About Web Development by Activo

In the last few weeks I have been hard at work on a Magento plugin that extends the eCommerce app to become a front end of a POS (point of sale) system. With over 6,000 files Magento can certainly be intimidating at first, but as you get familiar with its architecture you find it less and less intimidating. One main design feature makes it easy to find a class by its class names.

For example, the class Mage_Catalog_Model_Product will be located in the /app/code/core/Mage/Catalog/Model folder and the file name is Product.php. If you ever need to instantiate the class, use Mage::getModel(’catalog/product’).

Another useful tip about the architecture is that most everything is handled in the various session objects and every operation is basically an event that occurs which then calls a certain method within a particular class. Some of these events are dispatched and can be used by Magento’s event/observer architecture but most are not and therefore one needs to override the class instead.

I know this is very vague but will make sense if you are knee deep inside the magento code.

Ron Peled Magento, Web Development, eCommerce Mage_Catalog_Model_Product

Lately I have been noticing high activity of cyberattacks. In fact, a few of our servers got hit and had to be rebuilt. Of course some of these servers were never built with security in mind. We did manage to save all the data and the redo took less than one day total so the end result is great overall with fully patched servers, firewall, email alerts in place, and finally a way to automatically block failed logins. I’ll show you how to setup the last part, it is actually quite easy.

So, I assume you have a CentOS server. I am using CentOS 5.3 fully updated (yum update) and i have the atomicorp repository setup. The atomicorp is not necessary (it seems) but will allow you to use newer versions of PHP and other packages. The package that will do the work is called fail2ban. A simple install seems to take care of it for us:

yum install fail2ban

Lets install the service, in case that we restart the server – the service will automatically start running, I use ntsysv for this:

ntsysv (hit enter, select the service, make sure it has a start inside the brackets, and click 'ok')

Lets start the service:

service fail2ban start

Here is recommend to setup a auto forward on the root emails to you:

echo 'youremail@yourdomain.com' > ~/.forward

You should be all set. Try to check the log files once a week after the install, see if the service actually blocked potential hackers. Let me know if this worked for you or if you are using a better package?

Ron Peled Web Application Hosting CentOS, Linux

Last week I was debugging an xml parsing utility in PHP. Debugging can be enjoyable when it goes well but in my case it just wasn’t happening. It felt like chewing mud. The issue was actually a bug within the libxml library which is a native PHP extension. Apparently it was a bug that was introduced in PHP version 5.2.6 and was addressed in version 5.2.8 or 5.2.9. The bug presented itself when using the xml_parser methods which are built into the PHP. It is the old way of parsing XML with PHP, the new way is using SimpleXML, SimpleXMLElement, or XMLReader objects.

Now, once I read over the documentation I realized how easy it is to use the new SimpleXML. Additionally, I reduced my XML related code size from 100+ lines to less than 20. Fun!

Here is a short example of how to use it, let’s say we have the following XML structure:

<webservers>
 <webserver>
 <hostname>dev1</hostname>
 <purpose>eCommerce LAMP Development</purpose>
 <os>CentOS</os>
 <applications>
 <application isInstalled="1">Apache</application>
 <application isInstalled="1">MySQL</application>
 <application isInstalled="1">PHP</application>
 </applications>
 </webserver>
</webservers>

Now lets observe how to use the SimpleXML class:

//We'll assume that the above xml is represented as a string and located inside $xmlDoc
//Here we create the SimpleXML object named $xml from the xmlDoc shown above
$xml = simplexml_load_string($xmlDoc);

//Now we can loop through the nodes
//Notice how the node translates to a property of the object)
foreach($xml->webservers->webserver as $webserver)
{
  //Here we can use $webserver as a sub-node
  echo "My Web Server Info:\n";
  echo "Hostname: " . $webserver->hostname . "\n";
  echo "Purpose: " . $webserver->purpose . "\n";
  echo "OS: ". $webserver->os . "\n";
  //Now we'll see how we can use the xml node attributes
  foreach($webserver->applications as $application)
  {
    echo "Application: ". $application;
    echo ($application['isInstalled'] == 1 ? " is installed" : " is not installed");
    echo "\n";
  }
}

That is it! easy right? I thought so. At least it is much easier than working directly with the old xml_parser methods which turns to be buggy in recent versions of PHP.

A word of caution: I found it is necessary to join the values of the SimpleXML object to a string, sometimes even to an empty string in case that I am sending it to a function. In other words, i had to use:

myFunction($webserver->hostname."");

instead of simply:

myFunction($webserver->hostname);

and the reason is that otherwise PHP would pass a copy of the object instead of triggering the toString() method. By adding the empty string we force PHP to first convert it to string and then send it to the function or method.

Ron Peled Web Development PHP, SimpleXML

Yes, we have a new downloads section on our blog. In it we offer some free configuration files that simplify our daily routine work, shorten the time it takes to perform these tasks, and since we tweak them all the time it is relatively safe to use them. I certainly use these files almost every time I setup a new server.

Improved ZenCart Config Files

Improved config files only need DB information. URL related information and Folder location information are auto populated by PHP functions and server variables. Great for keeping the same file for both dev and production environment.

The default ZenCart config files lack some flexibility. In the last two years my team has developed these config files which we wanted to share with you. The main difference here is that the URL and the folders of the ZenCart website is auto-determined and there is no need to change them or edit this file if either one of these changes. One great usage is if you want to be able to copy your ZenCart files from one machine to another or from a dev environment to your production environment. These improved ZenCart config files make it easy.

Script to Configure IPTables on CentOS for WWW server

In order to simplify my work I have created this simple script that automatically configures iptables on CentOS for WWW server. It blocks everything except ports 80, 443, and 22 (http, https, and ssh respectively).

Script to Configure IPTables on CentOS to block certain IP ranges

Once I configure the iptables to only open the ports I need on the specific server, I use this script to block any suspicious activity like failed unauthorized ssh login attempts or spam blasters trying to abuse any contact form on the website. I usually trace the IP and if it is outside of the US I block the entire 255.255.x.x subnet. Sometimes the entire 255.x.x.x range. As long as you don’t block your own users, you should be fine.

Ron Peled Web Development

Website performance should not be taken lightly. Now, when I say website performance optimization in general I mean the time that it takes a webpage to fully render in the browser. Many different factors can influence that including the number of files that make your page, the size of the files, whether it renders in standard XHTML or quirks mode, etc. But, for search engines all that matters is the raw HTML output of your site. One of the ways that search engines measure a site’s validity is by measuring the speed it takes it to serve the HTML portion. Yes, raw web server power. Why?

Search engines try to guess which websites out there should gain more respect than others, one characteristics is speed. If you think of it, the speed it takes to serve a page reflects how much the owner invested in it and hence reflects on the ranking that it should get in a backwards way. In other words, a site that is served on a dedicated server with serious horse power should get higher rankings than a site that is served on the cheapest shared hosting plan. Another fact is that major search engines researched user return rate and have found that the return is higher for faster sites and even microseconds count. That is why the best search engines focus on speedier results and favor results from faster websites. Really?

Look at the graph above, you will see a direct correlation between the website’s speed and the number of indexed pages. There might be a delay and it is not 100% accurate because the speed is not the only factor here, but over time it seems to have an effect. These graphs are from Google Webmaster Tools, under the crawler stats. Ok, how should I increase the performance of my site?

Here are a few things to consider:

• Invest in a good hosting package. If you are serious, get at least a VPS with your own IP address (dedicated IP is also a measure). A VPS or a dedicated server will always trump the performance of shared hosting over time. Notice that some shared hosting environments reach 500+ websites on the same piece of hardware.
• If you use PHP make sure to use APC: Alternative PHP Caching.
• Always turn on caching at all levels: Apache, PHP, and your application. All levels usually have some sort of a caching mechanism – use it!
• Research your biggest bottleneck and tackle it, always repeat over time. Just like you do with SEO – it is always work in progress.
• Look in the logs: every time that your server experiences an error or a warning it has to trigger the error handling mechanism which in most environments require additional resources. Especially unhandled exceptions in ASP.NET/IIS7 environments.

The list is really long and can get very technical but in general you always want to keep website performance optimization in the back of your head. It is well worth it!

What is your experience with speed optimized websites? how did it affect your SEO results?

Ron Peled Performance Optimization, Web Application Hosting, Web Development Performance Optimization, Search Engine Optimization (SEO)

As web traffic grows constantly and will continue to grow, I am always on the lookout for better ways to host a robust websites. Our clients always demand the best hosting solution but with an eye on the price. Currently the biggest price tags when it comes to hosting data centers is the power consumption and second is the actual space. Note that a side benefit to lower power consumption is reduction in the need of cooling, since logically increased power consumption means more generated heat.

In other words, to remain competitive hosting providers will strive to provide servers with lower power consumption and smaller form factors while assuming a certain level of processing power. This is exactly what DELL’s R&D is working on these days. Here is a video of what is in the works:

What is interesting is that the fortuna will supposedly place 12 of these mini servers in a single enclosure that fits in 2U space. This makes it a 1/6U server. 6 Servers per 1U of space. Here is a photo of a prototype:

Now, can you imagine each mini server hosting 2-4 VPS with CentOS serving the LAMP stack and either a Joomla, WordPress, or ZenCart on it? Nice!

Ron Peled Web Application Hosting, Web Development Dell Fortuna, web server

Almost every other day what seems to be a simple task will reveal itself as a mini project. Perhaps a side-effect of the paste of which things change in the web development world. This is exactly what happened when I tried to embed a movie from backlight.tv in to an Ektron site. It did not work and the issue was not trivial.

This is the code that needed to be embedded into the body of the page which will trigger a flash player and stream a flash movie in to the browser:

<object class="cantaloupe_video" classid="clsid:d27cdb6e-ae6d-11cf-96b8-444553540000
codebase="http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab#version=9,0,0,0"
width="480" height="294" id="backlight_player" align="middle">
<param name="allowScriptAccess" value="always" />
<param name="allowFullScreen" value="true" />
<param name="movie" value="http://player.backlight.tv/player/?video_code=VDF2upIPH8s6239EQ90L" />
<param name="quality" value="high" />
<param name="bgcolor" value="#000000" />
<param name="flashvars" value="" />
<embed src="http://player.backlight.tv/player/?video_code=VDF2upIPH8s6239EQ90L" flashvars="" quality="high" bgcolor="#000000" width="480" height="294" name="backlight_player" align="middle" allowScriptAccess="always" allowFullScreen="true" type="application/x-shockwave-flash" pluginspage="http://www.macromedia.com/go/getflashplayer" />
</object>

Well, after I open a new content block and paste this code in the richtextarea/html input field and publish it, no video is displayed on the front page. After various debugging sessions I discovered that Ektron automatically strips out the <embed> tag. This is done probably because Ektron is trying to produce valid XHTML/HTML code and the embed tag is not.

How do we overcome the issue? We really have two options:

1. Force Ektron’s new WYSIWYG editor to accept the invalid code and display it with the embed tag (not recommended, will not be covered here).
2. Find a better way to embed the video with valid code.

While option one is not recommended and I’ll not cover it here, option two is quite easy and clean. To produce clean code use the following few lines of HTML instead, you can edit the original video code manually in an editor and then insert it into the content block:

<object type="application/x-shockwave-flash" style="width:454px; height:278px;"
data="http://player.backlight.tv/player/?video_code=VDF2upIPH8s6239EQ90L">
<param name="movie" value="http://player.backlight.tv/player/?video_code=VDF2upIPH8s6239EQ90L" />
<param name="wmode" value="transparent" />
</object>

What you need to focus on in the object tag which includes the width and height in the style element and the data element which includes the URL to the movie itself. Only one parameter is really required here: ‘movie’ which has the same URL to the actual movie. Everything else is not required and may not be necessary.

So, after cleaning up the original code, I inserted this new one into the content block, published it and vuala! it worked.

Thanks to Jeff Martinez for pointing it out on the Ektron Fourms.

Ron Peled Ektron WYSIWYG

This past week I had the need to use overloaded methods in PHP 5. Overloading a method in object oriented design is especially helpful when trying to achieve the same operation while the code needs to be triggered from different states of the application or even different locations of the application. In my case, I needed an overloaded constructor to a PHP class. Yes, constructors are also a bit different in PHP 5 but still workable.

To make a long story short, in PHP 5 there is no real way to overload a method like you can with Java. However, it seems like the developers of PHP 5 did have overloading methods in mind and allowed some form of it. It seems like allowing a real method overloads in PHP would be a special case of what the core developers actually allowed to do. The reason behind the current syntax is beyound me. I even tried to look for a PHP roadmap and see if proper method overloading will be introduced in the future but I could not find anything relevant.

A user with the name Noel has posted on DZone a little snippet of code that shows exactly how method overloading in PHP5 can be achieved.

Do you know of any intentions on including real method overloading in PHP6?

Ron Peled PHP/MySQL, Web Development method overloading, Object Oriented, PHP

While Zen-Cart is one of the best open source ecommerce platforms it has plenty of deficiencies, however I recently understood that it will always be able to keep its niche and therefore always have a market.  Of-course this will remain the case as long as its leaders remain true to its spirit.

Zen-Cart is an unwilling offspring of the popular osCommerce. Like all offsprings, it is an improved version of its predecessor with better templating system, class oriented design, and notification systems but still maintains its characteristics of spaghetti code and somewhat convoluted and non-flexible checkout process.

Zen-Cart’s strengths are its simplicity which gives many non-programmers the opportunity to tweak and add (or remove) features to their likings with no major effort. This means that implementing a Zen-Cart ecommerce website is usually inexpensive and fast. Another great benefit of the system’s simplicity is speed. Zen-Cart is many times lighter than many other ecommerce systems even without complex caching technologies. Together, these benefits support a specific market: the market of light ecommerce. I am talking about online shops with 1 to 100 daily transactions or even less. It can obviously support more than that but the simplicity and the light weight features will attract the small business which is budget oriented.

The light ecommerce market while being small in terms of overall sales figures is relatively large and will get larger and larger with time. This is also known as the long tail of any market, in our case it is the long tail of the ecommerce market. This means that the numbers of installations will most likely be large and not insignificant. It also means that it is a valid market and will not vanish overnight with any other solution such as Magento who now charges a hefty amount for licensing its Enterprise version.

Before you rush to declare this light and feature packed ecommerce platform the kind of the long tail ecommerce market, don’t underestimate the challenges that it is facing. With over a year and a half of no significant updates its market share is shrinking fast. The default template and the admin panel need some serious reworkings to get up to par in UI and design with other open source challengers and a major cleanup and reorganization of the backend configurations is way overdue. While it supports XHTML and validates correctly, the default template needs to be reworked without the tables.

In any case, Zen-Cart still serves its purpose as a free and light open source ecommerce platform. And here at Activo we have recently developed a Recurring Orders payment module that comply with PCI requirements and integrates well into the ARB module of Authorize.net. I’ll soon post links to an initial free version, a commercially licensed version should be available in about a month or so.

What do you think of ZenCart? here to stay or yet another open source project that will be lost in oblivion? somewhere in the middle perhaps?

Ron Peled Magento, Web Development, ZenCart, eCommerce eCommerce, Magento, osCommerce, ZenCart

If you manage a website that is hosted with the latest Windows Server 2008 and IIS7 you probably want to be aware of the Application Pool settings in general, and in particular the Application Pool Recycle settings. As it turns out, by default, Windows Server 2008 sets the Application Pool to recycle every 1740 minutes. Which is exactly 29 hours or one full day and 5 hours or the number of lattes I had in the winter. All kidding aside, this number is a bit random, especially because it determines when the website’s application pool will recycle and the website will need to recompile, recache, etc. Here is a screenshot:

Instead, what I recommend is that you uncheck the regular time intervals checkbox and use the Specific time one. I chose here 2:00 AM because it is when the site sees the lowest numbers of hits and it is the best time to handle a recycle. You should setup your webserver to recycle when your site is experiencing the lowest traffic levels. So, you’ll probably need to dig into the analytics a bit. Here is a screenshot of how I setup my server:

Pros:
- Recycles during off peak hours
- You actually control when it recycles
- Typically a performance boost on average

Cons:
The application will now recycle every 24 hours, instead of 29 hours. In fact, if you are certain that your website has no major problems and no memory leaks you can potentially set the application pool to not recycle automatically at all. This state needs to be monitored but may result in a longer smooth ride. Enjoy!

Ron Peled .NET Framework, Performance Optimization, Web Application Hosting iis7