Reset Administrator User Password in Magento 2

Magento 2 comes with a CLI that allows you to create a new temporary administrator user within few seconds. Change to the directory where your Magento installation ( such as app or bin folder ) is located and run the following command to create a user support with password 8cd98f00b20.

Voilà!

Now you can go to System > Permissions > All Users and update other users credentials.

Toggle Button Text with Internationalization

Life is easier with data attributes, but for some reason not everybody is using it to improve the JavaScript flexibility, especially for multilingual websites. Here is one example how you can create buttons with a dynamic text. In my example I am using alternating text for a preview and edit method.

Template “layouts/.html.twig” is not defined in “default.html.twig” at line 12.

I am using the statement include for dynamic sections in MODx.

It was working fine so far, but today I received the following exception that basically means, my snippet tried to include a file that doesn’t exist. The variable classes was empty that causes a broken website.

In my case I improved my snippet with an if condition.

Protect your AJAX controller action from malicious calls

If you are working with AJAX calls, you should at least verify where the calls are coming from.

Please find the complete code on Gist.

Notice: Array to string conversion in grid.phtml on line 161

I am working on a new module and just received the following notice message when I was trying to open the admin html grid.

The reason of this message is that I just copied the Grid.php from another entity that contains different database columns. So I just removed columns which are not defined in install-0.0.1.php ( especially columns with a custom renderer ) to fix the problem.

Cannot create table column without comments

Today I forgot to set a comment for my new column which broke the complete module setup procedure. Here is one example how you can add a new column to the sales flat table ” sales_flat_order_item “.

Check Multiple Magento Instances with checkr

This is a quick example how you can check the visibility of specific paths of multiple Magento instances with a shell script called checkr. For example:

  • /var/log/system.log
  • /var/log/exception.log
  • /downloader/
  • /var/
  • /backup/
  • /RELEASE_NOTES.txt

For security reasons, those folders or files should never visible or accessible from outside.

1. URLs

Create a simple list with your clients’ names and its URLs. Save this file as clients.list.

2. Shell Script

3. Run

Run this script with a custom parameter.

4. Results

Find Malware in Image Files

Malware

It’s a nightmare. Your production environment was compromised and you actually don’t know how and how much data was stolen. For sure there are different ways to be compromised. In this post I just want to explain, how hackers can get full access to your production environment by using image files.

As explained on Snapfast and Sucuri it is pretty easy to store any kind of PHP code in EXIF headers. Often times it only needs a simple script to create an administrator account. If you are using third-party extensions with an image upload function or if you are late with the last security update, there is a high risk to be compromised.

You can use commands like svn status or git status to find changes, but this is no guarantee to find malicious code, because oftentimes your /media/ or similar folders are not version controlled.

Here is one simple command how you can find infected image files.

In case if any file is infected, you will see the following search result.

5 useful commands for your daily work with Magento

Daily Work

1. Backup your media/catalog

Create a manually backup of media/catalog without /cache/ folder

The same with the current date in the filename.

2. Files not owned by apache

Find files which are not owned by apache group or user. This is useful if you want detect possible permission issues.

3. SQL / CSV files in your document root

You should never left database dump or other export files with sensible information in your document root, because there is a potential risk that those files can be downloaded from outside, depending on your security settings. To make sure your production environment is save, just run a simple ” find ” with the option ” iregex “.

4. List report files created in the last 24 hours

Here are some more options you can use for ” -ctime “.

5. Truncate log files

A fast growing system.log or exception.log can be the cause of a server outage. If you want empty log files on a production environment, the command ” truncate ” will help you.

For further debugging you can keep log data by specifying the size.

Practical grep command examples for your Magento log file audit

Improve your bug fixing routine with some simple grep commands. Run these commands before any production deployment just to make sure your new code is working properly. To reduce the output on your terminal, extend my examples as you can see below.

Count the results with ” wc -l ” at the end.

Display the 1000 rows with ” tail -n 1000 ” at the beginning.

1. System.log

1.1 Access to an array by a key that doesn’t exist

1.2 Use a variable that wasn’t previously defined

1.3 Debug output generated by Mage::log()

1.4 Any kind of permission issues

1.5 Missing Magento template files

1.6 Access to a non-object

1.7 Missing argument in a function call

1.8 Invalid argument supplied to a loop

Find all:

2. Exception.log

2.1 Any kind if XML issues

2.2 Specific Authorize.net gateway issues

2.3 Specific PayPal gateway issues

2.4 Find general curl issues

Find all:

3. Reports

Find the last 10 error report files and grep for any kind of error message.
3.1 MySQL connection issues

3.2 Invalid config field

3.3 Unable to read response

3.4 External urls redirect

Find all:

4. Apache error logs

4.1 Find missing files caused by any reason