Feed: Magento website development - AggScore: 45.5

Important tips about Magento Template Development and Magento web solutions

---

Why Magento website development is useful for Ecommerce websites?

---

Special tips about Magento Customization and Magento Theme Development

---

Hire PHP Programmer – Web Development – Website Design Company

---

How to add new layout template for Magento

---

Many times we need to add new layout skeleton rather then 2colums-left, 2columns-right, 1column and 3columns. Here is the way how we can add more layout structures.


You can make modification directly in app/code/core/Page/etc/config.xml but if you don’t want to touch core file, I recommend you to follow these steps:

Create config.xml under app/code/local/Magestore/Page/etc


Now, open app/etc/modules and create file Magestore_Page.xml


You have to create a file named '3columns-cms.phtml' under app/design/frontend/[YOUR_PACKAGE]/[YOUR_THEME]/template/page.

Now, log in your admin, go to Cms -> Manage pages, click Add new page. In Custom Design tab, you can find new layout you just created:

Whats New in Magento 1.4.1.0

---

Improvements

• Added ability to use static URLs for media in WYSIWYG or image browser. Added ability to enable parsing store, skin and media directives on catalog frontend.
• URL rewrites history: ability to auto-generate custom rewrite with redirect from old to new URL when changing product URL-key
• Added ability to exclude a category from navigation menu
• Various improvements in system configuration UI. Introduced ability to make actual configuration structure to be independent on the system.xml structure
• Added "Only X left" inventory feature
• Implemented Centinel functionality in iphone theme
• Upgraded TinyMCE to v.3.3.2
• Improved PayPal integration, includes:
  * Recurring payment profiles entity and purchasing of "subscription" products. In checkout they are treated as "nominal" items.
  * Billing agreements
  * "Pending Review" order state, "Pending Review" and "Suspected Fraud" order statuses and logic related with this. Triggers by PayPal IPR, FMF and Unilateral payments.
  * Functionality of transactions listing/searching and fetching from gateway
  * Fetching PayPal settlement reports via SFTP
  * Various improvements of PayPal integration on the frontend and admin UI
• Added notice about creating offline creditmemo from order view page.
• Added getter for recurring payment methods in payment helper.
• Implemented abstract block ability to have arbitrary groups of child blocks and a method that returns such a group. Implemented a method that fetches data from child block by specified alias.
• Implemented ability to specify "sort_order" instead of "before" and "after" in the totals declaration. All nominal totals declaration utilize "sort_order"
• Added getter for specified object data by key in core/template block: method getObjectData()
• Defined payment methods grouping, implemented getter for payment method list (with option to group them). Added ability to render grouped options in the "select" grid filter.
• Moneybookers: utilized the payment methods grouping for all its methods; removed redundant "translate" attribute in the methods definition in config.
• Utilized payment methods grouping for PayPal peyment methods.
• Added more verbosity to PayPal NVP and IPN debugging

Changes

• Sales module database structure changed from EAV into flat tables
• Product custom URL rewrites redirect to SEF URL, rather than to catalog/product/view/id/
• Reimplemented frontend top menu rendering logic (cross-browser and usability improvements)
• Reviewed logic of the sales reports: Orders, Tax, Invoiced, Shipping, Refunds, Coupons
• Reimplemented bestsellers report
• Implemented 3D Secure validation for Maestro International and JCB cards
• Changed Shopping cart methods output (top + bottom): removed
• Moved the Payflow Pro payment method to PayPal module
• Refactored sales/service_quote model: instead of submit() method the submitAll() should be used. It can submit nominal items separately from the order. The methods for submitting nominal items and order separately - are available as well.
• Refactored onepage checkout model to use the new method sales/service_quote::submitAll(), added recurring profiles and billing agreements passing through the process until the success page
• Utilized child blocks grouping to improve flexibility of rendering additional information in catalog/product/view template. The group is called "detailed_info"; any block from layout may insert itself to this group.
• Removed redundant wrappers hard-coded into some catalog templates. Template of parent block is responsible for wrapping.
• Refactored onepage checkout success block and template: simplified fetching related checkout information, added ability to render billing agreement and recurring profiles that might be created with the payment placement.

Google Analytics code bug in Magento 1.4.0.1

---

CSS In Magento

---

Ten Tips for Keeping your Magento Store Secure

---

Are you worried about the security of your Magento store? Magento has a number of built-in security features aimed at keeping you safe, but there are some steps you can take to make your site even more secure. Follow this ten-point security policy to protect your site from hackers and security breaches.

1. Choose a secure password

When you're choosing your Magento site's administrator passwords, choose wisely. Depending on your configuration and permissions, this password may give access to customer information and credit card data. This is probably review for most readers, but here are some guidelines for creating a really secure password:

Bigger is better. Use at least 10 characters.
Mix upper and lower case, punctuation, and numbers.
Making your password phonetic can make it easier to remember and type quickly.

2. Require HTTPS/SSL for all pages with logins

Each time you send data over an unencrypted connection you run a risk of this data being intercepted by an unwanted third-party. Login credentials are no exception. To minimize the risk of your username and password landing in unscrupulous hands, always send it over a secure connection. By always sending your login information over an encrypted connection, hackers are limited to expensive and extremely difficult brute-force attacks.

How to require HTTPS/SLL in Magento
In Magento you can require secure logins by selecting "yes" for both "Use Secure URLs in Frontend" and "Use Secure URLs in Admin" by going to the "Secure" section of the "Web" tab in the system configuration. In order to access the system configuration, go to the "System" menu and select "Configuration."


Set "Use Secure URLs" to "yes" for both the frontend and admin

3. Don't use your Magento password for anything else

Do not use your Magento password with any other web services (such as email) or any other sites (such as Twitter, Facebook, Flickr, etc.). Third-party sites may not require or even support HTTPS/SSL to login, breaking rule number two. In the event that a third-party website is hacked, your password may be vulnerable.

4. Use a custom admin path

By default, you access your Magento admin panel by going to your-site.com/admin. Having the path to your admin panel path easily guessable means that someone or something (i.e. a password-guessing robot) can snoop around and try to guess your password. By having your admin path be a secret code word instead of the default /admin, you can prevent users from guessing your password or using it if they do somehow get a hold of your password.

How NOT to change your Magento admin path
Tucked in the "admin" section of the system configuration, the "Admin Base URL" setting looks like it offers the ability to set a custom admin URL and choose whether to use that custom URL or not. But BEWARE: this setting will break Magento by preventing you from accessing the admin panel (I've tested this and found this to be true as of Magento 1.4.0.1 and earlier).



BEWARE: Do not use the admin base URL settings; it will break your site.

How to change your Magento admin path
Although the setting does not work, there is an easy way to change your Magento admin path.

Locate /app/etc/local.xml
Find and replace 'admin' with the path you would like to use

So if your local.xml file says , your admin path will be /drawbridge.

5. Close email loopholes

Magento has a really convenient feature that allows administrators to reset their password if forgotten. In order to reset your password, you need to know the email account associated with the account. Then you need access to that email account to retrieve the new password. First, choose an email address that is not publicly known. Second, make sure the password for your email account is secure. Third, make sure that if your email account has a security question that allows you to reset your password, you choose a question and answer that is so obscure that it would be impossible to guess.

6. Use secure FTP

Guessing or intercepting FTP passwords is probably one of the number one ways sites get "hacked." In order to prevent unauthorized access to your sites FTP, use secure passwords and use SFTP (SSH File Transfer Protocol) or FTP-SSL (Explicit AUTH TLS). With SFTP, you can use Public Key Authentication to increase security even more by requiring a private key file and an optional de-encryption password to authenticate the FTP access.

7. Limit unsecured FTP access

If you do have to connect through regular (non-secure) FTP for some accounts (i.e. to upload photos), limit access for these accounts to a narrow set of directories. You can then use .htaccess and httpd.conf files to prevent scripts from running in these directories that can change other files and directories on the server that should not not be accessible through that FTP account.

If you have access to the httpd.conf file on your server, this is the best method to preventing scripts from running in a specific directory. Place this code in your httpd.conf file:


AddHandler cgi-script .php .pl .py .jsp .asp .htm .shtml .sh .cgi
Options -ExecCGI


If you don't have access to httpd.conf, you'll have to use.htaccess. Include the following code in the .htaccess file of the directory you want to restrict:


Because .htaccess does not support the tags, the .htaccess file must be placed in the directory you want to effect. Because of this, you need to set the permissions of the .htaccess file to 444 (read-only) to prevent modifications to the .htaccess file. You may also want to chown the file so the permissions cannot be changed. This method isn't fool-proof, but it's a good start to preventing naughty scripts from wreaking havoc.
 
Important: placing this code in a directory's .htaccess file will prevent scripts from running in that directory and all sub-directories.

8. Don't save passwords on your computer
 
Most modern computers and browsers offer the option to save passwords as a convenience so you don't have to enter your password every time. This is great most of the time, but can be a security problem because often saved passwords can be easily revealed in plain text. Anybody with access to the computer has access to the sensitive data. Even worse, someone could steal the computer and then use the saved passwords to access the sensitive data. To avoid unintended access to your Magento password or data, simply set your computer or browser to never save it— this might be a bit inconvenient, but it's a great security policy.

9. Keep up-to-date anti-virus software
 
Computer viruses and trojans can steal your data and log your key strokes. To minimize the risk of this happening, be sure to invest in reputable anti-virus software. Free anti-virus software like AVG may be great for home and personal use, but if you want indemnification or a warranty, you may want to look at commercial anti-virus software.

10. Restrict admin access to only approved IP addresses
 
You can use .htaccess to limit access to your admin area. In the .htaccess file for your admin directory, place the following code in order to block access to all IP addresses except those specifically listed:

AuthName "Protected Area"
AuthType Basic
order deny,allow
deny from all
allow from 11.111.111.11
allow from 22.2


"allow from 11.111.111.11" blocks the specific IP address 11.111.111.11
"allow from 22.2" blocks a range of IP addresses beginning with 22.2

There is a downside to restricting access based on IP: if you travel a lot you may find this method very inconvenient as you'd have to manually add each new IP address or IP range to the .htaccess file in order to gain access.

Magento-Moving Upselling products from content to right column

---

A simple solution to display upselling products in right column rather than at content part by default. Follow this steps. 

step 1:

go to catalog.xml

Hide this block as


4
upsell4
–>

step 2:

Add the following code



after this code



step 3:

go to catalog/product/view.phtml

then remove the following line or commend it
getChildHtml(‘upsell_products’) ?>
like this getChildHtml(‘upsell_products’) ?>

step 4:

create upsellright.phtml in catalog/product/list folder
and paste the following code fully

getItemCollection()->getItems())): ?>

Analysis & Usage of Collections in Magento

---

As a Magento Programmer I am fascinated by the use & simplicity of collection used in Magento. Simplicity, does not really mean being simple (it is rather complex structured) but easy to use. With the help of one of my colleague, I got down to understand how collection really represents the “collection” of data we are actually trying to get from database. Here is what I found drilling down into the Magento’s Core. I may be “not quite right” with the analysis, you can always comment.

Almost all the collections found inside app/code/codepool/Namespace/Module/Model/Mysql4/model/Collection.php are the child of parent Class Mage_Core_Model_Mysql4_Collection_Abstract. Primary thing done in the class constructor is initializing its resource and Model. If you look into one of the Collection class you can see in its constructor.

/**
    * @class Mage_Checkout_Model_Mysql4_Agreement_Collection
    * Initialize resource
    *
    */
    protected function _construct()
    {
      $this->_init('checkout/agreement');
    }

And this _init function has been implemented in its parent class as

/**
         * Standard resource collection initalization
         *
         * @param string $model
         * @return Mage_Core_Model_Mysql4_Collection_Abstract
         */
        protected function _init($model, $resourceModel=null)
        {
            $this->setModel($model);
            if (is_null($resourceModel)) {
                $resourceModel = $model;
            }
            $this->setResourceModel($resourceModel);
            return $this;
        }

The resource class can be found in app/code/codepool/Namespace/Module/Model/Mysql4/model.php. And this resource class in turn initializes the database table to be used in the Module along with the table’s primary key.

class Mage_Checkout_Model_Mysql4_Agreement extends Mage_Core_Model_Mysql4_Abstract
        {
     
        protected function _construct()
        {
            $this->_init('checkout/agreement', 'agreement_id');
        }
        ......
        }

It is this resource class that actually works out the database connections, read/write adapters and performs transactions. So this is the basic deduction about the link of collection with the database and its tables. But how are those collection formed still remains a mystery, not anymore! In this section of the post I will try to explain how are the collections really formed.

If I can, “collection” can be defined as collection or array of its resource. And in Magento case, most of the resources are database’s query results. Simply you can visualize “collection” to be array of your model’s resource. If a “query” in Magento returns a collection of all the products then it would mean that the very collection is an array of all the individual product’s object. But one question still remains how will the database query’s result transform into a Magento “collection“. To understand that we need to understand the collection class and its parents.

The class Structure for Mage_Core_Model_Mysql4_Collection_Abstract is like this.

Mage_Core_Model_Mysql4_Collection_Abstract
You can see that all collection implements two Interfaces IteratorAggregate & Countable.

IteratorAggregate is predefined in Standard PHP Library that extends Abstract Base Class Traversable. On using this Interface you can then Iterate Through Object using “foreach” construct. Countable returns the size of the Collection Object.

Among the two Interfaces, IteratorAggregate is particularly important. As you can see in Class Hierarchy both the interfaces are implemented by Varien_Data_Collection concrete class. IteratorAggregate has abstract public method getIterator() which returns the Iterator interface and the concrete Class has to implement the method on its own. It is this Iterator that provides the real iteration functionality.

So if you look into the Varien_Data_Collection you will find the getIterator() implemented like this.

/**
         * @class Varien_Data_Collection
         * Implementation of IteratorAggregate::getIterator()
         */
        public function getIterator()
        {
            $this->load();
            return new ArrayIterator($this->_items);
        }

As you can see that it first loads the “items” (I will get back to this Items) and instanciates the value to an internal Class ArrayIterator. And the Iterator returned by this function can then be iterated using foreach construct.

Looks like it is going to be a looonnnnng post, let be summarize what I’ve tried to point out until now. I’ve tried to show the link between the collection class or rather object with the database table and explain the iteration behavior of the collection object. But one question still remains how will the database query’s result transform into a Magento’s “collection“. This is where the “items” explanation need to be done.

“Items” are actually array if individual object (item) of the collection which represents the array of tuple of the database query result. As you see in the snippet above the ArrayIterator takes $this->_items are parameter. But $this->_items are not populated here on Varien_Data_Collection but rather on is child class Varien_Data_Collection_Db. Here’s the snippet from Varien_Data_Collection_Db.

How To Setup Conversion Tracking In Magento

---

3rd Party Conversion Tracking

Magento Commerce has the ability to track eCommerce sale with Google Analytics out of the box (more on that in a future post). Something that a lot of merchants struggle with is how to set up conversion tracking for other tracking software or comparison shopping engines.

How To

Here is an easy hack to track conversions for Shopzilla, PriceGrabber and the likes:

Open the file: appdesignfrontendXXXXXXXXtemplatecheckoutsuccess.phtml

At the end of the file, add the following code, this will create two variables with the order number and the order total:

1   
2        //Get Order Number & Order Total
3        $order = Mage::getModel('sales/order')->loadByIncrementId(Mage::getSingleton('checkout/session')->getLastRealOrderId());
4        $amount = number_format($order->getGrandTotal(),2);
5    ?>

After the above code snippet, copy and paste the tracking code from the third party analytics software of comparison shopping engine. Insert the following variable where they suggest placing the order ID and the order total:

1    // Order Total
2    getOrderId() ?> // Order Number

Here is a code example for the Shopzilla conversion tracking tool:

1   
2        var mid            = 'XXXXX'; // Your Shopzilla Merchant ID
3        var cust_type      = '';
4        var order_value    = ''; // Order Amount
5        var order_id       = 'getOrderId() ?>'; //Order Number
6        var units_ordered  = '';
7   
8   
9   

Date Published: May 18, 2010 - 1:56 am

How to Add Video to Products in Magento

---

Adding a video to a product greatly enhances the online shopping experience. The out-of-the-box Magento package doesn’t support video. This How-To shows just how to do that. We’ll be able to either (1) drop in HTML embed code from sites like YouTube, or (2) use an FLV file that we provide.

This article assumes you have the jQuery Javascript library installed and have “jQuery.noConflict()”‘ set up.  If you don’t have jQuery.noConflict(), then simply replace instances of “jQuery” with “$”.  If you don’t have this library, download jQuery here.

Here’s the sequence of steps we’re going to take:

1. Create a product attribute for the video code
2. Assign the newly created attribute to an attribute set
3. Modify the template files
4. Obtain and upload a copy of the free JWPlayer
5. Add video to a product using HTML embed code or using an FLV file

1. Create a product attribute for the video code.

Log in to your Magento Admin Panel. Navigate to Catalog > Attributes > Manage Attributes. Click on the “Add New Attribute” button found close to the top-right hand corner of the screen. The first tab that’s open is the *Properties* tab. You are presented with lots of textboxes and dropdowns. Here’s what to fill them in with :



Attribute Properties

- Attribute Code: video
- Scope: Global
- Catalog Input Type of Store Owner: Text Area
- Default Value: [leave blank]
- Unique Value: No
- Values Required: No
- Input Validation for Store Owner: None
- Apply To: All Product Types

Frontend Properties

- Use in quick search: No
- Use in advanced search: No
- Comparable on Front-end: No
- Use in Layered Navigation: No
- Use in Search Results Layered Navigation: No
- Use for Price Rule Conditions: No
- Position: 0
- Allow HTML-tags on Front-end: Yes
- Visible on Product View Page on Front-end: No
- Used in product listing: No
- Used for sorting in product listing: No

Then navigate to the *Manage Label / Options* tab. You only have to fill in the “Admin” value, and for this use “Video“. This can be changed later if you need to.

Click the “Save Attribute” button to save the attribute.

2. Assign the newly created attribute to an attribute set (likely Default)
While still in the Admin Panel, navigate to Catalog > Attributes > Manage Attribute Sets. From the right-hand column, labeled “Unassigned Attributes”, drag our new video attribute to the “General” group found in the middle column.

Click “Save Attribute Set” button to save the attribute set.

3. Modify the template files
You’ll need to use a text-editor and FTP client.

3a. video.phtml
Create a file with these contents:
And save the file as /app/design/frontend/[your-package]/[your-theme]/template/catalog/product/view/video.phtml

3b. catalog.xml

Open up /app/design/frontend/[your-package]/[your-theme]/layout/catalog.xml and add this line:
as a child anywhere inside this node:

… and save the file.

3c. catalog/product/view.phtml

Open up /app/design/frontend/[your-package]/[your-theme]/catalog/product/view.phtml and add this line:

4. Obtain and upload a copy of the free JWPlayer

Download the player
After you download the ZIP file, extract and upload the files using an FTP client to: /skin/frontend/[your-package]/[your-theme]/videos/*
With the FTP client, rename the “mediaplayer-viral” folder to “mediaplayer”

5. Add video to a product

In the Magento Admin Panel, navigate to Catalog > Manage Products and click on the product you’d like to add video to. You should see a textarea labeled “Video”.

5a. Use HTML embed code

In the “Video” textarea, simply drop in the HTML code you’ve received (such as from YouTube) and click “Save” to save the product.

5b. OR use an FLV file

- Upload your FLV file to /skin/frontend/[your-package]/[your-theme]/videos/

- In the “Video” textarea, specify the filename of the FLV you’ve just uploaded.

Repeat Step 5 for all of the products you want to add video to. 

Congratulations, you’ve added video to your products.

* This method is tested and working for Magento v 1.3.2.4

Magento Admin Grid: how to change number of rows

---

We had a request from our client, that we change default number of items in Magento admin grid. Now, this is very simple, when we know how to change it. Below you can see an example which uses magento observer model and event hocking “core_block_abstract_prepare_layout_before”.



First of all, make backup copies of your files.

Step 1.
This is example of event hocking, put it in config.xml

Step 2.
Create model class observer.php

It would be good that you make your own module and all put in it. I hope that you know how to make magento module.