SupportX – A rich support app-theme for Envato Authors built using WordPress

Last week, we have developed SupportX, a beautiful support theme based on WordPress. SupportX is built specially for the Envato marketplace authors where it’s a tedious job to provide proper support to the buyers of their product. It comes with a handful of useful features like SMS notification, live notification feed, purchase code verification and … Continue reading SupportX – A rich support app-theme for Envato Authors built using WordPress

Integrate Social Sign On in your PHP apps using HybridAuth

nt.social.network.big_

Integrating social sign-ons in a web application can become a tedious task because you need to take care of different endpoints, credentials and finally manage the oauth dance to get the access token. However, using HybridAuth package, this task can be easy as pie 🙂 Let’s have a look

In this example I will show you how to connect to Facebook and Twitter using HybridAuth. So you need to create two applications in Facebook and Twitter each. Save those app’s id and secret somewhere because we will need that in a minute.

Step 1: Install the Package via Composer

Composer is an excellent package manager for PHP apps. Let’s use that to install HybridAuth in our current projects scope. Add a composer.json file in your project path, or update it with the following contents if it already exists. But before that, make sure that you have composer installed in this machine.

[sourcecode language=”javascript”]
{
"require": {
"hybridauth/hybridauth": "3.0.0.*@dev"
}
}
[/sourcecode]

now run the following command to install hybridauth

[sourcecode language=”shell”]
composer install
[/sourcecode]

Step 2: Connect with Facebook

Let’s make a good use of this HybridAuth. This time we need to create two files, fb.php and hybrid.php. Make sure that your facebook app’s callback url points to this hybrid.php. FOllowing is the code of fb.php Continue reading “Integrate Social Sign On in your PHP apps using HybridAuth”

Automated Rsync – without compromising security

Rsync is one of the most popular tools to synchronize data between two computers, and used mostly in taking backups using this sync feature. It’s easy to use and only uploads the changed files when a sync is necessary, so it’s effective in saving bandwidth and time too. To run rsync, you need root or a properly privileged user which can access that specific path in the remote machine. And to setup this privilege, you can either use a should-never-be-used root account or an user chrooted using a jail shell. But if, by any chance, current machine is compromised then remote machine is compromised too. Because anyone can connect to your remote machine using those credentials from the current machine. To avoid plain text credentials (or the credentials written in a shell script), people usually use ssh keys to establish a connection between two machines. Still, your remote machine is unsecured if anything goes wrong in the current machine from where you’re taking the backup.

So a fullproof solution is to use ssh keys and properly chroot the remote user so that it can only access the backup files and nothing else. However, setting up a jailed shell is a not-for-everyone type task and takes time and experience to accomplish properly. So here is a quick work around that you can implement in your remote machine to prevent the connecting user from doing anything malicious but only tasks those are needed to perform the rsync backup. Let’s see how we can do that

Before continuing, let’s name our two machines. The one which should be backed up, lets name that Workstation. And the one which is storing the backups is BackupServer. Also for now, let’s assume that you are backing up complete “/var/www” folder in the WorkStation.

Step 1: Create SSH key in the BackupServer
Log into the BackupServer and run the following command in ssh terminal. But remember, if you already have a key in ~/.ssh/id_rsa.pub then IGNORE IGNORE IGNORE this step.

[sourcecode language=”shell”]
ssh-keygen -t rsa
[/sourcecode]

It will prompt for a passphrase, REMEMBER to just hit the enter without typing anything.

Step 2: Display and Copy the SSH key from BackupServer
Run the following command to display the ssh public key in the terminal, and then copy it.
Continue reading “Automated Rsync – without compromising security”

BucketAdmin – Our new dashboard for your next web application

If you are a fan of beautiful dashboards and admin panels, then BucketAdmin might be a good choice for you with plenty of carefully selected javascript controls and plugins. Beside that, BucketAdmin’s documentation and clean structure will help you to implement it without a lot of pain. Purchase BucketAdmin today for $21 only from http://bit.ly/1e9TtGP. … Continue reading BucketAdmin – Our new dashboard for your next web application

WordPress Plugin Boilerplate Code Generator from Tom Mcfarlin's Plugin Boilerplate

Tom Mcfarlin has written an excellent boilerplate for plugin developers. It is very easy to start writing your own plugins using his boilerplate. But if you want to personalize it to YourPluginName, you will have to modify all these files and replace hardcoded variables and class names which is a real pain in the ass. … Continue reading WordPress Plugin Boilerplate Code Generator from Tom Mcfarlin's Plugin Boilerplate

How to create a page and assign a page template automatically in WordPress

Sometime your theme depends on a few special pages, and it’s better to create them automatically after theme activation. You could also ask your users to create these pages and assign a few specific page template, but why would you do that if there is a scope of doing it automatically from your theme. Here … Continue reading How to create a page and assign a page template automatically in WordPress

My $4/year continuous deployment server using webhook and rsync

Anthony Smith is running an interesting project called Low End Spirit where he sells low end servers for $4/year and these servers comes with 128Mb ram and one core of Xeon X3440 cpu @2.53GHz and 500GB bandwidth. And most interesting thing is that they comes with 5 IPv6 addresses in multiple locations. LowEndSpirit is pretty … Continue reading My $4/year continuous deployment server using webhook and rsync