Blog Category

ia_archiver Bypassed Login Form

Saturday, January 2nd, 2010

Recently I came across 2 cases where website’s admin area was accessed by an “intruder”. In both cases the login credentials were known only to the administrator and this was in both cases a different person.

The first site was a simple online questionnaire with a custom CMS for managing the questions created by some company. Here the “intruder” managed to get in the admin area and delete most of the questions.

The second site was only a testing “playground”, it was based on the Zend Framework’s MVC, but not completed yet. Here the “intruder” managed to send an email from the admin area’s mailer.

In both cases the authentication was done using Location headers. I did have a look in the Apache access logs and found this:

1

174.129.121.101 - - [02/Jan/2010:00:22:19 -0600] "GET /admin/question/edit/id/81 HTTP/1.0" 200 9330 "-" "ia_archiver (+http://www.alexa.com/site/help/webmasters; crawler@alexa.com)"

Which apparently is Alexa’s crawler, and apparently it had ignored the Location header. The delete question and send mail were done as links (< a href=” … ) as opposed to buttons (< input type=”button” … ).

I decided to deny access to the admin area to all bots. And in the site’s root I did put in a “robots.txt” file with following:

1
2

User-agent: *
Disallow: /admin/

Also because in both cases the site is administered by a single person from a single location I did also decide to restrict access to the admin area by IP. Into the admin folder I did put a “.htaccess” file, where 11.111.111.111 is my IP:

1
2
3
4
5
6
7
8
9

AuthUserFile /dev/null
AuthGroupFile /dev/null
AuthName "Private"
AuthType Basic
<LIMIT GET>
order deny,allow
deny from all
allow from 11.111.111.111
</LIMIT>

Posted in Blog, SEO | No Comments »

Flexible CSS – Combining Classes vs Descendant Selectors

Thursday, December 31st, 2009

Separating semantic and presentational code is a great idea, however sometimes it’s worth not going 100% by the book.
For content like text and images I am finding, that a bit more HTML (XHTML) markup can save lots of time in the long run.
For example a floated image and some text:

XHTML which is short and sweet:

<div id="main-content">
<h1>Header <span>(some additional words)</span></h1> 
<p>Some text...</p>
<img src="..." />
<p>Some more text...</p>
</div>

and CSS using descendant selectors:

/*style for all h1 specifying text color, font size, font type, margins*/
h1 {color:#F00;font:25px "Times New Roman", Times, serif;margin:20px 0;}
/*using descendant selector for additional text within h1*/
h1 span {font-size:14px;}
/*using descendant selector for image within main content column*/
#main-content img {float:right;margin:0 0 20px 20px;border:1px solid #666;}

When I consider updating the content, changes for marketing purposes and fulfilling all client’s wishes, I always end up making same kind of changes, heading bigger for page 1, text within heading even smaller for page2 and no margin below the heading on that page as well, image full column width and no border (here the left margin is causing me problems and I need to remove the border), etc…

Therefore I am benefiting in the long run more from a markup which is slightly longer, but more flexible. Creating predefined classes which I can reuse in other sites and also can combine with each other to get the same outcome:

slightly longer XHTML but allowing much more flexibility:

<div id="main-content">
<h1 class="color01 serif margin-top margin-bottom">Header <span class="small">(some additional words)</span></h1> 
<p>Some text...</p>
<img src="..." class="content-image-right margin-left margin-bottom border" />
<p>Some more text...</p>
</div>

and CSS with predefined classes which can be reused on other sites:

/*reusable styles for all headings specifying only font size*/
h1 {font-size: 25px;}
h2 {font-size: 23px;}
h3 {font-size: 21px;}
h4 {font-size: 19px;}
h5 {font-size: 17px;}
h6 {font-size: 15px;}
/*reusable styles for any text - font sizes*/
.xxsmall {font-size: 10px;}
.xsmall {font-size: 12px;}
.small {font-size: 14px;}
.medium {font-size: 16px;}
.large {font-size: 22px;}
.xlarge {font-size: 26px;}
.xxlarge {font-size: 32px;}
/*reusable margin styles*/
.margin-left {margin-left:20px;}
.margin-right {margin-right:20px;}
.margin-top {margin-top:20px;}
.margin-bottom {margin-bottom:20px;}
/*reusable float styles*/
.content-image-left {float:left;}
.content-image-right {float:right;}
 
/*text styles which I am creating specificly for each site*/
.border {border:1px solid #666;}
.serif {font-family:"Times New Roman", Times, serif;}
.color01 /*RED*/ {color:#C00;}

Posted in Blog, CSS | No Comments »

Resize Text Field – AS3 Draggable Resizable Input Text Field

Thursday, December 17th, 2009

Draggable, resizable Input Text Field with Actionscript 3. Text Field gets resized in particular direction by dragging one of its corner handles.

This movie requires Flash Player 9
package {
 
	import flash.display.Sprite;
	import flash.text.TextField;
	import flash.text.TextFieldType;	
	import flash.events.MouseEvent;
	import flash.utils.Timer;
	import flash.events.TimerEvent;
 
	public class ResizableTextField extends Sprite {
 
		private var textCustomField:TextField;
 
		//handles
		private var square1:Sprite;
		private var square2:Sprite;
		private var square3:Sprite;
		private var square4:Sprite;
 
		//dragging
		private var origX:int;
		private var origY:int;
		private var dragTimer:Timer = new Timer(10,10000);
		private var handleHolder:Object;
 
		// Initialization:
		public function ResizableTextField()
		{
			textCustomField = new TextField();
			textCustomField.type = TextFieldType.INPUT;
			textCustomField.multiline = true;
			textCustomField.wordWrap = true;
			textCustomField.width=200;
			textCustomField.height=100;
			textCustomField.x=50;
			textCustomField.y=50;
			textCustomField.text="type here";
			textCustomField.border=true;
			createHandles();
			this.addChild(textCustomField);
		}
 
		//create 4 draggable handles
		private function createHandles():void
		{
 
			square1 = new Sprite();
			square1.graphics.lineStyle(1,0x000000);
			square1.graphics.beginFill(0xFFFFFF);
			square1.graphics.drawRect(0,0,10,10);
			square1.graphics.endFill();
 
			square2 = new Sprite();
			square2.graphics.lineStyle(1,0x000000);
			square2.graphics.beginFill(0xFFFFFF);
			square2.graphics.drawRect(0,0,10,10);
			square2.graphics.endFill();
 
			square3 = new Sprite();
			square3.graphics.lineStyle(1,0x000000);
			square3.graphics.beginFill(0xFFFFFF);
			square3.graphics.drawRect(0,0,10,10);
			square3.graphics.endFill();
 
			square4 = new Sprite();
			square4.graphics.lineStyle(1,0x000000);
			square4.graphics.beginFill(0xFFFFFF);
			square4.graphics.drawRect(0,0,10,10);
			square4.graphics.endFill();
 
			updateHandlePositions();
 
			this.addChild(square1);
			square1.buttonMode=true;
			this.addEventListener(MouseEvent.MOUSE_OUT,hideHandles);
			square1.addEventListener(MouseEvent.MOUSE_DOWN,startHandleDrag);
 
			this.addChild(square2);
			square2.buttonMode=true;
			this.addEventListener(MouseEvent.MOUSE_OUT,hideHandles);
			square2.addEventListener(MouseEvent.MOUSE_DOWN,startHandleDrag);
 
			this.addChild(square3);
			square3.buttonMode=true;
			this.addEventListener(MouseEvent.MOUSE_OUT,hideHandles);
			square3.addEventListener(MouseEvent.MOUSE_DOWN,startHandleDrag);
 
			this.addChild(square4);
			square4.buttonMode=true;
			this.addEventListener(MouseEvent.MOUSE_OUT,hideHandles);
			square4.addEventListener(MouseEvent.MOUSE_DOWN,startHandleDrag);
		}
 
		private function hideHandles(e:MouseEvent):void
		{
			square1.alpha=0;
			square2.alpha=0;
			square3.alpha=0;
			square4.alpha=0;
			this.textCustomField.border=false;
			this.addEventListener(MouseEvent.MOUSE_OVER,showHandles);
		}
 
		private function showHandles(e:MouseEvent):void
		{
			square1.alpha=1;
			square2.alpha=1;
			square3.alpha=1;
			square4.alpha=1;
			this.textCustomField.border=true;
		}
 
		private function startHandleDrag(e:MouseEvent):void
		{
			handleHolder=e.target;
			origX=mouseX;
			origY=mouseY;
			dragTimer.addEventListener(TimerEvent.TIMER, resizeField);
            dragTimer.start();
		}
 
		private function stopHandleDrag(e:MouseEvent):void
		{
			removeEventListener(MouseEvent.MOUSE_UP,stopHandleDrag);
			dragTimer.stop();
			dragTimer.reset();
		}
		// resize text field depending on which direction dragging
		private function resizeField(e:TimerEvent):void
		{
			addEventListener(MouseEvent.MOUSE_UP,stopHandleDrag);
			var updatedX:int = mouseX-origX;
			var updatedY:int = mouseY-origY;
			if(handleHolder===square1)
			{
				this.textCustomField.width-=updatedX;
				this.textCustomField.height-=updatedY;
				this.textCustomField.x+=updatedX;
				this.textCustomField.y+=updatedY;
			}
			else if(handleHolder===square2)
			{
				this.textCustomField.width+=updatedX;
				this.textCustomField.height-=updatedY;
				this.textCustomField.y+=updatedY;
			}
			else if(handleHolder===square3)
			{
				this.textCustomField.width-=updatedX;
				this.textCustomField.height+=updatedY;
				this.textCustomField.x+=updatedX;
			}
			else if(handleHolder===square4)
			{
				this.textCustomField.width+=updatedX;
				this.textCustomField.height+=updatedY;
			}
 
			origX=mouseX;
			origY=mouseY;
			updateHandlePositions();
			e.updateAfterEvent();
		}
		//adjust handles to the new size/position
		private function updateHandlePositions():void
		{
			square1.x=textCustomField.x-square1.width;
			square1.y=textCustomField.y-square1.height;
			square2.x=textCustomField.x+textCustomField.width;
			square2.y=textCustomField.y-square2.width;
			square3.x=textCustomField.x-square3.height;
			square3.y=textCustomField.height+textCustomField.y;
			square4.x=textCustomField.x+textCustomField.width;
			square4.y=textCustomField.height+textCustomField.y;
		}
	}
 
}

Posted in Actionscript3, Blog | 1 Comment »

First Post

Tuesday, November 17th, 2009

My first post…
I am a graphic designer who gradually became a coder. At the moment I am mostly involved with Web Design, XHTML/CSS, Wordpress, Flash, Actionscript3.
Stay tuned for more on these topics…

Posted in Blog | No Comments »