Must Read If You Truly want to become a true hacker

1) Never trust sites that ask you for money in return of Hacking Softwares or who claim to Hack Email Id’s in return of money. All such things are Scam . Nothing Works.

2) There is NO DIRECT SOFTWARE to Hack Facebook , Google , Yahoo or any other big website. All the softwares that claim to do so are scam. They are just meant to take your money and in worse cases, those softwares have trojans or keyloggers in them. As a result your account gets hacked trying to hack others.

3) NEVER EVER use the keyloggers or trojans you find as freeware on internet. Hackers are not fools. They compile keyloggers and trojans almost with any such software and when you install them , you are already hacked before even trying to hack others.

4) You are never going to be a good hacker without the knowledge of programming and scripting languages. When you are going to use only ready made softwares and would depend on them for hacking anything then your
functionality would be limited upto the functionality of the software. When you are not going to use your brain , just doing the copy paste thing, then how can you even think of being a good hacker.

5) If you are a good Hacker, you already become a good programmer , a good script writer , a good web developer and an excellent security expert. Well any good Hacker will/should have good knowledge of various aspects and programming languages. to do XSS (Cross Site Scripting ) , PHP INJECTION , SQL INJECTION , PHISHING , FOOTPRINTING etc… you will have to be good at programing and scripting. And when you know the Various loop holes , vulnerabilities and security tips, you already become a Computer Security Expert. So Never Ever Under estimate the term Hacker. A Hacker Is Not a person who just hacks email id’s or servers but a True Hacker is a Computer Genius who the knowledge of computers more than anyone.

Hands on: BSNL Penta Smart PS501

BSNL has launched a new 3G Android phone in India called Penta Smart PS501. This handset is the operator's first smartphone, though it has dabbled with tablets previously. Priced at Rs 6,999, the new smartphone is a budget device with Android inside, aiming to make a mark in an overcrowded segment.

Here's a hands-on review of the BSNL Penta Smart PS501 to give you a glimpse of what the device offers:

Penta Smart PS501 reminds us of Samsung Galaxy S2 in terms of design. The thin chrome lining along the sides, metallic Lock/Power key on the right and Volume Rocker on the left make it hard to miss the resemblance between the two handsets. Below the screen is combo of Options, Home and Back haptic keys. Overall, the design looks a little dated.

The build quality of the phone is very good, though it is a little bulkier than we would have liked. It feels sturdy and good in the hand, even better than the Micromax Canvas HD (which costs at least Rs 5,500 more). The body is made of glossy plastic, which makes the handset a little slippery when help loosely.

The display of BSNL Penta Smart PS501 measures 5-inch, with 854x480p resolution. Though the screen size and resolution amount to a meagre pixel density of 196ppi, the colour saturation of the phone is very good, giving you quite a crisp display. The colours are vibrant and brightness level is above par. Overall, we are quite impressed with the screen quality of the phone, ranking it ahead of the Micromax Canvas Viva and Videocon A42.

Penta Smart PS501 runs on stock Android 4.2 (Jelly Bean) operating system, sans customization. However, you get a few preloaded apps like Flipboard, WhatsApp, Opera browser, Backup and Restore and Mobile Security, among others.

On the performance front, Penta Smart PS501 is a bit off the mark. Instead of a smooth experience, we get a slightly slow response. When we started the device, we noticed a slight delay when we pushed the right button and when it actually unlocked. This issue remained in the course of this hands-on experience. Nevertheless, apps opened without problems, though there was a little lag when we downloaded around 40 apps.

Camera performance of Penta Smart PS501 is below par. Though the phone comes with touch focus feature, the end result is slightly blurry images. The colours are good but there is not enough detail and indoor images are marred by a lot of noise.

The phone is powered by a 1,800mAh battery, but we will have to wait for a full review to see how long it lasts on a single charge.

Overall, BSNL Penta Smart PS501 seems like a decent handset, adding to the already burgeoning budget smartphone market. It does not have much to distinguish itself from the wide range of low-end Android phones in the market today, though the screen quality and sturdiness give it a slight edge. Wait for our full review to see whether this handset is worth buying or not...

Source : TOI

Joy of Programming: A Bug or a Feature?

A puzzling aspect of bugs is that they often turn out to be features (and vice versa)! Let’s explore this interesting topic with an example.




In my experience working with enterprise software, I come across numerous reports by users about bugs in the software. On detailed analysis, such “bug reports” often turn out to actually be “features” of the software, or misunderstood functionality of the software. It is difficult to give a generic example of this problem, since it is very specific to the context of the application. However, I recently came across an example that anyone can relate to.

I was trying to rotate an image in MS PowerPoint. We can right-click on an image and type the rotation degree in the text-box that pops up (see Figure 1).

Figure 1: A 'bug vs feature' example from MS PowerPoint

By mistake, when I typed a degree outside the range -360° to +360°, a help message popped up. I thought it was asking me to “Enter a value from -360° to 360°”, but on looking closer, I realised it read, “Enter a value from -3600° to 3600°!” 

I thought it was a bug in both the help message and the software, because the text-box accepted the range of values from -3600° to +3600°. However, when I tried typing outside the range -3600° or +3600°, the software rounded the degree to -3600° or +3600° as appropriate, and used the modulus of 360 to determine the rotation angle. So, it was clear that this was not a “bug”, but an intended “feature” in the software!

So, in general, should this be considered a bug or a feature? We all know that you can rotate an image from -360° to +360°; for angle values outside this range, the rotation angle is the same as the angle value mod 360°.  So, when we try rotating the image in software, we expect two possibilities: either the software limits the range from -360° to +360°, or it accepts any range of values, and applies mod 360° to determine the rotation angle. 

However, it is unintuitive and unexpected that the allowed range is from -3600° or +3600°, in which the acceptable angles are 10 times the range. Specifically, the range of acceptable angle values is 10 times (an arbitrary limitation assumed by the software) the expected range, which is incorrect. Hence, it is a bug in the software. However, if you post this bug to the developers of the software, they will reject this as a bug request. Why? From the software vendor’s perspective, this range value was thought about, and extra range (10 times the expected range) is allowed as a ‘feature’, and hence it’s not a bug!

In my work experience, I remember many heated debates with customers (or even within development teams) about whether the given problem was a bug or a feature. The problem becomes complicated, and results in a strange situation where the bug is used as a feature! Assume that the software you have shipped has a bug. The customers don’t know that it is a bug, but think it is a feature, and start using it. Now, even if you realise that it is a bug, you cannot fix it. 
Why? Since customers think it is a feature, if that feature is not available anymore in the new version, they will start complaining in a big way. Hence, you would need to support that “bug” in future releases too. This requirement is known as “bug compatibility”: you not only need to maintain compatibility with the old “features” supported by the software, but also maintain compatibility with old ‘bugs’ in the newer version of the software!

This “bug compatibility” problem is very pronounced in APIs (Application Programming Interfaces). For example, once a library or a framework is publicly available, you cannot fix the bugs that were introduced in the earlier releases. Doing so would break the compatibility with the existing users who are still using the old version of the library. This is one of the reasons why API development is a challenging task; we need to get it right the first time, or else we’ll never be able to fix it to get it right.



Sourse : LFY

Tips and tricks for using two factor Authentication Technology

Single password protection techniques, while a well-used and ancient method of protecting access to information or location, are no longer something that can guarantee a reliable means of protecting what you want to keep private. 


With the widely distributed existence of intrusion methods like keystroke loggers, phishing attacks, eavesdropping in general and dictionary attacking programs that can run through millions of possible passwords in minutes, having a single password as your only protective barrier to data entry is not something you can entirely trust.

Because of this a new standard in data protection has had to be developed that is much more secure. It is called Two Factor Authentication and has become very popular in the digital world recently. Used by online software applications like DropBox, data storage platforms like those belonging to Google and numerous other server or physical machine based access points, two factor verification comes in many forms.

However, its essential structure is as follows: Instead of a single access password that gives a user entry to a given area of digital space, two independent and separated factors are used instead. One of these remains the password while the other is a piece of completely distinct access data that is usually delivered either via message to a mobile device or directly to a physical data token.

However two factor authentication is specifically implemented, the key feature that it needs to have is a two level access system of two completely distinct pieces of login data. In less robust systems, the secondary token or mobile device based login data will be a secondary static password or a static access chip; in more robust two factor authentication setups, in addition to the original classical password, the secondary access key is a one-time item, meaning that each new login attempt generates a unique access key for that one single session, sent to a physical token or a mobile device (phone usually, could also be a tablet.

Most commercially available two factor systems are too complex and expensive for home or small business computer networks and, although this is changing thanks to innovations by the people at Google and other companies, cost remains something of a burden for smaller operators who want to secure their computers or compact server networks.

However, not all is lost; even you, whether you’re working with online data management apps, your personal computer or even a small Linux based server network, can set up two factor authorization to maximally protect all your crucial data access points with the best reasonably possible security.


Online Applications
 
Numerous online applications and platforms are designed to let you enable two factor authentication.  The online cloud storage system DropBox, Google and all of its accounts, Facebook and a number of other lesser known programs are all two factor capable. Let’s cover the three most commonly used online platforms.
If you happen to use Google for your email, social networking and document storage (through Drive) you can set up two factor protection simply by visiting this page: http://support.google.com/accounts/bin/answer.py?hl=en&answer=180744 and following the steps that are clearly outlined.

In the case of Facebook, two factor authorisation can be enabled from within your account settings gear icon by clicking on the “Privacy Settings” tab and then clicking on “Security on the left-hand side. There you will be presented with a list of items, “Login Approvals” and “Recognized Devices being the two you should select.  A handy guide that’s been created by Facebook itself is available here: http://www.facebook.com/note.php?note_id=10150172618258920
With DropBox, arranging two factor authentication is also pretty simple. You simply log into your DropBox dashboard, go to “Settings”; select the “Security Settings” tab and enable two factor authentication. From there you should follow the step by step instructions that the system itself gives you.

In the case of all of these above web-based applications and many others that you’re likely to find with services such as online banking and cloud computing companies, the essential secondary login token will be either a static or variable passkey that’s delivered to your mobile phone. This represents a classical and very common two facto setup that is both hassle free and easy to implement amongst millions of customers because it does not depend on any specialized hardware or programming knowledge.


Linux Servers and Machines
 
If you’re running a small home or business Linux server distribution, you can create remote access to it at no cost and without going through numerous expensive enterprise level two factor providers like RSA Verisign or Pinsafe. How do you do this? Simple; you can rely on the power of a freely downloadable authentication module called Google Authenticator, created by none other than Google for allowing you to use your mobile device, be it iPhone, Android or Blackberry based, as a soft token for two factor access to your Linux server logins through dynamic (variable) passcodes.

As a starting point, you’ll need to download Google Authenticator from here for your particular device: http://code.google.com/p/google-authenticator/.
After that and before doing anything else, you’ll also have to enable two factor verification to your Google Accounts as described above.  The steps that follow from there include installing a PAM module for your particular Linux system (Ubuntu, Red Hat, etc.) and configuring it to create a series of authentication keys for different mobile users you plan on allowing into your system. PAM stands for pluggable authentication module, and is designed specifically for plugging different kinds of authentication into Linux.

After you have done the above, you will also need to activate Google authenticator on your mobile devices and configure it so that it connects to your Linux server’s SSH login.

There are a lot of further technical details behind this process, many of which get addressed in far more detail here: http://www.howtogeek.com/121650/how-to-secure-ssh-with-google-authenticators-two-factor-authentication/ and here: http://www.mnxsolutions.com/security/two-factor-ssh-with-google-authenticator.html
But, on the whole, using Google Authenticator to set up two factor verification with multiple access codes and multiple mobile user accounts for SSH based Linux access is quite a bit easier than doing the whole thing through the OpenSSH that’s built into the Linux OS itself.


Commercial Network/Computer Protection Alternatives
 
If you’re not inclined towards technical two factor enabling related work, there are also some very low priced commercial vendors out there who will create highly secure two factor authentication systems for your smaller organization/business network. These security companies don’t offer the more robust physical token systems that Verisign and RSA handle, but they will allow you to install easy to use mobile phone based two factor access on your own system.

Three good and low priced examples that you should consider are Phone Factor (https://www.phonefactor.com/), (http://www.authentify.com/) and Duo Security (https://www.duosecurity.com/ ). Of these three, Phone Factor actually offers free two factor service for networks that will have less than 25 different users trying to access them.



Source : LFY

Methods To Lock Down WordPress wp-admin, and Accessing it Using SOCKS5 Proxy

It’s as simple as this: have SSH listen on the standard port 22, and when you check your server logs, you see all sorts of random people trying to login to your server. Same thing goes for any content management system with an obvious admin URL. A good example is WordPress. Unless you do some voodoo hacks to change the location of URLs (yes, I exaggerate), it can be accessed from example.com/wp-admin/ or example.com.com/wp-login.php.

The htpasswd way!

The easiest thing to do is lock down the wp-admin folder with an htpasswd (as we showed you in an earlier article on Nginx). On Apache you follow a similar directive.
It’s even easier on a shared hosting environment. Simply login to the Web host’s admin console, fire the app icon that says something similar to “password protect directories”, password protect the wp-admin directory, and you’re done. From next time on, when you go to example.com/wp-admin/it will prompt for a second layer of authentication before it brings up the WordPress login screen.

 
 Web server directory access authentication for accessing /wp-admin/

This is good enough for most cases, however, it still doesn’t stop people from accessing example.com/wp-login.php, because the wp-login.php file is on the root of WordPress directory. (Note that in this case, once WordPress authentication is successful, it will still throw the htpasswd authentication pop-up before redirecting you to wp-admin.) Naturally, it makes many of us uncomfortable seeing people trying guess work.

Let’s take an easy example. Install the Limit Login Attempts plugin (it helps you set a limit to the number of failed logins from a particular IP address, and based on that bans it for a set period of time).

What’s interesting is you still see access attempts from random IPs even after setting the htpasswd… because from example.com/wp-login.php, the htpasswd kicks in only if the WP authentication succeeds (as I mentioned).
Open the settings page of Limit Login Attempts plugin and you see something like the following screenshot.

 

Random login attempts on the WP backend

So, people can keep the guess-work business going as long as they keep changing their IP address after Limit Login Attempts bans their IP for a time frame.

The real obvious thing to do is password protect the wp-login.php file too. The downside is, the admin console of a shared hosting service most probably won’t have a dedicated application to handle that — the “Password Protect Directories” app seems to be only good for, well, directories.

The clue lies in the wp-admin/.htaccess file that app creates. Fire your Web host’s file manager application, open that file — it should look somewhat like this:

AuthType Basic

AuthName "protected area"

AuthUserFile /path/to/.htpasswd

AuthGroupFile /path/to/.htgroup

Require group myNewGroup

Require user myNewUser

Why not use the same username/password to protect wp-login.php. Open .htaccess file on the root directory of WordPress and append the following in it:

<Files wp-login.php>

AuthType Basic

AuthName "protected area"

AuthUserFile /path/to/.htpasswd

AuthGroupFile /path/to/.htgroup

Require group myNewGroup

Require user myNewUser

</Files>

Simple, isn’t it?




This way we save the unnecessary processing load on PHP and MySQL for unauthorised access requests. However, the Web server connection remains open (for a while, at least) for htpasswd authentication.

 

 Apache .htaccess when you have a static IP

What is we want the Web server to close the connection with an error as soon as it detects an unauthorised access — bypassing the password prompt?

The job becomes a bit easier if you have a static IP address from where you always login. Then by appending the following directives in .htaccess files of WP’s root directory:

<Files wp-login.php>

Order Deny,Allow

Deny from all

Allow from xx.xx.xx.xx

</Files>

…and wp-admin subdirectory: 




Order Deny,Allow

Deny from all

Allow from xx.xx.xx.xx

…(where xx.xx.xx.xx is your dedicated IP) you take care of the issue. 




Well, if you don’t have static IPs (in case of most DSL broadband connections) or you need to login from different places (office, home, friends’ place, etc.), this is not a solution, is it? (Yes, you can login to your Web host’s backend and keep changing/appending the the new IPs in the .htaccess files, before making a pass at the WP login — a major pain in the neck, I would say.)
But this, or the htpasswd method, is the best you can do on shared hosting environments, unless your Web host also gives you SSH access.

 

 Using Socks5 proxy

We’ll create a SSH tunnel, and use it as a socks5 proxy for Firefox to tackle the situation.

ssh -C2qTnNv -D 8888 username@example.com

After you authenticate with your password, it won’t return you the prompt (like you’d expect from a typical ssh connection.) The argument that’s important is -D 8888, which basically tells ssh to create a tunnel between port 8888 of your localhost (127.0.0.1) and the IP address of example.com. We also added the verbose mode with the -v so that we can see all activities on the session. 

<<SNIP>>

debug1: Next authentication method: password

user@example.com's password:

debug1: Enabling compression at level 6.

debug1: Authentication succeeded (password).

Authenticated to example.com ([xx.xx.xx.xx]:22).

debug1: Local connections to LOCALHOST:8888 forwarded to remote address socks:0

debug1: Local forwarding listening on ::1 port 8888.

debug1: channel 0: new [port listener]

debug1: Local forwarding listening on 127.0.0.1 port 8888.

debug1: channel 1: new [port listener]

debug1: Requesting no-more-sessions@openssh.com

debug1: Entering interactive session.

<<SNIP>>

Now before we can use this tunnel to access WP login (or generally visit websites), we need to set the proxy in Firefox. Go to the browser proxy settings dialogue and enter the IP details as noted in the following screenshot. 

Configuring Firefox to use Socks5 Proxy

An additional step is required if you’re using a service like CloudFlare for accelerating your website. Open about:config (by typing it in your FF’s URL bar), and filter for “dns”. Change the directive that says network.proxy.socks_remote_dns from false to trueas shown in the following screenshot. 

Changing about:config settings in Firefox

This additional step will also send DNS queries through the tunnel (that otherwise would have resolved over your normal Internet gateway).

Now go to a service like whatismyipaddress.comand see where it says you’re located at :-)

 

The world seems to think I'm connecting from my Web server

Anyway, copy this IP (which is typically your shared server’s IP; although it’s sometimes different — for example, in case of Media Temple’s gs shared hosting setup, as I realised while writing this article) and paste it in place of xx.xx.xx.xx in the Allow from statements of .htaccess files we mentioned earlier.

That’s it, we’re done! Launch some other browser besides Firefox, and try to access www.example.com/wp-login.phpand you should see this:

 

The Web server closes a connection with a 403 error the moment the IP address doesn't match; no more prompts, etc.

While on Firefox, the same URL gives you access to WP login screen. Neat eh?

When the Web server is Nginx

If you’re on a vps, or dedicated server, chances are you’re running nginx as a web server instead of Apache (like we are). To restrict WP logins to a specific IP address add the following location blocks to your Nginx server configuration files:

location /wp-admin {     allow xx.xx.xx.xx;     deny all; }   location ~* ^/wp-login.php$ {     allow xx.xx.xx.xx;     deny all;     try_files $uri =404;     fastcgi_split_path_info ^(.+\.php)(/.+)$;     include fastcgi_params;     fastcgi_index index.php;     fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;     fastcgi_pass unix:/var/run/php-fpm.sock; }

Restart Nginx server. Henceforth, if you don’t use the socks5 proxy, you’d see this.

 

Nginx also likes to throw a 403 error and close the connetction

Note that, the fastcgi parameters will change depending on how you’ve setup your nginx configurations — so make sure you adapt the above to your settings.

While you’re on Varnish

Meanwhile, in case you’re running Varnish as a reverse proxy in front of your Web server, like we are, then adding these rules in your Web server’s config files won’t make any difference. This is because the Web server will see all requests are coming from 127.0.0.1. Although, technically you can make use of the X-Forwarded-For directives to tackle this, but why not let Varnish directly handle this? It would be faster by saving your Web server some trouble.

Open your default.vcl file, and append the following highlighted lines at the beginning of your vcl_recv section:

sub vcl_recv {

    # Ban outside access to wp-admin

    if (req.url ~ "wp-(login|admin)" && !client.ip ~ internal) {

    # Have Varnish throw the error directly.

    error 403 "Hey there sneaky pants! What are you trying to do?";

    }

# Your existing recv-routines follow...

 

}

 

Here we’re asking Varnish to throw a 403 error directly by setting an acl for wp-login.php and wp-admin. Time to put the server IP by creating this acl internal that we defined:

acl internal {     "xx.xx.xx.xx"; }

Restart the varnish service. Here’s what you’ll see now when you try to login without creating the SSH tunnel:

 

Varnish's way of tackling unauthorised access

That’s from our production server — don’t mind the language :-)

Like you can see, as long as you can ssh into your server to create a tunnel, you can restrict the admin access to yourself. Besides, the best part is, since SSH is an encrypted protocol, you don’t have to worry about someone sniffing for your login passwords that typically travel over an unencrypted HTTP protocol in WordPress.

Guess I’m done here. You can pretty much adapt these to any other CMS by changing a few things like wp-admin and wp-login.php with your specific admin authentication URLs. Of course, connections over VPS is another option that you can try rather than creating socks5 proxies this way.

Reference

Read this excellent article on calomel.org for a deeper understanding of socks5 proxy, and other associated Firefox about:config tricks.



Source : LFY 

phpVirtualBox — Accessing VirtualBox from a Browser

This article introduces phpVirtualBox, an open source, AJAX and PHP-based implementation of the Oracle VirtualBox user interface.

Oracle VirtualBox is great enterprise-ready virtualisation software. However, what it lacks is a powerful Web-based management interface. Usually, people prefer VMWare over VirtualBox, as it has a good Web-based remote management interface.
phpVirtualBox provides an interface that’s a VirtualBox-look-alike for people who are not command-line savvy. Through phpVirtualBox, you can control a headless VirtualBox VM from a Web browser, including operations such as start/stop VMs, take snapshots, configure VMs, import/export VMs, and much more. Some of its code is based on the now inactive VBoxWeb project.
The requirements are:

• Any Web server with PHP 5.2.0 or later; xampp will be good.
• A working installation of Oracle VirtualBox 3.2.2 or later.
• Any Web browser — Firefox, Opera, Chrome or IE — will do the job.

Installation on Windows

Installation is very simple. Here, I’m using Windows XP SP3.
Install Oracle VirtualBox OSE 3.2.10, and then install xampplite-win32-1.7.3. Download phpVirtualBox and extract the files/folder into the htdocs directory. phpVirtualBox requires that vboxwebsrv.exe must be running on the Oracle VirtualBox host machine. This file is located at C:\Program Files\Oracle\VirtualBox\.

Vboxmanage setproperty websrvauthlibrary null Vboxwebsrv.exe >null

Now, edit the config.php file and change it to the following settings:

/* Username / Password for system user that runs Oracle VirtualBox */ var $username = 'administrator'; var $password = 'guesswhat'; var $location = 'http://localhost:18083/'; /*don't change if using single machine for VirtualBox and phpVirtualBox*/

Now navigate to the resulting folder in your Web browser (see Figure 1).

Figure 1: VirtualBox running on Firefox

 Installation on Linux

The installation on Linux is also very simple. I am using Ubuntu 9.10 for this demo, and installed xampp-linux-1.7.3. It comes with the latest PHP version. To install Oracle VirtualBox 3.2 on Ubuntu, first you have to add the repos for 
 VirtualBox in your /etc/apt/sources.list:

deb http://download.virtualbox.org/virtualbox/debian karmic non-free

After that, update your repository cache with the following command:

apt-get update

Now install Oracle VirtualBox:

apt-get install virtualbox-3.2

phpVirtualBox requires you to start the vboxwebsrv program, located under /usr/bin:

su vbox -c '/usr/bin/vboxwebsrv -b -logfile /dev/null>/dev/null' vbox -- user created to run vboxwebsrv(optional step, you can use your own username)

Here, the parameters are as follows:

• -b — run program in the background
• -logfile — log file location for vboxwebsrv

Now download phpVirtualBox:

wget http://phpvirtualbox.googlecode.com/files/phpvirtualbox-0.5.zip

Unpack it to /var/www or /usr/local/apache2/htdocs. In config.php, edit the following parameters:

/* Username / Password for system user that runs Oracle VirtualBox */ var $username = 'administrator'; var $password = 'guesswhat'; var $location = 'http://localhost:18083/'; /*don't change if using single machine for VirtualBox and phpVirtualBox*/

Now navigate to the resulting folder in your Web browser.

Pros and cons

Pros: Clutter-free interface for remote management, with all the goodies.
Cons: Intended to run only on a local area network, as it relies on a plain-text password.

Note: For the sake of this demo, I’m using a single physical machine for Oracle VirtualBox and phpVirtualBox. If you don’t want to burden your Oracle VirtualBox installation with a Web server, then you can host phpVirtualBox on another machine. In that case, you have to make some simple modifications, as follows:
In Windows:

Vboxwebsrv.exe -h ip.address.of.virtualbox.host /* Username / Password for system user that runs Oracle VirtualBox */ var $username = 'administrator'; var $password = 'guesswhat'; var $location = 'http://ip.address.of.virtualbox.host:18083/'; /*don't change if using single machine for VirtualBox and phpVirtualBox*/

In Linux:

su vbox -c '/usr/bin/vboxwebsrv -b -logfile /dev/null -host ip.address.of.virtualbox.host  -port 18083'

Change config.php as for Windows.

Connecting to MySQL with Python and PHP

 

We all know the power of MySQL — one of the most used open source databases and a challenge to proprietary products of the genre. Python and PHP are well-known scripting languages. We combine these two powers in this article. So fasten your seatbelts, and enjoy the ride!

 ================================================

 

As you know, there are many modules and APIs in Python. For databases, there is the DB-API, the database application programming interface. To use this API with MySQL, you need to have the MySQLdb driver. It’s built into versions later than 2.3. You can also download it from its SourceForge project page and install it with the following commands:

# tar -xvf foldername.tar.gz

# cd path-to-extracted-folder

#python setup.py install

 

Note: I am using Ubuntu 10.04 32-bit on my laptop, with Python 2.7 and PHP 5.3.2. So the data provided is with respect to this configuration.

Accessing MySQL through DB-API using MySQLdb comprises the following steps:

1. Import the MySQLdb module.
2. Open the connection to the server.
3. Run your queries.
4. Close the connection.

We will undertake these steps in a script mysqlpython.py:

import MySQLdb                                    #1

 

connection=MySQLdb.connect(host="servername", user="username", passwd="password", db="databasename")  #2

 

cur=connection.cursor()                           #3

 

cur.execute("create table lfy(name varchar(40), author varchar(40))")  #4

 

cur.execute("insert into lfy values('Foss Bytes','LFY Team')")         #5

 

cur.execute("insert into lfy values('Connecting MySql','Ankur Aggarwal')")

cur.execute("select * from lfy")                  #6

 

multiplerow=cur.fetchall()                        #7

 

print “Displaying All the Rows:  “, multiplerow

print multiplerow[0]

cur.execute("select * from lfy")

row=cur.fetchone()                                #8

 

print  “Displaying the first row: “, row

print "No of rows: ", cur.rowcount                #9

 

cur.close()                                       #10

 

connection.close()                                #11

  

 

Figure 1 below shows the output of the Python script.

 

 

 Figure 1: Output of the Python script

                 

A few notes with respect to the above code:

1. We imported the MySQLdb module to use the database API.
2. We connected to the MySQL server by calling the MySQLdb connect() function. The parameters required were the server name, MySQL username, MySQL password, and the database you want to use.
3. To retrieve query results, we created cur, an object of the cursor() class, which will be responsible for execution and fetching.
4. cur.execute() executes the query to create a table named lfy.
5. We inserted values into the lfy table.
6. We retrieved all values in the lfy table through a SELECT query.
7. cur.fetchall() will fetch all results of the query, and return them as a nested list.
8. cur.fetchone() will fetch one row at a time. You might wonder why we executed the SELECT query again — because fetchall() has already fetched all results of the previous query, and calling fetchone() would return None.
9. The rowcount property tells us the number of rows returned by the query.
10. We closed the cursor object, freeing the resources it holds.
11. We closed the connection. Always remember to close the connections; otherwise, it may be a major security risk.

Note: Python being an interpreted language, it executes code line by line. If an error occurred on the 8th line, by then, it has executed the first seven lines, creating the table and inserting entries. The connection also remains open. Therefore, I recommend you adopt error and exception handling while using databases.

Connecting MySQL with PHP

PHP is very popular for server-side scripting, and MySQL databases are widely used for storage of the data used in dynamic pages. Connecting to MySQL from PHP is quite easy, with in-built functions; it follows the same four rules we discussed in the Python section. We will do the same basic tasks as the Python script; so before trying out the code below, drop the previous table. Here’s our PHP script, mysqlphp.php:

<?php

$connection=mysql_connect("servername","username","password") or die("connectivity failed"); #1

 

mysql_select_db("database name",$connection);       #2

 

$create="create table lfy(name varchar(50), author varchar(50))";

mysql_query($create,$connection);                   #3

 

$insert1= "insert into lfy values('Foss Bytes','LFY Team')";

$insert2= "insert into lfy values('Connection Mysql','Ankur Aggarwal')";

mysql_query($insert1,$connection);

mysql_query($insert2,$connection);

$fetch= mysql_query("select * from lfy");

while($row=mysql_fetch_array($fetch))               #4

 

{

  print_r($row);                                    #5

}

mysql_close($connection);                           #6

 

?>

 

 

A detailed explanation of the above script is given below:

1. If the connection to MySQL fails, we use the die() function as an error-handling technique, to stop processing the page. The connection object is passed to other MySQL-related functions for use.
2. We selected the database we want to use.
3. We used mysql_query() to execute queries.
4. mysql_fetch_array() will fetch the results of the query in the form of an array. We have used a while loop to display the results.
5. To display the data, we used print_r(), which will display the whole row at one go. To access individual fields, use a string index of the field-name, like row["name"], etc. See the output screenshot (Figure 2) for a clearer understanding.
6. We closed the connection to the MySQL server.

 

Figure 2: Output of the PHP script

Connecting to a database is easy! So start playing with your database through scripting :-)

Source : LFY