.:: Alex Erne :: PHP/MySQL & Unity3D/C# projects ::.
Recent news
Categories
Like me on Facebook
* advertisement *
  21 March 2013 - I am Blog services returning :: Posted in I am Blog (canceled project)
It has been a hard 2 years for me, and because of that I had to put off-line the I am Blog website over a year ago. As you might know from my personal weblog, my concentration is lacking at times which in turn caused heavy delays in the development of the I am Blog project.

But things are changing! Though I'm still not fully back on my old level of concentration (and probably never will get back there every again), I can concentrate enough to pick up scripting for a couple of hours a week. This is enough to fix old issues there were with the I am Blog scripts and by now a large number have been fixed. All there is left to do before I can go live again with the I am Blog site are a couple of security updates which include a tighter encryption of the username & password as well as the need to use your eMail address when logging on. The latter is needed so that when your username is known (which is faily easy since it's in the URL of your blog ) a potential 'hacker' can just let loose a password-finder on it.

Coming 2 weeks I'm free from work (I planned to paint the outside of my house, but the weather is not cooperating here - way too cold for spring) and I'll use a lot of that time on developing the new security measures.

Of course, the new I am Blog service will be free of charge, like it was before, but there will be a few changes though. Every blog displayed will have a forced advertisement at the top. I will also make a couple of changes to the Terms of Service. When cleaning up the old database, I found that the users that were active at the time were just advertisement SPAMmers and nothing more, and I don't really want that anymore. Instead I want real blogs here.

I hear you wonder when the new I am Blog service will be online... I'm aiming for April 1st (not a joke ) but don't pin me on this date. I can't tell if I'm good enough coming week to have finished the security issues at hand.

Post A Comment! :: Permanent Link
  08 October 2012 - Slowly picking up development :: Posted in I am Blog (canceled project)
It's been way too long since I last used those gray cells for this project. But truth is that I didn't really feel up to it and was sure I could not concentrate long on it. But that's about to change...

For my personal RPG blog I tried to implement a LIKE button for Facebook. But due to the structure of the I am Blog scripts I was unable to get the LIKE to be posted in the users news-feed. It appears that the URL-parameter used in <%EntryShortURL%> (/?s=) kinda kills the LIKE button's function to post in the news-feed.

To work around this problem I thought th use the error-404 trap trick, where instead of referring to domain.com/?s=<short_number>, I'll refer to domain.com/<number>. The only problem though is that the I am Blog scripts are not able to display number of the blog entry.

To work around this, I added the <%EntryNumber%> tag today to the I am Blog script. Using this tag, along with any Facebook LIKE script/command the LIKE will actually be displayed on the user's news-feed (I hope... )

But... The addition of the tag is only the 1st part of the work. Next up I have to actually create the 404-error trap and distill the <number> and then forward to the actual blog entry. And that's why I added the 'I hope... ' above. I'm not sure if Facebook can be fooled this way. If not, then I've added a (now) useless parameter and have to work around the problem an other way (I can be real creative...)

Post A Comment! :: Permanent Link
  10 November 2011 - Security hot-fix :: Posted in I am Blog (canceled project)
I've identified a HUGE security risk where a registered user could edit/delete all content of any other user. This security risk has been fixed and closed. Additionally, any attempt made trying to exploit this (fixed) risk will be logged.

I've also started to add extra parameters to the I am Blog configuration to make the transition to a Public Domain version of the sources. These changes are small and most likely you won't even notice them as user of I am Blog.

Post A Comment! :: Permanent Link
  20 February 2011 - Today's update (version 0.6.7) :: Posted in I am Blog (canceled project)
An other update with some minor changes to the code to fix odd and annoying bugs...

  • As I wrote on February 17th, I've hunted down and fixed those odd \'s. Going through some more forms I found a couple of others as well, and fixed those too (including the contact form at the bottom).
  • Further more, I found an other bug with the communication with twitter. This time it concerned the #-sign in the topic. I managed to semi-fix this for now. At least, your connection with twitter won't result in an error, but the # won't be placed all the times - most certainly when it's followed by a number...
  • I updated several eMail nofitications, removing some odd extra enter. Now the notification sent is as the original message was written.
  • Last but not least, I found a bug in my personal blog (pagesfromsages.com), where I was missing 2 files to trap error-messages.

Post A Comment! :: Permanent Link
  17 February 2011 - That odd \'s bug found & fixed :: Posted in I am Blog (canceled project)
Yesterday I said I'd hunt down a bug that happened in the comments and eMail notification where odd \'s were added, but not always. Oddest thing is that on my local testing-server this bug never happened, but my first thought was this bug had something to do with the session-cookies I made for the comment.

I wasn't far off with that initial thought. Indeed, when failing the captcha, those odd \'s were added, but only on the on-line test-server, not locally. This made me wonder if the way strings were handled under Windows and Linux would differ. Browsing (online) manuals didn't bring this up, so I started to experiment a bit.

I added the instruction to strip_slashes() to the session-cookie that held the comment. Both locally (under Windows) and on the remote test-server (under Linux), the odd \'s didn't appear anymore. Next I added the same strip_slashes() to the mailhandler and now they're gone in the eMail notifications as well.

...but I won't yet upload this one, there's still more to do...

Post A Comment! :: Permanent Link
  16 February 2011 - Today's update (version 0.6.6) :: Posted in I am Blog (canceled project)
It's been a while since the last update, but last few days I've made some small steps on picking up the scripting of I am Blog again. Small steps indeed. This update had only one recently solved problem, and a couple of older ones (no important ones) that are over 6 months old...

Changes & fixes:
  • Changed eMail messages for registration verification
  • Fixed the prolem with the double-quotes (") in blog topics not being accepted by twitter
  • Changed the single quote as it is displayed in twitter (was ` is now ')
  • Minor performance changes
  • Small bug fixed in one screen where odd \'s were added
Next up is to hunt a bug down concerning comments where those odd \'s are added as well, but not all the time. And the same problem with those odd \'s is in the eMail notification of the comment to the user...

Post A Comment! :: Permanent Link
  04 June 2010 - Version 0.6.5 now live :: Posted in I am Blog (canceled project)
Finally, the first and most important security update is live! Now I can reveal what was changed, because I took enough precautions to avoid the two security issues to be exploited

The main security issue was in the cookies I used. The way I used them, cookie theft could compromise your account, where an hacker could steal your cookie and logon into your account. I changed the whole cookie setup, making it nearly impossible for hackers to steal your cookie and logon to your account. I also added a 1 hour timer to the cookies that will automatically renew every time you browse on the I am Blog pages. Even after you have closed your browser, the cookie will automatically refresh if you return within the hour.

The second security issue I found is less dangerous, but will need attention with the next update: your password and it's encryption. The one I used doesn't feel too save for me, and I already have ideas on how to make the new encryption. The only problem I have right now is how to implement the new encryption without having to force-change everyone's password...

Other fixes in this update include:
  • a few small database updates
  • added favorite icon to the website
  • changed oddities in several automated eMail messages
  • capture for non-existing blogentries

Post A Comment! :: Permanent Link
  Page navigation
  Page 2 of 7 :: Previous Page :: Next Page
* advertisement *
* advertisement *

This website is Copyright © 2009 - 2016 Alex Erné
PHP/MySQL coding by Alex Erné Copyright © 2009 - 2016 Alex Erné
...all rights reserved...

AE games™ and the AE games logo are Trademarks owned by Alex Erné
TetraGems™, Burst-a-Bubble™ and the Burst-a-Bubble logo are Trademarks owned by Alex Erné