Error : 1067 the process terminated unexpectedly in mysql wamp

Recently I encountered a problem with MySQL, It was showing an error “Error : 1067 the process terminated unexpectedly” when I tried to start the service in services.msc

So I googled it but didn’t found the perfect solution. I will show how can you debug the issue. First look for file my.ini which can be found in “C:\wamp\bin\mysql\mysql5.6.17” , open that file on look for “log-error”, this will show you the path where error log is stored. In my case it is, “c:/wamp/logs/mysql.log”.

Open the log file and look for last error you got, you should be today’s date when you tried to start the wampmysqld from services. At this stage, you will get error and understand what it say. In my case it is,

Looking at error, it seems that there is some problem with “kmk\players.ibd” , here kmk it one of the my database. The folders for all databases are in “C:\wamp\bin\mysql\mysql5.6.17\data”. To fix I moved kmk folder to some other place. After this, wampmysqld in services.msc is getting started without any error.

That fixed my error.

Share your experience and error in log file in comment section. This will also prevent other from reinstalling wamp server.

Thanks

ORM – Object Relational Mapping in PHP

ORM- Object Relational Mapping is a tool which allows database row to refer as object in PHP programming.  What Wikipedia says about ORM is:

Object-relational mapping (ORM, O/RM, and O/R mapping) in computer software is a programming technique for converting data between incompatible type systems in object-oriented programming languages. This creates, in effect, a “virtual object database” that can be used from within the programming language.

(Object-Relational Mapping) is a tool that allows you query database table and manipulate data from a database using an object paradigm (Object Oriented).

ORM is library which helps you in query the data using functions so that PHP developer do not have to write database query manually. It uses model objects to get the database table’s data.

Let understand this with simple example code. You have a book class and you want to fetch the books whose author is ‘Peter’. To get list of books, you may write similar kind of code as follow:

Above code using ORM can be written as simple as follow:

All the mechanical part is taken care by the ORM. You write almost no query  retrieving the data from table/s.

Advantages

ORM saves time because:

  1. It uses DRY concept. You write your data model in only one place, it’s easier to update, maintain and reuse the code.
  2. A lot of stuff for database manipulation is done automatically, maintaining relation and fetching data is also some times automatically.
  3. It forces you to write code in MVC (Model-View-Controller) structure, so in the end your application code will be cleaner.
  4. You don’t have to write formed SQL statements, complex relational query are handled by ORM
  5. Sanitizing, using prepared statements or transactions are as easy as calling a method.

ORM is flexible to use:

  1. It fits in your natural way of coding.
  2. It abstracts the DB system, so you can change it whenever you want.
  3. The model is weakly bound to the rest of the app, so you can change it or use it anywhere else.
  4. It let you use OOP goodness like data inheritance without head ache.

Disadvantages

  1. You have to learn it, and they are not lightweight tools;
  2. You have to set it up. Same problem.
  3. Performances are ok for usual queries, but a SQL master will always do better with his little hands for the big dirty works.
  4. It abstracts the DB. While it’s ok if you know what’s happening behind the scene, it’s a trap for the novice that can write very greedy statements, like a heavy hit in a “for” loop.

Available ORM in PHP are Propel and Doctrine. You can use any one.

Thanks for reading the article. I have taken the help from stackoverflow to write on ORM. Thanks to stackoverflow.

Please feel free to comment if you have any confusion.

OpenCart – Simple Age Verification PopUp – VQMOD Extension

Simple Age Verification PopUp OpenCart extension is nice plugin to verify the age before entering the site. This is helpful for adult site, smoking or alcohol sites to verify the age before visitor enters your website.

Simple Age Verification Popup plugin opens popup in cool lightbox with image and check box with it. See the below screenshop of popup.

Are-you-18+

 

This is VQMOD extension of OpenCart. VQMOD helps in not overwriting the core files of OpenCart.

You can find more info on VQMOD and Download here.

Steps to install this Extension:

  1. Install VQMOD, if it is not installed.
  2. Download the zip file, extract somewhere on your computer. 
  3. From extracted file, upload the the files/folder under “upload” folder to server using FTP, in root folder (where admin,catalog,system folder are available) of OpenCart installation and its done you do not have to do anything else to make it work.

 

Click Here to Download OpenCart – Simple Age Verification PopUp – VQMOD Extension

OpenCart – Show Reward Points of Customer In Header – VQMOD Extension

Show Reward Point of Customer in Header plugin do exactly what it’s name implies. In OpenCart, After login as Customer to view reward point customer have to go to My Account > Your Reward Points. This Free extension / plugin of OpenCart show Rewards points in Header under Login info.

Here is the screenshot how it looks like on default theme.

show-reward-point-in-header

 

This is VQMOD extension of OpenCart. No Core file is updated using VQMOD.

You can download this plugin from here.

OpenCart – Auto Add Reward Points – VQMOD Extension

New OpenCart Extension, Auto Add Reward Points add product rewards points to customer immediately after purchase finished. Usually in OpenCart website admin have to add reward point to customer manually by clicking on link as show in below screenshot.

auto-add-reward-point

 

Using Auto add reward point extension / plugin for OpenCart do not require to add rewards point manually. It does automatically for admin. It helps admin in reducing tedious task of adding rewards point for every product purchased.

This is VQMOD extension so you require VQMOD to be installed on OpenCart website. You can find the information of installing VQMOD here.

Steps to install extension:

It is really easy to install this plugin.

  1. Install VQMOD, if it is not installed.
  2. Download the zip file, extract somewhere on your computer. 
  3. From extracted file, upload the the files/folder under “upload” folder to server using FTP, in root folder (where admin,catalog,system folder are available) of Opencart installation and its done you do not have to do anything else to make it work.

Click Here to Download OpenCart – Auto Add Reward Points – VQMOD Extension

PHP – Securing your Web Application : More information and Summary

This is a last article in this series.

More Information

The following resources can help you expand on this brief introduction:

Security Recap and Summary

Because security is such an important issue, we want to reiterate the main points of this series of tutorials as well as add a few additional tips:

  • Filter input to be sure that all data you receive from remote sources is the data you expect. Remember, the stricter your filtering logic, the safer your application.
  • Escape output in a context-aware manner to be sure that your data isn’t misinterpreted by a remote system.
  • Always initialize your variables. This is especially important when the register_globals directive is enabled.
  • Disable register_globals, magic_quotes_gpc, and allow_url_fopen. See http://www.php.net for details on these directives.
  • Whenever you construct a filename, check the components with basename() and realpath().
  • Store includes outside of the document root. It is better to not name your included files with the .inc extension. Name them with a .php extension, or some other less obvious extension.
  • Always call session_regenerate_id() whenever a user’s privilege level changes.
  • Whenever you construct a filename from a user-supplied component, check the components with basename() and realpath().
  • Don’t create a file and then change its permissions. Instead, set umask() so that the file is created with the correct permissions.
  • Don’t use user-supplied data with eval(), preg_replace() with the /e option, or any of the system commands— exec(), system(), popen(), passthru(), and the backtick (`) operator.

Here is the list of of Article in this Series:

Please share the article if you like let your friends learn PHP Security. Please comment any suggestion or queries.

 

Thanks Kevin Tatroe, Peter MacIntyre and Rasmus Lerdorf. Special Thanks to O’Relly.

PHP – Securing your Web Application : Shell Commands

Be very wary of using the exec(), system(), passthru(), and popen() functions and the backtick (`) operator in your code. The shell is a problem because it recognizes special characters (e.g., semicolons to separate commands). For example, suppose your script contains this line:

If the user passes the value ” /tmp;cat /etc/passwd” as the $directory parameter, your password file is displayed because system() executes the following command:

In cases where you must pass user-supplied arguments to a shell command, use escapeshellarg() on the string to escape any sequences that have special meaning to shells:

Now, if the user passes ” /tmp;cat /etc/passwd“, the command that’s actually run is:

The easiest way to avoid the shell is to do the work of whatever program you’re trying to call in PHP code, rather than calling out to the shell. Built-in functions are likely to be more secure than anything involving the shell.

Here is the list of of Article in this Series:

Please share the article if you like let your friends learn PHP Security. Please comment any suggestion or queries.

 

Thanks Kevin Tatroe, Peter MacIntyre and Rasmus Lerdorf. Special Thanks to O’Relly.

PHP – Securing your Web Application : PHP Code

With the eval() function, PHP allows a script to execute arbitrary PHP code. Although it can be useful in a few limited cases, allowing any user-supplied data to go into an eval() call is just begging to be hacked. For instance, the following code is a security nightmare:

This page takes some arbitrary PHP code from a form and runs it as part of the script. The running code has access to all of the global variables for the script and runs with the same privileges as the script running the code. It’s not hard to see why this is a problem—type this into the form:

Never do this. There is no practical way to ensure such a script can ever be secure. You can globally disable particular function calls by listing them, separated by commas, in the disable_functions configuration option in php.ini. For example, you may never have need for the system() function, so you can disable it entirely with:

This doesn’t make eval() any safer, though, as there’s no way to prevent important variables from being changed or built-in constructs such as echo() being called.

Note that the preg_replace() function with the /e option also calls eval() on PHP code, so don’t use user-supplied data in the replacement string.

In the case of include, require, include_once, and require_once, your best bet is to turn off remote file access using allow_url_fopen.

Any use of eval() and the /e option with preg_replace() is dangerous, especially if you use any user-entered data in the calls. Consider the following:

It seems pretty innocuous. However, suppose the user enters the following value:

In this case, both the expected command and the one you’d rather avoid will be executed. The only viable solution is to never give user-supplied data to eval().

Here is the list of of Article in this Series:

Please share the article if you like let your friends learn PHP Security. Please comment any suggestion or queries.

 

Thanks Kevin Tatroe, Peter MacIntyre and Rasmus Lerdorf. Special Thanks to O’Relly.

PHP – Securing your Web Application : File Uploads

File uploads combine two dangers we’ve already discussed: user-modifiable data and the filesystem. While PHP 5 itself is secure in how it handles uploaded files, there are several potential traps for unwary programmers.

Distrust Browser-Supplied Filenames Be careful using the filename sent by the browser. If possible, do not use this as the name of the file on your filesystem. It’s easy to make the browser send a file identified as /etc/passwd or /home/rasmus/.forward. You can use the browser-supplied name for all user interaction, but generate a unique name yourself to actually call the file. For example:

Beware of Filling Your Filesystem

Another trap is the size of uploaded files. Although you can tell the browser the maximum size of file to upload, this is only a recommendation and does not ensure your script won’t be handed a file of a larger size. Attackers can perform a denial of service attack by sending files large enough to fill up your server’s filesystem.

Set the post_max_size configuration option in php.ini to the maximum size (in bytes) that you want:

PHP will ignore requests with data payloads larger than this size. The default 10 MB is probably larger than most sites require.

Surviving  register_globals

The default variables_order processes GET and POST parameters before cookies. This makes it possible for the user to send a cookie that overwrites the global variable you think contains information on your uploaded file. To avoid being tricked like this, check that the given file was actually an uploaded file using the is_uploaded_file() function. For example:

PHP provides a move_uploaded_file() function that moves the file only if it was an uploaded file. This is preferable to moving the file directly with a system-level function or PHP’s copy() function. For example, the following code cannot be fooled by cookies:

Here is the list of of Article in this Series:

Please share the article if you like let your friends learn PHP Security. Please comment any suggestion or queries.

 

Thanks Kevin Tatroe, Peter MacIntyre and Rasmus Lerdorf. Special Thanks to O’Relly.

PHP – Securing your Web Application : Session Fixation

A very popular attack that targets sessions is session fixation. The primary reason behind its popularity is that it’s the easiest method by which an attacker can obtain a valid session identifier. As such, its intended use is as a stepping-stone to a session hijacking attack, impersonating a user by presenting the user’s session identifier.

Session fixation is any approach that causes a victim to use a session identifier chosen by an attacker. The simplest example is a link with an embedded session identifier:

A victim who clicks this link will resume the session identified as 1234, and if the victim proceeds to log in, the attacker can hijack the victim’s session to escalate his level of privilege.

There are a few variants of this attack, including some that use cookies for this same purpose. Luckily, the safeguard is simple, straightforward, and consistent. Whenever there is a change in the level of privilege, such as when a user logs in, regenerate the session identifier with session_regenerate_id():

This effectively prevents session fixation attacks by ensuring that any user who logs in (or otherwise escalates the privilege level in any way) is assigned a fresh, random session identifier.

Here is the list of of Article in this Series:

Please share the article if you like let your friends learn PHP Security. Please comment any suggestion or queries.

 

Thanks Kevin Tatroe, Peter MacIntyre and Rasmus Lerdorf. Special Thanks to O’Relly.