Simple Drupal 7 AJAX Implementation

Boost the performance of your Drupal 7 website, improve usability and help with SEO by making content load via AJAX in just a few steps.

Drupal AJAX is a cinch to implement—as it should be since core is loaded with it. In just a few of steps I’ll show you how to use jQuery and Drupal’s hook_menu() function to quickly build a AJAX function to return anything from HTML to a JSON array.

Continue reading “Simple Drupal 7 AJAX Implementation”

Google Analytics API Tutorial with PHP for Dummies

Build awesome apps with Google Analytics API for PHP. Learn how to use the Google Analytics API and PHP to bring data directly to your site or app.

Build some awesome apps and site functionality with Google Analytics API for PHP.

Recently I needed to build a simple web app that uses the Google Analytics API. Google’s documentation on the subject is a little lackluster and with constant updates to their interface, the documentation often times lags behind. Other times steps are completely left out because they don’t need to hold the hands of dummies like me. Well other dummies, I’m here to hold your hand and walk you through how to use the GA API with PHP. Continue reading “Google Analytics API Tutorial with PHP for Dummies”

Automatically Remove Those Pesky .DS_Store Files

If you have your hidden files shown, pesky .DS_Files pop up everywhere. Remove .DS_Store files automatically with this simple command.

If you’re a developer on a Mac, you most likely have hidden files set to show like .htaccess and .profile. That’s when those pesky .DS_Store files start popping up in every directory. If you’re a little OCD like me, they can drive you crazy. Here’s a few simple commands you can run in Terminal to have those files removed. Continue reading “Automatically Remove Those Pesky .DS_Store Files”

PHP MailChimp Campaign CSV Parser

The MailChimp Campaign CSV Parser is a PHP library to take a downloaded MailChimp Campaign CSV export and parse it in a easy-to-use array. Includes industry rates to compare statistics with.

I’ve worked with MailChimp a lot in past and current projects. My biggest compliant is they’re lack of detailed reports and overly restrictive API usage limits. A common problem I’ve had is extrapolating data from they’re campaign CSV reports — I do this because you can pull more data from the downloaded CSV at one time than the API. A long list of campaign details is useless to marketers if they can’t easy consume, comprehend and make quick decisions off the data. That’s where the MailChimp Campaign CSV Parser PHP library comes in.

Continue reading “PHP MailChimp Campaign CSV Parser”

Salesforce with Drupal in Three Easy Steps

Salesforce Suite is an easy way to connect Drupal to Salesforce, which allows non-technical staff to create extensive reports — learn how to integrate it.

This article was originally published by Drupal Watchdog in the winter 2014 edition by Fabian Franz.

The Salesforce Suite of Drupal modules is an easy way to connect Drupal to Salesforce, a Customer Relationship Management system used by retailers and non-profits alike, which allows non-technical staff to create extensive reports — reports that would be difficult to create using Drupal alone.

Although entities can be synchronized to Salesforce objects — and custom mappings created — there is lots more that can be done with Salesforce. Let’s take a look.

Getting Started

For openers, you’ll need:

To get the Developer Edition, create a developer account at

Once you’re in Salesforce, you’ll quickly notice that the site seems overwhelming. A complete overview is way beyond the scope of this article; the most important objects for our purposes are Campaigns, Leads, Contacts, and Cases.

There are many other extensions for Salesforce, extensions that provide new object types. Also, existing object types can be extended in much the same way as in Drupal.

As a best practice, always work in a sandbox environment when not working with a dev instance. It will help ensure that you can create a proper development -> testing -> production workflow.

To create a sandbox (Enterprise, Performance, Unlimited, and, go to Setup » Sandboxes » Create new Sandbox.

As the final step in this first part of the process, create an application to connect Drupal to Salesforce by going to Setup » Create » Apps and clicking on New application under Connected App. Enter the basic information (e.g. “Drupal Integration”) and activate oAuth. Enter a callback URL to your local instance. If your local development Drupal site resides at http://localhost/salesforce-test/, then your callback URL is http://localhost/salesforce-test/salesforce/oauth_callback. Select api and offline_access as scopes.

Be sure to keep your consumer key and consumer secret handy, and you’re ready to move on.

Next Steps

Download the ‘salesforce-7.x-3.x’ module and enable the salesforce_mapping and salesforce_push modules. In your Drupal site, go to Configuration » Salesforce » Authorize and enter your consumer key and secret.

If you are using a sandbox, you need to enter, under the advanced settings, as the Salesforce endpoint. After logging in, you will be prompted for the permissions specified earlier; after clicking ‘Allow’, you’ll be back at Drupal with the message “Salesforce OAUTH2 authorization successful.” At the bottom of the screen will be a list of resources.

Before mapping the user object, create field_first_name and field_last_name fields within Drupal for the user entity at Configuration » People » Account Settings » Manage Fields.

You’re now able to map the User account to a contact by going to Structure » Salesforce » Salesforce Mappings and adding a Salesforce module called “User Mapping”.

Fill out the fields as seen in the image below, and check the three action triggers (entity create / update / delete). Save, and edit your own user account at People » Edit. Add the first name and last name, and you’ll see that the user account has been synchronized with a Salesforce record (see below).

A Ticket System for Authorized Users

A typical use case is to collect data in Drupal, and then process the data in Salesforce. But for this article, we will create a quick ticket system for authorized uses that will create cases within Salesforce, using the Entityform module, which allows creating forms that can be used for collecting data — similar to Webform, but using Drupal fields.

Download and enable the Entityform module and go to Structure » Entityform Types » Add Entityform Type. Enter Ticket as the name, and select authenticated user as the role. Save the form type and add a message-long text field to it.

Next, map the entityform submission entity with the ticket bundle to a Salesforce case object like the user account. Map the field_message field to the Case description; map the user who creates the case; select Related Entities » User; and map that to Contact ID (see below).

Save the mapping and go to the submit/ticket URL (available from the Structure » Entityform Types screen), enter a message, submit it, and — voila! — your ticket has been created as a case within Salesforce.

Tip: If you copy the Salesforce ID from the message, you can go directly to to see the newly created record. (The emea prefix is for the developer edition.)


While Entityform is quite pwerful, form variations are not easily workable because only one bundle can be mapped to one object type. But with the help of the Webform and Salesforce Webform Map modules, in combination with Entityform, it is possible to create a Salesforce mapping per object-type once, and potentially re-use it across hundreds of different web forms. In this scenario, one webform is represented by a campaign in Salesforce, and recursive object creation is enabled using different Salesforce mappings.


Salesforce and Drupal are a powerful combination. The Salesforce module allows you to map complex Drupal structures to Salesforce, and by using Entityform, simple data entry forms can easily be created.

PHP Password Hashing API Tutorial

Learn how to use PHP 5.5’s password hashing API to store your user passwords more securely. A simple to use API that helps developers move towards bcrypt.

Are you hashing your user passwords? If not, you’re asking for trouble (just look at the recent password leaks). Keeping plain text passwords or using older, weaker algorithms like MD5 or SHA1 to store passwords have become outdated and less secure than newer, modern methods. For instance, with the release of PHP 5.5, you can use the new password hashing api.

Everybody knows that you should be hashing user passwords using bcrypt, but still a surprising number of developers uses insecure md5 or sha1 hashes. One of the reasons for this is that the crypt() API is ridiculously hard to use and very prone to programming mistakes.

PHP Password Hashing Functions

By adding a new, very simple to use API PHP hopes to move more developers towards bcrypt. It has four simple functions:

  • password_hash() – used to hash the password
  • password_verify() – used to verify a password against its hash
  • password_needs_rehash() – used when a password needs to be rehashed
  • password_get_info() – returns the name of the hashing algorithm and various options used while hashing

How to Hash Passwords Using PHP

Although the crypt() function is secure, it’s considered by many to be too complicated and prone to programmer error. Some developers then use a weak salt and weak algorithm for generating a hash instead, for example:

[code_highlight lang=”php”]$hash = md5($password . $salt); // works, but dangerous[/code_highlight]

But the password_hash() function can simplify our lives and our code can be secure. When you need to hash a password, just feed it to the function and it will return the hash which you can store in your database. Creating password hashes can’t be any simpler than this:

[code_highlight lang=”php”]$hash = password_hash( $password, PASSWORD_DEFAULT );[/code_highlight]

This will create a password hash using the default algorithm (currently bcrypt), the default load factor (currently 10) and an automatically generated salt. The used algorithm and salt will also be part of the resulting hash, so you don’t need to worry about them at all.

If you don’t want to stick with the defaults (which might change in the future), you can also provide algorithm and load factor yourself:

[code_highlight lang=”php”]$hash = password_hash( $password, PASSWORD_BCRYPT, [‘ cost’ => 12 ] );[/code_highlight]

That’s it! The first parameter is the password string that needs to be hashed and the second parameter specifies the algorithm that should be used for generating the hash.

The default algorithm is currently bcrypt, but a stronger algorithm may be added as the default later at some point in the future and may generate a larger string. If you are using PASSWORD_DEFAULT in your projects, be sure to store the hash in a column that’s capacity is beyond 60 characters. Setting the column size to 255 might be a good choice. You could also use PASSWORD_BCRYPT as the second parameter. In this case the result will always be 60 characters long.

The important thing here is that you don’t have to provide a salt value or a cost parameter. The new API will take care of all of that for you. And the salt is part of the hash, so you don’t have to store it separately. If you want to provide your own salt (or cost), you can do so by passing a third argument to the function, an array of options.

[code_highlight lang=”php”]$options = [
‘salt’ => custom_function_for_salt(), //write your own code to generate a suitable salt
‘cost’ => 12 // the default cost is 10
$hash = password_hash($password, PASSWORD_DEFAULT, $options);[/code_highlight]

In this way, you are always up-to-date with new security measures. If PHP later decides to implement a more powerful hashing algorithm your code can take advantage of it.

Verifying PHP Hashed Passwords

Now that you have seen how to generate hashes with the new API, let’s see how to verify a password. Remember that you store the hashes in a database, but it’s the plain password that you get when a user logs in.

The password_verify() function takes a plain password and the hashed string as its two arguments. It returns true if the hash matches the specified password. Verifying passwords is just as easy:

[code_highlight lang=”php”]// $password from user, $hash from database
if (password_verify($password, $hash)) {
// password valid!
} else {
// wrong password 🙁

Just remember that the salt is a part of the hashed password which is why we are not specifying it separately here.

Rehashing PHP Passwords

As time goes by you might want to change the password hashing algorithm or load factor, or PHP may change the defaults to be more secure. In this case new accounts should be created using the new options and existing passwords rehashed on login (you can do this only on login because you need the original password to do a rehash).

Doing this is also very simple:

[code_highlight lang=”php”]function password_verify_with_rehash( $password, $hash ) {
if ( ! password_verify( $password, $hash ) ) {
return false;

if ( password_needs_rehash( $hash, PASSWORD_DEFAULT ) ) {
$hash = password_hash( $password, PASSWORD_DEFAULT );

// update hash in database

return true;

The above snippet will keep your hashes up to date with the PHP default. But once again you can also specify custom options, e.g. password_needs_rehash($hash, PASSWORD_BCRYPT, ['cost' => 12']).

Retrieve PHP Hashed Password Info

Use password_get_info() to return an associative array with information about the given hash. When passed in a valid hash created by an algorithm supported by password_hash(), this function will return the following:

  • algo – a constant that identifies a particular algorithm
  • algoName – the name of the algorithm used
  • options – various options used while generating the hash

Compatibility for Older PHP Versions

The new API will only be introduced in PHP 5.5. Those who are using PHP 5.3.7 (or later) can use a library called password_compat which emulates the API and automatically disables itself once the PHP version is upgraded to 5.5.


The PHP password hashing API is definitely easier to work with than fumbling with the crypt() function. If your website is currently running on PHP 5.5, then I strongly recommended that you use the new hashing API. Learn more about the PHP password hashing API: