Against All Odds

This site is open-source dictionary project based on PHP. Glossword helps you to create and publish online multilingual dictionary, glossary, or reference. It features installation wizard, UTF-8 support, visual themes, export/import dictionaries in XML/CSV format, delayed postings.

Basic features

• Adding terms to dictionary by several people at the same time.
• UTF-8 encoding. More than 400 languages can be used in a one dictionary at the same time.
• Special mode for SEF links and other SEO enhancements.
• Fast search engine can search cross words typed in any language, including Chinese.
• Indexing and searching through millions of definitions.
• Advanced search capabilities, stop words, query language.
• Query words highlighting in the search results.
• Support for a true transcription (e.g. ‘dikʃ(ə)nri, IPA standard). No self-made emulations needed.
• Defining accents for words (e.g. fábrika).
• Printer-friendly version for a term.
• Architecture is optimized for creating multiple dictionaries with one installation.
• Multifunctional feedback form with CAPTCHA.
• The ultimate guarantee of displaying webpages in any browser due to certified W3C XHTML 1.1 code and CSS 2.1 compliance.
• Glossword is free of charge and distributed under GPL license.

For authors and editors

• Installation wizard. Installs, updates and even uninstalls the software.
• The history of editing for terms.
• Delayed postings.
• Virtual keyboards.
• Customizable alphabetic sorting.
• Customizable visual themes with HTML-templates, CSS style sheets and additional multicolumn rendering mode for the list of terms.
• Automatically generated alphabetical index for dictionary.
• Export/Import dictionaries in XML and CSV format.

For administrators

• Configurable 2-level cache engine improves productivity for an HTML-output.
• Invisible links to e-mails against mail robots.
• Internal logging system.
• Built-in maintenance tasks.
• Every comprehensive task such as recounting the number of added terms per user, runs separately and it helps to balance server load.

Big Credit to : http://glossword.biz/

Today, I’ve no much tasks to do and have most free time. That’s why surfing through websites and seeking open-source dictionary web project written by PHP or JSP. Because I’ve an idea to build free dictionary site for none-profit. And, I don’t want to create such dictionary site throughly by myself. That’s why I want open-source and want to add some useful fuctions in it. At that time, I’ve found http://www.gotocode.com dedicated to web beginners, who want to learn ASP, JSP, PHP and so on. It has some simple applications and allow to download. If you have free spare time, go and visit it.

To prevent SQL Injection in Coldfusion, we should use <cfqueryparam> tag between <cfquery> tag. It’s good tag and it output the variable which MS.SQL like. But to get good performance of our website, we should use cachedwidthin attribute of cfquery tag.  If we use <cfqueryparam> tag in <cfquery>, error occur for sure and <cfquery> doesn’t allow <cfqueryparam> tag. So, how to prevent for SQL injection and how to get good performance for your site without using <cfqueryparam>. The answer is quite simple: we need put following coding at the top of your page.

<CFIF IsDefined(“id”) AND NOT IsNumeric(id)>
<cfabort showerror=”Invalid Query String”>
</CFIF>

And, also add following coding in <cfquery> tag,

WHERE ID = #Val(id)#

How? It’s easy though, isn’t it?

Creating communication website, we gotta consider the security, the access and all uploaded data of our users. Now that if anyone want to upload their data into our communication websites, they must have each registered ID. So whenever they come and upload their data into our site, they need to login first and after uploading, they need to logout successfully. It’s ok that no problem without doing logout after uploading if anyone upload their data at their home pc. If Peter (for example) upload their data by using public internet cafe, it’s problem that they didn’t logout after uploading, someone can copy, delete and upload with Peter’s account into communication sites. So, we need to kill our users’ session data whenever they close their browsers after using it. But we cannot do anything if they didn’t logout or didn’t close browser after using.

Here is some coding we need to add in application.cfm

<cfif IsDefined( “Cookie.CFID” ) AND IsDefined(“Cookie.CFTOKEN” )>
<cfset localCFID = Cookie.CFID>
<cfset localCFTOKEN = Cookie.CFTOKEN>
<cfcookie name=”CFID” value=”#localCFID#”>
<cfcookie name=”CFTOKEN” value=”#localCFTOKEN#”>
</cfif>

Since my website has prevented SQL Injection, they keep on attacking on and on. For these case, my sql server reach over-loaded and crushed often. That’s why I need to block the IP of these people before doing anything. So, I’ll create following coding in my application.cfm file.

<cfparam name=”blacklist” default=”">
<cfset application.fpath = “#GetDirectoryFromPath(GetCurrentTemplatePath())#”>

<cfset blacklist = “” />
<cffile action=”read” file=”#application.fpath##fName#” variable=”blacklist” charset=”utf-8″ />

<cfif ListFind(blacklist,cgi.remote_addr,Chr(13)&Chr(10))>
<cflocation addtoken=”false” url=”/blacklist.cfm” />
</cfif>

<cfif FindNoCase(“DECLARE”,cgi.query_string) and FindNoCase(“CAST”,cgi.query_string) and FindNoCase(“EXEC”,cgi.query_string)>
<cfif not ListFind(blacklist,cgi.remote_addr,Chr(13)&Chr(10))>
<cfset blacklist = ListAppend(blacklist,cgi.remote_addr,Chr(13)&Chr(10)) />
<cftry>
<cffile action=”write” file=”#application.fpath##fName#” output=”#blacklist#” charset=”utf-8″ />
<cfcatch></cfcatch>
</cftry>
<cflocation addtoken=”false” url=”/blacklist.cfm” />
</cfif>
</cfif>

Today, our .NET programmers face this problem, redirect to login page when session timeout in asp.net. Because we store some users’ information in session variables. And, check also users’ permission (can access only reports of his/her department) with such session variables. The problem is when session is timeout, the one can access all reports of all departments. Thus, our clients complaint these errors on and on. Today, I know how to solve this bug now. Here is, coding I put in all of master page.

if(Session["Session_name"]==null)
Response.Redirect(“Login.aspx”);

In these days, using SSL layer at website is the most popular. Because, it’s save, reliable and cannot be attacked by virus easily. Ok, I’ll describe how to configure SSL in IIS 6.

Create certificate

First of all, open your Internet Service Manager (ISM) or Internet Information Services (IIS) Manager.

Double click on your sever, and expand all websites configured in your Server.

Open one website and click properties on it. And click on Directory Security tab, then click on Server Certificate.

At that time, Web Server Certificate Wizard box will appear, and then click Next. Then, choose Create a new certificate. Then, click next. And, give your certificate name in textbox, and then click next again.

And, type your organization name and unit. Then, type the common name for your site. And, choose Country, State and City.

And, choose the directory where you want to save your certificate file. Then, click next, and click on finish button.

Install the certificate and set up an SSL Web site

Open the IIS, and expand websites configured at your server. Click on the website, you want to install certificate.

Click the Directory Security tab. Under Secure Communications, click Server Certificate. This starts the Certificate Installation Wizard. Click Next to continue.

Select Process the pending request and install the certificate and click Next.

Type the location of the certificate that you downloaded in the “Issue and download a certificate” section, then click Next. The Wizard displays the Certificate Summary. Verify that the information is correct, then click Next to continue.

Click Finish to complete the process.

Configure and test

On the Website, type 443 on SSL Port.

On the Directory Security tab, under Secure Communications, note that there are now three available options. To set the Web site to require secure connections, click Edit. The Secure Communications dialog box appears.

Select Require Secure Channel (SSL) and click OK.

Click Apply and then OK to close the property sheet.

Surf your site

Access the site through HTTP by typing http://localhost/yoursite/ in the browser. You receive an error message that resembles the following:

HTTP 403.4 – Forbidden: SSL required.

Try to browse to the same Web page using a secured connection (HTTPS) by typing https://localhost/yoursite in the browser. You may receive a security alert that states that the certificate is not from a trusted root CA. Click Yes to continue to the Web page. If the page appears, you have successfully installed your certificate.

Try it.

Big Credit : http://support.microsoft.com/kb/299875

In these days, some my friends told me that don’t open one new email, subject is “Life is beautiful” in your mail box. It’s virus attached with Life is beautiful.pps powerpoint file. Because, this virus will retrieve your password and all of your informations.

Big Credit : http://en.wikipedia.org/wiki/Life_is_beautiful_virus_hoax

In these days, some people test writing HTML code, especially javascript tags, marquee tag and so on in input. Because of this case, we need to solve this problem not be inserted miscellaneous codes in our Database. I’ve prevented this kind of problems before time. But, it cannot be used as global function. That’s why I keep searching any solutions in Google and create own coding. Eventually, I’ve get following coding.

<cfscript>
function listFix(list) {
var delim = “,”;
var null = “NULL”;
var special_char_list = “\,+,*,?,.,[,],^,$,(,),{,},|,-,<,>”;
var esc_special_char_list = “\\,\+,\*,\?,\.,\[,\],\^,\$,\(,\),\{,\},\|,\-,&lt,&gt”;
var i = “”;

if(arrayLen(arguments) gt 1) delim = arguments[2];
if(arrayLen(arguments) gt 2) null = arguments[3];

if(findnocase(left(list, 1),delim)) list = null & list;
if(findnocase(right(list,1),delim)) list = list & null;

i = len(delim) – 1;
while(i GTE 1){
delim = mid(delim,1,i) & “_Separator_” & mid(delim,i+1,len(delim) – (i));
i = i – 1;
}

delim = ReplaceList(delim, special_char_list, esc_special_char_list);
delim = Replace(delim, “_Separator_”, “|”, “ALL”);

list = rereplace(list, “(” & delim & “)(” & delim & “)”, “\1″ & null & “\2″, “ALL”);
list = rereplace(list, “(” & delim & “)(” & delim & “)”, “\1″ & null & “\2″, “ALL”);

return list;
}
</cfscript>

How to use?

It’s simple though. Save following coding as ListFix.cfm file. And, include this file before saving users’ data to your Database.

<cfinclude template=”ListFix.cfm”>

<cfquery name=”SaveDataQry” datasource=”MyDSN”>
INSERT INTO MyUsers
(tbl_User_Name)
VALUES
(‘#listFix(username)#’)
</cfquery>

How easy? Try it.

My site has been crushed in these days because of being attacked by SQL injection. That’s why I’ve prevented anyone can attacking using SQL injection and not my SQL server to be over-loaded of this case. That’s why I check whether the abnormal informations are in the log file of my site or not. At that time, I’ve found ever QQDownload word after SQL injection attack. 211.93.127.34 Mozilla/4.0 (compatible;+MSIE+ 6.0;+Windows+ NT+5.1;+SV1;+QQDownload+1.7;+WPS). So, I gotta block the browser of anyone installed QQDownload for the sake of my site not to be over-loaded. That’s why I’ve put following coding in application.cfm of my site.

<cfset gotcha = #findnocase(“HTTrack”,HTTP_USER_AGENT)#>
<cfset gotcha = #findnocase(“QQDownload”,HTTP_USER_AGENT)#>
<cfif gotcha NEQ 0>
<cflocation url=”http:/SiteURL/messages.cfm?message=QQDownload has been blocked” addtoken=”no” />
<cfabort>
</cfif>