Tag Archives: PHP

Form not submitting with all form fields

Recently we faced an issue of form not submitting with all form fields. Let me describe the issue in details.

In CiviCRM, when creating a new Contact or updating an old one, selected tags were not saving. This was working before but suddenly this issue arose. After thorough investigation we discovered that not all fields of the form was posted or in other words the PHP $_POST variable have not listed all fields. In our Windows machine we got all the fields but in Linux box the issue existed. First we thought the issue might have caused due to the PHP directive “post_max_size”, though it was set to 24M. We tried with updating it to 128M. But the issue was still there.

Then we searched Google and got a clue from http://akrabat.com/php/missing-fields-in-_post/. Our server was using PHP 5.3.22. So, we looked for the “max_input_vars” directive which was new since 5.3.9, it was set to 1000 by default. We increased the number to 2000 and the issue was resolved.

Due to the number of groups in the form, the field number increased to more than 1000. So, PHP was truncating the POST data and at most 1000 fields were returned. That’s why Tags fields were not listed in the $_POST variable.

Share

Security in PHP

PHP Security
PHP Security

PHP is a very flexible language. But sometimes this flexibility creates security flaws because of improper use of it. I had just read an article “Top 7 PHP Security Blunders” by Pax Dickinson. It shows top 7 mistakes or flaws that may break site security.

“Security is a process, not a product, and adopting a sound approach to security during the process of application development will allow you to produce tighter, more robust code.” – Pax Dickinson

In this article the author has shown how PHP application be infected and how to protect it. He has described the followings with reference to different articles:

  • Unvalidated Input Errors
  • Access Control Flaws
  • Session ID Protection
  • Cross Site Scripting (XSS) Flaws
  • SQL Injection Vulnerabilities
  • Error Reporting
  • Data Handling Errors
  • Configuring PHP For Security

I found this article knowledgeable. Hope you will like it. You may read it from here http://www.sitepoint.com/article/php-security-blunders.

I want to conclude with lines from this article…

“…there are many things to be aware of when programming secure PHP applications, though this is true with any language, and any server platform. PHP is no less secure than many other common development languages. The most important thing is to develop a proper security mindset and to know your tools well…”

Share

cPanel: Class for creating email account and mail forwarder

cpanel_logoThis class can be used to create email account and mail forwarders using PHP, without logging to cPanel. It is an extension of script made by www.zubrag.com. You can access the original link from here http://www.zubrag.com/scripts/cpanel-create-email-account.php. And it is also a modified version of the class “cpmail” which was coded by Md. Zakir Hossain (Raju), http://www.rajuru.xenexbd.com. How to configure:

  1. Download the zipped file.
  2. Unzip the file. This file contains the class file and an example file.
  3. Open the class file and change these variables –
    • $currentTheme – Your cPanel theme
    • $userName – Your cPanel user name
    • $password – Your cPanel password
    • $domain – Your cPanel domain
    • $cPanelPort – Your cPanel port [optional]
  4. Include the class in the file where you want to use it.

Example:

// include the class file
include('class.cpmailmanager.php');
 
// create an instanse of the class
$cp = new CPMailManager();
 
// create an email account
$cp->createEmail('sadat', 'sadat123', 10);
 
if($cp->status) //account created successfully
{
     echo 'Mail created successfully';
}
else
{
     echo $cp->message;
}
 
// create mail forwarder
$cp->createForwarder('sadat', 'msh@example.com');
echo '' . $cp->message;
 
// delete mail forwarder
$cp->deleteForwarder('sadat', 'msh@example.com');
echo '' . $cp->message;
 
// delete email account
$cp->deleteEmail('sadat');
echo '' . $cp->message;

Share