CSRF protection with 'self-validating' tokens

By crisp on Saturday 17 April 2010 01:10 - Comments (14)
Categories: PHP, Tweakers.net, Views: 14.001

Cross-site Request Forgery is a very common social exploit method to make people unknowingly do things on their own behalf on a targeted website. It's the number four on the 2010 CWE/SANS Top 25 Most Dangerous Programming Errors list.

The main reason this problem exists in most websites is the fact that they don't check the origin of an incoming request that results in an action on that website. There are several ways a website can protect itself against these sort of attacks and I'm going to explain the way we, at Tweakers.net, have implemented our own protection method.

Read more »

IPv6 validation - more caveats

By crisp on Monday 9 November 2009 00:12 - Comments (13)
Categories: Internet, PHP, Views: 9.179

Last week I was taking a nice hot bath while reading the Regular Expression Cookbook by Jan Goyvaerts and Steven Levithan. Really, there is no better way of relaxing :) But then chapter 7.17 made me jump out of the tub, rush to my computer, and - while still wet - start typing the regular expression printed on page 387. The chapter was called 'Matching IPv6 Addresses'.

Read more »

IPv6 validation (and caveats)

By crisp on Friday 12 June 2009 01:23 - Comments (23)
Categories: Internet, PHP, Tweakers.net, Views: 26.205

Recently we got a request to also match IPv6 addresses as a host-part for our auto-links. Basically this seemed pretty straight-forward, but it proved that actually validating an IPv6 address is quite difficult.

Read more »

A new javascript minifier: JSMin+

By crisp on Friday 10 April 2009 01:37 - Comments (30)
Categories: JSMin+, Javascript, PHP, Tweakers.net, Views: 40.844

For some time we have been looking for ways to minify the javascript and CSS files for Tweakers.net but were unable to find the right tool for this. If finding the right tool takes too much time there is only one other option: create your own tool, which is exactly what we did. Even better: we are releasing this tool to the public so you can use it too!

Read more »

Formatting a multi-level menu using only one query

By crisp on Sunday 23 December 2007 23:46 - Comments (22)
Category: PHP, Views: 55.582

In the programming forum (dutch) on Gathering of Tweakers I often see people struggeling with multi-level menu's stored in a database and the formatting of such menu in HTML.

This is actually quite a common programming problem that can be solved using some kind of recursion or stack-based processing in order to create a tree out of a flat datastructure containing parent-child relations. However, in most cases the final solution that is presented involves seperate queries being executed inside a loop or inside a function that is called recursively which retrieves the child-elements for a specific parent. In situations where the menu has many items and/or has many levels this could easily result in dozens of queries being executed only to generate something simple as a treelike-output.

I would like to show you how this can be done using only a single query.

Read more »