Archive for the ‘WebSites’ category

Emailing with PHP

January 12, 2009

While adding some more features to the recent Intranet Portal, one thing that came up was to have an email sent with a copy of the order for a quick check. I originally did this sending it as plain text however it was a little difficult to read. I wanted to set it up to have both text and HTML emails so it was nicely formatted for reading on the desktop but still useable when viewing on a mobile phone.

Enter PHPMailer. This is a great PHP class that makes the whole process of dealing with MIME headers and all the other crap painless. Using PHPMailer I was able to get the email sent with both a text and HTML version (including inline images) and it’s working great.

Online Ordering Intranet Portal

January 10, 2009

While writing an online ordering portal to be used internally between multiple locations to standardize their purchases, I needed to create an easy, web-based way to add and modify product entries in a MySQL database. I started trying to put this together using PHP and after a little while decided to start browsing the web for other options to get it done quicker as I realized this was not going to be a quick thing to put together.

I came across a great little project called phpMyEdit. This is a great PHP tool that will create an interface for your table(s) that can be customized a great deal and easily integrated into your site. So rather than having to spend hours reinventing the wheel I was able to complete the project and have a cool looking administration page to go with it.

If you go to the actual download site and look at some around, there are some other projects there that look pretty interesting as well.

IIS 7 Leaking Internal IP (PCI Audit)

December 5, 2008

While going through a PCI-DSS audit for the credit cards, I ran into several Windows 2008 servers running IIS 7 that were failling on an old IIS 4 problem…they were sending out the internal IP address in the HTTP Headers.

After much digging around trying to figure out the issue, I was directed to a poston the IIS Troubleshooting blog. One of the items on there clued me in. There is a known issue with using the rediect. I originally had the redirect in IIS configured to point to a folder on the system…when I replaced that with the full URL path, it fixed the issue. Hopefully this will save someone else the grief with trying to find this issue themselves.

IE Developer Toolbar

October 21, 2008

Apparently the IE Dev Toolbar has been out for a while and I managed to miss it. I’ve only tried it out quickly so far it doesn’t seem to be as nice as what’s available for Firefox but nice to know they at least have something for IE to compete. Regardless of what browser you’re using I still feel it’s better to have a couple choices as it keeps things moving otherwise everyone stops making improvements to their products.

SSL 3.0 in IIS 7.0

October 16, 2008

One quirk I recently ran into was regarding SSL version 3.0 in IIS 7.0. I was under the impression that IIS defaulted to SSL 3.0 and had 2.0 disabled…this is apparently not the case. While going through a PCI audit we found that the server was still accepting SSL 2.0 connections which is apparently against the PCI guidelines. So how to change this so SSL 2.0 is disabled:

  1. On the server, run REGEDT32
  2. Create or edit the following key to disable SSL 2.0:[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\Schannel\Protocols\SSL 2.0\Server]
    “Enabled”=dword:00000000
  3. Reboot the server

image

PHP Register Global Variables

October 12, 2008

Ran into an issue this past week with a couple of web sites that were setup a few years ago. Specifically the online forms stopped working…it would go through on the user side no problems but no data was actually sent through the form.

The problem turned out to be caused by an update which set the Register Globals variable option to off (which it should be for security.) The problem was the sites were done quickly and made use of global variables.

The fix is a simple change that just required specifying how the form would get the info: http://www.php.net/variables.external

Hurricane Tracking

September 6, 2008

With all the recent storm activity down here we’ve all been spending a lot of time on our favorite weather sites watching the storm tracking and seeing when we need to start putting up the shutters. For the past few years I’ve always relied (and continue to do so) on Weather Underground for weather and storm tracking. It has some great features and has always been easy to access and even works well on Windows Mobile.

A friend recently showed me a new site however for tracking the storms that rivals the wundermap that Weather Underground has…the site is called Storm Pulse and has a really cool interactive map. One of the really cool things about the map is that you can move along the projected timeline of the storm and see where the projected windpath will be so you have a better idea of what you’re in for. It’s usually tough to judge by the vague cone blots how far out the winds reach so that is one feature that really stands on for me on this site.