coding

Code/Notes to explain SQL injection (pure draft)

$username = $_POST[‘username’];

SELECT * FROM users WHERE username = ‘$username’;
$username = jagdeep
SELECT * FROM users WHERE username = ‘jagdeep’;

$username = jd
SELECT * FROM users WHERE username = ‘jd’;

$username = jagdeep’ OR ‘1=1;
SELECT * FROM users WHERE username = ‘jagdeep’ OR ‘1=1′;

$username = jagdeep’; DELETE FROM users;–;
sanitize
1. SELECT * FROM users WHERE username = ‘jagdeep’;
2. DELETE FROM users;
3. –‘;

 

Minimum protection:
$username = mysql_real_escape_string($_POST[‘username’]);

Kuotes Admin section structure and DB in CakePHP

Except the login page, I don’t think any other resource should be made public.

Hence, the only public page is “Login”! (duh!).

Purpose of the admin panel is to allow a user (an Admin user, that is) to be able to manage (add/update/remove/archive/disable) Kuotes (for the Kuotes App).

Considering the above set of functionality, and the fact that basic searching, sorting, pagination etc would be required as well, following is the (high level) list of features/sections/pages that is expected to be developed (this week?, today?):

  1. Dashboard (high level stats for admin)
    1. Total number of kuotes
    2. Active/Inactive (disabled + archived)
    3. Without photo?
    4. User generated (not yet?)
  2. List of kuotes
    1. List view : Author, Kuote, Date added, status, owner (Admin / User)
    2. Search (Author name, Kuote text, Date added, status)
    3. Pagination (Previous, 1-n, Next)
    4. Sorting (Author, Date, Status)
    5. Edit
    6. Delete
    7. View
  3. Manage Authors
    1. Name
    2. Photo (optional)
  4. Add new Kuote
    1. Select Author name (select dropdown, and if not found then input field)
    2. Add Kuote
    3. Add Photo (optional)
    4. Custom date-added (optional)
    5. Status (optional, defaults to Active)
    6. Owner (optional, defaults to Admin)
  5. Edit Kuote
    1. All of the Add new Kuote features/options
  6. Delete Kuote
    1. Soft delete (change status to Delete in DB, and set a deleted_at timestamp)
    2. All queries in the application to exclude all kuotes with deleted_at status (need to see how best to manage this, or at each request method)
  7. Logout (!!)

 

Future features to be added:

  1. Allow users to login and perform actions (akin to the Admin ones above) for their own kuotes (added from App or from Web)
  2. Generate a Pull Request of sort to Admin to include their Kuote as Public kuote (generated personally or referring an existing Kuote)
  3. Photo view in Admin and User sections to allow setting a default photo against a Kuote (allowing app-users to be able to customise it, but still have a default one)

 

That’s it about the features and now moving towards the DB structure.

Table/Columns:

  1. Users
    1. ID (Numeric?)
    2. Name
    3. Email
    4. Password
    5. Role (defaults to Owner/Admin for Kuotes)
    6. Email verified at
    7. Status (or Active perhaps?)
    8. Created
  2. User Logins
    1. ID
    2. User ID
    3. Login status (logged in successfully or not)
    4. Consecutive attempts (before logging in successfully)
    5. IP address (In either case)
    6. Browser/Meta info (Log all server info available with request)
    7. Created
  3.  Authors
    1. ID
    2. Name
    3. Photo
    4. Created
    5. Status
  4. Kuotes
    1. ID
    2. Author ID
    3. Kuote
    4. Date Added
    5. Status
    6. Deleted At (defaults to null)
    7. Owner (Defaults to null/0, for Admin/Kuotes)
    8. Photo
    9. Created

Looks like these 4 tables should be fine/enough. If required then more info would be added.

This will be deployed to GCP at (probably): kuotes-admin.konnector.dev or kuotes.konnector.dev or even kuotes.konnector.dev/admin

 

Light is back!

I have been trying dark themes on almost everything – phone (Android dark mode), apps-on-the-phone (Twitter, Slack etc), desktop (Ubuntu dark theme), Opera, Chrome, Terminal, VScode (for code) and what not…

And all this starts from a simple concept – dark mode looks good, really good.

Unfortunately, the one thing that I have not been able to move to a “comfortable” dark mode is “NetBeans” – the flawed editor I used (for more than a decade) and feel so natural and comfortable in working in it.

As an alternate to NetBeans, I got VScode/sublime and what not – for whatever small amount of time that I could work on those, and while those are great in their fields, but I was just not able to find the joy and comfort that I had while using NetBeans.

I tried a lot – to make NetBeans dark (using a lot of plugins/options/settings) and also to adapt VScode – but it didn’t seem to work as I hoped/expected.

In the background of thoughts trying to focus on the actual work/task that I was supposed to do, I have been thinking constantly about NetBeans/VScode/dark-mode…

All this background noise was becoming more loud with every passing day and today I decided to shut that noise and go back to “light” mode, discarding all dark-mode settings and the conflict/noise just vanished.

“Light is back” – let’s get back to work and get shit done.