linux/Unix/FreeBSD on your workstation/computer you test the website from:

The usual location: /etc/hosts

Just add an entry like this one:

192.168.1.1 yourdomainishere.com

where
“192.168.1.1″ – the IP address of your new server (should be replaced)
“yourdomainishere.com” – your domain name which needs to be pointed to the new IP only for the local users

If you run Windows on your computer:
The usual location of “hosts” file is

c:\Windows\system32\drivers\etc\hosts

Just add an entry like this one:

192.168.1.1 yourdomainishere.com

where
“192.168.1.1″ – the IP address of your new server (should be replaced)
“yourdomainishere.com” – your domain name which needs to be pointed to the new IP only for the local users
As the result you get the domain pointed to the new server/IP only for you,
while your website visitors’re going to the real website

Tags: point domain to another IP how to

1 Comment

How to disable mod_security for a single account

Sep 28

Posted by Eugene Kashperovetsky in Htaccess

Introduction:

Having Mod_security enabled for servers prevents commonly used methods to hack websites. Common examples are: outdated software, unpatched and so on.

Symptoms:

If you are receiving access denied message with error code 403 when you check the error logs for any account, it means mod_security rules are triggered.

Please note, disabling mod_security decreases the lvel of security of your website, use at your own risk (recommended only for the applications that’re known as secure/patched ones)

Minor issues:

It’s applied for the entire server, so all websites are affected, even if there’s a secure software which doesn’t require security restrictions.

Fix :
You can disable the mod_security for that account by adding a simple code in its .htaccess
==================
SecFilterEngine Off

SecFilterScanPOST Off
==========================

Update:

If your webhost runs Apache 2.X, the .htaccess rules for mod_security engine aren’t supported there.

The workaround:

ask your WebHost support to add

===

SecRuleEngine Off

===

to your domain Virtual Host

Tags: disable mod_security mod security

3 Comments

Hotlink Protection

Aug 31

Posted by Eugene Kashperovetsky in Htaccess

If someone steals your images by linking them from 3thd-party website, you waste your bandwidth and get no positive results at the end

Apache provides an ability to protect your images through .htaccess file and mod_rewrite rules

Just add the following code to the end of your .htaccess file:

RewriteEngine on
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^http://(www.)?yourdomainishere.com/.*$ [NC]
RewriteRule .(gif|jpg)$ – [F]

where “yourdomainishere.com” – your own domain name you wish to be protected

As the result, stole images linked to another website will appear as broken and still functioning on your website

Tags: hotlink protection images stealing

No Comments

SSI override

Aug 31

Posted by Eugene Kashperovetsky in Htaccess

If you want to configure SSI includes to be parsed for the .html files(only .shtml files handled that way by deafult), you need to add the following strings to your .htaccess file

AddType text/html .html
AddHandler server-parsed .html

If you want both .html and .htm documents to parse SSI, modify .htaccess file with the rules below:

AddType text/html .html

AddHandler server-parsed .html

AddHandler server-parsed .htm

Tags: SSI override htm shtml ApacheHandler

1 Comment

PHPSuExec – make the scripts compatible

Aug 29

Posted by Eugene Kashperovetsky in Htaccess

The brief explanation:

Whenever a server is configured without PhpSuExec enabled, the following issues occur:

1. php runs as the user nobody and it doesn’t require the execute flag to be enabled.

Result: every user will be able to read your php files because everyone is virtually sharing the same username (nobody). Although open_basedir prevents the most attempts to read private data

2. PHP Files are not meant to be read, but parsed, and that is where the problem resides.

PHP Files have to be parsed, otherwise everyone who is able to read your php file will see settings that you would probably want to keep private, such as your MySQL username and password.

Shortly phpsuexec makes the website as secure as it’s possible:

1. It requires the valid owner (your cPanel username) to be the actual owner of the file.
2. Prevents any scripts with insecure permissions to be executed (error 500 is returned instead of the script executed)

3. It fixes the issues with the files ownership – the common issue with CMS software like Joomla or Mambo (all files created through CMS software become with the correct owner – your cPanel username)
4. Additionally you can make your files more secure. Even if you set files permissions to 600 – the visitors are still able to browse them (the same thing with 700 permissions for the folders)

If you get Internal Server errors (500) when you try to browse your website, usually it’s caused by

1. Insecure permissions for the files/folders

Fix: make sure they’re all set to 755 or 644 (folders/files accordingly)

2. PHP directives are still presented in the .htaccess file (php_flag or similar)

Fix: create your own php.ini file under the folder in question and put your php flags into it

For example, “php_flag register_globals On” from .htaccess file goes to the php.ini file as

register_globals = On

Please be aware, compared to .htaccess file rules, php.ini variables aren’t applied recursively

3. MimeTypes configured through .htaccess files.

From now on you should use “ApacheHandlers” directives instead of “AddType” to get your files parsed in your own way.

For cPanel users there’s a feature under their control panel, “Apache Handlers”

==============

For those who have mod_rewrite issues with WordPress after phpsuexec integration, please read the threads at

http://boren.nu/archives/2005/03/07/reduced-rewrite-plugin/

That’s an alternative way to get the permalinks implemented

Drupal users may experience errors related to the user_access.

Fix: add the following strings to your php.ini file

session.save_handler = files
session.cache_limiter = nocache

Tags: suPHP phpSuExec upgrade scripts settings make the scripts compatible fix

No Comments

How to 4 Life

How to for htaccess, phpsuexec and other things

Mysql 5 JOIN

Modify scripts to use on Mysql 5

CDO – sample script with SMTP authentication enabled

WildCard subdomains

mod_rewrite

How to point your domain to another IP only for local users

How to disable mod_security for a single account

Hotlink Protection

SSI override

PHPSuExec – make the scripts compatible

Recent Posts

Archives