#!/bin/sh
address="root@localhost";
cicl="2 3 4 5 6";
# ?????????? ? ????????? ????? ???????????? ????? ??? ??????? ???????,
# ??? ??????? ?????????? ?????????
predel[2]=80;	# /
predel[3]=80;	# /usr
predel[4]=60;	# /var
predel[5]=80;	# /tmp
predel[6]=80;	# /home
varning="0";

count=0;
df -h > /tmp/tmp_df;
while read -r FS S Ud A U MO; do
	let count+=1;
	FileSystem[$count]=$FS;
	Size[$count]=$S;
	Used[$count]=$Ud;
	Avail[$count]=$A;
	Use[$count]=$U;
	MountedOn[$count]=$MO;
	NUse[$count]=${Use[$count]%"%"};
done < /tmp/tmp_df;
table="";
for c in $cicl; do
	if [[ ${NUse[$c]} -ge ${predel[c]} ]]; then
		varning="1";
		table=$table"n${FileSystem[$c]} t${Size[$c]} t${Used[$c]} t${Avail[$c]} t${Use[$c]} t${MountedOn[$c]}";
	fi
done
		shapka="nFileSystem tSize tUsed tAvail tUse tMounted On";
		body="Regard admin, please check, place on disk:"$shapka$table;
		#echo -e $body;
if [ $varning -eq "1" ];
    then
	echo -e $body | mail -s"Warning on server" $address;
	logger -i -p cron.warn -t dfmonitor "Send warning to $address";
    else
	logger -i -p cron.info -t dfmonitor " Place on disk in rate";
fi

You can call this shell script whatever you want and don’t forget to add this into your crontabs.

The script is courtesy of OpenNet.Ru

When developing a website or a web applications we sometimes need different fonts to be used then the usuals. Be it just navigation buttons, site slogan or a CAPTCHA code. At Urban Fonts you can download free fonts for your usage, or if it is not enough you can browse through paid ones, pick the right font for your application and buy it online!

The website, unlike other free font offering websites, is designed very user friendly. The fonts are organized in alphabetic format for your convenience, and has a preview when you mouse over them. You can even browse through authors and pick the fonts which he designed. You can check out the latest additions to the font collection and their favourites picks.
Especially, I loved that it is clearly stated for which fonts you have to pay and which fonts you can just download for free. Now, let’s be honest, everybody likes freebies!

Paid fonts can be purchased for a $24 USD and gives you much more options then the free fonts.

Urban Fonts has a blog and a forum to help with the PR.

So if you are a web designer, web developer or just looking for free and yet quality fonts, Urban Fonts has it all for you!

Yes, those were the days! But now we have JavaScript, CAPTCHA, Audio, Server Side validations to avoid spam and misuse of the forms.

Now, when you are preparing a simple contact form which will email you submissions or feedback form for your company, order forms etc it is come to a point where JavaScript validation is not sufficient. Spammers do love JavaScript validations because they can just bypass them easily. Try it yourself, go find that kind of contact forms and disable JavaScript on your browser and just hit Submit button. See, it says submitted successfully.

PHPSec.org has a very nice article on this.

Not only they can bypass the required fields but they spoof your form with invalid data and spam you. A simple example:

In order to appreciate the necessity of data filtering, consider the following form located (hypothetically speaking) at http://example.org/form.html:

<form action=”/process.php” method=”POST”>
<select name=”color”>
<option value=”red”>red</option>
<option value=”green”>green</option>
<option value=”blue”>blue</option>
</select>
<input type=”submit” />
</form>

Imagine a potential attacker who saves this HTML and modifies it as follows:

<form action=”http://example.org/process.php” method=”POST”>
<input type=”text” name=”color” />
<input type=”submit” />
</form>

This new form can now be located anywhere (a web server is not even necessary, since it only needs to be readable by a web browser), and the form can be manipulated as desired. The absolute URL used in the action attribute causes the POST request to be sent to the same place.

This makes it very easy to eliminate any client-side restrictions, whether HTML form restrictions or client-side scripts intended to perform some rudimentary data filtering. In this particular example, $_POST['color'] is not necessarily red, green, or blue. With a very simple procedure, any user can create a convenient form that can be used to submit any data to the URL that processes the form.

Spoofed HTTP Requests

A more powerful, although less convenient approach is to spoof an HTTP request. In the example form just discussed, where the user chooses a color, the resulting HTTP request looks like the following (assuming a choice of red):

POST /process.php HTTP/1.1
Host: example.org
Content-Type: application/x-www-form-urlencoded
Content-Length: 9

color=red

The telnet utility can be used to perform some ad hoc testing. The following example makes a simple GET request for http://www.php.net/:

$ telnet www.php.net 80
Trying 64.246.30.37…
Connected to rs1.php.net.
Escape character is ‘^]’.
GET / HTTP/1.1
Host: www.php.net

HTTP/1.1 200 OK
Date: Wed, 21 May 2004 12:34:56 GMT
Server: Apache/1.3.26 (Unix) mod_gzip/1.3.26.1a PHP/4.3.3-dev
X-Powered-By: PHP/4.3.3-dev
Last-Modified: Wed, 21 May 2004 12:34:56 GMT
Content-language: en
Set-Cookie: COUNTRY=USA%2C12.34.56.78; expires=Wed,28-May-04 12:34:56 GMT; path=/; domain=.php.net
Connection: close
Transfer-Encoding: chunked
Content-Type: text/html;charset=ISO-8859-1

2083
<!DOCTYPE HTML PUBLIC “-//W3C//DTD HTML 4.01Transitional//EN”>
…

Of course, you can write your own client instead of manually entering requests with telnet. The following example shows how to perform the same request using PHP:

<?php

$http_response = ”;

$fp = fsockopen(‘www.php.net’, 80);
fputs($fp, “GET / HTTP/1.1\r\n”);
fputs($fp, “Host: www.php.net\r\n\r\n”);

while (!feof($fp))
{
$http_response .= fgets($fp, 128);
}

fclose($fp);

echo nl2br(htmlentities($http_response));

?>

Sending your own HTTP requests gives you complete flexibility, and this demonstrates why server-side data filtering is so essential. Without it, you have no assurances about any data that originates from any external source.

So, let’s make a lesson out of this and validate forms on the server side, validate HTTP requests and headers before we process the forms.

via – http://phpsec.org/projects/guide/2.html

As you can see from the screenshot the server shows a date with more then 1 day difference! Well, I’ve never bothered to check if the servers were from US or local, I was under impression that they were local. Well, seems like not! So that’s how I get a almost a day difference in dates!

I used very basic date functions to get the date shown on their servers. The code is taken from php.net and now I need to add the difference to get Malaysian time.

I will post my solutions here, stay tuned!

Update:  I used very simple code:

$h = “-8″;// Hour for time zone goes here e.g. +7 or -4, just remove the + or -
$hm = $h * 60;
$ms = $hm * 60;

if (!$date) {
$date=date(“Y-m-d”);
$getdate = gmdate(“Y-m-d”, time()-($ms));

}

Before everything else, I was surprised how they “monitor” their ATM machines!  They literally watched the ATM reporting screen to see if the ATM was down.  I mean, a person is allocated for this task – just sit and stare at the monitor, if the ATM status goes down he needs to open their “application” and enter the downtime.

Anyway, they did a small presentation of their usage of this “application” and their expectation.  They wanted some applications which will replace theirs.  “Replace” not as in enhance or add-on new functions.  They just want to keep the way they “monitor”.

I must note that I was contacted long before this meeting with regard to this matter and I was planning to use Perl/Shell scripting in Linux to do all of this with a LAMP interface for reporting purposes.  But, it turns out that all their infrastructure as well as IT team is pro-Microsoft.  What to do?  They just want it in some Microsoft .NET or Visual Basic (is it the same now?).  So, unfortunately we fail.

We proposed to them a fully automated uptime/downtime tracking facility with auto generation of reports in Excel/PDF.

What I don’t understand is why they find it all right to have somebody just sit and watch the ATM monitor screen.  It’s wasting resources for nothing, instead of hiring/training a person to use Open Source stuff and make everybody’s life easy?

And, of course, some extra cash for me?