Author Archives: Elmar

typo3 – enable admin panel in preview mode for non-admin users / groups

Typo3 offers a nice feature to edit content elements of a page directly in the preview mode – but this functionality is only available for admins per default. In my projects, it’s important for all users to have this feature. As so many tasks in typo3, it is not very obvious how to enable it – so here is a (very short) tutorial, how it works to add it for backend-groups.

Continue reading

Zend MVC Framework – forms with dojo / dijit decorators tutorial

I started developing my first application with the Zend Framework using the MVC approach – following the tutorial (http://framework.zend.com/docs/quickstart) is a good entry point, but as soon as you need some “advanced” features, it gets a little tricky.
In my application i will use the integrated Dojo-library, which offers powerful form elements and ajax features – but the integration of Dojo into my applicaion took me a lot of research in the docs – so here is my way to get it work (based on ZF 1.8.1):

Continue reading

dotnetnuke custom module development

Recently, i started working on a project using the ASP.NET based portal framework dotnetnuke. My part is mainly the development of custom modules. Although the framework’s architecture makes it easy to extend the functionality, the available documentation is far from being complete. Finding necessary hints and tipps in discussion boards and blogs, i’ll try to do my part offering useful tipps for developers.

Continue reading

elp.co.at – everything new

I decided to setup a new site based on wordpress – and hopefully, it will be maintained with more effort than the old one. I migrated some of the most interesting articles of my old site (mostly legacy stuff) to this blog – it may be useful to somebody.

elmar

Internet Explorer 6 Death March

The Internet Explorer 6 is a “no-go” for web-programmers (especially the html / css – geeks) – poor implementation of W3C – Standards and horrible javascript support causes heavy troubles on modern web-frontends. But now there is something going on: Finn.no, Norway ’s largest classifieds-site, is displaying a tip on their homepage to all IE6 users, encouraging them to upgrade their browser. Not only so, but they have initiated a campaign, prompting several of the most visited Norwegian sites to follow suit. Dave Auayan started the “Internet Explorer 6 Death March”, which should be supported by every web-professional – maybe one day there will be no necessity to do any “cross-browser-scripting”.

Mandrake 9.2 and Apache Open Proxy Bug

the standard apache config of this linux version can cause serious trouble

The problem:
Linux Mandrake 9.2 uses  apache 2.0.47 by default – but take a careful look at your apache config files, because the server is set up by default with an open proxy port – so your box could be “hijacked” by spammers, who use your machine as their own proxy server.

More info about mod_proxy: http://httpd.apache.org/docs-2.0/mod/mod_proxy.html

I became attentive to the hijacking of my system, because the network performance was suddenly very poor, and the http – log of apache showed thousands of lines of “GET” and “CONNECT” requests to foreign domains (mostly porn sites) – this resulted in a massive overload on the server.

Check the open proxy server
To check if your box does really act as an open proxy server, just connect via telnet and try a “GET” request to another adress.

 telnet www.yourserver.com 80
 GET http://www.google.com

If the request returns the source code of www.google.com, your server acts as an open proxy!
Solution:
In Mandrake 9.2, the proxy – configrations can be found in  /etc/httpd/conf.d/30_mod_proxy.conf – please check your settings with the following settings, and your server will lock out the bad guys.

--------------------------------------

LoadModule proxy_module  modules/mod_proxy.so
# LoadModule proxy_connect_module modules/mod_proxy_connect.so
#LoadModule proxy_ftp_module modules/mod_proxy_ftp.so
LoadModule proxy_http_module modules/mod_proxy_http.so

#
# Proxy Server directives. Uncomment the following lines to
# enable the proxy server:
#
ProxyRequests Off
#

   Order deny,allow
   Deny from all
   Allow from 127.0.0.1

#
# Enable/disable the handling of HTTP/1.1 "Via:" headers.
# ("Full" adds the server version; "Block" removes all outgoing Via: headers)
# Set to one of: Off | On | Full | Block
#
ProxyVia Off
# End of proxy directives.
---------------------------------------

If your server has already been hijacked and its adress shows up in spammer lists, the requests will not stop immediatly, this will take a few days (up to two weeks)

In my case, everything worked fine after 4 days.

The problem:
Linux Mandrake 9.2 uses  apache 2.0.47 by default – but take a careful look at your apache config files, because the server is set up by default with an open proxy port – so your box could be “hijacked” by spammers, who use your machine as their own proxy server.

More info about mod_proxy: http://httpd.apache.org/docs-2.0/mod/mod_proxy.html

I became attentive to the hijacking of my system, because the network performance was suddenly very poor, and the http – log of apache showed thousands of lines of “GET” and “CONNECT” requests to foreign domains (mostly porn sites) – this resulted in a massive overload on the server.

Check the open proxy server
To check if your box does really act as an open proxy server, just connect via telnet and try a “GET” request to another adress.

 telnet www.yourserver.com 80
 GET http://www.google.com

If the request returns the source code of www.google.com, your server acts as an open proxy!

Solution:

In Mandrake 9.2, the proxy – configrations can be found in  /etc/httpd/conf.d/30_mod_proxy.conf – please check your settings with the following settings, and your server will lock out the bad guys.

--------------------------------------

LoadModule proxy_module  modules/mod_proxy.so
# LoadModule proxy_connect_module modules/mod_proxy_connect.so
#LoadModule proxy_ftp_module modules/mod_proxy_ftp.so
LoadModule proxy_http_module modules/mod_proxy_http.so

#
# Proxy Server directives. Uncomment the following lines to
# enable the proxy server:
#
ProxyRequests Off
#

   Order deny,allow
   Deny from all
   Allow from 127.0.0.1

#
# Enable/disable the handling of HTTP/1.1 "Via:" headers.
# ("Full" adds the server version; "Block" removes all outgoing Via: headers)
# Set to one of: Off | On | Full | Block
#
ProxyVia Off
# End of proxy directives.
---------------------------------------

If your server has already been hijacked and its adress shows up in spammer lists, the requests will not stop immediatly, this will take a few days (up to two weeks)

In my case, everything worked fine after 4 days.

Fujitsu Siemens Pocket Loox 720 Wlan Configuration

It was really hard for me to get the built-in WLAN work properly on the Fujitsu Siemens Pocket Loox 720 – in my case, the pre-installed “E2C” application blocked all Windows Mobile Wlan Functions – if anyone has similar problems, here is how solved the problem:

  • The Pocket Loox 720 has a preinstalled Software named “E2C” – this tool should handle all connections on an easy-to-handle interface – the problem is – this software is just a trial version, so you just can setup one wlan / modem / IRDA / bluetooth connection.
  • If you need access to different WLANs (like i do), you must not have a WLAN connection configured in the E2C program, because this will block the Windows Mobile 2003 built-in WLAN functions. I desparately tried to connect to my company WLAN for a few hours until i figured this out.
  • Conclusion:
    If you can’t connect to a WLAN with “Settings” -> “Connections” -> “Network Connections” always check first, if there is a WLAN connection set up in E2C – if so, just delete the setup in E2C and your wireless connection will work fine.

upload large files on IIS 6 (Windows 2003 Server) via ASP

If you use a http – upload script that uses byte – streaming on IIS, there is a problem with large fileuploads.

IIS 6 on Windows 2003 Server prevents the upload of files larger than 200 Kb by default – if you use a http-upload via ASP based on byte-streaming (like “Pure ASPUpload”), you will recieve a 403 error response from the server if you try to upload files larger than 200 Kb.

For IIS6.0 users, the AspMaxRequestEntityAllowed property specifies the maximum number of bytes allowed in the entity body of an ASP request. If a Content-Length header is present and specifies an amount of data greater than the value of AspMaxRequestEntityAllowed, IIS returns a 403 error response.

This property is related in function to MaxRequestEntityAllowed, but is specific to ASP request. Whereas you might set the MaxRequestEntityAllowed property to 1 MB at the general World Wide Web Publishing Service (WWW Service) level, you may choose to set AspMaxRequestEntityAllowed to a lower value, if you know that your specific ASP applications handle a smaller amount of data.
Solution

Open your metabase.XML which is located in c:\Windows\System32\Inetsrv find the line “AspMaxRequestEntityAllowed” and change it to a higher value (default value is set to 204800 – 200 Kb).

Be sure to first stop IIS service, edit metabase.XML, save the changes and restart IIS.

PHP Prevent E-mail Form Spamming

Spammers are trying to abuse your contact form for sending spam mails with e-mail injection? Check out the code to secure your e-mail form.

The Problem – E-mail injection:
Spammers try to “inject” in your form fields some extra – header information via bots to use your webserver as spam server. One solution is to scan the submitted values of your form fields for malicious content before sending the e-mail.

// formcheck, filters out spamming attempts

$errormsg = '';
$emailstr = '';

$emailstr .= $formfield1;
$emailstr .= $formfield1;
$emailstr .= $formfield3;

if ( stristr($emailstr, 'content-type:' ) || stristr($emailstr, 'multipart/mixed' )
|| stristr($emailstr, 'boundary="' ) || stristr($emailstr, 'cc:' )
|| stristr($emailstr, 'multi-part message in mime format' )
|| stristr($emailstr, 'to:' ) || eregi( "(%[a-f0-9])", $emailstr)
|| stristr($emailstr, '0x' ))
// the last two are in case of hex or non-standard chars
{
$errormsg .= "

Ups - bad boy

";
}

if (strlen($errormsg > 1))
    { ... do not send ... }
else
   { ... your normal e-mail handling ...}

Linked dynamic Select-Boxes with PHP & JavaScript

Script reads the values from 2 linked database tables and generates 2 select boxes – the first holds the categories and if one category is checked, the second box displays the depending values without reloading the site. You can now access the values of the select boxes via form operations.

Notice:
I used ADODB for the database queries – more information.

<?php
/* ########################################################
28.09.2004, by Elmar Putz
http://www.elp.co.at

ADODB - source
http://adodb.sourceforge.net

Connecting de Database with ADODB

$db = ADONewConnection($databasetype);
$db->debug = false;
$db->PConnect($server, $user, $password, $database);

##########################################################
*/
/* DB-Tables

------------------------
prod_typ_1
------------------------
id     int(11)
typ_titel_de   varchar(50)
typ_titel_en   varchar(50)

------------------------
prod_typ_2
------------------------
id     int(11)
titel_de   varchar(50)
titel_en   varchar(50)
typ_1_id int(11)  // verknüpfung zu prod_typ_1.id
*/

// Data query

$sql1 = "SELECT prod_typ_1.id, prod_typ_1.typ_titel_de, prod_typ_2.id, prod_typ_2.titel_de
FROM prod_typ_1 INNER JOIN prod_typ_2 ON prod_typ_1.id = prod_typ_2.typ_1_id  order by prod_typ_1.id, prod_typ_2.titel_de";
$rsX = $db->execute($sql1);

// type listbox...

echo "<SELECT NAME=\"typ1\" SIZE=\"1\" ONCHANGE=\"manuselected(this); document.form1.typ2.style.visibility = 'visible';\" class=\"formular\">";
// write the entry code for the javascript...
echo "<option value=\"\">Typzuordung ändern</option>";

$sJavaScript = "function manuselected(elem)
{
for (var i = document.form1.typ2.options.length; i >= 0; i--)
{ document.form1.typ2.options[i] = null;";

// loop through the recordset...

while (!$rsX->EOF)
{
If ($sLasttype <> $rsX->fields[1])
{

// if so, add an entry to the first listbox

$sLasttype = $rsX->fields[1];
echo "<OPTION VALUE=" . $rsX->fields[0] . ">" . $sLasttype ."</OPTION>";

// and add a new section to the javascript...

$sJavaScript = $sJavaScript . "}
if (elem.options[elem.selectedIndex].value==".$rsX->fields[0].")
{";
}

// and add a new model line to the javascript...

$sJavaScript = $sJavaScript .
"document.form1.typ2.options[document.form1.typ2.options.length] = new Option('".$rsX->fields[3]. "','" . $rsX->fields[2] ."');\n";
$rsX->MoveNext();
}
// finish the Typ 1 listbox...

echo "</SELECT>    ";
// create the Typ 2 listbox...

echo "<SELECT NAME=\"typ2\" SIZE=\"1\" class=\"formular\" style=\"visibility: hidden;\">
<OPTION>Keine Auswahl</OPTION>
</SELECT>";

// put the last line on the javascript...
// and write it out...

$sJavaScript = $sJavaScript . "}\n
}\n" ;
echo "<SCRIPT LANGUAGE=\"JavaScript\">\n";
echo $sJavaScript ."\n</SCRIPT>";

?>