Phiras\’s Blog

January 10, 11

GWT File Manager

Filed under: java, WEB-APP — Tags: , , — phiras @ 1:14 pm

I’ve been asked in my university to build a simple File Manager based on Google Web Toolkit (GWT), I am sharing my code here. it would be a good example to those who are new with the framework.

 

GWT File Manager

Download

February 25, 10

XSS safe content in yii

Filed under: WEB-APP — Tags: , , — phiras @ 4:43 pm

In this post I am going to describe a solution to make your yii-based web application safe from illegal content injections.

I am going to make a use of the the yii wrapped htmlpurifier class inside a behavior. this behavior could be attached to any model with declaring the attributes we would like to make them XSS safe.

I have wrote the following behavior :

class CSafeContentBehavior extends CActiveRecordBehavior
{
   public $attributes =array();
   protected $purifier;

   function __construct(){
      $this->purifier = new CHtmlPurifier;
   }

   public function beforeSave($event)
   {
      foreach($this->attributes as $attribute){
         $this->getOwner()->{$attribute} = $this->purifier->purify($this->getOwner()->{$attribute});
      }
   }
}

place this class in a file in your application directory, for example : application/behaviors/CSafeContentBehavior.php
Now in your model you attach the behavior like this :

class Post extends CActiveRecord
{
   public function behaviors(){
      return array(
         'CSafeContentBehavor' => array(
         'class' => 'application.behaviors.CSafeContentBehavior',
         'attributes' => array('title', 'body'),
      ),
   );
}

Here we go. Our Post model will now purify title and body columns before each save operation.

July 29, 09

Password Strength Meter V.2

Filed under: WEB-APP — Tags: , — phiras @ 12:09 am

I am glad to write this post to introduce the new Password Strength Meter plugin.

Changes are only about UI, Thanks To Amine Rajaee for his improvements.

Password Strength Meter

Password Strength Meter

Demo.

Download.
@fiso on twitter

April 21, 09

Ajax File Upload

Filed under: WEB-APP — Tags: — phiras @ 1:58 pm

Yes, XMLHttpRequest doesn’t allow sending multipart/form-data for security reasons.
People comes whit many alternative solutions to Ajaxifying their uploaders, using Flash(vimeo.com video uploader) or using iframes with javascript.

Maybe the iFrames solution is the most popular one, but for me, I don’t like iframes, maybe because they are making the work more complicated, and messy!

While I am working on youz.de project, I had to built fully ajax interface, and uploading files was one of the important things, and I had to go for the mess of iFrames.

Fortunately I find this amazing jQuery plugin : jQuery file uploader, this plugin encapsulates the dirty work of iFrames perfectly!

with jQuery file uploader it is a matter of 10 lines of javascript code to upload files.

-Firas

April 8, 07

Password Strength Meter (a jquery plugin)

Filed under: WEB-APP — phiras @ 9:28 pm

@Update : Password Strength Meter V2 , new UI improvements.

Password Strength Meter is a jQuery plug-in provide you smart algorithm to detect a password strength.

The Password strength procedure is working as the follow:
We have many cases to care about to know a password strength , so we will present a global variable score , and each case will add some points to score.
At the end of the algorithm we will decide the password strength according to the score value.
The cases we have are :

  • If the password matches the username then BadPassword
  • If the password is less than 4 characters then TooShortPassword
  • Score += password length * 4
  • Score -= repeated characters in the password ( 1 char repetition )
  • Score -= repeated characters in the password ( 2 char repetition )
  • Score -= repeated characters in the password ( 3 char repetition )
  • Score -= repeated characters in the password ( 4 char repetition )
  • If the password has 3 numbers then score += 5
  • If the password has 2 special characters then score += 5
  • If the password has upper and lower character then score += 10
  • If the password has numbers and characters then score += 15
  • If the password has numbers and special characters then score += 15
  • If the password has special characters and characters then score += 15
  • If the password is only characters then score -= 10
  • If the password is only numbers then score -= 10
  • If score > 100 then score = 100

Now according to score we are going to decide the password strength

  • If 0 < score < 34 then BadPassword
  • If 34 < score < 68 then GoodPassword
  • If 68 < score < 100 then StrongPassword

Online demo.
PasswordStrengthMeter.zip

@Update : this work is CC licensed
Creative Commons License
Password strength meter by Firas I. Kassem is licensed under a Creative Commons Attribution 3.0 Unported License.
@fiso on twitter
@Update : Password Strength Meter V2 , new UI improvements.

Older Posts »

Blog at WordPress.com.