Nov 19, 2009

Make a Password Strength Meter in WhizBase

Today the Internet is everywhere, we use it in everything, it is the buzz word of our time. When it first began it was just an experiment, a network for exchanging some data between universities, no one used it for exchanging private data.



Today it is 90% social powered network, everyone have a profile on some social website, a lot of people have money accounts on the net, some others have galleries and private data. So now we have to take care about security, how to secure our data, we need a good password, most people use «trustno1» or «000000» or their birth dates. That is not a good password, any cracking engine can guess that one.



Making a good password

A good password must have numbers, alphabetic characters (upper and lower case), other characters, they must be in a random order and must not mean anything. So do not use English words with meaning or some number combinations of something in your life.



A good example for a good password is ubXr-z9)7mn: we have upper and lower case letters, we have numbers and we have other characters. This password is nearly impossible to guess.



We will show you how to make password strength meter in WhizBase. The concept is easy, the user enters the password, we check it if it has all the 4 elements in it and give strength value back.



So let us start.



Give me your password

We will make a simple HTML form where we will ask the user to insert a username and a password. It is the standard form you can find everywhere on the net. Let us name it «index.htm»



<html>

<head><title>WhizBase Password Strength Meter</title></head>

<body>

<form action="'chpwd.wbsp'" method="'post'">

Username : <input type="'text'" name="'username'" value="''"><br />

Password : <input type="'password'" name="'pwd'" value="''"><br />

<input type="'submit'" value="'check">

</form>

</body>

</html>

Some notes about this code, we always use POST method in the form to hide our password when sending it through the web, we need the username to check if the password contains the username in it. We will create the file «chpwd.wbsp» which will make the checking for us.



Mambo Jumbo stuff of the code

Before we start we need to write down what we want to check and how we mark the password strength. I will make a list of things we need to check and every point have 1 point mark. So if the password passes 3 out of 6 it will have 50% strength.




  1. The length of the password must be at least 8 characters

  2. The password must not contain the username in it

  3. The password must contain numbers

  4. The password must contain special characters

  5. The password must contain lower case letters

  6. The password must contain upper case letters



Now lets begin with the code, save it in 'chpwd.wbsp':




$wbsetv[strength|0]

$wbif[$wblen[$wbv[pwd]]>7|$wbsetv[strength|$wbcalc[$wbgetv[strength]+1]]|]


$wbif[$WBCSTR[$wbv[pwd]|$wbv[username]|T]>0||$wbsetv[strength|$wbcalc[$wbgetv[strength]+1]]]


$wbsetv[avail|F]

$WBSPLIT[0,1,2,3,4,5,6,7,8,9|numbers|,]


$wbsetv[count|0]


$wbwhile[$wbgetv[count]<=$wbalen[numbers]|$wbif[$WBCSTR[$wbv[pwd]|$wbgetv[numbers($wbgetv[count])]|T]>0|$wbsetv[avail|T]|]$wbsetv[count|$wbcalc[$wbgetv[count]+1]]]


$wbif[$wbgetv[avail]="T"|$wbsetv[strength|$wbcalc[$wbgetv[strength]+1]]|]


$wbsetv[avail|F]

$WBSPLIT[!,#,$,%,&amp;,/,(,),=,?,*,@,;,:,-,_|schars|,]


$wbsetv[count|0]


$wbwhile[$wbgetv[count]<=$wbalen[schars]|$wbif[$WBCSTR[$wbv[pwd]|$wbgetv[schars($wbgetv[count])]|T]>0|$wbsetv[avail|T]|]$wbsetv[count|$wbcalc[$wbgetv[count]+1]]]


$wbif[$wbgetv[avail]="T"|$wbsetv[strength|$wbcalc[$wbgetv[strength]+1]]|]


$wbsetv[avail|F]

$WBSPLIT[q,w,e,r,t,z,u,i,o,p,a,s,d,f,g,h,j,k,l,y,x,c,v,b,n,m|scase|,]


$wbsetv[count|0]


$wbwhile[$wbgetv[count]<=$wbalen[scase]|$wbif[$WBCSTR[$wbv[pwd]|$wbgetv[scase($wbgetv[count])]|T]>0|$wbsetv[avail|T]|]$wbsetv[count|$wbcalc[$wbgetv[count]+1]]]


$wbif[$wbgetv[avail]="T"|$wbsetv[strength|$wbcalc[$wbgetv[strength]+1]]|]


$wbsetv[avail|F]

$WBSPLIT[Q,W,E,R,T,Z,U,I,O,P,A,S,D,F,G,H,J,K,L,Y,X,C,V,B,N,M|ucase|,]


$wbsetv[count|0]


$wbwhile[$wbgetv[count]<=$wbalen[ucase]|$wbif[$WBCSTR[$wbv[pwd]|$wbgetv[ucase($wbgetv[count])]|T]>0|$wbsetv[avail|T]|]$wbsetv[count|$wbcalc[$wbgetv[count]+1]]]


$wbif[$wbgetv[avail]="T"|$wbsetv[strength|$wbcalc[$wbgetv[strength]+1]]|]

Your password's strength is $wbcalc[$wbcalc[$wbgetv[strength]/6]*100]% $wbgetv[strength]




Let us speak English

Now let me explain what we have done. First we have created a variable which will contain the strength value, starting with zero because we assume the password is not good and then check every point and give a mark for success. We've done that with $wbsetv[strength|0] which means «WhizBase set a variable named strength with value 0».



Now we start with checking, first we check if the password length is more than 7 characters.





$wbif[

$wblen[$wbv[pwd]]>7

|

|

$wbsetv[strength|

$wbcalc[$wbgetv[strength]+1]

]

]


We say «If the length of 'pwd' variable greater is than 7 then add 1 point to the variable strength. Else do nothing.



Now we want to check if the password contains the username in it.
Again we use $WBIF «If number of occurences of the username variable in the pwd variable is greater than 0, then do nothing» (do not add a point), because there is at least one occurence and there should be none, «else add one point to the variable strength» because there is no user name in pwd.



Now we will make our script a little bit more complex, since we need to check if there are number characters in the password. To do so, we will define the numbers array and loop through the elements and check if any of them exists in the password string.




$wbsetv[avail|F]

$WBSPLIT[0,1,2,3,4,5,6,7,8,9|numbers|,]


$wbsetv[count|0]


$wbwhile[$wbgetv[count]<=$wbalen[numbers] | $wbif[$WBCSTR[$wbv[pwd]|$wbgetv[numbers($wbgetv[count])]|T]>0 |$wbsetv[avail |T]|]

$wbsetv[count|$wbcalc[$wbgetv[count]+1]]

]


$wbif[

$wbgetv[avail] = 'T'

|

$wbsetv[strength|

$wbcalc[$wbgetv[strength]+1]

]

|

]




At the beginning we suppose that there are no numbers, and give a value F as False for variable avail. Using wbsplit with the string «0,1,2,3,4,5,6,7,8,9» we make an array named numbers with the separator «,». This is a very cool way to create arrays in WhizBase. There are another ways but I prefer this one.



Now to loop through the array, we will need a counter so we will create a variable «count» with initial value of 0.



We will loop through the array while the condition (counter value <= length of the array) is true. In the loop we check with wbif function if there is an occurrence of the array element's value in the password string. If we find at least one we will set the variable avail as True «T». And off course we do not want our loop to go infinite, so we increase the value of the counter variable. After the loop is ended we check if our «avail» variable is True, which means that our password string has numbers in it, and add one point to «strength» variable (if true), else we do nothing. Now we repeat the same thing for special characters, lower case letters and upper case letters. I will not go through that code because it is the same as this one. Finally we will calculate the percentage of the strength, which is simple mathematical equation:






$wbcalc[$wbcalc[$wbgetv[strength]/6]*100]


We calculate the result of the strength points divided by maximum points (in our case it is 6), and then we multiply the result with 100 to get a percentage result.



And here we have a script that will tell us how powerful is our password.



For more information email me at: NurAzije [at] Gmail [dot] com
Or visit WhizBase official site at www.whizbase.com

Jul 15, 2009

Version 5.0.13 released

WhizBase have released a new version of its engine today, including one new operator, operator modulus to $WBCALC function.

$WBCALC function gives the results of mathematical expressions. This make it easier in the code to distinguish between literally written 1+2 or mathematically waiting for a result.

For more information please visit WhizBase download page

PowerPack Wizards version 1.0.3 released

PowerPack is a User-friendly interface for WhizBase development. Using WhizBase PowerPack user can build all required files - WhizBase Query Form and WhizBase Report (WBSP file) without need to work directly with WhizBase Engine (using WhizBase parameters, tags and functions). Whole system is built to simplify and ease development of dynamic, database-driven web content. WhizBase Engine simplifies access to the database(s) on the web (either Internet or intranet) and WhizBase PowerPack makes configuring WhizBase easy and simple.

WhizBase Query Form Wizard will help you build web page that calls WBSP file. That is the page that has a HTML form which calls selected WBSP file(s) and sends the parameters entered by visitor and predefined by webmaster. Building this page is easy. It starts with opening database and record source (database table or query) and everything else is done by few mouse clicks following the program's instructions.

Final product of this procedure is source code of web page (HTML), which can easily be modified (or merged with ordinary HTML document) using any web-authoring tool.
Procedure for building Reports is exactly the same. WhizBase report (WBSP file) produced by wizard is a web page (in HTML format) that is used by WhizBase Engine to model the result of the action performed by visitor.

In the new release WhizBase team changed the default form action for quick search from $wbe[script_name] to $wbe[path_info]. Some web servers replace $wbe[script_name] with virtual path to wbsp.exe even when it is not running in CGI mode. $wbe[path_info] always returns path to WhizBase script (.wbsp) file.

Jul 7, 2009

Version 5.0.12 released

WhizBase have released a new version of its engine today, including one new variable and three functions.

WB_DBLock

This variable defines what type of record locking will be used when opening the recordset. If you are not sure what type of record locking you need do not change the default value which is (A) automatic. This function will solve the problem of database damages when more than one update occers in the same time. You can use pessimistic or optimistic, you can leave it automatic or use unspecified.

WBCSTR

A new function which returns a the count of instances of a string in another. This will help in easier string manipulations in cobination with other string manipulation functions WhizBase is getting a good collection of powerful functions.

WBESC

When transmitting data in URLs we have problems with URL encoding. This function will solve that problem, it will encode every value, and all can be returened back with its sister function WBUNESC.

WBUNESC

When transmitting data in URLs we have problems with URL encoded data. This function will decode any data encoded by WBESC, WBVC or WBFC functions.

For more information please visit WhizBase downlod page

Jul 2, 2009

Simple form validation with WBSP

Have you ever looked to the DB of your registered users, if you do you will find a lot of garbage data. Emails that does not exist, unreal names and comments with spam or empty fields.



In this tutorial I will show you how to make a simple validation form using WhizBase. With it you can not control and validate everything, but at least you will filter some data. It will learn you some basics and it will save you a lot of deleting work.



The boring part


The most boring part for a developer is HTML, generally programmers and developers do not like designing. If you ask me, I hate HTML coding, I mostly give it to my wife, she likes it and I work on the more complicated things «Server Side Scripting».

Let us make a file named as «form.htm» and put in it the next code:




<html>

<head>

<title>Feedback Form</title>

</head>

<body>

<form action="validation.wbsp" method="post">

<fieldset><legend>Enter your information in the form below.</legend><br />

First Name:<br/>

<input type="text" name="fname" size="20" maxlength="40" /><br /><br />

Last Name:<br/>

<input type="text" name="lname" size="40" maxlength="60"/><br /><br />

E-Mail:<br />

<input type="text" name="email" size="40" maxlength="60"/><br /><br />

Comments:<br />

<textarea name="comments" cols="40" rows="7"></textarea>

</fieldset>

<div align="center"><input type="reset" />

<input type="submit" name="submit" value="Submit" /></div>

</form>

</body>

</html>



Pay attention to the action attribute in the form tag, we will send our data to validation.wbsp which is our WhizBase Server Pages file.



The Need For Speed Part


Have you ever played Need For Speed, I like the Lamborghini car, that is a great game. WhizBase is something like that to other languages when you are developing a site. You do not need a lot of time to create it.



Let us create the file validation.wbsp and put WhizBase code in it:




[FormFields]
WB_Required=email,fname,lname,comments

<!--WB_BeginTemplate-->

<html>

<head>

<title>Validate Form</title>

</head>

<body>

$wbif[$wbcstr[$wbv[email]|@]>1|Please insert your email address<br />|]

$wbsplit[$wbv[email]|email_array|@]

$wbif[$wblen[$wbgetv[email_array(0)]]>0||Your have inserted an invalid email format<br />]

$wbif[$wblen[$wbgetv[email_array(1)]]>0||Your have inserted an invalid email format<br />]

$wbsplit[$wbgetv[email_array(1)]|domain|.]

$wbif[$wblen[$wbgetvdomain(0)]]>0||Your have inserted an invalid email format<br />]

$wbif[($wblen[$wbgetvdomain(1)]]>1) and ($wblen[$wbgetvdomain(1)]]<5)||Your have inserted an invalid email format<br />]

</body>

</html>



We need to check 4 values (email,fname,lname,comments) if they are empty or not, then in case if they are empty we will give an error. We simply use one command, it is WB_Required which will check all the fields required, if one of them are empty it gives an error.



[FormFields] is a command where we tell the server to start processing essential data for WhizBase file, and we close it with <!--WB_BeginTemplate--> command.



When we come to email validation we need to validate its format also, it is important if it is in the format of:

Charactars_and_Numbers@ Charactars_and_Numbers.4_to_2_Charactars_and_Numbers



From this we need to check:


  • does it have @ symbol, and only once.

  • Before @ symbol we need to have at least 1 character

  • Do we have a dot in the second part which we split with it the rest to two parts.

  • The first part must be at least one character

  • The second part must have at least 2 characters and at most 4




Let us start playing cards.

First we need to check if there is and only one @ symbol in the email, if it is false we give an error. This is done with if statement and wbcst function.



$wbif[$wbcstr[$wbv[email]|@]=1|| Please insert your email address<br />]


The IF:

$wbif[ CONDITION | IF TRUE | IF FALSE]




The CONDITION:

$wbcstr[ STRING | STRING TO LOOK FOR] = 1



In WhizBase get and post methods are considered the same, if you send a variable using post method or send it using get method all the variables are created on the fly as a special set.

Considering that we will just get these variables with $wbv[var_name].



The STRING:
$wbv[email]



Second we split the email address to two parts and put it in an array, then we check the first part if it is at least 1 character.



$wbsplit[$wbv[email]|email_array|@]

$wbif[$wblen[$wbgetv[email_array(0)]]>0||Your have inserted an invalid email format<br />]



We notice WBSPLIT function, it takes a string and an array name and a separator, creates the array and fill the string's part separated by the separator.



$wbsplit[ STRING | ARRAY_NAME | SEPARATOR]



In the second line we get the length of the first part by using WBLEN and check if it is more than zero characters.



$wblen[ STRING ]

To access a variable we need to use the WBGETV function which accesses variables and arrays, and we call the first part of the array with (0) - in WBSP 0 is the first element in the array.



The STRING:

$wbgetv[ VARIABLE_NAME ]



Third we make the same process to the other part with the dot, and we have a simple email validation done.



For more information email me at:
NurAzije [at] Gmail [dot] com

Or visit WhizBase official site at www.whizbase.com

Jun 9, 2009

Uploading files to your webpage

Have you ever wanted to upload your files to your hosting, or have you ever want to make a simple images gallery and let the visitors upload their pictures.



In this tutorial I will show you how simple is to write a script for uploading your files online with no need for complicated web scripts like ASP or PHP.



Simple HTML uploading form


If you want to upload images you will need a form, it is made in pure HTML, it is the page where you click on Browse and select the file you want to upload. Fortunately HTML provides us with the elements, we do not need to write scripts to list files on our computer.



<html>

<head>

<title>Upload an Image</title>

</head>

<body bgcolor="#ffffff" leftmargin="0" topmargin="0" marginwidth="0" marginheight="0">

<form action="upload.wbsp" method="post" ENCTYPE="multipart/form-data">

Select file (*.jpg;*.gif - max. 100KB): <input type="file" name="image" size="20"> <input type="submit" name="sButt" value="Upload">

</form>

</body>

</html>


Let take a look in some important elements in this code, first the Form tag, without it our code will not work, the form tag must contain information like action (where to send the file data), method (there is two general methods – get and post, when sending files use post) and enctype(there is a lot of encoding types, multipart/form-data is used for uploading files).


Also we need to use the input of type file, that input is the one which let us browse our computer files. Last is the submit input, it is the button which people will click to send or upload the file.



Save this file as index.htm and put it in a folder so you do not loose it.



The butter of the work


Now we want to make the server-side file, it is the script which takes the file, save it on the hosting server.


[FormFields]

WB_AllowMultipart=T



[Upload]

WB_Disallow=![jpg,gif,png,bmp]

WB_UploadDir=/

WB_Overwrite=T

WB_MaxFSize=102400



<!--WB_BeginTemplate-->

<html>

<head>

<title&rt;File uploaded</title>

</head>

<body bgcolor="#ffffff" leftmargin="0" topmargin="0" marginwidth="0" marginheight="0">

Your file have been uploaded!

</body>

</html>


OK, do not get afraid, it is not complicated as it seems, I will explain every line before the HTML tag, make your self a coffee or a tea and sit down and read.



I will explain first what is used as a scripting language, it is WhizBase Server Pages, WhizBase is simple but powerful scripting language, it is made for non-programmers to simplify creating database-driven websites without the need for high experience in high-level programming languages.



Now in English, it is a scripting language for everyone, simple and easy for you to use. Let me show you how.



The header section


Every WBSP page have a header, it is a place where we put some information needed by the server, everything we write in this section will not appear in our page. This section contains the variables that are essential for processing WBSP file. Here you put information about the database, recordset, template, error template, log file, redirection, etc.



In the code we have [FormFields] which is a tag giving a notice for WhizBase engine to start interpreting the main commands of the WBSP file.



Then we have WB_AllowMultipart = T this variable controls if the current WBSP page will accept uploaded files (sent by client using multipart form). If this variable is set to TRUE WhizBase will accept and process uploaded files. This is a security measure so WBSP process the files sent to the write direction.



Second tag is [Upload] which is giving a notice for WBSP engine to start receiving information about the uploading process. Now ask your self, do you want viruses and a porn dialer on your server, if no you need to use WB_Disallow=![jpg,gif,png,bmp], we do not want users to upload any file, we only want images, so we disallow every file which does not have one of these extensions.



Where do you want to put your pictures, you need an upload directory, so we use WB_UploadDir=/, this variable defines the name of the directory on the server where WhizBase will save files uploaded using current WBSP file.



Do you want to overwrite your image? WB_Overwrite=T is a variable which defines if the file with same name that already exists on the server will be overwritten by newly uploaded file. We will use T as True. If you define it as F (False) WhizBase will generate a unique file name for the new one and save it like that.



If you do not want visitors to block your server, you need to limit their file's upload size, so you use WB_MaxFSize=102400 which is a variable which defines the maximum size (in bytes) of a single file that can be uploaded using current WBSP file. We have putted 102400 bytes.



Finally we put <!--WB_BeginTemplate--> to let the server know that now we are starting the body section, where we put our HTML code and what we want to show for visitors.



As you see, we can control everything when uploading files. And that how you simply make an upload form which works without the need of PHP or ASP.



For more information about WhizBase please visit WhizBase site

Jun 3, 2009

Make a database driven website in 3 steps

Today every company had to have a website, it is something like having a telephone number or a company address. A lot of companies do not have yet a budget for making a website, they think it is very expensive, and they are right. If you use a web developer in Europe you will need a couple of thousands of Euros to make a simple website to present your company.


In this article I will give a simple tutorial how to publish your database report without the need for a web-developer, something simple but yet very powerful, with your Microsoft access database.


This method is best way for web designers, who know how to make a web page in HTML, but do not know how to connect it with the database, without using PHP or ASP.


First step: create your report page


To show your report online, you will need a database access file and a HTML file which will show the report or the query results.


We will create the databse in Microsoft access, I will create a database and name it as biblio and create a table and name it Titles, we will make these fields:


  • ID as number data type which will be our primary key also.

  • Name as text data type

  • Publisher as text data type

  • PublishYear as text data type

I will fill it with some data and save it, and we have a database file.


If you have a design for your report you will need to slice it and make a HTML page, you can use GIMP on linux or Photoshop on windows, then use any HTML editor or text editor to make the HTML code.


I will use a simple example using WhizBase Server Pages (WBSP) to develop this report. WBSP is a very powerful tool for publishing databases online with a very simple code, it is not like classic web programing languages.


Create the header:


Every WBSP page have a header, it is a place where we put some information needed by the server, everything we write in this section will not apear in our page. This section contains the variables that are essential for processing WBSP file. Here you put information about the database, recordset, template, error template, log file, redirection, etc. We will simply say for the server to connect to our access database and select a table, list for example 10 records only and make a pagiation.



1 [FormFields]

2 wb_basename=biblio.mdb

3 wb_rcdset=Titles

4 WB_Command=Q

5 WB_MaxRec=10

6 <!--WB_BeginTemplate-->

[FormFields] is the starting tag for the section, when the server sees this code it will start receiving our commands. wb_basename=biblio.mdb is our database file, I have putted our database in the same folder as my HTML file so I am calling it directly. The server will look for the file name what ever we give as a path for it after wb_basename and connect to the database file. To specify which table we will select we use wb_rcdset=Titles, as you see I will select the table Titles. We told the server which database file to connect and which table to select, now we need to tell it what to do, and in our case is query, using the command WB_Command we give it a value Q and we did it. Finally we want to limit our results, let us show 10 records by page. We can skip this line and it will list the whole table, but what if we have a table with 10 000 records or more, do you really want to show it all in one page? So we will use WB_MaxRec=10 and that is all what we need. Now give the server a simple comment like command <!--WB_BeginTemplate--> which says to the server begin interpreting the template.


Create the body (template):


After creating the header setion we have to create the template, and that is very simple, it is our HTML code with simple lines of WBSP code where we want to show our data.



<html>

<head>

<title>Simple DB report page</title>

</head>

<body>

<table>

<tr><th>ID</th><th>Name</th><th>Publisher</th><th>Publish Year</th></tr>

<!--WB_BeginDetail-->

<tr><td>$wbf[ID]</td><td>$wbf[Name]</td><td>$wbf[Publisher]</td><td>$wbf[PublishYear]</td></tr>

<!--WB_EndDetail-->

</table>

<div align='center'>$wbnavigator</div>

</body>

</html>


In the template we want to view ten records in a table and then show the navigation bar where users can go next or previus page to see more records.


The most important code in this template is <!--WB_BeginDetail--> and <!--WB_EndDetail--> which represents the start and the end of the looping function, everything between these two will loop for as many times as records we want to show. If the query returned 10 records it will loop for ten times. Between these two commands we will show the records using the function $wbf[fieldname], in our case we are viewing four fields in the table and WBSP will replace every one with the field value in the table.



Finally we have $wbnavigator which will generate for us the navigation links automatically, this is a very cool command, we do not need to calculate anything, it will automatically create as many pages as we need.



We will save all this as defaut.wbsp file, where the extension wbsp will say to the server that this file have a WBSP code in it.



Second step: Create a search form


In the previous step we have made a report page, now we need a filtering form, for example what if we do not want to view all the records, we want to view just records for the publish year 2007.



Create a file named as «search.htm», in this file we will not need any WBSP code, we will only make a HTML form with inputs and a submit. We only must take into account one thing, how we will name our inputs, because WBSP have its automatic mechanism for catching get and post values.




<html>

<head>

<title>Search filter file</title>

</head>

<body>

<form action='default.wbsp' method='post'>

ID <input type='text' name='wbf_id' /><br />

Name <input type='text' name='wbf_name' /><br />

Publisher <input type='text' name='wbf_publisher' /><br />

Publish Year <input type='text' name='wbf_publishyear' /><br />

<input type='submit' value='submit' />

</form>

</body>

</html>



As you can see we have used a pure HTML, but we have also used a specific naming method in the input names. WBF_ID is WBF_ + ID where WBF_ is WhizBase prefix and ID is the name of the table field. WhizBase catches all the get and post data and filters them, then takes all the post and get data with prefix WBF_ and sends them to the query.



For example if we put a value 2000 in «Publisher Year» input, it will be a post value in the variable wbf_publisheryear, WhizBase will filter it and catch it because it has wbf_ prefix and then send it as a database query as «publisheryear = 2000».



Third Step: Upload everything online


Finally, we have a form file, a report file and a database. We do not need anything else. Now just upload the 3 files online in the same folder on a server which supports Whizbase or install Whizbase on your Windows server and put these files on the server and you will have a ready report and a filtering system.



For more information about WhizBase or to download it for free you can visit http://www.whizbase.com