Just Another Dang Blog

R.I.P Steve Jobs, Stay Hungry Stay Foolish

lopau — Thu, 06 Oct 2011 03:00:31 +0000

Whenever I feel down and need inspiration, your speech at Handford(2005) always never fails to reenergize my spirit and continue to what I am doing.

We have truly lost a visionary. Rest In Peace Mr. Jobs.

Inkling by Wacom

lopau — Mon, 05 Sep 2011 15:15:22 +0000

I got an old Wacom graphire2 that I haven’t been utilizing that much since I seldom do graphic work anymore. But I’ve recently been teaching my daughter on how to use Adobe Illustrator. Saw this new product from Wacom, amazing technology jump on how to interact with drawings to be vector images which makes me want to fall in love with drawing again.

Create a Web Service using SOAP

lopau — Mon, 05 Sep 2011 14:49:58 +0000

This week one of the requirements for our client was to have a force.com application communicate with an external web service running on PHP to generate a barcode sequence. I’ll teach how I was able to setup the web service using NuSOAP and a document/literal as rcp/encoded is not supported by force.com. My goal was to make the task easier on php side so from force.com it would make a request by passing a string delimited by an asterisk and pipe. We process the string and return it back as url for the barcode image. I wont be covering barcode creation though in this tutorial but only the web service and sample client.

e.g. Name*2|Mr.*3

The web service will parse the string convert it to an array. You can ofcourse pass any other type of string with a delimiter.

Here is how the server is.

// Pull in the NuSOAP code
require_once(‘lib/nusoap.php’);
// Create the server instance
$server = new soap_server();
$server->configureWSDL( ‘servicename’, ‘urn:servicename’, ”, ‘document’);
myRegister($server,’DoSomething’,array(
‘in’ => array(
‘sf-parameters’ => ‘xsd:string’),
‘out’ => array(‘Pass’ => ‘xsd:string’)
));
//if in safe mode, raw post data not set:
if (!isset($HTTP_RAW_POST_DATA)) $HTTP_RAW_POST_DATA = implode(“\r\n”, file(‘php://input’));
$server->service( $HTTP_RAW_POST_DATA);
function myRegister( &$server, $methodname, $params) {
$server->register($methodname, $params["in"], $params["out"],
‘urn:servicename’, // namespace
$server->wsdl->endpoint .’#’. $methodname, // soapaction
‘document’, // style
‘literal’, // use
‘Generate Barcode Sequence URL’ // documentation
);
}
function DoSomething($params) {
$string = $params;
$list = explode(“|”, $string);
//make associative array
$result = array();
foreach($list as $key=>$values) {
$result[] = explode(“*”, $values);
}

//creates the string
$bcStr = “”;
foreach($result as $values) {
$bcStr .= $values[0];
for ($i = 1; $i < = $values[1]; $i++) {
$bcStr .= "\t";
}
}

return array('Pass'=> $bcStr);
}

You are instantiating a class of the NuSOAP server and configuring it with WSDL. You also create two functions,, one handles the $server->register method which takes the argument incoming request and the outgoing response and the $server->wsdl with arguments defining the server as a document/literal.

Then for my task purpose the incoming delimited string is converted to an associative array and then converted back to string with the proper formatting I require ($bcStr), if you have barcode class you can pass that string and a barcode image should be generated from it. That however is not covered on this tutorial.

Next is simple php client to test the web service out.

// Pull in the NuSOAP code
require_once('lib/nusoap.php');
// Create the client instance
$ns="urn:servicename";
$client = new nusoap_client('http://localhost/soap_server/hellowsdl2.php?wsdl', true);
if ( $client->getError() ) {
print “Soap Constructor Error:

".
	$client->getError()."

“;
}
$params=array(“sf-parameters”=>”Name*2|Mr.*3″);
$result = $client->call( “DoSomething”, array(“parameters”=>$params), $ns);
if ($client->fault) {
//soap_fault
print “

Soap Fault:

(". $client->fault->faultcode .")  ".
	$client->fault->faultstring. "

“;
}
elseif ( $client->getError() ) {
print “

Soap Error:

". $client->getError() ."

“;
}
else {
print “

Result:

". $result["Pass"] ."

“;
}
print ‘

Details:

‘.
‘

Request

' .
htmlspecialchars( $client->request, ENT_QUOTES) .'

‘.
‘

Response

' .
htmlspecialchars( $client->response, ENT_QUOTES) .'

‘.
‘

Debug

' .
htmlspecialchars( $client->debug_str, ENT_QUOTES) .'

‘;
?>

This time I instantiated a nusoap_client note that underscore _ as I got stuck on this earlier and got PHP complaining when it was just nusoapclient. Next I created the string params to be passed to the DoSomething method via $client->call.

Then from here we goback to our force.com app we make a soap request to the webservice and it returns with the response we need. On Force.com make sure you add your web service the Remote Site Settings under Setup > Administrative Setup > Security Controls.

Kudos for the resource and solution for task from the original author mleiv blog’s.

3D Augmented Reality platform(QR+AR) for iPhone, iPad, Android, BB

lopau — Sun, 04 Sep 2011 06:00:52 +0000

Technology is really moving fast, saw this in my mailing list and is truly amazing. Its a 3D Augmented reality field solution that works on smartphones.

AR Jewelry – Platform for demonstration of products (jewelry, toys etc) using the 3D Augmented Reality technology.

The list of products in this application is downloaded from Internet allowing to add dynamically new products to the server and demonstrate them to users.

Ready to licence it(as white label) to third parties(advertising agencies, jewelry/toys etc producers etc) etc.

Create rewrite rules for friendly url for WordPress plugin custom queries

lopau — Tue, 30 Aug 2011 05:23:42 +0000

I have this personal web application that was built from scratch last year and has already been considerably indexed by google. I used some Apache mod rewrite to make the urls friendly. Last week I decided it would be faster/easier to jumpstart the project again if I just focus on my application and just use a framework to handle other intracacies like abstractions, security and etc. I was aiming for CodeIgniter but got a glimpse on BuddyPress for WordPress(not a framework) which has most of the features I want for my app. So long story short I ended up porting my application to be a plugin for WordPress.

One thing that got me stuck for awhile was how to recreate my old URLs. Posting some tips for an example on how I got the issue solved.

Target: Make WordPress rewrite this URLs

http://www.thesite.com/mypage/food/

to

http://www.thesite.com/mypage/?ingredients=food

http://www.thesite.com/mypage/food/asia/

to

http://www.thesite.com/mypage/?ingredients=food&origin=asia

1. Create your plugin and create a shortcode

(eg. add_shortcode(‘myapp’, ‘myfunction’); )

2. Create a new Page and add the shortcode

[myapp]

With Permalinks off your page looks like

http://www.thesite.com/?page_id=5

And is basically the same as

http://www.thesite.com/index.php?page_id=5

With Permalinks on

http://www.thesite.com/mypage/

3. If you pass a query on your app the URL may look like this, Im passing the queries on the URL

http://www.thesite.com/mypage/?ingredients=food

http://www.thesite.com/mypage/?ingredients=food&origin=asia

Depending on the queries passed the contents on your page changes.

4. Now to rewrite the URLs to be friendly you need to add a filter and use query_vars

add_filter(‘query_vars’, ‘my_query_vars’);
function my_query_vars($public_query_vars) {
$public_query_vars[] = “ingredients”;
$public_query_vars[] = “origin”;
return $public_query_vars;
}

This ensure that when WordPress parses the URL, the ingredients and origin gets saved in the query variables.

4. Next is create your rewrite rules and store in an array

add_filter(‘generate_rewrite_rules’, ‘my_rewrite’);

function my_rewrite($wp_rewrite) {
$wp_rewrite->rules =
array_merge(array
(
‘^mypage/([^/]+)/?$’ => ‘index.php?page_id=5e&ingredients=$matches[1]‘,
‘^mypage/([^/]+)/([^/]+)/?$’ => ‘index.php?page_id=5&ingredients=$matches[1]&origin=$matches[2]‘

), $wp_rewrite->rules);
}

Note: That you are rewriting to the original URL of the page. You are storing each rewrite rule to an array and finally adding them to a filter by generate_rewrite_rules.

5. To get the variables back just call the get_query_vars function on your plugin.

echo get_query_var(‘ingredients’);

So this is how I got my problem solved. Hopefully it would be a great help to others. Happy rewriting and coding!

Installing GoDaddy SSL on an EC2 Ubuntu Instance in AWS

lopau — Wed, 24 Aug 2011 07:09:38 +0000

If you have sensitive data on your site, you may want to install an SSL Certificate to make it more secure. Here is a brief tutorial being on AWS EC2 Ubuntu instance on how to set it up.

My server settings are Apache2 and Ubuntu 9.x

1. Login to ssh/terminal on your server
2. Enable SSL for WebServer(Apache2)

sudo a2enmod SSL

3. Create the server SSL Key

sudo bash

On Ubuntu this changes you to the root user as you cannot access the directory on the next step.

cd /etc/ssl/private

openssl genrsa -des3 -out myserver.com.key 2048

Make sure its 2048 and not 1024 bit as this would be required later on GoDaddy.
Enter keyphrase

5. Create the CSR (Certificate Service Request) to be entered on GoDaddy

openssl req -new -key myserver.com.key -out myserver.com.csr

Upon enter it will ask you for several things but make sure that under Common Name you put your website url (myserver.com). (GoDaddy will throw an error if it is not a correct website)

6. View the CSR and Copy. Paste it later to your GoDaddy SSL Certificate Management

7. On GoDaddy SSL Certificate Management make a Request and choose Third Party, Web Server no Control Panel. And Paste the CSR code.

a. Upon Submit you would get the approval. It would check that your domain registry and administrative contacts to verify.
b. If it cannot be verified via the domain registry, you will be emailed a code that you need to create as a file and upload to your server instead.

8. Install your certificate gd_bundle.crt and myserver.com.crt to your server. Upload them to the server and install. Back to shell

mv gd_bundle.crt /etc/ssl/gd_bundle.crt
mv myserver.com.crt /etc/ssl/certs/myserver.com.crt

9. Edit the default Apache2 values at /etc/apache2/sites-available/default. Create a new virtualhost

NameVirtualHost *:443

DocumentRoot /var/www/
SSLEngine on
SSLOptions +FakeBasicAuth +ExportCertData +StrictRequire
SSLCertificateFile /etc/ssl/certs/myserver.com.crt
SSLCertificateKeyFile /etc/ssl/private/myserver.com.key
SSLCertificateChainFile /etc/ssl/gd_bundle.crt

10. Make sure Apache2 to listen on port 443, edit the /etc/apache2/ports.conf
Under

Listen 443

10. Restart Apache

/etc/init.d/apache2 restart

If all went well you should be able to access https

For EC2 make sure Port 443 is enabled as well on the AWS Console

11. Then to force redirect users to https create an htaccess file and upload to your root www folder

RewriteEngine On
RewriteCond %{SERVER_PORT} 80
RewriteRule ^(.*)$ https://www.myserver.com/$1 [R,L]

Amazon RDS instance time zone workarounds

lopau — Tue, 23 Aug 2011 05:23:59 +0000

If you have an EC2 instance to run your application and an RDS instance for your database. On your EC2 instance you are in luck as you can easily change the time zone of the machine. Like set it to GST or by location like below

# ln -sf ../usr/share/zoneinfo/Asia/Dubai /etc/localtime

The real issue is that you can’t change your timezone on your MySQL RDS instance its default it UTC and you cannot modify this. Making our timestamp 4 hours behind.

3 Workaround solutions gathered are the following.
1. Set Time Zone per connection

eg. SET time_zone = ‘Asia/Dubai’;

2. MySQL convert_tz function per insert

insert into table (timestamp) values (convert_tz(now(), ‘GST’, ‘Asia/Dubai’));

3. Manually getting timezone by code

$date = date(‘Y-m-d H:i:s’);
insert into table(date) values (‘” . $date .”‘)

Another issue I have is to update old timestamp records in my database to adjust it by 4 hours. If you have a table with old records and want to update the timezone by adding/minus (x) hours to adjust you can try this query.

UPDATE table SET datefield= DATE_ADD(datefield, INTERVAL 4 HOUR);

Protection from SQL Injection and XSS Attack on CKEditor

lopau — Thu, 18 Aug 2011 07:08:59 +0000

Lazy coding got the better of me as one of the sites I built got hacked. The site is running on a custom php framework I built. Security wise it was still too infant and alot of security needs to be patched. Through SQL Injection via the URL the hacker was able to get into my database and eventually cracked a user’s password then posted an XSS script on the CKEditor which eventually got the site compromised further.

So here are some tips on how to patch up your system based on experience, you can do further reading on the topics.
1. To avoid SQL injection, if your query string is something like

index.php?page=news

script-kiddies and hackers love this, make sure you sanitize the variables before you do a select query on your database, a simple index.php?page=news&1=1 could expose your db.

a. First turn off magic_quotes, you should stop using this as its deprecated and causes a bit of confusion from addslashes/stripslashes.

b. To sanitize here are a couple of functions you can use, strip_tags() and mysql_real_escape_string() functions, use them on your passed variable before you use in a select or insert statement.

c. Learn how to use apache_mod_rewrite, you can rename your query strings plus its a good SEO tool so from

index.php?page=news to something like /page/news/

2. If you have users in your system make sure their passwords are strong enough. Use uppercase, lowercase, characters etc.. If a hack was able to do an SQL Injection and got hold of your database info and users, they can reverse md5 a weak password in seconds.

NOTE: For testing I used a tool to try SQL Injection on a copy of the website on my localhost, I was able crack it in less than 5 minutes. Thats how fast a hacker can compromise your system if security is weak.

3. WYSIWG CKEditor is a great tool but it opens alot of vulnerability, without properly sanitizing the input you can put in malicous javascript codes. Test your editor by entering

alert(“Test”)

If you see the alert box your very susceptible to XSS attack.

Since CKEditor outputs HTML you can’t do strip_tags as it will strip away your HTML unless you pass it some parameters. A better way is to install HTMLPurifier, its free and opensource. Using it will dramatically reduce the chances of getting an XSS attack on your editor.

4. If you are using CKFinder you must properly set the CheckAuthentication function, simply stating true will allow anybody who knows the location of the file to upload any file to your system. Good thing CKFinder upload is disabled for files with .php extensions or the renamed shell script from (file.php to file.php.pdf) would have compromised my server further.

Safari Bug on Lion: The application Safari canceled restart

lopau — Fri, 12 Aug 2011 04:59:49 +0000

Noticed a bug on my Safari after upgrading to Lion. Haven’t been able to recreate it is as it appears to be random, when using Safari and you close some tabs. When you try to quit the Safari, the option is greyed out from the Safari Menu and Command+Q does not work. If you try to restart your mac you’ll get the screen shot below.

So far there doesn’t seem to be a patch in place and temporary solution so far is to Force Quit Safari. You can also delete the Safari icon on the dock and add it back. Will keep updating this post still a permanent solution is found or is patched by Apple.

Make money online with your photographs

lopau — Wed, 10 Aug 2011 03:25:40 +0000

Another tip on how to make money online if you have the skills in photography is to sell them to stock photography agencies. There are alot of people looking for stock photos and yours might just be sitting in your hard drive.

I have tons of snaps taken from past photoshoot chances but currently I have been very busy at work, to get me inspired to take more good photos and enhance my skills I thought of selling my photographs I signed up to shutterstock.com. (As a good source of inspiration is someone’s appreciation of your work and willing to pay for them) plus also this could be a great stream of passive income if managed right. Image rates range from $0.25 to $28.00 USD per download. The payout is via Paypal so its very easy. So testing the waters before I try other websites which are also well established like fotolia.com, istockphoto.com and dreamstime.com.

So if you’re a hobbyist like me start checking out the sites I listed above and earn from your photographs. I’m hobbyist/amateur/novice photographer and not really a professional, I’m not fond of wedding photography or covering events. I just like to capture art and the moment.