Gorinchem - Oude Watertoren / Old Water Tower

I sometimes like to design a poster - this time the Watertower image had a nice angle to it to play with. Convert it to a sort-of black&white (PostWorkshop) and than finding a nice frame (ImageFamer)

Cannon Fire in Gorinchem

Just right - the sun as a blast of the old cannon.

Still Life of an Evening@Home

iPhone-apps experiments (tilt-shift, borders, coloring filters, vignettes).

Een paar weken geleden vond ik in de supermarkt in Hummelo een setje lokaal gebrouwen bieren: Bronckhorster, gebrouwen door Brouwerij Rodenburg in Rha. Wel prijzig, dus een aanrader voor af en toe en speciale gelegenheden zoals Ome Joop's speciale gelegenheden: als het regent en als het niet regent!

Suppose you have a nice setup where a page interacts with the server via AJAX-calls and executes a Lasso file on the server to get some data. You don't want this file to be called directly via the URL-bar in a web browser, or via other self-made web pages by others who try to access it via a copy of your page. Anybody can see which AJAX-files your page is calling, so for some it is always a challenge to execute them outside the normal webpage to see what data will come up. Might be of interest! So you want to prevent that, somehow.

There is a Lasso-tag called referrer_url, which returns a string containing the URL that requested your AJAX-page. If you look into this string for a domain name or a path that only you have, you can block execution if the requestor is not coming from your server. When a page is called directly in the browser, the referrer_url is always an empty string. Which is logical, since the page was not referred to by another page.

Suppose I have a page mypage.html with a jQuery auto-complete implementation in it. This auto-complete can of course be used by more than one page and you do not want people to try it out in other ways.

...
...
<input type="text" id="inp1" size="25"><span id="desc1"></span>
...
...
<script>
$(document).ready(function() {
   $("#inp1").autocomplete({minLength:2, source: "ajax.lasso?p1=a&p2=b", select: function(e,u) { $("#inp1").val(u.item.value); $("#desc1").html((u.item.label).replace("(" + u.item.value + ")", "")); return false; } });
});
</script>

Simple protection:
[
if (referrer_url >> '/mypage.html' || referrer_url >> '/myotherpage.html');
...
...
/if;
]

Better protection:
[
if (string(referrer_url)->beginswith('http://my.domain.com/') &&
   (referrer_url >> '/mypage.html' || referrer_url >> '/myotherpage.html'));
...
...
/if;
]

So this gives you some protection from just try something-users. Add a login-system, which restricts the number of users that might want to hack your pages - you can trace their actions on your site. In that case, add a check if the user is logged in. You must execute your complete login-sequence in your AJAX-pages too, as with 'normal' pages, since the xhttprequest is a normal HTTP request and thus the browser sends the same HTTP-headers and cookies, etc.. to your AJAX-page.

More protection:
[
if (referrer_url >> '/mypage.html' || referrer_url >> '/myotherpage.html');
   var('loggedIn = false');

   include('checkuser.lasso');

   if($loggedIn);
      ...
      ...
   /if;
/if;
]

Even better protection:
[
if (string(referrer_url)->beginswith('http://my.domain.com/') &&
   (referrer_url >> '/mypage.html' || referrer_url >> '/myotherpage.html'));
   var('loggedIn = false');

   include('checkuser.lasso');

   if($loggedIn);
      ...
      ...
   /if;
/if;
]

But, as with everything web-related, nothing can be trusted.
 

Night Train Impression

While waiting for my train to come, I suddenly felt like taking this picture - it was all about the combination of people, the (or no) interaction, etc..
After that I used some apps on the iPhone to get the desired effect to abstract the situation and leave more to the imagination.

Looking for a superb, organic port wine? I really can recommend this one! More about this company, which wins medal after medal since moving to organic growing of plants in 1994.

Dinner in a hotel room

Looking for a SPLIT-function in MySQL, I came across this one. I tried it and I must have have done something not right, because MySQL threw an error at the function. I am not a MySQL guru and since this is a one time Q&D conversion-action, I only took the SUBSTRING code and created a query with which one can split the contents of an old field into separate columns and directly insert the results into a new, normalized table.

My example is about a TEXT-column I want to get rid of and of which I want to transfer the contents to a separate table. This column contains email addresses separated by a comma. Thus, first, I had to find the maximum number of email addresses used in that column, so I found this query and added MAX() around it.

select max(length(emails) - length(replace(emails, ',', ''))) as occurrences
from old_table
where emails<>''

With that number, I created that number+1 of unions, so I would end up with all email addresses in one column. That select statement is then used in a left join to retrieve the corresponding user name and feed the results at the same time into a new table, which uses an ID and a USER-ID, instead of an email address:

insert into new_table
select idnr, user
from (
  select idnr,
  trim(substring(substring_index(emails, ',', 1), char_length(substring_index(emails, ',', 1 -1)) + 1)) as email
  from old_table
  where emails<>''

  union

  select idnr,
  trim(substring(substring_index(emails, ',', 2), char_length(substring_index(emails, ',', 2 -1)) + 2)) as email
  from old_table
  where emails<>''

  union

  select idnr,
  trim(substring(substring_index(emails, ',', 3), char_length(substring_index(emails, ',', 3 -1)) + 2)) as email
  from old_table
  where emails<>''

  union

  select idnr,
  trim(substring(substring_index(emails, ',', 4), char_length(substring_index(emails, ',', 4 -1)) + 2)) as email
  from old_table
  where emails<>''
) as x
join users u on (u.email1=x.email or u.email2=x.email)
where x.email<>''

Now that I have all used email address associated with the IDs of the original rows, I can now delete the old column and change all my LIKE-queries into LEFT JOINs. Much better, because email addresses change.
 

Deer on a dune-top