Archive for March, 2006

And… Another *great* tool, the best so far… Sharepoint, eat your heart out (really, you should)

Our latest and greatest tool is including great and cool Web 2.0 AJAX technology and is a replacement for all that sad and boring Excel-with-list sending over the mail. How often do you get an Excel sheet in your mail with no calculations, but only an enumeration of some sort ?

I get this daily; even yesterday one of my colleagues sent me an Excel with;

index servername URL action comment

He sent it to all people in the company (100) and asks if the responsible person for that site can please put some action in it and, if needed, some comment of what to do with this site/url.

A bit shocked I mailed back if we don’t have Sharepoint for this and he replies; it is too much hassle to put it into SP and our SP will get a mess because of it.

So our new invention has it’s merits. And we are using it already for everything.

Without further blabla, I proudly present; flexlists.com.

Also some other things we did; www.movinglabs.com.

And I added very secure CLIENTSIDE encryption for yourdraft.com.

Making phpBB a bit more secure

I actually like phpBB. Why? Because it is mature and usually working perfectly for setting up a nice (looking) forum in a really short time. phpBB has a lot of ‘security’ problems. Usually these problems are not really problems that are in the forum software itself, but through it’s massive use, the forum, if not propertly secured, is attacked by a lot of automated software on the internet.
When I set up a forum for the first time, I usually allow anonymous posting. This is one of those ‘security’ things; anonymous posting makes it very easy for a robot to run over the internet, and post crap like viagra and casino links.

To fix this, phpBB has an option to make only registered users post to a forum. This, however, is not working ok either, because the robots can register themselves and then post crap.

Luckily the system has a way to ‘secure’ the registration process by adding a captcha to the forum registration form. This is, however, in the case of phpBB, not safe.

So what can you do? Just change the captcha algorithm by your own! And when it is hacked, just replace it again! At least the automated bots on the internet don’t stand a chance this way.

So here is a little howto for phpBB 2.x.

Edit file includes/usercp_confirm.php ; go to the line before;

if (@extension_loaded(‘zlib’))

(line 67 in my version)

and put

exit;

there.

Before that, you will put your code.

Now download the following captcha code, for instance:

http://www.ejeliot.com/pages/2

and put it in your phpBB main directory.

You are almost done now.

Add the following above the ‘exit’ in includes/usercp_confirm.php;

require(‘php-captcha.inc.php’);
$aFonts = array(‘/usr/share/fonts/truetype/ttf-bitstream-vera/Vera.ttf’);
$oPhpCaptcha = new PhpCaptcha($aFonts, 202, 43);
$oPhpCaptcha->Create(”, $code);

Change this line;

$aFonts = array(‘/usr/share/fonts/truetype/ttf-bitstream-vera/Vera.ttf’);

to a font (or more; it is an array 😉 which actually exists on your system.

Now this isn’t working still, because

$oPhpCaptcha->Create(”, $code);

does not exist; you need to edit the php-captcha code. Open the file php-captcha.inc.php and find the function ‘GenerateCode’; change it as follows;

function GenerateCode($generate=0) {
// reset code
$this->sCode = ”;

if (!$generate) {
// leave original code here!
} else $this->sCode = $generate;

// save code in session variable
if ($this->bCaseInsensitive) {
$_SESSION[CAPTCHA_SESSION_ID] = strtoupper($this->sCode);
// etc; put original code here

Now find the first Create constructor (the second is of the sound captcha’s!) and find the line;

$this->GenerateCode();

change this to:

$this->GenerateCode($generate);

Now the code will be working fine.

If you need to debug, go to the registration page of your phpBB site;

/profile.php?mode=register&agreed=true

open the HTML source and search for an img src attribute which contains;

/profile.php?mode=confirm&id=

open that in the browser and you’ll see why something is not working.

The next tiny tool!

As promised…

Not even a week further, the next tool has been released; yourdraft.com.

The tools fills a small gap in my webtool repository; a simple and no-nonsense site for putting drafts of documents and files without having to concern myself with irritating account information and so forth.

The editing is quite smooth and simple; you just start typing and all information will be stored for later viewing. No passwords etc to remember. It is not really secure, but it was not meant to be; you can work together on a document or show someone something for a short period and then remove it again.

Number three of our tools will be a bit more elaborate; it will fill a gap which, to date, was not filled by anything worth-while.

Creating MySQL databases securely

When building sites I often need to set-up a MySQL database which has all proper settings so I can start working right away knowing that all is fine. Here is a little script which I use to do this;

#!/bin/sh

if [ ! -n “$1” ]; then
echo “Invoke as ./createdb.sh DATABASE_NAME”
exit -1
fi

DBNAME=”$1″

mysqladmin –user=root –password=SOMEPASS create $DBNAME

PASS=`perl -e ‘for($i=0;$i<6;$i++){print rand()*26%26};'`
mysql –user=root –password=SOMEPASS -e “grant all privileges on $DBNAME.* to $DBNAME@’localhost’ identified by ‘$PASS’;”
mysql –user=root –password=SOMEPASS -e “flush privileges;”

echo $PASS

Software writing in the fast lane

I am often searching the internet for handy programs and tools. Unfortunately, the never have anything I need or I cannot find it (which means, they did not market it properly ofcourse ;).

Usually I do some brainstorming with a friend about this kind of thing and then we think about building this tool ourself if we don’t like the existing ones or if we cannot find any. Our conversation usually go a bit like this;

me; would it not be nice to have X
he; yes that would be excellent, it would have features a,b,c
me; and ofcourse d,e,f,g,h
he; and it would certainly need i,j,k,l,m
me; right! that’s the least it should have

After about 30 minutes in this kind of talk, we both conclude that we need a rapid web application development environment and that X is just a subset of that environment.

Needless to say; we don’t have time, resources or even energy to start with the production of an RWADE…

We decided, after years of those kind of pointless sessions, to do the following; we will think of something which can be built, from concept to live application on the web, in less than 24 hours.
This forces it to be makeable and it cannot be an RWADE 😉 We decided to release such a ‘nice little tool’ every week.

The first we have is forlater.net. A very simple tool (take a look) which was built in about 4 hours from concept to the site you see online.