Jump to content


  • Posts

  • Joined

  • Last visited


Posts posted by Wuhtzu

  1. Hi everyone


    I am playing around with Google Analytics asynchronous tracking code and facing a "problem" where I have to have strings within strings in java script called by event handlers such as onClick.


    This piece of java script needs to be called when the even handler onBeforeUnload fires:


    onbeforeunload="timeTracker._recordEndTime(); _gaq.push(['java script code']);"


    So _gaq.push(['java script code']) takes a string of java script code and enqueues it for execution.


    The piece of codes needing to be executed is this:


    function(){ eTr = _gat._getTrackerByName('eventTracker'); timeTracker._track(eTr, undefined, document.title);}


    As you can see the code above function(){} has a string in it. How should those two pieces of code be merged so that everything gets interpreted correct?


         _gaq.push(['function(){ eTr = _gat._getTrackerByName('eventTracker'); timeTracker._track(eTr, undefined, document.title);}']);"

    I cannot mix " and ' since the html tags use ". The above with 'code 'string' more code' does (obviously) not work and escaping the quotes \' does not work either.


    Any suggestions?


    Best regards



  2. Problem solved :)


    I didn't anticipate IE to actually restrict the "onKeyPress" and "onKeyDown" to the actual area of the <body>-tag. So The reason why I didn't see anything was because my mouse wasn't hovering over the body area which was only surrounding the "some text"-text in the upper left corner.


    So in some way IE actually behaved quite rationally and it turns out that either Safari, Firefox and Opera automatically enlarges the <body> to fill the whole screen or events on the body tag fire even though the mouse isn't actually hovering over the body.


    On the other hand, why should keyboard related events have anything to do with the position of the cursor? You can't really in my opinion determine if the keyboard is in the <body>-area or not. You could of cause base it on the markers position (not cursor, marker) but that's also a bad idea. So I guess i like firefox, safari and operas handling better.


    Thanks for reading and thinking guys!

  3. Hi guys


    I've struggled with a very annoying problem for the last two hours. I simply can't get IE8 to trigger onKeyDown and onKeyPress. Included is a minimal working example. It works great in Firefox, Safari, Chrome and Opera. I vaguely remeber it triggering in IE8 at some point during this evening but if it did I've forgotten what made it work.


    The body tag has onKeyPress and onKeyDown call the function test() which simply displays an alert.


    What am I doing wrong?


    <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
    <html xmlns="http://www.w3.org/1999/xhtml" lang="en" dir="ltr">
    <title>ie8 onkeyup onkeypress test</title>
    <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
    <meta http-equiv="Content-Style-Type" content="text/css" />
    <script type="text/javascript">
    function test(e) {
    alert("ie8 come on");
    <body onKeyPress="return test(event)" onKeyDown="return test(event)">
    <p>some text</p>


    Best regards and thank you

    - Wuhtzu

  4. They could trigger the statistics by asking the recipients email client to confirm that the e-mail message has been read/opened.


    Another possibility is to include a something like a remote image, stylesheet which the users e-mail client will get request using http. That HTTP request can be logged and the assumption:


    "If the user requests this resource linked to from within the e-mail message using http he/she has "read" the e-mail message"


    can be made...

  5. Hi guys


    I am looking for something which seems odd at first sight (or hearing...):


    A browser which supports modern web standards but which does NOT feature any build-in search function (typically accessed by ctrl+f) to search the content/markup of the page being displayed.


    So what do I need that for - a Wikipedia race competition at a LAN. I really want to make it impossible for people to search the articles being viewed as it sort of defeats the purpose of the race.


    It might be the wrong place to fix the problem - choosing a browser which does not feature a search function :P But it seems like the easiest way. Other options would include converting the articles to images before presenting them to the users, write a small program to intercept common shortcuts for the search functionality (sort of like a key logger) but they seem horrible to implement.


    Any good suggestions? Both regarding the browser and maybe other alternatives?



    - Wuhtzu



  6. I personally like http://world.std.com/~reinhold/diceware.html 's method of generating pass phrases a lot. It's easy to remember since it's normal short English words, but it still has a great entropy due to the amount of words in the word list.


    Could any of you comment on my points (I know they were buried deep beneath numbers and talking back and forth)?


    With the numbers being astronomically large, even for very short random passwords, is there any point in choosing "long" (8 chars and longer) passwords besides protecting one self from compromised user databases?


    Best regards


  7. Hello


    I couldn't think of where else to start of in my search for an answer to this question so here you guys go:


    What strength is really required from password used for restricting access to online services of various nature - forum accounts, paypal accounts, webmail accounts ect.?


    I have always been an advocate for choosing strong password but after a lot of thinking and calculating entropy of different password compositions I've begun to doubt my own (maybe soon to be old) beliefs.


    Some numbers:


    Set of characters and their length


    (1) [a-z] : 26 chars

    (2) [A-Z] : 26 chars

    (3) [0-9] : 10 chars

    (4) [!"@#¤%&/()=?{[]}+-*$,.;:_] : 25 chars


    The four most used sets of characters from which to construct passwords arranged by popularity (and hence size) in descending order must be:


    (1) : 26 chars

    (1)+(3) : 26 + 10 = 36 chars

    (1)+(2)+(3) : 26 + 26 + 10 = 62 chars

    (1)+(2)+(3)+(4) : 26 + 26 + 10 + 25 = 87 chars


    Lets consider some different length of passwords constructed from the above four sets and how many combinations they yeild: (if one can choose from m characters and the length of the password is n then there is m^n (m to the power of n) possible combinations)























































    Pretty large numbers it seems. Should an attacker decide to try and get access to some account he/she/it could systematically try all combinations of characters from one of the mentioned sets. On average the answer would be found by trying half of the combinations.


    Should the attacker decide to try password combination using the web service's own authentication interface (an HTML form with username and password input field) he/she/it would most likely have to send POST requests (containing the username and possible password) to the web service using for example cURL. A rough estimate of the time needed to send the request to the target web service, have the server process the request and get a response back could be 1.0 second. So the attacker can check one password each second.


    One day comprises of about 24 h/day * 60 min/h  * 60 s/min = 8.6*10^4 s. So a password picked from set (1)+(2)+(3) of length 4 with 1.4*10^7 possible combination would take: 0.5*1.4*10^7 / 1/s = 0.7 * 10^7 s = 7.0*10^6 s = 7.0*10^6 s / (8.6*10^4 s / day) =  81 days.


    So a password from


    Set (1) with length of 6 or greater

    Set (1)+(3) with length of 5 or greater

    Set (1)+(2)+(3) with length of 5 or greater

    Set (1)+(2)+(3)+(4) with length of 4 or greater


    takes more than a year to break / guess assuming 1 try per second.


    Most web services are smart enough to restrict the number of log in attempts per time - e.g. 3 attempts per hour or something - which would cause one year of trying to become thousands of years of trying. And even if the webservice did not detect the repeated log in attempts, chances than someone notices anormalities in the webserver logs are pretty good.


    So choosing a password from


    set (1) of length greater than 6,

    set (1)+(3) of length greater than 5,

    set (1)+(2)+(3) of length greater than 5 or

    set (1)+(2)+(3)+(4) of length greater than 4


    seems like a waste of brain capacity.


    Of course there are other scenarios. A dump of the web service's database could be stolen or leaked leaving the attacker in possession of hashed passwords. Now the attacker could generate all possible passwords, hash them and permutations, hashing them and comparing hashes) could be distributed over any number of computers and would not take long with the above mentioned password lengths. A person studying computer science at 2nd year or so should be able to do this within reasonable time.


    But take for example set (1) + (2) + (3) + (4) = 87 chars. Choose a 10 char password from that set which yields 2.4*10^19 possibilities. To compute all possibilities (not to speak of hashing too) in 1 year you need to compute 2.4*10^19 / (356*24*60*60)  = 7.8*10^11 combinations per second or 4.1*10^13 combinations per second if you want to do it in a week. I think it's fair to say that you should have quite few CPU's at your disposal to pull of such computation rates. This can only be possible for large organizations with considerable know how and budget.


    On top of that most services hopefully use a salt for their hashes which may or may not be stolen with password hashes. If stolen with the password hashes it's of little use, but if is kept separately and not compromised it renders a dictionary attack completely useless.


    So, if you also want to be almost completely safe from dictionary attacks on stolen database entries, you could go with a password from


    set (1) of length greater than or equal to 10,

    set (1)+(3) of length greater than equal to 9,

    set (1)+(2)+(3) of length greater than or equal to8 or

    set (1)+(2)+(3)+(4) of length greater than or equal to 7


    based on the assumption that computing 10^6 = 1000000 = 1 million combination per second is an expensive task.


    What do you guys think - I'm I right?


    Most people would be of with random password of 6 chars and paranoid people who _really_ do not want anyone else to post silly stuff on their behalf could go with 10 chars.



    Best regards and sorry for long boring post in the Miscellaneous sub forum

    Wuhtzu :)





  8. I'm trying to do so because in reality the #content div is to be floated left and another div, say #content2, is to be floated right so I have two columns. The columns need to be of different background color, so that's why I need both #content and #content2 to go all the way to the bottom of the page... else the background color of something else (maybe #container, or even body) might be visible through.


    I have tried alot of things, but since I need the page centered it seem that I need a div to contain all other divs....

  9. Hi all :)


    Have a look at this




    The above is a div (#container, red border) holding two other nested divs (#header, green border and #content, blue border). What I want is for the height of #header and #content to sum up to the height of the #container. Right now, as you can see, the #content div is sticking out the bottom of the #container div. How much is it sticking out I hear you ask - it's sticking out what ever #header occupies. So when #header is 200px in height the #content div is sticking out 200px.


    How can I prevent this (or just obtain the effect I'm after)?


    I know elements can't know about other heights than their own. So if the window is 900px high at time of rendering, then #container gets height=900px and since #container is the parent of #content, #content too gets height=900px, even though #header occupies some space...


    But It must be possible to correct this? Applying negative margins and such doesn't seem to have an effect.


    Thanks guys!


    <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
    <html xmlns="http://www.w3.org/1999/xhtml">
    	<!-- Title -->
    	<title>100% height test...</title>
    	<!-- Meta information -->
    	<meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
    	<!-- Styles -->		
    	<link href="style.css" rel="stylesheet" type="text/css"  />
    	<div id="container">
    		<div id="header">
    		<div id="content">


    html, body, p, div {
    margin: 0;
    padding: 0;
    html, body {
    height: 100%;
    #container {
    width: 600px;
    height: 100%;
    border-left: 3px solid #FF0000;
    border-right: 3px solid #FF0000;
    margin: auto;
    background: #FFFFF1;
    #header {
    height: 200px;
    border-left: 3px solid #00FF00;
    border-right: 3px solid #00FF00;
    background: #FFF1FF;
    #content {
    height: 100%;
    width: 400px;
    border-left: 3px solid #0000FF;
    border-right: 3px solid #0000FF;
    margin-bottom: -200px;
    margin-left: auto;
    margin-right: auto;
    background: #F1FFFF;

  10. You could first filter your input using a suitable regex and one of php's regular expression mathcing functions like preg_match:


    preg_match('/^(http:\/\/)?(www.)?([a-z0-9_-])+\.[a-z]{2,4}(\/[a-z0-9_.\/#?&=]*)?$/i', $url)


    which will do something like this:


    Valid: http://www.lol.dk/tis.html
    Valid: www.lol.dk/tis.html
    Valid: lol.dk/dild.html
    Valid: http://www.lol.dk/dild.html
    Valid: http://www.lol09-10.info/script.php?id=2&lol=nice#top
    Not valid: htp://www.newz.dk
    Not valid: <?php echo 'lol' ?>


    Just modify the regex to suit your needs - which TLD's to allow, whether or not to allow a file/path being specified and arguments being passed ect.


    Afterward you could use cURL instead of some dns look up via exec. cURL allows you to "visit remote pages", download their content, pass posts/gets to them and so on. So you could use it to request the page the user entered and check what http status code is returned.


    $url = "www.phpfreaks.com";
    $ch = curl_init();
    // set URL and other appropriate options
    curl_setopt($ch, CURLOPT_URL, $url);
    curl_setopt($ch, CURLOPT_NOBODY, 1);
    // grab URL and pass it to the browser
    $http_code = curl_getinfo($ch, CURLINFO_HTTP_CODE);
    if($http_code == false) {
    $http_code = "look up failed";
    echo "$url - HTTP Code=$http_code";
    // close cURL resource, and free up system resources


    which will give something like:


    http://www.phpfreaks.com - HTTP Code=200
    http://www.thiscantpossiblyexistbecauseofthenumbers1234567979892937475.com - HTTP Code=look up failed
    www.newz.dk - HTTP Code=301
    http://wuhtzu.dk - HTTP Code=200
    http://www.jalæwejkfaweihfneue.dk - HTTP Code=look up failed
    www.phpfreaksss.com - HTTP Code=look up failed


    That's how I would do it I think :)



  11. http://www.w3schools.com/XSL/xsl_intro.asp



    But if I were your professor or teacher on this computer science topic I would expect something other than just "what methods from known 3rd party packages / applications will you use". I would expect some theory on how to actually parse the document.


    It is basically a text file you get and you have to extract information from it. Which algorithms would you use to search through it, what data structures would you use to store the information. What will be the resource cost and running time of your algorithms ect. Or alternatively - how does XSLT parse the xml? What search algorithms does it use...


    Suppose you were the one inventing XSLT or similar or maybe making a competing package for doing the same job, only better. How would you perform the task of turning a xml file into something queriable like a database?

  12. First of all have a look at for example: http://in2.php.net/SimpleXML to get an idea of what you can extract from the XML feed using PHP.


    If you can't use a database which already have "search algorithms implemented to perform queries" you need to come up with your own so to speak. One way would be to simply iterate over all the items in the feed and compare it to a list of items you want.


    So each time you encounter a item from the category 'keyboards' you add that item to your custom feed. This will take O(n) time since it's a linear search where you need to examine all n items to decide whether you want them or not.

        <item category="keyboard">
            <name>Logitech Extreme</name>
        <item category="food">
        <item category="toys">
            <name>Killer Panda</name>


    Alternatively you could hope that the company has it feed set up such that all the keyboard elements (items) is children of a category element in which case you need only to examine the categories and decide if you want all (or just some) items of that category.


            <name>Logitech Extreme</name>
            <name>Logitech Extreme 2</name>


    It's really going to depend on the feed. You could also decide to parse the feed once a day and maintain your own database with the information (which would then at max be 1 day old, or some other time you specify). That would easily allow you to create more advanced queries and maybe even do some advanced caching on the most popular requests ect.

  13. The preg_replace() function searches through a string matching the whole thing or parts of it to a regular expression pattern.


    In this case the the pattern '#([A-Z][^A-Z]*)#' means match a string starting with one capital letter followed by any number of characters not matching a capital letter.


    #: a delimiter marking the start of the actual regular expression pattern

    (: start of a capture group

    [A-Z]: a character class matching one character in the range A-Z

    [^A-Z]*: a character class matching one character not in the range A-Z (that could be a, b, c, 12, #, [ ect.) and actually any number of them (including zero) because of the modifier *

    ): end of capture group

    #: a delimiter marking the end of the actual regular expression pattern


    Now the syntax of the preg_replace() is: preg_replace($regular_expression, $what_to_replace_with, $string_to_search_and_replace). The search is done with the previous mentioned pattern and we are using '$1 ' as the replacement. $1 means the first capture group or sub pattern - what's inside the parentheses - it's called a back reference. So each time the regex engine matches the previously discussed pattern it assign it's value to $1 and '$1 ' of course adds a space.


    So going through this string 'GetToKnowYou' will first match 'Get' ([A-Z] followed by two [^A-Z]) and assign it's value to $1. So 'Get' is replaced with 'Get '. Now it matches 'To' and replaces it with 'To ' and so on. So in the end it's 'Get To Know You'.


    Read more on regular expression here: http://www.regular-expressions.info/, http://www.regular-expressions.info/tutorial.html, http://www.regular-expressions.info/reference.html





  14. Hey


    This is a rather broad question, but I hope I can get some good advice from all you fine coders on this forum.


    I have recently purchased a secure certificate for my host name (secure.mydomain.dk) because I wanted to get acquainted with the whole secure http concept but I have run into some major questions regarding how to layout an application (and virtual hosts on my apache webserver) which only requires for example the login, check out or similar to be done via https...


    For example, the virtual host handling request for secure.mydomain.dk could point at the same directory as mydomain.dk, that would allow scripts to be accessed via both http and https, but it would also allow scripts which should only be accessed via https to be accessed via http which is not intended. The virtual hosts could also point at different directories, but then the application would have to be split up, e.g. the login scripts being served from one directory and the rest from another. That would cause some head eggs if one used a framework I could imagine...


    So I would love some general advice / theory about how to lay such an application out. How do you guys do it ect.? What virtual hosts would you setup, what should directory should be their web root ect.? Experience from both large projects and smaller projects are more than welcome.


    Please let me know if this is simply too broad and if I need to be more specific :)


    Regards Wuhtzu


  15. Hey and welcome to phpfreaks :)


    Depending on the structure of your text file and the platform on which it was created you have several options.


    First of all you will read the entire file into a string like this:


    $file = 'some/place/txtfile.txt';
    $content = file_get_contents($file);


    Next you have to choose your "solution" among the following two cases:


    #1: All the text blocks in your file is separated by precisely the same number of blank lines


    #2: The text blocks are separated by a variable number of blank lines


    In case #1 you can use explode() like this:


    // Use "\n" or "\r\n" as separator depending on the text editor and platform used to create your text file.
    // Add the separator n+1 times, where n is the number of blank lines between your blocks. The below example is for 1 blank line separating the blocks (hence \n two times)
    $array = explode("\n\n", $content);
    echo '<pre>';
    echo '</pre>';


    In case #2 you can use preg_split() like this:


    // use "/\n{2,}/" or "/(\r\n){2,}/" depending on text editor and platform. Alternatively use "/(\n|\r\n){2,}/" which accepts both \n and \r\n as line break.
    $array = preg_split("/\n{2,}/",$content);
    echo '<pre>';
    echo '</pre>';


    I've successfully used both methods on the following test text file:


    Note: A Note on Line Feeds
    Line feeds have little meaning in HTML, however it is still a good 
    idea to make your HTML look nice and clean by putting line feeds in. 
    A linefeed that follows immediately after a closing ?> will be removed 
    by PHP. This can be extremely useful when you are putting in many 
    blocks of PHP or include files containing PHP that aren't supposed 
    to output anything. At the same time it can be a bit confusing. You 
    can put a space after the closing ?> to force a space and a line 
    feed to be output, or you can put an explicit line feed in the last 
    echo/print from within your PHP block.
    Note: A Note on Text Editors
    There are many text editors and Integrated Development Environments (IDEs) 
    that you can use to create, edit and manage PHP files. A partial list of 
    these tools is maintained at » PHP Editors List. If you wish to recommend 
    an editor, please visit the above page and ask the page maintainer to add 
    the editor to the list. Having an editor with syntax highlighting can be 
    Note: A Note on Word Processors
    Word processors such as StarOffice Writer, Microsoft Word and Abiword 
    are not optimal for editing PHP files. If you wish to use one for this 
    test script, you must ensure that you save the file as plain text or 
    PHP will not be able to read and execute the script.
    Note: A Note on Windows Notepad
    If you are writing your PHP scripts using Windows Notepad, 
    you will need to ensure that your files are saved with the 
    .php extension. (Notepad adds a .txt extension to files 
    automatically unless you take one of the following steps
    to prevent it.) When you save the file and are prompted 
    to provide a name for the file, place the filename in 
    quotes (i.e. "hello.php"). Alternatively, you can click on 
    the 'Text Documents' drop-down menu in the 'Save' dialog 
    box and change the setting to "All Files". You can then 
    enter your filename without quotes. 


    which is taken from php.net's tutorial on php.


    Edit: Then of course use fwrite() to write each element form the array (which equals a text block) to another file.


    Hope this helps!

  16. How to put the rest of the code together depends on how you want to do this:



    #1: Make a <form></form> and a "yes" and a "no" button. Then another script will be able to pick up the answer by looking at $_POST['yes_btn'] and $_POST['no_btn'].


    #2: Make a link to something like this: yoursite.com/didtipwork.php?answer=yes&tid=1337 and yoursite.com/didtipwork.php?answer=no&tid=1337. This will allow you to look at $_GET['answer'] and take the appropriate action depending on the answer. This script could redirect the user back to the tip page by means of the tid (tip id)....


    #3: Some nifty ajax solution which will use one of the above solutions but without the user noticing..


    Which path do you want to take?

  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.