Recently I added a function to a CMS that I have been evolving to meet the needs of ereads.com. I needed to allow users to select items (in this case ebooks) from the system and then export files that are attached to the books. So lets get started!

What is a Zip File?

“Zip files (.zip or .zipx) are single files, sometimes called “archives”, that contain one or more compressed files. Zip files make it easy to keep related files together and make transporting, e-mailing, downloading and storing data and software faster and more efficient. The Zip format is the most popular compression format used in the Windows environment, and WinZip is the most popular compression utility. ” – winzip.com



What you need to know:
Arrays, MySQL, FTP file permissions

First:

First you need to set up the tables. This is a simplified way of how to do it:

Table Name: Books

Table Name: Book_Cart

Lets assume:

- that you have all the zip files in a folder called “files”.
- that you already have a way for users to add books to the cart.
- that you have a the username of the person creating the zip stored in a session variable

Second:

You need to setup a folder for the zip file to be created. Make sure that the permissions are set to 777 on that folder. in this example we will pretend the zip folder is called “zips”.

Third:

Here is the zip function:

function create_zip($files = array(),$destination = '',$overwrite = false) {
//if the zip file already exists and overwrite is false, return false
if(file_exists($destination) && !$overwrite) { return false; }
//vars
$valid_files = array();
//if files were passed in...
if(is_array($files)) {
//cycle through each file
foreach($files as $file) {
//make sure the file exists
if(file_exists($file)) {
$valid_files[] = $file;
}
}
}
//if we have good files...
if(count($valid_files)) {
//create the archive
$zip = new ZipArchive();
if($zip->open($destination,$overwrite ? ZIPARCHIVE::OVERWRITE : ZIPARCHIVE::CREATE) !== true) {
return false;
}
//add the files
foreach($valid_files as $file) {
$zip->addFile($file,$file);
}
//debug
//echo 'The zip archive contains ',$zip->numFiles,' files with a status of ',$zip->status;

//close the zip -- done!
$zip->close();

//check to make sure the file exists
return file_exists($destination);
}
else
{
return false;
}
}

You can place this code at the top of the folder or you can stick it inside your functions include file. Now we need to run some queries to add the requested files into a zip. In the following example the function above with be included as “zip_function.php”.

include "zip_function.php";
include "database_connect_file.php";

$username = $_SESSION['username'];
$locationFilename = "zips/Book_export.zip";

$get_all = "SELECT * FROM Book_Cart WHERE username='$username'";
$rstall = mysql_query($get_all);
$export_num = mysql_num_rows($rstall);
while ($r1 = mysql_fetch_assoc($rstall)) {
$bookid = $r1['bookid'];

$qry4 = "SELECT * FROM Books WHERE id LIKE '$bookid'";
$result4 = mysql_query($qry4);

while ($row4 = mysql_fetch_assoc($result4)) {
$filename = $row4['filename'];
$files[]= "files/$filename";
}
}

create_zip($files, $locationFilename, true);
echo '<a href="'.$locationFilename.'"> Click here to download PDFs </a><br><br>';

And that should do it. All the code I provided works on mediatemple.net webservers with PHP safe- mode turned off. I found that some other servers don’t allow the creation of zip files. However if the server is set up for it, this should work.

If you have any questions, post them in comments and I will do my best to answer them.

-AD

So a hacker known as “kirllos” boasted that he has 1.5 million facebook accounts for sale. The more friends on the account, the higher the price.

This is what the new york times had to say on this:

“Researchers at VeriSign’s iDefense division tracking the digital underworld say bogus and stolen accounts on the Facebook are now on sale in high volume on the black market.

During several weeks in February, iDefense tracked an effort to sell log-in data for 1.5 million Facebook accounts on several online criminal marketplaces, including one called Carder.su.

That hacker, who used the screen name “kirllos” and appears to deal only in Facebook accounts, offered to sell bundles of 1,000 accounts with 10 or fewer friends for $25 and with more than 10 friends for $45, says Rick Howard, iDefense’s director of cyber intelligence.

The case points to a significant expansion in the illicit market for social networking accounts from Eastern Europe to the United States, he said.

Criminals steal log-in data for Facebook accounts, typically with “phishing” techniques that tricks users into disclosing their passwords or with malware that logs keystrokes. They then use the accounts to send spam, distribute malicious programs and run identity and other fraud.

Facebook says it believes that the hacker’s claims to control large numbers of Facebook accounts are bogus. The company attempted to purchase accounts as part of its investigation into the incident, said a spokesman, Barry Schnitt. However, “the hacker was unable to produce anything for our buyer,” he said.

Facebook’s investigators also discovered that “kirllos” has a reputation “for wild claims,” he said.

“We would expect iDefense or anyone presenting themselves as a security expert to do this kind of verification (or any verification) rather than just reading a forum post and accepting the claims as fact and publicizing them,” Mr. Schnitt said in an e-mail message.

IDefense could not be immediately reached for comment on the legitimacy of the hacker’s offer. However, it previously said that it did not purchase any of the accounts as part of its study because that would violate its corporate policy.

Criminals steal log-in data for Facebook accounts, typically with “phishing” techniques that tricks users into disclosing their passwords or with malware that logs keystrokes. They then use the accounts to send spam, distribute malicious programs and run identity and other fraud.

Facebook accounts are attractive because of the higher level of trust on the site than exists in the broader Internet. People are required to use their real names and tend to connect primarily with people they know.

As a result, they are more likely to believe a fraudulent message or click on a dubious link on a friend’s wall or an e-mail message. Moreover, the accounts allow criminals to mine profiles of victims and their friends for personal information like birth dates, addresses, phone numbers, mothers’ maiden names, pets’ names and other tidbits that can be used in identity theft.

Last summer, Eileen Sheldon’s Facebook account was hacked and used to send messages to about 20 friends claiming she was stranded in Britain without a passport and needed money. Ms. Sheldon, who lives in California, had recently been living in London, and one friend, believing the ruse, wired about $100 to the thieves.

Other friends smelled a fraud and warned Ms. Sheldon, who quickly reported the problem to Facebook. She does not know how her password was stolen.

While the accounts that were compromised and offered for sale could be legitimate ones like Ms. Sheldon’s, they most likely also included bogus accounts, Mr. Howard said. IDefense did not see the accounts themselves, but the inclusion of many accounts with small numbers of friends suggests the seller could have created fake accounts, perhaps using an automated tool, and sent out blind friend requests.

Many users are eager to amass friends and accept friend requests from people they do not know, even though Facebook discourages it.

Facebook says it has sophisticated systems to defeat fake accounts, including tools for flagging them when they are created so they can be investigated. This allows Facebook to “disable them before the bad guys get very far,” a spokesman, Simon Axten, said.

Facebook also monitors for unusual activity that is associated with fake accounts, like many friend requests in a short period of time and high rates of friend requests that are ignored. It also investigates reports of suspicious users .

The relatively low asking prices for the Facebook accounts points to the fact that Facebook accounts do not translate into instant profit. “The people that buy these things are going to have to do more work to make money,” Mr. Axten said. ” – NYtimes

Be careful when logging into face-book. Hackers love to create applications that ask you to re-enter your password information to use it. When you do – they get your password.

- AD

Mario Cross over lets you play Mario for NES using characters from other NES games. Contra, Metriod, castlevania, and zelda. It is really a fun way to replay an old game.

The controls are really tight for a flash game, and killing mario badies with using the other NES characters is really fun. Try using bill from contra to shoot down the stupid cloud guy that throws down the spike things. It’s really satisfying.

You get to select a new character between each level so don’t feel pressured when selecting a character for the first time.

A Quick Video I made of the game play:

Click here to play the game!