How to add billing address, shipping address, last 4 digits of CC to global search for Magento backend

Magento backend is having global search functionality,globalSearch
but we can not search few important fields or parameters using global search. 😦
Recently I came across a situation where I need to add many fields to the global search.
After few hours of research, I got the model classes from where it adds the fields to search.

There are three models for customer, product and order, one each.
Path of the files are: 


According to the requirement we can create our custom module in local and overwrite the file(model) over there. From the local we can modify the content of the file to add billing address, shipping address, last 4 digits of CC to global search.

The path of local file:


Note: “MyModule”  is my custom module name in local code pool.
Here I will explain how we can add different address parameters, order id , last 4 digit of CC, customers name etc. For this we will modify Order.php and Customer.php.


On this page : app/code/local/MyModule/Adminhtml/Model/Search/Order.php

 $query = $this->getQuery();
        //TODO: add full name logic
        $collection = Mage::getResourceModel('sales/order_collection')
                array('attribute' => 'increment_id',       'like'=>$query.'%'),
                array('attribute' => 'billing_firstname',  'like'=>$query.'%'),
                array('attribute' => 'billing_lastname',   'like'=>$query.'%'),
                array('attribute' => 'billing_telephone',  'like'=>$query.'%'),
                array('attribute' => 'billing_postcode',   'like'=>$query.'%'),

                array('attribute' => 'shipping_firstname', 'like'=>$query.'%'),
                array('attribute' => 'shipping_lastname',  'like'=>$query.'%'),
                array('attribute' => 'shipping_telephone', 'like'=>$query.'%'),
                array('attribute' => 'shipping_postcode',  'like'=>$query.'%'),

We need to change this snippet of code with following snippet to add order increment_id, billing details, shipping details and last 4 digits of CC.

$query = $this->getQuery();
$salesFlatQuotePayment = (string)Mage::getConfig()->getTablePrefix() . 'sales_flat_quote_payment';
            $collection = Mage::getResourceModel('sales/order_collection')->addAttributeToSelect('*');
                       ->joinLeft(array('sales_flat_quote_payment' => $salesFlatQuotePayment),
            ) ;
              $collection= $collection->addAttributeToSearchFilter(array(
                    array('attribute' => 'increment_id',                           'like'=>$query.'%'),
                    array('attribute' => 'entity_id',                              'like'=>$query.'%'),
                    array('attribute' => 'billing_firstname',                      'like'=>$query.'%'),
                    array('attribute' => 'billing_lastname',                       'like'=>$query.'%'),
                    array('attribute' => 'billing_telephone',                      'like'=>$query.'%'),
                    array('attribute' => 'billing_postcode',                       'like'=>$query.'%'),
                    array('attribute' => '',                       'like'=>$query.'%'),
                    array('attribute' => 'billing_o_a.region',                     'like'=>$query.'%'),
                    array('attribute' => 'billing_o_a.street',                     'like'=>$query.'%'),
                    array('attribute' => 'sales_flat_quote_payment.cc_last4',      'like'=>'%'.$query.'%'),

                    array('attribute' => 'shipping_firstname',                     'like'=>$query.'%'),
                    array('attribute' => 'shipping_lastname',                      'like'=>$query.'%'),
                    array('attribute' => 'shipping_telephone',                     'like'=>$query.'%'),
                    array('attribute' => 'shipping_postcode',                      'like'=>$query.'%'),
                    array('attribute' => '',                      'like'=>$query.'%'),
                    array('attribute' => 'shipping_o_a.region',                    'like'=>$query.'%'),
                    array('attribute' => 'shipping_o_a.street',                    'like'=>$query.'%'),

By adding this code we will be able to search by order increment_id, billing details, shipping details and last 4 digits of CC.


On this page : app/code/local/MyModule/Adminhtml/Model/Search/Customer.php

$collection = Mage::getResourceModel('customer/customer_collection')
            ->joinAttribute('company', 'customer_address/company', 'default_billing', null, 'left')
                array('attribute'=>'firstname', 'like' => $this->getQuery().'%'),
                array('attribute'=>'lastname', 'like'  => $this->getQuery().'%'),
                array('attribute'=>'company', 'like'   => $this->getQuery().'%'),
            ->setPage(1, 10)

We need to change this snippet of code with following snippet to add default billing address, customer’s  city, region and street.

$collection = Mage::getResourceModel('customer/customer_collection')
                ->joinAttribute('company', 'customer_address/company', 'default_billing', null, 'left')
                ->joinAttribute('city', 'customer_address/city', 'default_billing', null, 'left')
                ->joinAttribute('region', 'customer_address/region', 'default_billing', null, 'left')
                ->joinAttribute('street', 'customer_address/street', 'default_billing', null, 'left')

                    array('attribute'=>'firstname', 'like' => $query.'%'),
                    array('attribute'=>'lastname', 'like'  => $query.'%'),
                    array('attribute'=>'company', 'like'   => $query.'%'),
                    array('attribute'=>'city', 'like'      => $query.'%'),
                    array('attribute'=>'region', 'like'    => $query.'%'),
                    array('attribute'=>'street', 'like'    => $query.'%'),
                ->setPage(1, 10)

Now we can upload these two files and flush the cache. Then from backend search for any field from Global Search… 🙂


Use/Enable a payment method for back-end/admin-end orders only

In Magento, somtimes we need to enable the payment-method only for back-end orders.payment-methods
For this you can create new module in local and overwrite the payment method model in your local folder.
Following are the steps:
Note: You have enabled the method in the configuration for single/differnt store-views.
Create a new module and extend it from the class Mage_Payment_Model_Method_MethodName.
Change the variables:
protected $_canUseInternal = true;  // use in admin
protected $_canUseCheckout = false;  // use in frontend onepage checkout
protected $_canUseForMultishipping = false; // use in frontend multishippping checkout
$_canUseInternal  this variable responsible to show/hide payment method(s) for back-end orders.
$_canUseCheckout this varible is responsible to show/hide payment method(s) for frontend orders in case of onepage checkout.
$_canUseForMultishipping is responsible to show/hide payment method(s) for frontend orders in case of multishippping checkout.

Create a Custom API in Magento

Magento Planet

Magento provides ability to manage your e-Commerce store by providing calls for working with resources such as customers, categories, products and sales order. Also, you can define your own API or you can extend Core API. Sometimes, we need to provide our own API from our own website to other parties; from here this web service concept came into picture.

Here, I am going to tell you how to create your own API. Magento core API supports –

a.) SOAP (by default)

To access SOAP web service, load WSDL from URL as

for accessing Magento API V2

I am here explaining it with V2.

View original post 489 more words

HOW  XSS attack handled by different PHP frameworks?

As we know PHP is Open Source, so we can play over it. It also has list of Frameworks to follow for web development.But, while doing development we have to take care about XSS attacks. Now, Question arrise 🙂

What  is XSS?

Cross-Site Scripting (XSS) attacks are a type of injection, in which malicious scripts are injected into trusted web sites. XSS attacks occur when an attacker uses a web application to send malicious code, generally in form of a browser side script, to a different end user. These attacks can occur anywhere a web application uses input from a user within the output it generates without validating or encoding it.

An attacker can use XSS to send a malicious script to an unsuspecting user. The end user’s browser has no way to know that the script should not be trusted, and will execute the script. Because it thinks the script came from a trusted source, the malicious script can access any cookies, session tokens, or other sensitive information retained by the browser and used with that site. These scripts can even rewrite the content of the HTML page.

Basically, there are two types of XSS attacks:
1.) Stored: due to malicious code is saved on the server, and then sent to the end users, without proper encoding
2.) Reflected: due to malicious code is usually sent to the server in GET or POST parameters in http request, and the server returns that code in response, without proper encoding
It can be protect with :
a.) Filter input, escape output
b.) character encoding

How PHP FramWorks Handle XSS?
  • Yii– output escaping with integrated HTMLPurifier
  • Kohana2 – input filtering / global XSS filter
  • Kohana3 – input filtering, they recommend output escaping with HTMLPurifier, but it’s not included
  • CakePHP – offered a utility called Sanitize, but it is deprecated as of CakePHP 2.4 and will be removed in CakePHP 3.0
  • CodeIgniter – input filtering / global XSS filter
  • Zend Framework – custom output escaping
  • HTMLPurifier is a great solution when you need to display clean HTML that came from untrusted source, but for escaping every piece of data, which won’t be displayed as HTML, is overkill.
  • Global XSS filtering is a very bad idea, beacuse of the reason we mentioned above, you don’t know in which context the data will be used.
  • Sanitize : add() – Sanitize the data in the controller before saving
    beforeSave() – Sanitize the data in the model callback before saving
    afterFind() – Sanitize the data in the model callback after finding
  • OWASP has good security encoding library, but unfortunately, PHP version is not complete yet. They have a good reference for this matter. View
<body><?php echo htmlencode($untrusted_var); ?></data>
<input value=”<?php echo htmlencode($untrusted_var); ?>” />
While we can in most cases just use php’s htmlentities function.
So, it’s better to write custom wrapper functions, so we can change code only in one place if, for example, we want to add additional filtering or switch to another library.
function htmlencode($str) {
    $str = HTMLPurifier_Encoder::cleanUTF8($str);
    $str = htmlspecialchars($str, ENT_QUOTES, ‘UTF-8’);
    return $str;
This function will encode all html characters and prevent breaking the context.
If you need to write user data which contains html, HTMLPurifier will do the job.
I hope this will help you to understand XSS and to use it in your web development eailsy. 🙂
Enjoy Coding!

Speech Recognition in Web Form


Now a days we use speech recognition in various handhold devices like smart phones, tablets etc. Like saying “play album” will start play your album, “open calculator” will open calculator etc.

Lets come to web forms. How about there are a search field and you are searching for contacts by saying “contacts” or filling up name field by saying “John”.
This is very helpful for inputting long sentences and difficult words.

View original post 115 more words

S3FS – Mount Amazon S3 Cloud Storage into Linux System


As continuation of my previous writing Amazon S3. Easy, Reliable and Fast Cloud Storage, today in this blog we will try to mount Amazon s3 bucket on Ubuntu system. We already have seen there are several advantages of using Amazon s3 storage. Now question is how we can use it in our program.

There are mainly two way to integrate it with our program:-

– Web services provided by Amazon to store and retrieve files.
– Mount s3 bucket into local system.

View original post 600 more words