Author Archives: navaneeth

Add Toolbar and pager to custom product collection in magento

Posted by on Jun 25, 2016 in General, Magento, Php |
Reply

While handling a magento job, i encountered a situation to implement the toollbar section for a custom product collection. So today we are discussing about how to add Toolbar and pager to custom product collection in magento

Let us assume $_productCollection is an object of custom product collection.

First we need to create a toolbar object as shown below

$toolbar = Mage::getBlockSingleton('catalog/product_list')->getToolbarBlock();

Then Assign product collection to toolbar object

$toolbar->setCollection($_productCollection);

then set pager to toolbar as a child for show with pagination

  $pager = Mage::getSingleton('core/layout')->createBlock('page/html_pager');
 $toolbar->setChild('product_list_toolbar_pager', $pager);
 echo $toolbar->toHtml();

So this is how we can add Toolbar and pager to custom product collection in magento, hope this helps

Magento New Malware Issue

Posted by on Mar 18, 2016 in Magento |
Reply

There has been recent reports on a new malware that appears to capture details from all fields of the checkout process, including the credit card information. Its been done using Database or Admin access to get the details. Magento team do not have the details on how attackers are getting the Admin access, may they are going for weak passwords and some unpatched sites or using admin accounts set up before the site was patched.

Scan your site at magereport.com to check whether the site is at risk for a Credit Card Hijack and also don’t forgot to check you have any unknown Admin users in the site. You need to scan the code for the malware and some may includes onepage|checkout and can be found in two sections:

  • Admin->Configuration->General->Design->HTML Head->Miscellaneous Scripts, or
  • Admin->Configuration->General->Design->Footer-> Miscellaneous HTML

If the site is infected, immediately remove this malware and check you code for any unknown changes and remove any unknown Admin accounts and update all admin passwords to prevent further access to the website

Please check the information provided by Magento in their site for best security practices.

Migrating wordpress to another server

Posted by on Feb 8, 2016 in General, Wordpress |
Reply

For blogger who self-hosts the WordPress blog publishing system on a web hosting server with own registered domain name, sometimes, you may decide to reorganize the blog link URL to make it tidier or to reflect new focus or theme of the blog. If you decide to change the URL or link location of your WordPress blog due to changing of domain name (such as from http://www.old-domain.com/ to http://www.new-domain.com/) or the blog to another directory location (such as from http://www.domain.com/ to http://www.domain.com/blog/), there are some steps that should be done to ensure the proper migration and no breaking links.

The tricky part when moving WordPress blog to another location is that WordPress is using absolute path in URL link instead of relative path in URL link location when stores some parameters in database. Within blog posts’ contents itself, users may also use the old URLs when creating reference backlinks. All these values in the database will need to be changed when WordPress is moved. The following guide will show you which database fields that has references or values related to blog’s URLs that you want to modify. Note that this guide is not about how to move WordPress blog from one server or host to another new hosting service.

Once the blog has been moved (all files copy over in case of moving location or server or new domain name properly propagated across Internet for new domain name), the first thing to change is to tell WordPress the new blog location (wp-config.php should be no changes, and .htaccess file should be also no changes. If for some reason mod_rewrite rules for friendly URLs no longer works, you can always regenerate the .htaccess file via WP Administration’s Update Permalinks page). This value can be changed via WordPress Options page, but if you no longer able to access to old blog URL, you have to modify the value via MySQL database.

In this post we are using  MySQL replace() function to change the urls in the database. To run the query we need to login to the phpmyadmin section using the username and password

We can use the below MySQL query to update the WordPress options with the new url:

UPDATE wp_options SET option_value = replace(option_value, ‘http://www.old-url.com’, ‘http://www.new-url.com’) WHERE option_name = ‘home’ OR option_name = ‘siteurl’;

Now we need to change the guid from the wp_posts table, The URL values are stored as absolute URLs instead of relative URLs and that’s too be changed with the below stated SQL query:

UPDATE wp_posts SET guid = replace(guid, ‘http://www.old-url.com’,’http://www.new-url.com’);

If we have added media’s inside the content area section, they are added with the absolute URLs, So use this query to change the internal links added in the content area

UPDATE wp_posts SET post_content = replace(post_content, ‘http://www.old-url.com’, ‘http://www.new-url.com’);

Now we are done on changing the url and now we need to check on the front-end to make sure that everything works fine

Magento file system ownership and permissions

Posted by on Jan 18, 2016 in General, Magento |
Reply

In this section we are going to discuss on how we can set magento file system ownership and permissions:

  • Why do we set file system permissions
  • Magento File system ownership and permissions

Why do we set file system permissions

Being living in a internet age exploits are a real concern, in-order to prevent malicious exploits we need to take advantage of the file system by setting Magento file system ownership and permissions in a particular way. For more information, see Overview of ownership and permissions.

These are the things needs to keep in mind:

The Magento file system owner:
They must have the full control of all directories and files
This user must be kept as a different user not the web server user and the web server must have the write access to:

  • var
  • app/etc
  • pub

Other than this folders and files web server user must own the files created by Magento Admin or other web-based utilities

So the recommended permissions is as follows:

  • All folders must have permission 770.
    770 permissions give read/write/execute only to the owner and group and no permissions to others
  • All files have  must have permission 660.
    660 permissions give read/write/ only to the owner and group and no permissions to others

File system permissions and ownership

The steps taken to set the permissions and ownership is as follows:

1. Change to the Magento installation directory:

cd /path/to/magento/root

Examples:
Ubuntu: /var/www/magento2
CentOS: /var/www/html/magento2

2. Set ownership:

chown -R : web server user.

Typical examples:CentOS: chown -R :apache .
Ubuntu: chown -R :www-data .

3. Set permissions:

sudo find . -type d -exec chmod 770 {} \; && sudo find . -type f -exec chmod 660 {} \; && sudo chmod u+x bin/magento

Hope this section helps to know about the magento file system ownership and permissions