Cow Computing

Often time, one might be using cURL to perform some post/get operations. Out of all, there’s a scenario where one might want to do a form post and have the user redirected thru the 302 status code issued by the server. This can be easily implemented using cURL, however, there’s a problem — The address bar doesn’t update to the redirected URL. (e.g. Posting a form from “form.php”, and redirected to “result.php”, but then the browser’s address bar remains showing “form.php”).

In order to solve the above problem, here’s a little trick:

<?php

// post param
$param = array('data' => 'abc');

$c = curl_init();
curl_setopt($c, CURLOPT_URL, "form.php");
curl_setopt($c, CURLOPT_POST, true);
curl_setopt($c, CURLOPT_POSTFIELDS, $param);
curl_setopt($c, CURLOPT_HEADER, 1);
curl_setopt($c, CURLOPT_FOLLOWLOCATION, true);
curl_exec($c);

// here's the trick
$redirectLocation = curl_getinfo($c, CURLINFO_EFFECTIVE_URL);
header("Location: $redirectLocation");

?>

Unlike Windows XP, mapping a network drive in Windows 7 is a nightmare. It is possible that during the mapping of a network drive, no matter how hard you try to enter your credentials or the drive is actually password-less, it still prompt you for a password repeatedly. This is annoying and is due to the security settings on Network Security. I shall introduce you two method to get around this annoying problem. *Do note that, for Windows 7 Home edition, the security setting is not available (RIDICULOUS isn’t it?), either you upgrade to Professional / Ultimate Edition or you could use Method 2 to achieve that (HURRAY!)

Method 1 (Windows 7 Professional / Ultimate Edition)

1. Under “Control Panel”, find “System and Security”
2. Open “Administrative Tools”
3. Double Click “Local Security Policy”
4. Expand “Local Policies”
5. Click “Security Options” and Scroll to find “Network Security: LAN Manager Authentication Level”
6. Choose “Send LM & NTLM, use NTLMv2 session security is negotiated” for the drop down.
7. Done. you can now map network drive as normal (like in XP)

Read More / Comment »

Ever get stuck in deciding whether to use white list or black list during application development? Imagine, when you have to create an user management module, where certain users would have more access than the others. Will you pick white list or black list when you are writing the logic? e.g.

White List

<?php

// White List
// userid from 1 to 10
if ($userid == 1 || 3 || 5) {
// then allow access to manager admin module
} else {
// normal member module
}

?>

Read More / Comment »

Often time, when working on a website, certain database transactions have to be taken with great care (e.g. payment, account creation…). It’s definitely an advantage to make use of the Atomicity the database provides (e.g. mySQL). But How? Here’s i will show you how to use PDO to wrap a SQL insert statement such that it’s either done or no. (*it’s included with PHP5, and you have to enable the extension inside the php.ini)

<?php

$hostname = 'localhost';
$username = 'username';
$password = 'password';

try {
$dbh = new PDO("mysql:host=$hostname;dbname=mysql", $username, $password);

// Setting the notification to throw exception when error encountered
$dbh->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);

$dbh->beginTransaction();
$count = $dbh->exec("INSERT INTO user(userID, name) VALUES ('1', 'Steve')");
$dbh->commit();

$dbh = null;
}
catch(PDOException $e)
{
$dbh->rollback();
echo $e->getMessage();
}

?>

There’s once I was required to setup a limited shell access user account on a commercial hardware product, in which to secure the original system from being modified and at the same time to provide a flexible environment for general work. I was on the way to make use of chroot command. Then i was lucky to came across Jailkit, which saved me a lot of time. So, i would like to use this post to give a little introduction on how to use it.

# First, let's create a directory for the jail account
mkdir /jail
chown root:root /jail

# Then we create a new user account specially for jail account
# *replace <group name>, <username>, <password> with your own value
groupadd <group name>
useradd -d /home/jail -g <group name> -p <password> <username>

# For example, if we only want to allow the jail account to have ssh and basic shell access
jk_init -v -j /jail basicshell ssh

# Then we shall jail the user account we previously created to the jail directory
jk_jailuser -m -j /jail <username>

Read More / Comment »