SocialDeveloper.net » Mods http://socialdeveloper.net Building One Social Network At A Time. Thu, 02 Jul 2009 05:40:08 +0000 http://wordpress.org/?v=2.9.2 en hourly 1 SQL Injection Protection SE 2&3+ http://socialdeveloper.net/2009/01/sql-injection-protection-se-23/ http://socialdeveloper.net/2009/01/sql-injection-protection-se-23/#comments Thu, 08 Jan 2009 00:43:40 +0000 Bryan http://socialdeveloper.net/?p=69 One of the most common forms of online misshap that plagues online applications would have to revolve around the act of sql injections. SQL injection is a code injection technique that exploits a security vulnerability within the database layer of an application. So in other words, skilled attackers might possibly exploit SE and gain access to your site. SE is pretty secure but I dont know if this has been done or if anyone running SE has had this happen. But you can prevent it. Just add this code your your .htaccess and you should be set.

Step 1

If this code isn’t already in your .htaccess then go ahead and add it. If it is, skip to the next part.

RewriteEngine On
Options +Followsymlinks

Step 2

Then place this within your .htaccess at the root of your site.

# Block out any script trying to base64_encode crap to send via URL
RewriteCond %{QUERY_STRING} base64_encode.*\(.*\) [OR]
# Block out any script that includes a <script> tag in URL
RewriteCond %{QUERY_STRING} (\<|%3C).*script.*(\>|%3E) [NC,OR]
# Block out any script trying to set a PHP GLOBALS variable via URL
RewriteCond %{QUERY_STRING} GLOBALS(=|\[|\%[0-9A-Z]{0,2}) [OR]
# Block out any script trying to modify a _REQUEST variable via URL
RewriteCond %{QUERY_STRING} _REQUEST(=|\[|\%[0-9A-Z]{0,2})
RewriteRule ^(.*)$ /home.php [F,L]

So basically this locks out any harmful queries that might be injected into your db. This is usually done through the URL so by using mod_rewrite and these restrictions, your making one SE safer at a time. Hope for the best and plan for the worst I guess. If anyone does know more about SE security bugs or stories please share.

]]> http://socialdeveloper.net/2009/01/sql-injection-protection-se-23/feed/ 4 Integrate Google Analytics into SE 3+ http://socialdeveloper.net/2009/01/integrate-google-analytics-into-se-3/ http://socialdeveloper.net/2009/01/integrate-google-analytics-into-se-3/#comments Wed, 07 Jan 2009 05:32:06 +0000 Bryan http://socialdeveloper.net/?p=59 For people new to LAMP and other programing languages, you might not be familiar with Google Analytics. Most people have, but for those that haven’t, its a free reporting tool that lets you track the stats and visitors of visitors on your social network. Here is a quick description on how you can add Google Analytics to your site.

Step One

Sign up for google analytics here, and add a site profile for your domain and proceed to the screen that gives you your tracking code. It should look something similar to this:

<script type=”text/javascript”>
var gaJsHost = ((“https:” == document.location.protocol) ? “https://ssl.” : “http://www.”);
document.write(unescape(“%3Cscript src=’” + gaJsHost + “google-analytics.com/ga.js’ type=’text/javascript’%3E%3C/script%3E”));
</script>
<script type=”text/javascript”>
try {
var pageTracker = _gat._getTracker(“UA-4——-”);
pageTracker._trackPageview();
} catch(err) {}</script>

Step Two

Go ahead and copy this code. You will need it when you edit the footer.tpl in the SocialEngine Admin section. Once you copy the code, go ahead and login to the admin section and navigate to HTML Templates. Once you get there, go ahead and click “footer.tpl” and the code should come up. Go ahead and scroll all the way to the bottom where it says </body>.  Now go ahead and paste your Analytics code right before this. Now right above where it says <script type…….> Type {literal} and right after where it says</script> type {/literal} .

The literal tags prevent Smarty (The template engine) from confusing some of the code you pasted. You will get error messages if you dont use those literal tags so hope that helps. If you have any problems or ideas post em so we can come up with some easy mods for everyone.

]]> http://socialdeveloper.net/2009/01/integrate-google-analytics-into-se-3/feed/ 2