Monday, October 31, 2011

Hierarchy in databases for folders

I have been building a folder system that stores files and revisions to these files in the folders. I have now added deleting the folders or files by turning a column isDeleted = 1 or 0 when it is deleted so I can keep them in side until a certain time has gone by before moving them to an old table or delete them.
It was made for a comment system but I converted it to show the folder structure by building an unordered list for each root node and using lots of DIVs and spans with CSS to show the mini folders with plus and minus signs that will hide or unhide the inside list to show or hide a list of folders. This works for many levels. Then I made 2 columns on the right of the tree structure that shows 2 levels of the folders at any point. Then by clicking on any folder in the 2nd column it moves to the first column and shows the files and folders that are in it, in the second column or just a blank folder and file icon to allow you to add new folders and files. I also implemented a right click menu to add or remove files and folders. Then I made the folders and files draggable so we can move them to other folders either in the tree on the left or another folder in one of the 2 columns we navigate in. 
Now the problem I have to solve is how to keep them in order when I move a folder to another place. My folder tree walker fails to build the tree when it reads the table from top to bottom because I moved the folder above the point where the parent is so when it tries to find the parent for the child folder I moved it can't find it because the child it mentioned before the parent is listed in the database. I need to make a column that lists the tree in order from the root nodes out to the children. I have to do this because I don't want every person that views the page to have recursively find all the nodes since this won't scale well. I have to redo the order of the folders each time a new folder is added or a folder is moved. 
about a way to make adding a folder easy. It uses a lineage column that lists all the ids from the root to the present like 1-4-8 and when you add a child to 8 you will just add "-9" to the 9th folder in the system that's being placed inside the 8th folder. If I use this method then when I move a folder with many folders inside then I need to rewrite the lineage for each folder recursively using the parent of the folder it is being placed in as the base for the new location the folders are being moved to. 
Then I read this article: http://evolt.org/node/4047/
It mentions another way of fixing this by running a stored procedure when you insert a new folder where all folders after it it incremented by 1 id.
talks about other methods of working with this data. I am going to try pulling all the data out of the database using a single select and then build the tree in php and then update the sequence in the database afterward. I can do this each time a folder is moved.

Monday, October 24, 2011

Google Docs spreadsheet automatic email sending


This script sends an email using google docs spreadsheets.
Here is a script I made that sends an email to people if a cell doesn't say email sent. It uses cells that exist to put together the body and subject of the email. You can do alot more with this but its good enough to work.


function sendEmails2() {
  var sheet = SpreadsheetApp.getActiveSheet();
  var startRow = 2;  // First row of data to process
  var numRows = 10000;   // Number of rows to process
  // Fetch the range of cells A2:N10000
  var dataRange = sheet.getRange(startRow, 1, numRows, 14)
  // Fetch values for each row in the Range.
  var data = dataRange.getValues();
  for (var i = 0; i < data.length; ++i) {
    var row = data[i];
    var emailAddress = row[6];  // First column
    var message = row[12];       // Second column
    var emailSent = row[13];     // Third column
    if (emailSent != EMAIL_SENT) {  // Prevents sending duplicates
      if(emailAddress.length == 0){
        //sheet.getRange(startRow + i, 15).setValue("stop");
        break;
      }
      var subject = "Sending emails from a Spreadsheet";
      MailApp.sendEmail(emailAddress, subject, message);
      sheet.getRange(startRow + i, 14).setValue(EMAIL_SENT);
      // Make sure the cell is updated right away in case the script is interrupted
      SpreadsheetApp.flush();
    }
  }
}

Friday, October 21, 2011

Excel Indirect function

I just used Excel today to make some reports and this is a simple form or the function I made:

=INDIRECT("'" & D4 & "'!" & C4)

If you put the values from D4 and C4 into their places it looks like this: =INDIRECT("'test'!a1").
What this does is print what ever is in A1 of the test sheet. What is nice is it looks at a cell in the spreadsheet to choose the sheet to look for values in. So you could have a dropdown box show a list of the sheet names that you get from a settings sheet that you update each time you add a sheet. Then you can make reports that will update for you every time you change what is in the dropdown menu. I also use vlookups to lookup exactly what ranges to use in the dynamic indirect function. That way you can put most of the function code in one place in the table that the vlookup looks at instead of putting all the index or match function text in every place that uses the indirect function. I was having the vlookup table calculate what row each section start of stops so we can do a count of cells within that section from the indirect function without all the overhead that the vlookup table does.

Tuesday, October 11, 2011

Shared online Tracker like Google Docs


I thought of a cool idea for a collaborating tracker.
How hard would it be to make a shared online tracker where every note you add to the tracker I see on my version of the online program as if we were both on the same computer.
Its like google docs for music trackers.
The tracks would have to be able to be encoded and decoded fast and compressed and sent accross the net or peices of the file to tell the other collaborators that are using it right now what changed. Like ajax in an online or off line tracker program.
If you like this idea then comment.

Thursday, October 6, 2011

New ways of hacking websites

What if someone could send you a link to their page and in that page it could make you post a form that you can't see. This form could send money from the bank account they are logged into to the attackers account. All they have to do is send them to the right page and with the right parameters sent along it will send the money to the attacker. There are a couple ways of fixing this. The bank could use a token that can only be used once along with other parameters int he form that have different values everytime so the attacker wouldn't know what the names of the hidden fields are without going to the banks website and getting their form. If they could use PHP curl request with the banks sessionid it would be relatively easy to get the form contents and then fill in the right values into it and send the form off to the bank website and they would think it was from them. They would also use curl to not only send the sessionid but also change the referer to say it came from the banks website page where the form is. That page could also be a unique url everytime as well. Then the curl request would need to know what page to download the form. They would go to the page where the user clicks to get the form and it would create the unique url for the form there so the attacker may get the form that way. How does the attacker get the sessionid? They use javascript to somehow run document.cookie on another tab than the one they are on now. If this works then they have the sessionid and can then refresh the page quickly after the js is done getting the sessionid and once it has refreshed the page will run php code to make the curl request to the page where the bank website is. This could be any website that has forms. This is just an example with a bank to show how important it is for websites to secure their sites using some of these techniques or others. Another thing the bank website can do to make it hard to run their form without being on their site is using dynamic named functions in php. Use the create_function function in PHP to make a custom custion that is written alittle bit differently each time in a way that ensures the user is logged in:
http://php.net/manual/en/function.create-function.php
But if the hacker has your sessionid I don't know how this will be good enough. Here are some interesting pages on the subject:
http://4diggers.blogspot.com/ 
Here is an article about cross domain ajax and how cross domain ajax could break any web application http://shiflett.org/blog/2006/aug/cross-domain-ajax-insecurity