Tags Posts tagged with "PHP"


WordPress.com, the fully hosted version of WordPress, has a received one of its biggest updates ever today. Codenamed Calypso, Automattic rewrote WordPress.com from scratch — everything is new under the hood. Here are the big changes.

First, WordPress.com is now fully separated from the WordPress core. WordPress.com is now an admin interface that interacts with the WordPress core just like any other third-party interface and app out there. It uses a REST API to fetch your posts, publish new ones, upload photos and more.

Second, the team behind WordPress.com switched to an entirely new stack. Instead of using PHP and MySQL, the developers built everything using JavaScript and API calls. It means that when you go to the website, the server will distribute a fully working WordPress client that mostly runs in your browser.

It’s a Single Page Application, meaning that you will get very few loading screens when you interact with the interface. It should work well on your phone and tablet as well — everything is responsive. If you were using the WordPress admin backend, you can still go directly to your backend. But you also have another option now on WordPress.com if you are using a hosted WordPress.com blog, a self-hosted WordPress with the Jetpack plugin or a WordPress VIP site (like TechCrunch).

Finally, everything is open source and on GitHub. You can look at the code, fork it and reuse it as long as you comply with the GNU General Public License version 2.

But the team didn’t stop there. You can also download a new Mac app to access WordPress.com. In many ways, this app works like the Slack desktop app. It leverages web technologies and desktop features so that you get more or less the exact same thing as on the WordPress.com website, but with a few goodies, such as notifications. Windows and Linux apps are in the works.

I downloaded the app and played with it for a few minutes. If you’re familiar with the WordPress.com interface, you’ll feel right at home as it looks exactly the same. But it’s always nice to have an app icon in the Dock.

So why did Automattic, the company behind WordPress.com, go through this painful rewriting process? WordPress.com now feels and works like a modern web app. It’s back in the game against newcomers, such as Medium.

While the editor lacks many features that WordPress power users make use of (including TechCrunch writers), WordPress.com is a clean, efficient writing interface that should appeal to many people who are writing today on Medium.

25 percent of the web today runs on WordPress. This is no small feat, and WordPress isn’t the young, hustling startup working against bigger companies — it’s a web giant. With today’s move, Automattic proves that it is still aware of its environment and potential threats. It’s an encouraging sign for the future of WordPress.

by -
0 163

I received a tutorial requests from my reader that asked to me how to implement payment gateway system with Paypal API. In this tutorial I want to explain how to work with Paypal Sandbox test accounts for payment system development and sending arguments while click buy now button. It’s simple and very easy to integrate in your web projects.

Step 1

Create a Paypal Sandbox account at https://developer.paypal.com/


Step 2

Now create test accounts for payment system. Take a look at Sandbox menu left-side topSandbox->Test Accounts

Step 3

Here I have created two accounts Buyer (personal) and Seller (merchant/business)


Contains PHP code. Displaying products, product image, product name and product price. Here you have to give your business(seller) $paypal_id id. Modify paypal button form returnand cancel_return URLs.


Paypal payment success return file. Getting Paypal argument like item_number. Paypal datasuccess.php?tx=83437E384950D&st=Completed&amt=10.00&cc=USD&cm=&item_number=1


Paypal API cancel_return file.

 Step 4

When your web application test payment system workflow is completed. Change the form action development API URLs to original API URLs and give valid $paypal_id seller email id.

by -
0 1310

I have been reading many tutorials for sending and receiving WhatsApp Messages via PHP but there is not a single Article Which explains properly with  Steps that How To retrieve Your WhatsApp password Which is created and Stored when you create a WhatsApp Account on the WhatsApp Server which is the main Challenge as of now in other Articles.

Thanks To this tool Which has Made 50% of the work Easy. https://github.com/shirioko/WART

Okay So we will Quickly go through the Steps for WhatsApp Registration Tool :

  1. Go To the link https://github.com/shirioko/WART
  2. Download The Whole project by Clicking Clone to Desktop
  3. Run the WART- Exe File




Enter Phone Number with Country Code (e.g. India Number : 91xxxxxxxxxx)

P.s. Do not put any Special Symbol like (+91) for India


Click on Request Code and You will Receive a Code from WhatsApp on the Entered Mobile Number.


Now Verify that Code in 2nd Step and That’s it . You are here . Your password will Appear.

P.s. Do not Share your password with Anyone Because it Can be used in loop for any Kind of messages.

okay Now we are done with 50% of the task .

Now we need to write the php Script Which will Send Messages to WhatsApp Registered Number.

You will need 2 things for Sending Messages to WhatsApp through PHP :

  2. Password (Which You got From The WART.EXE TOOL

Alright Sparky Lets Get this Done…..


require_once ‘./src/whatsprot.class.php’;
$username = “919xxxxxxxxx”; //Mobile Phone prefixed with country code so for india it will be 91xxxxxxxx
$password = “your password”;

$w = new WhatsProt($username, 0, “Mayank Grover Blog”, true); //Name your application by replacing “WhatsApp Messaging”

$target = ’91xxxxxxxxxxx’; //Target Phone,reciever phone
$message = ‘Hello User !! This is a Tutorial for sending messages via php to WhatsApp Account’;

$w->SendPresenceSubscription($target); //Let us first send presence to user
$w->sendMessage($target,$message ); // Send Message
echo “Message Sent Successfully”;

So Everything is Quite Clear in the above Script i.e. You need to set your Application Details Username as Mobile Number password Which you got from WART Tool Target as your Target Mobile Number and Lastly The message(Plain Text Which you need to send).


Okay Now I know many Questions are Coming in your mind.

  1. In first line Require src/whatsprot.class.php What is This. ???

You Need to Download the WhatsApi from this Link . There You Will find the src

directory with all the source files.

  1. Can we only Send Plain Text messages Or media like Images and Videos???

Yes we can send media file Also.

So Next I will be writing php script to send Media file To any WhatsApp Account.

A critical vulnerability in glibc, a core Linux library, can be exploited remotely through WordPress and likely other PHP applications to compromise Web servers.

The buffer overflow vulnerability, dubbed Ghost, was reported Tuesday by researchers from security vendor Qualys. It is identified as CVE-2015-0235 in the Common Vulnerabilities and Exposures database.

The bug is located in the gethostbyname*() functions of the glibc (GNU C Library) version 2.17 and older. It was fixed in glibc-2.18, released in May 2013, but it wasn’t flagged as a security vulnerability at the time.

As a result, some Linux distributions, especially those developed for long-term support, did not backport the patch and were still using vulnerable glibc versions when the Qualys researchers identified the security implications of the bug during a code audit.

The buffer overflow in glibc was found in the __nss_hostname_digits_dots() function; that particular function is used by the _gethostbyname function call. PHP applications such as WordPress also use the gethostbyname() function wrapper, which expands the scope of the vulnerability even as Linux distributions roll out patches.

“An example of where this could be a big issue is within WordPress itself: it uses a function named wp_http_validate_url() to validate every pingback’s post URL,” wrote Sucuri research Marc-Alexandre Montpas in an advisory published Wednesday. “And it does so by using gethostbyname(). So an attacker could leverage this vector to insert a malicious URL that would trigger a buffer overflow bug, server-side, potentially allowing him to gain privileges on the server.”

Until now, the only a proof-of-concept was built against the Exim mail transfer agent (MTA). Experts agree that such an exploit would have to climb some significant hurdles.

“The exploitation depends on being able to convince a program to perform a DNS lookup of a host name provided by the attacker,” said researcher Michal Zalewski said. “The lookup has to be done in a very particular way and must lack a couple of commonly-employed (but certainly not mandatory) sanity checks.”

The vulnerability affects glibc 2.2 through 2.17, but was patched in May 2013, though the patch was not labeled a security vulnerability and as a result may not have been widely deployed. Several other mitigations have been made public. Exim, clockdiff, procmail and pppd have been identified as vulnerable to Ghost exploits.

“This is a very critical vulnerability and should be treated as such,” Montpas said. “If you have a dedicated server or VPN running Linux, you have to make sure you update it right away.”

Montpas provided test PHP code admins can run on a server terminal; if the code returns a segmentation fault, the Linux server is vulnerable to Ghost:

php -r ‘$e=”0″;for($i=0;$i<2500;$i++){$e=”0$e”;} gethostbyname($e);’
Segmentation fault

Patching Ghost in Linux systems figures to be a bit more streamlined than the Bash vulnerability affecting Linux, UNIX and Mac OS X systems last fall, with experts suggesting that patches from the respective Linux distributions followed by a system reboot should take care of the issue. So far, Debian 7, Red Hat Enterprise Linux 6 and 7, CentOS 6 and 7 and Ubuntu 12.04 were running vulnerable versions glibc; all have released updates.

“To be clear, this is NOT the end of the Internet as we know it, nor is it another Heartbleed. In a general sense, it’s not likely to be an easy bug to exploit,” said Rapid7 CSO and Metasploit creator HD Moore. “Still, it could potentially be nasty if exploited so we strongly recommend immediate patching and rebooting.  Without a reboot, services using the old library will not be restarted.”