XHR Load Cross Site Forgery
Or, How Sano Managed To Defeat The Evil Browser with Javascript Black Magic.
One of the things Sano and I both end up dealing with is Javascript. Over the years we've come to understand it and maybe even hate it a little less (the advent of jQuery really brought that around, especially when dealing with AJAX or anything REST-related). Every once in a while, one of us comes up with a solution that is either completely brilliant, or absolutely retarded.
This is one of those.
if (Request.Headers["Origin"] != null)
{
Response.AddHeader("Access-Control-Allow-Origin", Request.Headers["Origin"]);
}
Response.AppendHeader("Access-Control-Allow-Methods", "POST, GET, OPTIONS");
Android Apps
For the most part, I'm pretty happy with my new HTC Inspire. As a matter of fact, I'm writing this post on it right now. But the thing that's always bugged me about open-source software is just as prevalent on the Android platform - the software is hard to use, and usually half-asses whatever it is supposed to do.
I've spent the better part of a month trying out text editors with ftp capabilities (touchqode, silveredit and Android Web Editor have been the latest), but none of them get the job done. I can't even find a decent SSH client (hell, the iPhone had that!) that I could use for remote access to nano. And let's be honest - the "job" is either being too lazy to get off the couch to code something, or being stuck away from a real PC. It's the latter that makes sense from a business perspective, though the former is probably more common.
I would settle for a basic text editor that can save/create to an ftp site, but so far I've had no luck. Sure, each app had its benefits (touchqode's code-oriented keyboard layout was nice, though having to enable/disable through the settings menu was a pain, and the syntax highlighting in Android Web Editor was absolutely brilliant), but none of them seem to fit the bill for the coder-on-the-go (or couch).
I've said before, I'd buy a tablet in an instant if there was a good, working Dreamweaver clone for the Android platform, but so far I find myself disappointed. (Honestly though, I'd settle for a notepad/ftp clone with syntax highlighting.) It may be one of those things I just have to sit down and do myself.
LDAP/eDirectory
So, this week I developed a PHP authentication schema using the LDAP functions. This was designed as a modular component, to be reusable throughout further web applications. Also means it's nice and portable. I don't have the code here at the moment, but when I do I'll release. Basically, our script connects to your NDS eDirectory server, and binds anonymously. To incorporate context-less logons, we then search for the provided username (cn) in your organization's tree.
Due to the nature of ldap_search(), you can also use this to require users from a certain tree; aka only your staff (no students), etc. This is just done by specifying OUs. eDirectory requires a TLS connection for encryption between the webserver requesting the LDAP info and the eDirectory server itself. This is nice; provided that you have an SSL connection to the page where your authentication sits, your security is already done for you! passwords will not be sent in plaintext between the NDS and web servers.
This script would be especially useful to those building web applications for use in a Novell environment, but with a few modifications it could work with other LDAP schemas too, including MS Active Directory.
In other news, I reapplied to join Indy Powerplant, and I'm planning on going to the Stompfest LAN Party on Mar 29-30.
[ASP|Access] Transportation_Web
Hello again, it's been a while since I've thrown out some free code, so here you are! I've been doing a lot of development under ASP and IIS, and this is one of the scripts I built from the ground up. It was designed to help track official changes to our students' transportation methods, but can be adapted to fit almost any project. This is an ASP (Not ASP.NET!) Web interface to an Access Database. It can create, modify, and delete data depending on the user's access level. The super user can modify and create other users in three separate classes. Feel free to use as much of this code as you want without a link back. I would like to know if you use it, and what for if possible, so send me an email or post a comment. Thanks, and enjoy the code!
Download: Transport_Web-2008-02-01_final.zip [32k]
Christmas List
Click here for my 2007 Christmas List
So here is my Christmas present to you, intarwebs: The source! This is PHP/MySQL and can be easily included in any PHP page. Get your list started early (late?) this year with new code!
<?php
//
// christmaslist.php
// Chistmas List script for weblog
//
// Author: Joshua Worden, IWM Entertainment
// Released Nov. 2007 under GPL
//
// Usage: Designed to be included on a page.
/*
--
-- Table structure for table `christmaslist`
--
CREATE TABLE `christmaslist` (
`id` int(11) NOT NULL auto_increment,
`image` text NOT NULL,
`title` text NOT NULL,
`description` text NOT NULL,
`price` float NOT NULL default '0',
`date` datetime NOT NULL default '0000-00-00 00:00:00',
PRIMARY KEY (`id`),
FULLTEXT KEY `description` (`description`)
) TYPE=MyISAM AUTO_INCREMENT=5 ;
--
-- End table structure
--
*/
// Definitions
$_site['sql-host'] = ""; // MySQL Host (localhost)
$_site['sql-user'] = ""; // MySQL Username
$_site['sql-pass'] = ""; // MySQL Password
$_site['sql-data'] = ""; // MySQL Database
// Functions
function DisplayItems($B_SORTED, $T_SORTMODE) {
if($B_SORTED) { $Q_SQL1 = mysql_query("SELECT * FROM christmaslist ORDER BY ".$T_SORTMODE." ASC;");}
else { $Q_SQL1 = mysql_query("SELECT * FROM christmaslist ORDER BY date ASC;"); }
echo "<div style=\"width:100%; text-align:center; margin:0 auto;\">\r\n";
echo "<div style=\"width:100%; clear:both;\">\r\n";
echo "<div style=\"width:20%;float:left;position:relative;\"><a href=\"?sort=image\"><b>Category</b></a></div>"; // [Image]
echo "<div style=\"width:20%;float:left;position:relative;\"><a href=\"?sort=title\"><b>Title</b></a></div>"; // Title
echo "<div style=\"width:20%;float:left;position:relative;\"><b>Description</b></div>"; // [Description]
echo "<div style=\"width:20%;float:left;position:relative;\"><a href=\"?sort=price\"><b>Price</b></a></div>"; // Price
echo "<div style=\"width:20%;float:left;position:relative;\"><a href=\"?sort=date\"><b>Date Added</b></a></div>"; // Date Added
echo "</div>";
while($T_SQLRESULT=mysql_fetch_array($Q_SQL1)) {
echo "<div style=\"width:100%; clear:both;\">\r\n";
echo "<div style=\"width:20%;height:100px;float:left;position:relative;\"><img src=/images/thumbs/".$T_SQLRESULT['image']." /></div>";
echo "<div style=\"width:20%;float:left;position:relative;\">".$T_SQLRESULT['title']."</div>";
echo "<div style=\"width:20%;float:left;position:relative;\">".$T_SQLRESULT['description']."</div>";
echo "<div style=\"width:20%;float:left;position:relative;\">$".$T_SQLRESULT['price']."</div>";
echo "<div style=\"width:20%;float:left;position:relative;\">".$T_SQLRESULT['date']."</div>";
echo "</div>";
}
echo "<div style=\"width:100%; clear:both;\"> </div>\r\n";
echo "</div>\r\n";
}
function Error($T_ERROR) {
// Show error
echo "<div style=\"width:400px; height:150px; clear:both; background:#FF0000;\">\r\n";
echo "\t<h4><font color=#FFFFFF>MySQL Error:</font></h4>\r\n" . $T_ERROR . "\r\n";
echo "</div>\r\n";
die;
}
// Connect to MySQL
$B_SQLCONN = @mysql_connect($_site['sql-host'],$_site['sql-user'],$_site['sql-pass']);
$B_SQLDATA = @mysql_select_db($_site['sql-data']);
if(!$B_SQLCONN || !$B_SQLDATA){Error(mysql_error());}
// Check for sort mode
if(isset($_GET['sort'])) { DisplayItems(TRUE, $_GET['sort']); }
else { DisplayItems(FALSE,"date"); }
?>
[PHP|MySQL] Image Gallery
Short and not-so-sweet, an Image Gallery! I needed something for the site, and 4images just seemed too bloated for what I needed. And, being lazy, I didn't really wanna go and look for one that badly. So I wrote one. I'll be testing this later tonight, I'll post any fixes as they come up.
<?php
// images/index.php
// MySQL/PHP Image Gallery
//
// Author: Joshua Worden, IWM Entertainment
// Released Nov. 2007 under GPL
//
// Usage: Designed to be used as index file in a subdirectory, or to point to a subdirectory
// Definitions
$_site['sql-host'] = "";
$_site['sql-user'] = "";
$_site['sql-pass'] = "";
$_site['sql-data'] = "";
$_site['sql-table1'] = "";
$_site['sql-table2'] = "";
$_sql['select_gallerylist'] = "SELECT id,title from $_site['sql-table1']";
$_sql['select_gallery'] = "SELECT * FROM $_site['sql-table2'] WHERE gallery=$id";
$_sql['select_image'] = "SELECT * FROM $_site['sql-table2'] WHERE id=$id LIMIT 1";
// Functions
function Display_GalleryList() {
echo "<div class=galleryblock>";
echo "<div class=title>My Galleries</div>";
while($sqlresult = mysql_fetch_array(mysql_query($_sql['select_gallerylist']))) {
echo "<div class=thumb><a href=?Display=Gallery&id=$sqlresult['id']><img src=gallery.jpg alt=\"$sqlresult['title']\" /><b>$sqlresult['title']</b></div>";
}
echo "</div>";
}
function Display_Gallery($id) {
echo "<div></div>";
}
function Display_Image($id) {
echo "<div class=imageblock>";
$count=1;
while($sqlresult=mysql_fetch_array(mysql_query($_sql['select_gallery']))) {
if($count\5=0) { echo "<br />"; }
echo "<div class=title>$sqlresult['title']</div>";
echo "<img src=$sqlresult['filename'] class=centered alt=$sqlresult['title'] /><br />";
echo "<div class=description>$sqlresult['description']</div>";
$count++;
}
echo "</div>";
}
// Connect to MySQL
@mysql_connect($_site['sql-host'],$_site['sql-user'],$_site['sql-pass']);
@mysql_select_db($_site['sql-data']);
// Check to see what we're displaying
if(isset($_GET['Display'])) { // Check for correct info
if($_GET['Display'] == "Image") { // If displaying an image
Display_Image($_GET['id']);
}
elseif($_GET['Display'] == "Gallery") {
Display_Gallery($_GET['id']);
}
else { Display_GalleryList(); }
}
else { Display_GalleryList(); }
?>
[PHP|MySQL] Voting with IP Authentication
Here's another tasty morsel; I was working on a voting script for Sano and figured Ah what the hell I'll clean it up and release it. As usual it's GPL, with or without a link back. Here ya go,
<?php
// votepoll.php
// MySQL/PHP Voting script with IP Authentication
//
// Author: Joshua Worden, IWM Entertainment
// Released Nov. 2007 under GPL
//
// Usage: Designed to be called within a webpage using include_once().
// Functions And Definitions
$_site['sql-host'] = "";
$_site['sql-user'] = "";
$_site['sql-pass'] = "";
$_site['sql-data'] = "";
$_site['sql-table'] = "";
$_site['options_num'] = ""; // Number of options in your vote
$_site['options'] = array();
$_site['options'][0] = "Sample Question 1";
// ...
$_site['script-uri'] = $_SERVER['PHP_SELF']; // Don't change unless using this externally.
$_sql['select_all'] = "SELECT * FROM " . $_site['sql-table'];
$_sql['insert_new'] = "INSERT INTO " . $_site['sql-table'] . " (vote, ip) VALUES (`" . $vote . "`, `" . $_SERVER['REMOTE_ADDR'] . "`);";
$_sql['select_auth'] = "SELECT ip FROM " . $_site['sql-table'] . " WHERE ip=" . $_SERVER['REMOTE_ADDR'] . " LIMIT 1;";
function Display_Basic () { // Display voting page
echo "<form action=" . $_site['script-uri'] . " method=post>";
for($count=0, $count++, $count<$_site['options_num']) {
echo "<div style=clear:both;><option name=$count>" . $_site['options'][$count] . "</option></div>";
}
echo "<div style=clear:both;><input type=submit></div>";
echo "</form>";
}
function Display_Results() { // Display results page
// I didn't get around to doing this part.
}
function Display_AuthFail() { // Display results/vote error
echo "Sorry, a vote was already recorded for this IP Address.";
}
function Do_Vote($MyVote) { // Process vote, go to results.
$bool_query = @mysql_query($_sql['select_auth']);
if(!$bool_query) {
$bool_query = @mysql_query($_sql['insert_new']);
}
else { Display_AuthFail(); die; }
}
// Connect to MySQL
@mysql_connect($_site['sql-host'],$_site['sql-user'],$_site['sql-pass']);
@mysql_select_db($_site['sql-data']);
// Check for correct referring mode
if(!isset($_POST['DisplayMode'])) { Display_Basic(); die; }
// Get DisplayMode
$_page['DisplayMode'] = $_POST['DisplayMode'];
// Call correct function due to DisplayMode
if($_page['DisplayMode']=="Vote") { Do_Vote($_POST['vote']); }
elseif($_page['DisplayMode']=="Results") { Display_Results(); }
elseif($_page['DisplayMode']=="AuthFail") { Display_AuthFail(); }
else { Display_Basic(); }
?>
Enjoy.
[PHP|MySQL] Crappy Error Handling
So, I slapped together some crap into a function and used it to catch SQL errors on one of the scripts I was working on. I still haven't decided if I want to release the script as GPL, but you can have this part of it at least. Bash it, tell me it sucks, whatever, do with it as you please. 
<?php
function display_error($errortype, $sqlerror)
{
echo "<html><head><title>[SITE_TITLE] Error</title></head><body>";
echo "<div style='width:100%;height:100%;vertical-align:middle;text-align:center;'>";
echo "<div style='padding:20px;margin:20px;width:600px;height:300px;border:2px solid #000;background:#FF0000;text-align:left;'><h2><font color=white>Connection Error</font></h2><br /><br />";
echo "A fatal error occured on this page. The error type is ERROR_[" . $errortype . "]. If this was an SQL issue, the full error message will be displayed below.<br /><br />";
echo "<b>SQL_ERROR():</b><br /><br />";
echo $sqlerror;
echo "</div></div></body></html>";
}
// Load internal functions
//require_once("includes/functions.inc");
// Connect to database (quietly)
$bool_sqlconnect = @mysql_connect($site['sql']['hostname'],$site['sql']['username'],$site['sql']['password']);
$bool_sqldbase = @mysql_select_db($site['sql']['database']);
// On connection failure, display the problem.
if(!$bool_sqlconnect) { display_error("sqlconnect", mysql_error()); die; }
if(!$bool_sqldbase) { display_error("sqldbase", mysql_error()); die; }
?>
Enjoy.
Categories
- Code (8)
- Holiday (6)
- Life (42)
- Politics (3)
- Tech (19)
- Uncategorized (52)
- Video Games (13)
- Work (1)
Archives
Blogs I Read
- Dani's Blog
- Hyperbole and a Half
- Nobody Likes Her Very Much
- Reflections
- Ryn's Blog
- The Google Blog
- The Word of Notch
- Thoughts by Kerf
Web Comics
- Ctrl+Alt+Delete Comics
- Dark Legacy Comics
- Darths & Droids
- Girls with Slingshots
- Least I Could Do
- Nerf NOW!!
- Questionable Content
- VG Cats
- XKCD
Supporters
- eminence online MMO news and social community
- IWM Entertainment Website design, development, and application hosting.