Magento fast .htaccess

############################################
## These options are useful for development
#php_flag display_startup_errors on
#php_flag display_errors on
#php_flag html_errors on
#php_flag log_errors on
#php_flag log_errors_max_len 0
#php_value error_log /var/www/magento-lite/var/log/php_errors.log

############################################

############################################
## uncomment these lines for CGI mode
## make sure to specify the correct cgi php binary file name
## it might be /cgi-bin/php-cgi

# Action php5-cgi /cgi-bin/php5-cgi
# AddHandler php5-cgi .php

############################################
## GoDaddy specific options

Options -MultiViews

## you might also need to add this line to php.ini
## cgi.fix_pathinfo = 1
## if it still doesn’t work, rename php.ini to php5.ini

############################################
## this line is specific for 1and1 hosting

#AddType x-mapp-php5 .php
#AddHandler x-mapp-php5 .php

############################################
## default index file

DirectoryIndex index.php

<IfModule mod_php5.c>

############################################
## adjust memory limit

php_value memory_limit 256M
php_value max_execution_time 18000

############################################
## disable magic quotes for php request vars

php_flag magic_quotes_gpc off

############################################
## disable automatic session start
## before autoload was initialized

php_flag session.auto_start off

############################################
## enable resulting html compression

php_flag zlib.output_compression on

###########################################
# disable user agent verification to not break multiple image upload

php_flag suhosin.session.cryptua off

###########################################
# turn off compatibility with PHP4 when dealing with objects

php_flag zend.ze1_compatibility_mode Off

</IfModule>

<IfModule mod_security.c>
###########################################
# disable POST processing to not break multiple image upload

SecFilterEngine Off
SecFilterScanPOST Off
</IfModule>

<IfModule mod_deflate.c>

############################################
## enable apache served files compression
## http://developer.yahoo.com/performance/rules.html#ipip

############################################
## enable apache served files compression
## http://developer.yahoo.com/performance/rules.html#gzip

# Insert filter
SetOutputFilter DEFLATE

# Netscape 4.x has some problems…
BrowserMatch ^Mozilla/4 gzip-only-text/html

# Netscape 4.06-4.08 have some more problems
BrowserMatch ^Mozilla/4\.0[678] no-gzip

# MSIE masquerades as Netscape, but it is fine
BrowserMatch \bMSIE !no-gzip !gzip-only-text/html
# Don’t compress images
SetEnvIfNoCase Request_URI \.(?:gif|jpe?g|png)$ no-gzip dont-vary

# Make sure proxies don’t deliver the wrong content
Header append Vary User-Agent env=!dont-vary

</IfModule>

<IfModule mod_ssl.c>

############################################
## make HTTPS env vars available for CGI mode

SSLOptions StdEnvVars

</IfModule>

<IfModule mod_rewrite.c>

############################################
## enable rewrites

Options +FollowSymLinks
RewriteEngine on

############################################
## you can put here your magento root folder
## path relative to web root

#RewriteBase /magento/

############################################
## uncomment next line to enable light API calls processing

# RewriteRule ^api/([a-z][0-9a-z_]+)/?$ api.php?type=$1 [QSA,L]

############################################
## rewrite API2 calls to api.php (by now it is REST only)

RewriteRule ^api/rest api.php?type=rest [QSA,L]

############################################
## workaround for HTTP authorization
## in CGI environment

RewriteRule .* – [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]

############################################
## TRACE and TRACK HTTP methods disabled to prevent XSS attacks

RewriteCond %{REQUEST_METHOD} ^TRAC[EK]
RewriteRule .* – [L,R=405]

############################################
## redirect for mobile user agents

#RewriteCond %{REQUEST_URI} !^/mobiledirectoryhere/.*$
#RewriteCond %{HTTP_USER_AGENT} “android|blackberry|ipad|iphone|ipod|iemobile|opera mobile|palmos|webos|googlebot-mobile” [NC]
#RewriteRule ^(.*)$ /mobiledirectoryhere/ [L,R=302]

############################################
## always send 404 on missing files in these folders

RewriteCond %{REQUEST_URI} !^/(media|skin|js)/

############################################
## never rewrite for existing files, directories and links

RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_FILENAME} !-l

############################################
## rewrite everything else to index.php

RewriteRule .* index.php [L]

</IfModule>

############################################
## Prevent character encoding issues from server overrides
## If you still have problems, use the second line instead

AddDefaultCharset Off
#AddDefaultCharset UTF-8

<IfModule mod_expires.c>

############################################
## Add default Expires header
## http://developer.yahoo.com/performance/rules.html#expires

ExpiresDefault “access plus 1 year”

</IfModule>

############################################
## By default allow all access

Order allow,deny
Allow from all

###########################################
## Deny access to release notes to prevent disclosure of the installed Magento version

<Files RELEASE_NOTES.txt>
order allow,deny
deny from all
</Files>

############################################
## If running in cluster environment, uncomment this
## http://developer.yahoo.com/performance/rules.html#etags

#FileETag none

############################################

## compress text, html, javascript, css, xml:

AddOutputFilterByType DEFLATE text/plain

AddOutputFilterByType DEFLATE text/html

AddOutputFilterByType DEFLATE text/xml

AddOutputFilterByType DEFLATE text/css

AddOutputFilterByType DEFLATE application/xml

AddOutputFilterByType DEFLATE application/xhtml+xml

AddOutputFilterByType DEFLATE application/rss+xml

AddOutputFilterByType DEFLATE application/javascript

AddOutputFilterByType DEFLATE application/x-javascript

# Or, compress certain file types by extension:

<files *.html>

SetOutputFilter DEFLATE

</files>

###########################################

############################################

##

<IfModule mod_expires.c>

# Enable expirations

ExpiresActive On

# Default directive

ExpiresDefault “access plus 1 month”

# My favicon

ExpiresByType image/x-icon “access plus 1 year?

# Images

ExpiresByType image/gif “access plus 1 month”

ExpiresByType image/png “access plus 1 month”

ExpiresByType image/jpg “access plus 1 month”

ExpiresByType image/jpeg “access plus 1 month”

# CSS

ExpiresByType text/css “access 1 month?

# Javascript

ExpiresByType application/javascript “access plus 1 year”

</IfModule>

############################################

 

RewriteCond %{THE_REQUEST} ^[A-Z]{3,9}\ (/[^\ ]+)\.html\ [NC]

RewriteRule ^ %1 [L,R=301]

RewriteCond %{HTTPS} on
RewriteRule ^$ http://%{HTTP_HOST} [L,R]

Google Analytics Referral Spam

I’m starting to get hacked off with the amount spam that is affecting the reporting of some of the websites that I manage. Some websites seem to get spammed where others don’t. I really would have thought by now that Google would have found a way to combat it. The same names appear time after time and I’m just not really sure what they are trying to achieve. Although am I really surprised at this is what we are seeing? Probably not after all the number of bots that are on the internet have outnumber the amount of people.

There are a couple of fixes, the one I tend to adopt is using the filters in Google Analytics but other options include adding some lines to the htaccess file.

If you go to Google Analytics click on the “Admin” tab at the top of the page. On the view column you will need to click in to the “Filters” section then select the “+New Filter Button.” Give your filter a name, click “Custom” filter type, “Exclude” should be selected as default but if not select it. You will then need to choose “Campaign Source”  and add the URL you want to exclude in the Filter Pattern field. If you click “Verify this filter” button it will then show you how many session it would exclude. Once you are happy that it is going to exclude the traffic that you don’t want hit “Save” and you shouldn’t see any more.

Coming soon: notonthehighstreet.com to Magento

 

A quick search reveals there are quite a lot of merchants out there that require their notonthehighstreet.com orders to be imported into Magento. I have a solution that I will publish more details of shortly but the basics are that notonthehighstreet.com now has an API that will allow the downloading and acceptance of orders. Once this data is put into the right format you can then run a Magento order module to import the data into Magento.

Full details to follow but in the mean time email [email protected] for more info

 

EDIT this is now available please get in touch if it is something you are interested in.

Google Forms

I love how easy it is to use the Google Drive features, what I’m not so much a fan of is them splattered with Google logos. I often find myself using Google Forms – with it’s simple setup of creating the form and it outputting responses onto a spreadsheet there’s no reason why you wouldn’t use it instead of fiddling with some PHP and MySQL.

If you go to Google Drive and create your form with all your questions, once you are happy that it’s outputting onto the spreadsheet how you want then follow the below to make it look and feel like part of your own website.

When you have finished building your form, click the link titled: ‘You can view the published form here’

Right click anywhere on the page and click View Source to look at the code behind the form. (you might struggle right clicking and viewing source in Safari)

Copy all the code between <form> and </form> tags and paste it into the new form page on your web site.

 

Insert your own stylesheet between the <head> tags if you want to add some of your own styling.

Now you have a styled form but it still sends users to a Google confirmation page.

Add a bit of javascript to redirect the completed page to a confirmation page of your choosing:

REPLACE:

<form action=”YOUR-EMBEDDED-GOOGLE-SPREADSHEET-LINK” method=”POST”>

WITH:

<script type=”text/javascript”>var submitted=false;</script>
<iframe name=”hidden_iframe” id=”hidden_iframe”
style=”display:none;” onload=”if(submitted)
{window.location=’http://YOUR-THANK-YOU-PAGE-URL’;}”></iframe>
<form action=”YOUR-EMBEDDED-GOOGLE-SPREADSHEET-LINK” method=”post”
target=”hidden_iframe” onsubmit=”submitted=true;”>

 

 

Magento Security Patches

Recently there has been one or two high profile releases of the Magento security patches due to the method to exploit these vulnerabilities being published on the internet for the world to see. Since the one at the beginning of the year my perception now is that store owners are now more aware and alert to the patches that are released, so much so that within hours of the patches being announced I get phone calls asking when the latest will be applied.

I still believe that the majority of stores will still not be protected, this is due to the fact that there must be a lot of stores out there on shared hosting – for whatever reason. The reason being on shared hosting makes it more difficult for store owners to apply the patches. Shared hosting doesn’t tend to allow customers to have SSH access. For those with SSH applying the patches is easy a couple of lines of code and a backup later and its done.

I have applied a lot of different patches across a lot of versions of Magento prices for hosting with SSH start from £25 per patch and are normally completed same day.

CSV to PHP using fgetcsv

I have recently been experimenting with the capabilities of what fgetcsv can do when used with alongside fopen. I had a need to be able to grab a csv file and output it in, shall we say a more friendlier way.

First off grab the file that you want to use by using

$csv = array();
$file = fopen(‘filename.csv’, ‘r’);

Then with the next bit of code there’s a couple of things to note. 10000 is the amount of characters you want to count and stop at. | is the delimiter that I used, I find using a comma as a delimiter can cause errors if for example the content of the csv file was from a user input where commas were allowed.

while (($result = fgetcsv($file,10000,”|”)) !== false)
{
$csv[] = $result;
}

fclose($file);

You now put in a loop to loop through each line of the csv file.

foreach ($csv as $csv) {

}

Then finally in your loop you start to output your information column by column for as many columns as you desire.

echo $csv[‘0’];
echo $csv[‘1’];
echo $csv[‘2’];
echo $csv[‘3’];

Full Code:

<?php

$csv = array();
$file = fopen(‘filename.csv’, ‘r’);

while (($result = fgetcsv($file,10000,”|”)) !== false)
{
$csv[] = $result;
}

fclose($file);

foreach ($csv as $csv) {

echo $csv[‘0’];
echo $csv[‘1’];
echo $csv[‘2’];
echo $csv[‘3’];

}
?>

Magento Direct SQL Queries

I have been recently trying to pull some scripts together to provide extra reporting on store performance. The brief was to be able query the Magento database without logging into Magento. I have so far been able to create SQL statements to achieve the following:

Total Revenue

Total Product Revenue

Shipping Revenue

Discounts

Reward Points

Number of Transactions

Average Order Value

Active Customers

Recurring Profiles

Admin Backend Orders

% of New Customer Orders vs Existing Customer Orders

 

I will expanded on some of the queries listed above as well as plenty more that I’m intending on writing. I know there’s probably a debate about whether the queries should be executed inside Magento as opposed to executing them via SQL scripts but that was the brief I have to stick to. I also think there’s circumstances where direct SQL can be beneficial to people that know what they are doing.

New Responsive Website Harrogate

I have recently created a new responsive website for Jubilee Mills Farms, the brief was for an easy to use website that ranked well for some specific local terms such as Share Farming Yorkshire. Both these things have been achieved for the project and enquiries are being received. The website was optimised for both tablet and mobile devices in line with the latest Google Algorithm changes.

jubileemills

Magento Recurring Profiles Additional Fields

I want to add an additional field to the orders that are created by Recurring Profiles, the field is in the database in the table sales_recurring_profile in the order_info column. The field I want on the orders is called tm_field1 and it adds delivery instructions to the orders. Looks like this in the db

 s:9:"tm_field1";s:20:"Leave somewhere safe";

If I look in

app/code/core/Mage/Sales/Model/Recurring/Profile.php

At the following

public function createOrder()

I can see the array is read by

$transferDataKays = array(
        'store_id',             'store_name',           'customer_id',          'customer_email',
        'customer_firstname',   'customer_lastname',    'customer_middlename',  'customer_prefix',
        'customer_suffix',      'customer_taxvat',      'customer_gender',      'customer_is_guest',
        'customer_note_notify', 'customer_group_id',    'customer_note',        'shipping_method',
        'shipping_description', 'base_currency_code',   'global_currency_code', 'order_currency_code',
        'store_currency_code',  'base_to_global_rate',  'base_to_order_rate',   'store_to_base_rate',
        'store_to_order_rate'
    );

It was really as simple as just adding , ‘tmfield1’ to the array and it worked, therefore I guess it would work with other fields too!