Category Archives: Programming

Zend MVC Framework – forms with dojo / dijit decorators tutorial

3 Replies

I started developing my first application with the Zend Framework using the MVC approach – following the tutorial (http://framework.zend.com/docs/quickstart) is a good entry point, but as soon as you need some “advanced” features, it gets a little tricky.
In my application i will use the integrated Dojo-library, which offers powerful form elements and ajax features – but the integration of Dojo into my applicaion took me a lot of research in the docs – so here is my way to get it work (based on ZF 1.8.1):

Continue reading

dotnetnuke custom module development

Leave a reply

Recently, i started working on a project using the ASP.NET based portal framework dotnetnuke. My part is mainly the development of custom modules. Although the framework’s architecture makes it easy to extend the functionality, the available documentation is far from being complete. Finding necessary hints and tipps in discussion boards and blogs, i’ll try to do my part offering useful tipps for developers.

Continue reading

upload large files on IIS 6 (Windows 2003 Server) via ASP

Leave a reply

If you use a http – upload script that uses byte – streaming on IIS, there is a problem with large fileuploads.

IIS 6 on Windows 2003 Server prevents the upload of files larger than 200 Kb by default – if you use a http-upload via ASP based on byte-streaming (like “Pure ASPUpload”), you will recieve a 403 error response from the server if you try to upload files larger than 200 Kb.

For IIS6.0 users, the AspMaxRequestEntityAllowed property specifies the maximum number of bytes allowed in the entity body of an ASP request. If a Content-Length header is present and specifies an amount of data greater than the value of AspMaxRequestEntityAllowed, IIS returns a 403 error response.

This property is related in function to MaxRequestEntityAllowed, but is specific to ASP request. Whereas you might set the MaxRequestEntityAllowed property to 1 MB at the general World Wide Web Publishing Service (WWW Service) level, you may choose to set AspMaxRequestEntityAllowed to a lower value, if you know that your specific ASP applications handle a smaller amount of data.
Solution

Open your metabase.XML which is located in c:\Windows\System32\Inetsrv find the line “AspMaxRequestEntityAllowed” and change it to a higher value (default value is set to 204800 – 200 Kb).

Be sure to first stop IIS service, edit metabase.XML, save the changes and restart IIS.

PHP Prevent E-mail Form Spamming

Leave a reply

Spammers are trying to abuse your contact form for sending spam mails with e-mail injection? Check out the code to secure your e-mail form.

The Problem – E-mail injection:
Spammers try to “inject” in your form fields some extra – header information via bots to use your webserver as spam server. One solution is to scan the submitted values of your form fields for malicious content before sending the e-mail.

// formcheck, filters out spamming attempts

$errormsg = '';
$emailstr = '';

$emailstr .= $formfield1;
$emailstr .= $formfield1;
$emailstr .= $formfield3;

if ( stristr($emailstr, 'content-type:' ) || stristr($emailstr, 'multipart/mixed' )
|| stristr($emailstr, 'boundary="' ) || stristr($emailstr, 'cc:' )
|| stristr($emailstr, 'multi-part message in mime format' )
|| stristr($emailstr, 'to:' ) || eregi( "(%[a-f0-9])", $emailstr)
|| stristr($emailstr, '0x' ))
// the last two are in case of hex or non-standard chars
{
$errormsg .= "

Ups - bad boy

";
}

if (strlen($errormsg > 1))
    { ... do not send ... }
else
   { ... your normal e-mail handling ...}

Linked dynamic Select-Boxes with PHP & JavaScript

Leave a reply

Script reads the values from 2 linked database tables and generates 2 select boxes – the first holds the categories and if one category is checked, the second box displays the depending values without reloading the site. You can now access the values of the select boxes via form operations.

Notice:
I used ADODB for the database queries – more information.

<?php
/* ########################################################
28.09.2004, by Elmar Putz
http://www.elp.co.at

ADODB - source
http://adodb.sourceforge.net

Connecting de Database with ADODB

$db = ADONewConnection($databasetype);
$db->debug = false;
$db->PConnect($server, $user, $password, $database);

##########################################################
*/
/* DB-Tables

------------------------
prod_typ_1
------------------------
id     int(11)
typ_titel_de   varchar(50)
typ_titel_en   varchar(50)

------------------------
prod_typ_2
------------------------
id     int(11)
titel_de   varchar(50)
titel_en   varchar(50)
typ_1_id int(11)  // verknüpfung zu prod_typ_1.id
*/

// Data query

$sql1 = "SELECT prod_typ_1.id, prod_typ_1.typ_titel_de, prod_typ_2.id, prod_typ_2.titel_de
FROM prod_typ_1 INNER JOIN prod_typ_2 ON prod_typ_1.id = prod_typ_2.typ_1_id  order by prod_typ_1.id, prod_typ_2.titel_de";
$rsX = $db->execute($sql1);

// type listbox...

echo "<SELECT NAME=\"typ1\" SIZE=\"1\" ONCHANGE=\"manuselected(this); document.form1.typ2.style.visibility = 'visible';\" class=\"formular\">";
// write the entry code for the javascript...
echo "<option value=\"\">Typzuordung ändern</option>";

$sJavaScript = "function manuselected(elem)
{
for (var i = document.form1.typ2.options.length; i >= 0; i--)
{ document.form1.typ2.options[i] = null;";

// loop through the recordset...

while (!$rsX->EOF)
{
If ($sLasttype <> $rsX->fields[1])
{

// if so, add an entry to the first listbox

$sLasttype = $rsX->fields[1];
echo "<OPTION VALUE=" . $rsX->fields[0] . ">" . $sLasttype ."</OPTION>";

// and add a new section to the javascript...

$sJavaScript = $sJavaScript . "}
if (elem.options[elem.selectedIndex].value==".$rsX->fields[0].")
{";
}

// and add a new model line to the javascript...

$sJavaScript = $sJavaScript .
"document.form1.typ2.options[document.form1.typ2.options.length] = new Option('".$rsX->fields[3]. "','" . $rsX->fields[2] ."');\n";
$rsX->MoveNext();
}
// finish the Typ 1 listbox...

echo "</SELECT>    ";
// create the Typ 2 listbox...

echo "<SELECT NAME=\"typ2\" SIZE=\"1\" class=\"formular\" style=\"visibility: hidden;\">
<OPTION>Keine Auswahl</OPTION>
</SELECT>";

// put the last line on the javascript...
// and write it out...

$sJavaScript = $sJavaScript . "}\n
}\n" ;
echo "<SCRIPT LANGUAGE=\"JavaScript\">\n";
echo $sJavaScript ."\n</SCRIPT>";

?>

Programming your own Web Publishing Wizard on Windows XP

1 Reply

Upload a bunch of pictures directly from your Windows Explorer to your webserver – a little tutorial.

Microsoft XP includes some nifty “wizards” to upload files to a web site, or to order prints of digital photos. And of course, the available choices are limited to Microsoft’s properties and partners, like MSN and xDrive.

With those options, you can select a series of files and/or folders and upload them to a website (like MSN or xDrive), or select some pictures and send them to an online photo processing service.

Well… it turns out that you can create your own wizards.

Altough Microsoft has some documentation available, it is not what you would call “complete” or “easy to understand”. It is missing some links, divided in pieces, has no examples and is definetively incomplete.

It seems like they made it available, but expect “real companies” to get some direct help from Microsoft when implementing it for real. After all, if you’re paying Microsoft to include your service in the wizard’s list, you can expect some support.

The wizards are nothing more than web pages with some specific javascript calls. And to make your “service” show up in the list, all you need is some registry entries.

Registering your service

This is the easy part. Wizards are listed on the registry, under the following keys:

For “Publish to the Web”.

HKEY_CURRENT_USER\Software\Microsoft\Windows \CurrentVersion\Explorer\PublishingWizard \PublishingWizard\Providers\{YourNameHere}

You need the following entries (all of them Strings):

DisplayName: First line of text in the listing
Description: Second line of text in the listing
Icon: URL to the icon (.ico file) for the listing
HREF: URL of the first page of the wizard
SupportedTypes: (optional) Wildcard filter for acceptable filenames (i.e. “*.jpg”)

The easiest way to create these entries is with a REG file like this one:
Windows Registry Editor Version 5.00

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\PublishingWizard\PublishingWizard\Providers\MyOwnProvider]
"Icon"="http://www.example.com/myprovider/myicon.ico"
"DisplayName"="My very own provider"
"Description"="This is my own provider, free and customized"
"HREF"="http://www.example.com/myprovider/wizard.php"

Your Service Wizard Page

This is the hard part. It involves dynamic pages on the server side (like ASP, PHP, JSP or anything you like) along with Javascript code on the client side.

The page runs inside the wizard window, and it’s expected to have 3 javascript functions, OnBack, OnNext and OnCancel, or else the wizard will not load it.

Those functions will be called whenever the user presses one of the three buttons on the bottom of the wizard.

There are two useful functions to control the wizard window (their meaning should be obvious):

window.external.SetWizardButtons(activatePrev, activateNext, isLastPage);

and

window.external.SetHeaderText(firstLine, secondLine);

And there are two functions you can call to “finish” the Wizard process:

window.external.FinalBack();

and

window.external.FinalNext();

You call FinalNext() from inside OnNext() to signal the wizard you are done asking questions and are ready to transfer the files. The next time the user clicks on “Next”, the wizard will proceed to upload the files.

And you call FinalBack() from inside OnBack() whenever you are on the “first page” of your process. (If that’s too complicated for you, simply call it all the time on OnBack()).

Uploading the files

So far, nothing is really hard. The real problem is the upload process.

See, before calling your page, the wizard created an XML file with a list of all the files to be uploaded. And you can access it through:

window.external.Property("TransferManifest")

The XML looks something like

transfermanifest> <filelist> <file id="1" source="C:\My Documents\File1.jpg" destination="File1.jpg" .../> <file id="2" source="C:\My Documents\Other File.jpg" destination="Other File.jpg" ... /> </filelist> </transfermanifest>

If you do nothing, then the wizard will not upload any file. You need to “edit” that XML document to add information about how to upload the files and where.

You have two methods: WebDAV and POST File Uploads.

I haven’t played with WebDAV, so I’ll leave it as an exersice to the reader.

For File Uploads, you need the to look like this:

<transfermanifest> <filelist> <file id="1" source="C:\My Documents\File1.jpg" destination="File1.jpg" ...> <post href=http://www.example.com/myprovider/acceptfile.php name="myfile"> <formdata name="OtherFormVar">Some Value</formdata> <formdata name="action">Save</formdata> </post> </file> <file id="2" source="C:\My Documents\Other File.jpg" destination="Other File.jpg" ... > <post href=http://www.example.com/myprovider/acceptfile.php name="myfile"> <formdata name="OtherFormVar">Some Value</formdata> <formdata name="action">Save</formdata> </post> </file> </filelist> <uploadinfo> <htmlui>http://www.example.com/myprovider/seeyourfiles.php</htmlui> </uploadinfo> </transfermanifest>

If you haven’t done POST File Uploads in regular web pages before, then you need to figure that out first.

The tags are optional and let you pass aditional form variables.

All those tags are pretty much equivalent of the following HTML page being submitted once for each file:

<form method="POST" encoding="multipart/form-data" action="http://www.example.com/myprovider/acceptfile.php"> <input type="hidden" name="OtherFormVar" value="Some Value"> <input type="file" name="myfile"> <input type="submit" name="action" value="Save"> </form>

The tag needs to be present for the upload process to begin, but you actually don’t need to put anything inside it. Anyway, the has the URL for a page that will be opened as soon as the wizard is done.

All the “editing” of the XML data has to be done using Microsoft’s XML DOM, but it’s not that hard. Here is some sample Javascript code to create the desired results:

var xml = window.external.Property("TransferManifest"); var files = xml.selectNodes("transfermanifest/filelist/file"); for (i = 0; i < files.length; i++) { var postTag = xml.createNode(1, "post", ""); postTag.setAttribute("href", "http://www.example.com/myprovider/acceptfile.php"); postTag.setAttribute("name", "myfile"); var dataTag = xml.createNode(1, "formdata", ""); dataTag.setAttribute("name", "MAX_FILE_SIZE"); dataTag.text = "2000000"; postTag.appendChild(dataTag); var dataTag = xml.createNode(1, "formdata", ""); dataTag.setAttribute("name", "action"); dataTag.text = "Save"; postTag.appendChild(dataTag); files.item(i).appendChild(postTag); } var uploadTag = xml.createNode(1, "uploadinfo", ""); var htmluiTag = xml.createNode(1, "htmlui", ""); htmluiTag.text = "http://www.example.com/myprovider/seeyourfiles.php"; uploadTag.appendChild(htmluiTag); xml.documentElement.appendChild(uploadTag);