One of the constant issues when working with legacy data is how ugly it is. When you’re calling a stored procedure to pull out legacy data from an Oracle Storage Management System backend, the resulting text string is formatted in a way that… Well, let’s just say its hideous looking, or at least we can say that it’s not human readable. Fortunately I’ve come up with a large library of conversion methods to take this data and format it into a way that will look good in the application front end UI. For example here’s a here’s a sample from my library that can take a MySQL timestamp and format it to look nice on a web page or application front end. To save critical UI space and help differentiate old records from new ones, the display shows a different format for how old the record is. For example records from today will simply say what time they were entered. Records from this week will have the day of the week and records older than that will have the dates. I use techniques like these frequently while handling the data conversion from where it’s stored in a legacy back in to being displayed on the modern front end user interfaces.
//********************************************************************************
function formatDateFromDb($timestamp){
$time_object = new DateTime($timestamp, new DateTimeZone('UTC'));
$time_object->setTimezone(new DateTimeZone('America/Los_Angeles'));
/*echo("<p>records from last year {$time_object->format('m/d/y g:i A')} </p>");
echo("<p>records from last week {$time_object->format('D F j g:i A')} </p>");
echo("<p>records from current week (but not from today) {$time_object->format('D g:i A')} </p>");
echo("<p>records from current day {$time_object->format('g:i A')} </p>");*/
$current_year = date('Y');
$timestampyear = date('Y', strtotime($timestamp));
$current_week = date('W');
$timestampweek = date('W', strtotime($timestamp));
$current_day = date('N');
$timestampday = date('N', strtotime($timestamp));
$current_hour = date('H');
$timestamphour = date('H', strtotime($timestamp));
$prettyDate = "";
if($current_year - $timestampyear > 0) {
//records from last year | 03/08/21 3:41 PM
$prettyDate = $time_object->format('m/d/y g:i A');
} else {
if($current_week - $timestampweek > 0){
//records from last week | Mon March 8 3:41 PM
$prettyDate = $time_object->format('D F j g:i A');
} else if(($current_week - $timestampweek == 0 && $current_day - $timestampday >0) || ($current_week - $timestampweek == 0 && $current_day - $timestampday == 0 && $timestamphour < 8)){
// records from current week (but not from today) | Mon 3:41 PM
$prettyDate = $time_object->format('D g:i A');
} else if($current_week - $timestampweek == 0 && $current_day - $timestampday == 0 && $timestamphour >= 8){
// records from current day | 3:41 PM
$prettyDate = $time_object->format('g:i A');
} else {
$prettyDate = "time format not found for {$timestamp}";
}
}
return $prettyDate;
}
//-----------------------------------------------------
//^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
I was working on a way to break up page content and display it in user friendly chunks. Very similar to the Jquery Form Wizard plugin, but hopefully a lot easier to use. After years of making forms into applications, I have come up with an algorithm to plug into any form or content that will transform it into a paperless web application with the following features:
To a developers point of view the best thing is Automation!
Content organized and displayed to the user in an easy to navigate style.
Client side validation for form elements when and where needed.
Form summary and easy ability to make changes before submit.
Takes care of form data submission using Ajax to hand the data on a silver platter to any api.
Here are the notes to myself while developing.
Hiding and Displaying content
The first decision is how to break up the content chunks. Well, a div with an id of “step_xxx” seems like a good idea. XXX should be a detailed way to identify the content such as “step_intro” “step_personal_info”. I will put these divs on the page in the correct order that they would be accessed, with the exception of where the paths branch off.
So now I have my content set up in chunks that I can select and identify using JavaScript. I am going to use JQuery because of it’s powerful selection abilities. One little bit of code gives me the selection I need…
$('div[id^="step_"]').hide(); // select and hide all divs with id containing "step_" in the id.
Well this is a good start, but now I need to determine how many steps are in my display, create an index or table of contents, and then step the user through them as needed.
Creating a table of contents
My initial selector from above gives me the power to do more than just show/hide the elements that are selected. By turning this selection into a list, I can come up with a table of contents for my users to know exactly what kind of huge form they are about to fill out. Give them a chance to chicken out :)
I have created a function to list this table of contents:
function createTableofContents(){
for(i=0;i<totalsteps;i++){
$("#step_intro").append("<p>Step:"+thesteps[i].id+" || Find a way to put the contents of the first child element here as description text</p>");
}
}
But its rough. We need to put the toc into a container styled to display in a sidebar list view. Lets check the dom for the existence of id tableofcontents, create it if its not there, then append the steps array. This would allow to drop into any form, yet give advanced users the ability to make a custom view to display the toc.
Now I need a way to give these steps a description that would mean something to the user, since they probably don’t care about “step_step1a”. Referring to my previous post on using custom attributes, I feel like this would be a good place to use them. I don’t want to put it as a title , because the elements inside the div will need to have their own titles. I am going to give each step an attribute of stepdesc and assign it a value that would be a good description of the step.
Now when the page loads, the huge amount of content is hidden , and the user is presented with a wizard to guide them through the steps, and even a table of contents so they know where they are in the wizard.
Moving through the wizard steps
I need to look for existing elements named : “stepDownButton” and “stepUpButton” . If they are not there, then create them. If they are there, then leave it alone. This will allow for a button to be put in place where user needs a branch off the linear path. If the content is on a linear path, the plug in will create all the buttons to step through the content. In the first step, make a special button to “begin”. in the second to last step make the “next” button into a “submit” button instead.
*** is it possible to add the abilty to hit enter and have it click the next button.? lets try it soon.
Validating User Input
Now I need to provide a means of validation for each step that has a required field. I will make a function to call for each step, check whether there is a required element, and validate if needed. I would like to pass this off to the jquyer validaton plugin. Need to work on this though, cause its called a little differently than I had setup for. They add an attribute of required to the element rather than a class. Also having trouble to plug in the validator to my plug in lol.
This works good on the select and the inputs, but radio buttons are always a pain in the ass. Good thing I have my previous post on working with checkboxes and radio buttons to refer to. I don’t want to add the additional code to loop through these, and figure out what value would be required, then have to alter my validator function. I am going to use a hidden text field, make it required, and put the value of the chosen radio button into it. That should enforce validation on choosing a radio button.
******** its working ok, but then there is a duplicate field in the form summary: Commencement Attendance Option : mtvernoncampus<– from the radio button choice. Commencement Attendance Option Choice : mtvernoncampus<– from the hidden text field.
$("input[type='radio'][name='commencementattendanceoption']").on("change", function(){
alert($( this ).val())
});
Dynamic fields and validation.
I want to make a reusable code to add a dynamic field with validation. I need to add text box to allow user to attach transcripts.
I will pass the step id into a function to create the dynamic fields in the container. with validation and ability to delete the addl field and its validation.
form summary
A major goal is to provide a solution for the summary and display of user’s data before form submission, so they may go back and correct any errors. In the second to last step, the plugin will set the the “NEXT” button onclick to stepUp(‘submit’); The plugin will add a summary of the data the user entered so they may go back and make any changes. You may choose a custom display of the summary by putting an element with id “formsummaryarea” into this step. The plugin will omit any empty or hidden fields from the summary, and you can put class “nosummary” to omit any other items from the summary.
It seems that i need to modify the summary when it displays the contents of a dropdown element, it needs to display the text rather than the value. For example, the dropdown for choose degree, the values are numeric, and the display is a text string. For the summary, telling the user that they chose document 10 is pointless, they need to confirm the text name of the doc that they chose.
A screen shot of the student document repository user interface.
If the Financial Aid Department is the heart of the college institution, then the Skagit Valley College was suffering from a stroke. The heart was clogged up from the result of years of managing paperwork using tried and true ancient techniques: the in person delivery of hand filed paper forms.
And then corona virus came to deliver the death blow. Due to the pandemic, the college campus was forced to close. Unable to allow students to come to campus and process in person financial aid meant that our college might suffer the same fate as several other Washington State institutions and be shut down completely.
They came to me with this problem desperate for a solution. They needed a document repository that could be integrated with our current Legacy student management system data, but that will also be able to transition with our data over the next few years as the school complete its moves to a new student data management system. They needed a way to assign the forms to the students, and a portal where students could securely upload their documents.
The college had a legacy document storage system in place, aging and in need of replacement. The system had fallen out of development and was no longer being supported. The decision was to either purchase an expensive out of the box system, or develop one in-house. Due to the success of previous projects, the President of SVC decided to have me develop a custom in-house document storage and management solution that would be easily integrated into our student data management system.
During the planning phase, the project management documents were drawn up, key deliverables determined, and the use case scenarios developed.
Throughout the software development life cycle, those documents were referred to in order to prevent feature / scope creep from setting back the projected completion date. Using Agile project management I completed several sprints of user story backlogs, and the scrum retrospectives revealed valuable lessons learned about the techniques used to program the application.
In the midst of the pandemic, forced into working remotely, I was under the pressure to save the college by finishing my application well ahead of the projected schedule.
The project close was met with very satisfied stake holders, and the project sponsor was happy to sign off the completed product.
Cloudflare is a cloud based web application security firewall.
https://www.cloudflare.com/security/
Security
Cloudflare Security Services reduce the risk of lost customers, declining revenues, and degraded brand by protecting against DDoS attacks, abusive bots, and data breach.
With 122 data centers across 58 countries and 15 Tbps of capacity, Cloudflare’s Anycast network absorbs distributed attack traffic by dispersing it geographically, while keeping Internet properties available and performant.
DNSSEC is the Internet’s non-spoofable caller ID. It guarantees a web application’s traffic is safely routed to the correct servers so that a site’s visitors are not intercepted by a hidden “man-in-the-middle” attacker.
Cloudflare’s enterprise-grade web application firewall (WAF) detects and block common application layer vulnerabilities at the network edge, utilising the OWASP Top 10, application-specific and custom rulesets.
Transport Security Layer (TLS) encryption enables HTTPS connections between visitors and origin server(s), preventing man-in-the-middle attacks, packet sniffing, the display of web browser trust warnings, and more.
Cloudflare is an ICANN accredited registrar, protecting organizations from domain hijacking with high-touch, online and offline verification for any changes to a registrar account.
OpenVAS is a framework of several services and tools offering a comprehensive and powerful vulnerability scanning and vulnerability management solution. The framework is part of Greenbone Networks‘ commercial vulnerability management solution from which developments are contributed to the Open Source community since 2009.
Firesheep is an extension for the Firefox web browser that uses a packet sniffer to intercept unencrypted session cookies from websites such as Facebook and Twitter. The plugin eavesdrops on Wi-Fi communications, listening for session cookies. When it detects a session cookie, the tool uses this cookie to obtain the identity belonging to that session. The collected identities (victims) are displayed in a side bar in Firefox. By clicking on a victim’s name, the victim’s session is taken over by the attacker.[
SQL Map Automatic SQL injection and database takeover tool
http://sqlmap.org/
sqlmap is an open source penetration testing tool that automates the process of detecting and exploiting SQL injection flaws and taking over of database servers. It comes with a powerful detection engine, many niche features for the ultimate penetration tester and a broad range of switches lasting from database fingerprinting, over data fetching from the database, to accessing the underlying file system and executing commands on the operating system via out-of-band connections.
Cisco Umbrella Investigate
Investigate provides the most complete view of the relationships and evolution of domains, IPs, autonomous systems (ASNs), and file hashes. Accessible via web console and API, Investigate’s rich threat intelligence adds the security context needed to uncover and predict threats.
Kali Linux is an open source project that is maintained and funded by Offensive Security, a provider of world-class information security training and penetration testing services. In addition to Kali Linux, Offensive Security also maintains the Exploit Database and the free online course, Metasploit Unleashed.
https://www.kali.org/about-us/
They are really working hard to get you. They can spoof access points. They can Man in the Middle and grab your data. They can even spoof login pages to grab your credentials.
Wireshark is the world’s foremost and widely-used network protocol analyzer. It lets you see what’s happening on your network at a microscopic level and is the de facto (and often de jure) standard across many commercial and non-profit enterprises, government agencies, and educational institutions.
Cain and able
Cain & Abel is a password recovery tool for Microsoft Operating Systems. It allows easy recovery of various kind of passwords by sniffing the network …
The net user command is a very useful tool. The instructions were confusing. when they say to type /domain, they mean it. not your domain or the users. the actual word domain.
