Google treasure hunt: last puzzle

Few days back google announced about last leg of google treasure hunt journey. This time they provided unix epoch time 1212448500, time when puzzle was supposed to get released.
You can use http://www.epochconverter.com/ to convert it to human readable format. This side also provides list of available methods to get epoch time, convert it to human readable format and vice-versa.

PHP date(output format, epoch); Output format example: ‘r’ = RFC 2822 date
Python import time first, then time.gmtime(epoch)
MySQL from_unixtime(epoch, optional output format)

So the puzzle was supposed to release at
Mon, 02 Jun 2008 23:15:00 GMT, for India: Tuesday, June 03, 2008 4:45:00 AM (middle of the night).

Forth Puzzle is available here. Its a bit tricky, but i wrote a c program to calculate the number using brute force method…and it worked.(Share how you did it or is there some shortcut which works without any programming). Problem is to find a prime number which in turn can be expressed as sum of of n consecutive prime numbers. Your answer should satisfy 4 such list of prime numbers of given length.

So its over for now and soon they are going to contest winners and rewards. Hope i could have been one :) . But I have submitted this puzzle after long delay.(Was sleeping when it was released)

June 4, 2008 | Filed Under programming | 4 Comments 

Latex on wordpress blog

Some time back I came to know that wordpress blogs hosted at wordpress.com supports latex. But no such default functionality for self hosted wordpress blogs. But there are plugins (latexrender, wp-latex) which can facilitate similar things.
But for these to work you will need to install latex on your hosting account. (I have intalled latex on my hostmonster account some time back.).

For installing latexrender wordpress plugin you can find guidelines here
One more thing to remember while setting $latexrender_path_http in latex.php give full http path to latexrender folder like $latexrender_path_http = "http://your blog addr/latexrender";
Now you are set to go. To include \LaTeX in your posting, use the following:

[tex] your latex code here [/tex]

For example:

[tex] (a+b)^3 = (a+b)^2(a+b) [/tex]

produces :

(a+b)^3 = (a+b)^2(a+b)

But after setting up latexrender plugin, the png image was still not generated. Error that I got was:

I can’t find the format file ‘latex.fmt’!

But when I tried similar command (latex sample.tex) from shell prompt, It was working fine.
So I thought that problem is in calling latex from php file using exec. So when I copied the latex.fmt file to directory containing .tex file it started working fine. May be some problem in setting environment variable.
You can look for latex.fmt file using :

find -name latex.fmt

For latexrender you can copy latex.fmt file to latexrender/tmp/ folder inside your wordpress installation.
I’m still working on how to set environment variable in php so that I don’t have to copy latex.fmt again and again.
But for now I gave got working latex on my blog :) . Now I can write math equations in my blog posts.
You can try latex formulas in comment too.

And if you want to publish LaTeX equation in WordPress blog without installing any software, try jsTeXrender: http://yourequations.com/. Thanks Doug for the tip.

Related Posts:
Latex Beamer
Installing latex on hostmonster

May 25, 2008 | Filed Under blog, latex | 5 Comments 

View contents of Zip/Jar files using firefox

With Firefox 3, you can use firefox browser to view contents of zip/jar files.
For viewing contents of filename.zip type following at location bar:

jar:file://< full path to filename.zip >!/
Example: jar:file:///home/user/Desktop/filename.zip!/
Also: jar:file:///home/user/Desktop/filename.zip!/dir/file1.js

This is specially very useful when you want to see contents (.js, .css, .html files) included in firefox extension’s jar file. After it list the contents, you can easily browse through the directory, sorting files etc.

Update: Security problems that come with jar: protocol
While serching for pages related to jar protocol in firefox, I found an interesting article at www.gnucitizen.org

In simple terms, it means that any application which allows upload of JAR/ZIP files is potentially vulnerable to a persistent Cross-site Scripting. Potential targets for this attack include applications such as web mail clients, collaboration systems, document sharing systems, almost everything that smells like Web2.0, etc, etc, etc.

Similar security concerns also arise in data: protocol in firefox. So one need to be careful to filter files you want to allow for upload. Actually, once I had similar situation with a website which allowed you to host image files, but the problem was they were not checking for file types. Thats means you are allowed to upload a php file too. So now you can do anything you want with that server (don’t ask me what I did :) ). So beware of such issues.

Related Post:
Perfect password according to firefox
View Page Source trick in firefox/flock
Firefox about pages
Cross Site Scripting

May 13, 2008 | Filed Under firefox, hacks | 2 Comments 

Cross-site Scripting (XSS)

Two days back, my shoutbox was hacked :). I was not aware that people are actually visiting this, which I made long back to have similar thing for Ethos in june, 2005. After that i haven’t updated the code and many things were left in between.

What actually happened: Cross Site Scripting, when we want user to input some data (which may be html/javascript) and displays it back. So if html/script tags are not properly checked it can cause trouble. Earlier I hadn’t checked for javascript, iframe inputs. So somebody just inserted an iframe as message input in my shout box. And the source of iframe contained redirection to another website. So when shouts were displayed on the page the iframe code was displayed as it is and page got redirected to other page.

Luckily I checked the page just after the day this happened, So that way i actually got chance to update this orphaned code and made some fixes.

Solution : Idea is to filter meta characters such as (< , >, ‘ , ” etc) Which will prevent browser from processing them as part of some script, they will be processed as plain text only.
So while doing in php you can do:

$shout=str_replace("<","<",$_GET["shout"]);

And to be on safer side we should also replace following characters:

replace ( with (
replace ) with )
replace & with &
replace ' with '
replace " with "

Or If you are not expecting user to input these characters then you can simply replace these with null string;

Update: (25-apr-2008)
You can also use php functions htmlspecialchars, htmlentities, strip_tags.

The replacements which I have mentioned above can be easily done using htmlspecialchars but if you want to extend it to all html tags then you can use htmlentities. And to strip both html and php tags from string you can use strip_tags. The disadvantage with strip_tags is that it doesn’t validate html so can cause trouble in case of broken html tags. It also provide you option to exclude list of tags from being stripped.

So now you can enjoy Shout Box until some new bug is found or its hacked again [;)]

Related post:
SQL Attacks: Hacking (SQL injection)

Update(14th May 2008): XSS cheatsheet by ha.ckers.org lists possible cross site scripting methods on various browsers.

April 15, 2008 | Filed Under hacks, programming, tips | 1 Comment 

Play with html using javascript

Javascipt can be very fruitful and flexible when it comes to modifying webapges dynamically (though client side). Javascript can be helpful in creating response to browser events like mouseup, mouseover etc, veryfying of form values prior to submitting them, changing style and value of html elements dynamically.
Examples i disscuss here are being user by me in developing Paint Chat !! So here I go..
You can write javascript functions and code in section as:

<script type="text/javascript">function test(){alert("test javascript");}</script>

Action on events:

Example of events can be mouseclick, keystroke, submitting form etc.
With onload()

 <body onload="init()">

Now init() function will be called when this html page is being loaded.
For links, javascript function can be evoked when clicking, mouseover over links like

 <a href="javascript:replay()" mce_href="javascript:replay()">Refresh ! </a>

Now function replay() will be called when Refresh! is clicked. For input text box

<input type="text" size="30" id="search" onchange="suggest()">;

Now whenever content of textbox changes the function suggest() will be called. It can be useful when feature like google suggest has to be implemented or so.

On submitting forms:

<form method="post" action="some.php" onsubmit="return checkForm()">

So whenever this form is being submitted checkForm() function will be called and can be helpful in verifying values of form elements.

onMouseOver and onMouseOut:

<a href="http://www.aburad.com/blog" mce_href="http://www.aburad.com/blog" onmouseover="fade()"><img src="image.gif" mce_src="image.gif"> </a>

Now when mouse is over image fade() function will be called and can be used for animate and styling purposes.

Registering of events

A simple way can be:
Conside the html code : <div id="sample"> ..... some... html..text.. </div>
Now using javascript you can register event for this div by:

 var div_sample = document.getElementById('sample');div_sample.onmousedown=sampleMouseDown ;

Now whenever mouseover ocours over this div html element sampleMouseDown() function will be called. Events can also be registered using addEventListener() . Find more information baout it here:Advanced event registration models

Modify Style and values for html elements

Within some javascript function, you can first get the element object by getElementByID() getElementsByName() for example conside the javascript code:

document.getElementById("colorcode").innerHTML = "#000000";
document.getElementById("bgtest").style.backgroundColor= "green";

The first line find the html element with id colorcode and then set its value to “#000000″ using innerHTML. In second line, it sets the background of html element with id “bgtest” to green.

Some other tweaks which were useful :

var intervalID = setInterval(drawCurve, 100);

So the drawCurve() function will be called repeatedly after 100ms. You can cancel this process( removing repeatedly calling) by clearInterval(intervalID);

var testImg = new Image();
testImg.src="form.php?name=form_value" mce_src="form.php?name=form_value";

Now here in form.php you can fetch value of variable name using $_GET and can perform appropriate action.

Some links:

Related Posts:

February 11, 2007 | Filed Under programming, tutorial, web2.0, webdev | 4 Comments 

Shout-Box


Introduction :

Me and Sachin started on Shout-Box for the Ethos community
of which we both are in the development team. Earlier we
decided to do it in Javascript but realized soon that it will be
much easier in php. We found out some sample shoutbox code and
started modifying it according to our needs. What we do is pass the
shouts as a POST request into a frame where it adds the shout to a
file and then displays it in the same frame.
Shout Box in Action

 

Current Features :

Features to be Implemented:

June 25, 2005 | Filed Under web | 3 Comments 

Shout Box

Me and Sachin were working on a php script for shout box(online chatting on a webpage) .
We just completed it.Here is link for Shout-Box .Looks can be modified as needed.If any one is needing code just mail me at aburad@gmail.com

June 19, 2005 | Filed Under Uncategorized | Leave a Comment