Factory pattern implementation in php

Posted on October 29, 2011 by Jose Lona

A design pattern is a general reusable solution to a commonly occurring problem within a given context in software design.
Most of the design patterns encourage loose coupling. loose coupling make sense when we are in a situation to modify some piece of code in a large application.

If the code is tightly coupled modifying one code will trigger a chain of modifications to many other parts. In that case modifications to the existing code will become hectic and troublesome.

Factory Pattern

As I said earlier, the problem is tight coupling. Functions and classes in one part of the system rely too heavily on behaviors and structures in other functions and classes in other parts of the system.

You need a set of patterns that lets these classes talk with each other, but you don’t want to tie them together so heavily that they become interlocked.

Factory patterns can be used to implements loose coupling for object creation. Factory pattern can be considered as a class which can create the object for you. So the actual implementation of object initialization will be hidden from you.
Continue reading

Posted in Uncategorized | Tagged , , , | Leave a comment

How to include interfaces/abstract classes in codeigniter

Posted on October 23, 2011 by Jose Lona

Being a well know framework in php, its shameful that codeigniter by default does not have its own way to use interface or abstract classes. If we want to structure our application with good design patterns, we may need to customize codeigniter to extend support for interfaces and abstract classes, or we can use the php include methods.

eg.

require_once FCPATH.'application/includes/apps/IApplication.php';
require_once FCPATH.'application/includes/apps/Application.php';
Posted in Uncategorized | Leave a comment

Troubleshooting XML-RPC Client Joomla

Posted on July 12, 2011 by Jose Lona

Incorrect parameters passed to method: No method signature matches number of parameters

When I tried to run the XML-RPC client, I got the same error as specified above.
The method which was intented to run was joomla remote site search (joomla.siteSearch) .
After so much digging on the web, I was out of options. There was no significant help from the community. I though of troubleshooting myself.
And finally I found the issue.

Full error response is given below

xmlrpcval::__set_state(array(
   'me' => 
  array (
    'struct' => 
    array (
      'faultCode' => 
      xmlrpcval::__set_state(array(
         'me' => 
        array (
          'int' => 3,
        ),
         'mytype' => 1,
         '_php_class' => NULL,
      )),
      'faultString' => 
      xmlrpcval::__set_state(array(
         'me' => 
        array (
          'string' => 'Incorrect parameters passed to method: No method signature matches number of parameters',
        ),
         'mytype' => 1,
         '_php_class' => NULL,
      )),
    ),
  ),
   'mytype' => 3,
   '_php_class' => NULL,
))

Continue reading

Posted in Joolmla, PHP | Tagged , , , | 1 Comment

Cross Site Scripting (XSS)

Posted on May 31, 2011 by Jose Lona

Cross-site scripting (XSS) is a type of computer security vulnerability typically found in web applications that enables attackers to inject client-side script into web pages viewed by other users.

CyberDefender

A cross-site scripting vulnerability may be used by attackers to bypass access controls such as the same origin policy. Cross-site scripting carried out on websites were roughly 80% of all security vulnerabilities documented by Symantec as of 2007. Their effect may range from a petty nuisance to a significant security risk, depending on the sensitivity of the data handled by the vulnerable site and the nature of any security mitigation implemented by the site’s owner.
Continue reading

Posted in PHP Website Security, Uncategorized | Tagged , , | Leave a comment

Preventing your website from sql injection attacks

Posted on May 28, 2011 by Jose Lona

What is SQL Injection?

CA Mobile Security

“SQL Injection” is subset of an unverified/unsanitized user input vulnerability , and the idea is to convince the application to run SQL code that was not intended. If the application is creating SQL strings naively on the fly and then running them, it’s straightforward to create some real surprises. The goal of SQL injection is to insert arbitrary data, most often a database query, into a string that’s eventually executed by the database. The insidious query may attempt any number of actions, from retrieving alternate data, to modifying or removing information from the database.
Continue reading

Posted in PHP Website Security | Tagged , , | Leave a comment