A simple, free, easy to use online booking system for theatres, cinemas etc…It is written in PHP and AJAX. This does not use MySQL or other databases instead it is a flat file based (txt), and works with either Linux or Windows Web servers (not tested on Mac servers).
This is only a basic concept of a PHP AJAX online, therefore should not be used in a real world scenario, due to the security issues of flat-files.
view demo of ajax php booking system
(opens in new window)
How does it work?
When a booking is made it is written to a text file. But to get an idea of how it works, view the demo and download the source code (link at the bottom)
It prevents double booking both client side (Ajax) and server-side with the php
In the Ajax file it checks if the file booked seat exists by checking if a file exists corrisponding to the seatnumber (best explained when viewed in source code and demo!)
The source code is Freeware, although please credit me where due if you decided to adapt/ use it for your projects
Downloads
download source code (zip file 210KB)
If you have a Creative Sound Blaster X-Fi XtremeMusic (OEM version) and want all the applications that the retail version gets such as :
- Creative Audio Console
- Creative Volume Panel
- THX Console
- Creative Software Auto Update
- Creative MediaSource
- Creative Entertainment Center
- Creative Smart Recorder
- Creative WaveStudio
- Creative 3DMIDI Player
- Sound Blaster for Media Center
- SoundFont Bank Manager
- Creative Diagnostics
Or if when you try to install the Sound Blaster X-Fi Installation CD for Windows Vista (that contains all the applications like the THX console, volume panel etc) you get an error message along the lines of unable to identify hardware – there is a solution (but sadly you cannot use the ‘official CD..you have to use a modded one- although from what ive read, the applications are the same, they just mod the setup)!
- Get the latest Drivers from the creative website
- Download the Application from Youp-Pax_X-Fi_Software_Su08.7z
(you may need a program such as winrar to open it)
- Extract the Software Suite 08, do a custom install but uncheck install audio driver
- Next install the latest driver from the creative website
- Reboot and enjoy!
If i manage to find a solution for installing the Sound Blaster X-Fi Installation CD for Windows Vista on the Creative X-Fi xtreeme music oem card without the need for the modded software suit , i’ll add it to this post.
btw, if you have a retail version of Xtreeme music then you don’t need to use the modded application. OEM cards are usually on sale on eBay!
XXS? What is Cross-site Scripting XXS?
As wikipedia puts it:
Cross-site scripting (XSS) is a type of computer security vulnerability typically found in web applications which allow code injection by malicious web users into the web pages viewed by other users. Examples of such code include HTML code and client-side scripts. An exploited cross-site scripting vulnerability can be used by attackers to bypass access controls such as the same origin policy. Vulnerabilities of this kind have been exploited to craft powerful phishing attacks and browser exploits. As of 2007, cross-site scripting carried out on websites were roughly 80% of all documented security vulnerabilities. Often during an attack “everything looks fine” to the end-user who may be subject to unauthorized access, theft of sensitive data, and financial loss.
Test if your WordPress Blog is vunerable to an XSS
Recently, i discovered, that if you entered code such asUpdate: Might not be true now – this post was several years ago!
It would run the script, now that script that alerts the word hello is not a massive problem, but it proves that the site is vunerable to XSS attacks!
How to Prevent XSS Exploits and attacks in your WordPress blog (or indeed any website/blog)
For WordPress: Log onto your wordpress blog, go to Design > Theme Editor, locate the file, search.php (alternitivly can be done editing the search.php via ftp) and at the very top of the file insert the following code:
<?php
// Prevent any possible XSS attacks via $_GET.
foreach ($_GET as $check_url) {
if ((eregi("<[^>]*script*"?[^>]*>", $check_url)) || (eregi("<[^>]*object*"?[^>]*>", $check_url)) ||
(eregi("<[^>]*iframe*"?[^>]*>", $check_url)) || (eregi("<[^>]*applet*"?[^>]*>", $check_url)) ||
(eregi("<[^>]*meta*"?[^>]*>", $check_url)) || (eregi("<[^>]*style*"?[^>]*>", $check_url)) ||
(eregi("<[^>]*form*"?[^>]*>", $check_url)) || (eregi("([^>]*"?[^)]*)", $check_url)) ||
(eregi(""", $check_url))) {
echo"there appears to be an error, please press the back button and try again";
die ();
}
}
unset($check_url);
?>
(origional code by:sumit270 , from php.net)
For other sites and blogs put the above code in the php file where the search results are displayed, simple!
Update: I’ve long since abandoned the idea and HTML5 is the way to go!.
(I’ve left this post up for reference)
After doing some research on Google, i think it maybe possible to do the whole new digiwebbs site design using flash.
I’m going to create a whole website in flash and use WordPress as the back-end for my articles/blog posts. I’m going to attempt this using Tim Wilson’s script PressConnect:
PressConnect is a PHP Script I have developed to connect my Flash Website to my WordPress Content.
The Code interrogates the Database and Returns Posts, Pages, Categories, and Creates Menus in XML
Just Updated with Better Code and New Functions.
New: I have release the .fla file my website is based on, it is available for purchase
more info on the PressConnect script.
Next Problem: Search Engine Optimising (SEO) the Flash Site
The next challenge with Flash based websites is SEO (Search Engine Optimisation), which will be tricky, because the site will be a .swf file, which according to some sources can be ‘read’ by google, others say it can’t be read by google. My intention is to have the content that can be indexed by google in one div (content generated by PHP), but if the browser supports it, then the flash content of the site will be displayed. This would be achieved with some javascript (ugh!), although there is a handy google tool: SWFObject is an easy-to-use and standards-friendly method to embed Flash content, which utilizes one small JavaScript file.
So in the next few weeks, digiwebbs, hopefully will be a working Flash Website with a WordPress back-end, serving all the blog posts,articles and pages! – Never going to happen!
Of course, I’ll be blogging the progress!
Windows Vista Media Center TV Pack 2008 (Fiji) – no BBC/ITV HD yet…
Last Month According to, arstechnica.com the much rumored Fiji update has been named Windows Vista Media Center TV Pack 2008 and has gone RTM (Release To Manufacture).
VMC TV Pack 2008 (Fiji) is an update to the current Media Center on Vista aka “Media Center Edition +1″. However from reports on The Green Button Community, it appears that this update is only available via OEMs and it requires a re-install of the OS before you can install it! There was speculation that this may be offered as one of the Windows Vista Ultimate Extras, but this still remains unconfirmed.
According to arstechnia.com some possible features of the TV pack include:
Microsoft has been very quiet about Fiji, which is expected to be available for editions of Vista that include Windows Media Center. According to leaked screenshots, the software giant has included a built-in updating engine dubbed “Windows Media Center Update.” The final version is also supposed to include new HD recording preferences, better ability to control the tuners, and the replacement of DVR-MS with WTV.
Microsoft disappointed Fiji testers when it revealed that planned DirecTV support would not be in the product. It is unclear if support for DirecTV will come in Vista SP2 (unlikely) or in Windows 7. While Fiji has RTM and will arrive on new OEM machines, it is also not clear when the new build will be released publicly.
In addition to this it has been said (but not confirmed ) that BBC and ITV HD are NOT supported (no HD for UK free-sat) which is a big blow to me and all the other UK users!!! Freesat HD in Vista *SHOULD* be supported by now…
Similarly the inclusion of Messenger (like there was on Windows Media Center 2005) is not confirmed, but i hope that it is included…messenger in media center was a handy feature, however i believe there already is a messenger plug in for Windows Vista Media Center.
Until the Windows Vista Media Center TV Pack 2008 is officially released, there is only speculation to what is actually included in the new version of media center…as is the cost Microsoft are charging us for this privileged…i wunder how the Open Source offerings compare now…its just the lack of support for BBC ITV HD Freesat is a major bummer!
How to Query a Reservation Database (by Date) for Room Availability Microsoft Access & SQL
keywords:
- Query room availablity
- Hotel Reservation Database
- Microsoft Access
- check room availablity
- SQL
- How to query a reservation database
- Prevent Double booking
Studying an IT/Computing course and looking how to do a hotel database?
If you are wanting to create a simple reservations database (such as hotel database), you will need to have a query to determine which rooms can be booked for a range of days and prevent double booking…
A few years ago, for my AVCE i created such a system. Basically, its a relational database that uses forms, SQL and some visual basic.
This was created for an AVCE ICT project, but it can be adapted/modified to suite your specification (it includes the technical documentation).
The hotel reservation system was created using Microsoft Access 2002, but it also works in Microsoft Access 2000, as well as Access 2002/XP,2003, and 2007.
The SQL quey checks room availability by seeing which rooms are booked and inversing it thereby showing which rooms are available
read more on Hotel Reservation Database created in Microsoft Access (can also download a template and view a demo)
Computer security:How Social Engineers are hacking into computers using Trojans as backdoors by getting users to click links in e-mails
Background
We are all very aware of attacks to gain our bank details by sending spoof emails of various banks, eBay and google ads accounts. More info about social engineers can be found on the The Art of Deception post.
The Con
Social Engineers are finding new ways to attack victims using Phishing methods. They send mass emails with subjects similar to those pictured bellow:
the subject of the e-mails are designed so that you click on them, some other headers included World War 3 videos, video of saddam beheading etc
emails typically contain a link to the page which contains a Trojan. Most of the time (as in most of the emails written by scammers), the grammar isn’t correct, many spelling mistakes as well as other mistakes such as the formatting of addresses.
So when the user goes to ‘play’ the video, they are promted to download a file in order to play the file (often the file downloads without interaction from the user). However, this file contains a backdoor into your system (Trojan Horse).
Similarly this method of getting the user to download a file in order to ‘play’ a video or somehow access content is used on ‘free’ adult sites – claiming free porn – when in fact they are getting a virus.
How to Prevent?
Have a good Virus Scanner that scans sites and files as you visit them on the Internet. The one i use is AVAST Free edition and it stops the Trojan entering the PC, and terminating the connection with that server….and keep it up to date, otherwise its pointless having it installed
In general if the email looks dodgy don’t click links in it – simple!
The Art of Deception: Controlling the Human Element of Security
A look into former Hacker Kevin Mitnick’s book: The Art Of Deception and how social engineers obtain personal information as well as hacking for their personal gain.
As the title conveys, this book is about deceit. It focuses on deceiving people to obtain information for personal gain. Furthermore this book is not about hacking as such; instead it focuses on social engineering. The author, Kevin D. Mitnick describes a social engineer as “Somebody who uses deception, influence, and persuasion against businesses, usually targeting their information.”(preface xii)
Primarily the book is about how social engineers can gain information from people. Mitnick demonstrates how social engineers get their information by using fictional, although very plausible, stories and at the end of each story he analyses the con by explaining how the people (victims) involved were deceived and gives examples of how the con could have been prevented; usually simple things such as verifying who the caller was.
Chapters 15 and 16 give details of how to prevent social engineering attacks on organisations. The latter of the two is the longest chapter in the book because Mitnick gives examples of security policies such as discussing sensitive information over the telephone and that the operator must personally recognise the voice or the call must be an internal call from within the organisation. Another example of Mitnick’s security policies is the importance of passwords, he writes extensively on this topic. Most of the policies Mitnick describes are things that should be just common sense but obviously many people have been taken in by the social engineers.
This book was written chiefly for businesses and organisations; Mitnick makes them aware that it is comparatively easy for social engineers to gain people’s trust, consequently gaining potentially valuable information. In some cases it is frightening how easy it is to acquire credit card details of a customer, just from a few phone calls. On a personal level, I felt that I had little interest in the last two chapters as they were principally aimed at organisations, although these suggestions could form a basis for safeguarding companies’ and employees interests.
The author’s viewpoint is best described in the preface of the book. Mitnick claims he is not the malevolent hacker the media have portrayed him. He Charts his history of deception from the age of twelve when he discovered a way to travel on the bus free throughout Los Angeles by using partly used travel cards that had been discarded by the drivers, and a paper punch he acquired by “a friendly driver, answering my carefully planted question, told me where to buy the special type of punch” (preface ix). He continues in the preface to explain how he became a social engineer from his time at high school by meeting a student who was interested in ‘phone phreaking’. Mitnick describes it as “a type of hacking that allows you to explore the telephone systems network by exploiting the phone systems and phone company employees” (preface x). Using his phone phreaking skills, he could obtain information about a customer on the phone company by using the “lingo” (preface x) and knowledge of the companies by asking the right questions. Mitnick was able to obtain a secret test number which enabled him to make long distance calls for free (although they were actually billed to another companies account). Mitnick states that “My much-publicized hacking career actually started when I was at high school. While I cannot describe the detail here (…) I was one of the driving forces in my early hacks.”(preface xi) After high school he studied at the Computer Learning Center and managed to gain “administrative privileges in the operating system” (preface xii) on their IBM minicomputer by discovering a vulnerability, but the staff could not work out how he had done it, so they proposed that if he improved the schools computers security, he would be suspended for hacking the system. Mitnick claims that he did all this out of curiosity, “to see what he could do; and find out secret information about operating systems…and anything else that stirred my curiosity” (preface xii). He also claims that he is a changed person and that he acknowledges that his actions were illegal and that he committed invasions of privacy, and he is using those social engineering tactics to “helping government, businesses, and individuals prevent, detect and respond to information-security threats” (preface xiii).
As I highlighted earlier, the central theme of this book is how easy it is for social engineers to gather information from their victims. One of the issues he raises is that people are usually the weakest link in security. Mitnick discusses how “Security is merely an illusion, an illusion sometimes made even worse when gullibility, naïveté, or ignorance comes into play” (p.4). This raises an important point- we are not as safe as we think we are. Subsequently Mitnick outlines how social engineers exploit our trust; he explains that “social engineers have strong people skills. They’re charming, polite, and easy to like-social traits needed for establishing rapid rapport and trust.” (p.8). Using theses means, the social engineer can take advantage of our trust and get the information the social engineer needs. This supports the idea that “….we humans (…) remain the most severe threat to each others security” (p.8). It is also interesting to note that Mitnick states that according to his knowledge, terrorists have not yet used social engineer strategies to attack corporations and businesses, it does not necessarily mean they will not or have not used them “the potential is there. It’s just too easy”. (p.10)
Pursuing the issue of human vulnerability, the second part of the book gives some fictional stories of how the social engineer extracts the information they want from the victims, by gaining their trust. Mitnick also brings into the equation that social engineers use what may seem an insignificant bit of information combined with exploiting people’s trust to get the information they need, “Much of the seemingly innocuous information in a company’s possession is prized by a social engineering attacker because it can play a vital role in his effort to dress himself in a cloak of believability” (p.15).
In chapter 4, Mitnick describes how a social engineer builds a trust with the victim. He says that social engineering attacks are successful because “human beings are all vulnerable to being deceived because people can misplace their trust if manipulated in certain ways” (p.41). Mitnick compares the building of trust to a game of chess, “…he’s always prepared to turn distrust into trust. A good social engineer plans his attack like a chess game, anticipating the questions his target might ask so he can be ready with the proper answers” (p.41). Mitnick goes on to explain that the key to deception is trust, and “when people don’t have a reason to be suspicious, it’s easy for the social engineer to gain their trust” (p.41). He also says “Once he’s got your trust the drawbridge is lowered and the castle door thrown open so he can enter and take whatever information he wants” (p.41). This quote is particularly interesting that when the social engineer has got the victim’s trust the victim is willing to share any information because they trust him. Another way social engineers exploit our human nature is by the social engineer ‘helping’ the victim “…somebody with the knowledge, skill and willingness comes along and offering to lend us a hand. The social engineer understands that, and knows how to take advantage of it” (p.55). Naturally, the social engineer has created the problem, and then the social engineer is the one who can ‘fix’ the problem; Mitnick refers to this as “reverse social engineering” (p.60).
Alternatively, social engineers can also manipulate the victims in other ways; “The social engineer manipulates by pretending he needs the other persons help to help him” (p.77). This is the opposite of the previous way of getting their trust, but it still works because we all want to help another person facing problems.
However, the social engineer can use technology to exploit our human nature. One way is using the internet and the World Wide Web. Social engineers send out e-mails containing free software, but in reality, this is just malicious software designed to get information from keystrokes. The reason why people open these attachments? It is because it is ‘free’. Mitnick explains “…most of us are eager to get something free that we may be distracted from thinking clearly about the offer or promise being made” (p.93). Another method of getting information is from phoney sites, where the victim is mislead into entering their username, password and other details. Mitnick gives examples where social engineers send e-mails claiming to be from PayPal or eBay, and requesting users to enter usernames, passwords, and the social engineers using these acquired information to commit fraud.
Throughout the book Mitnick also gives other methods of exploiting human nature to gain the information, but a final issue that Mitnick brings up is that “there is no technology in the world that can prevent a social engineering attack” (p.245), Thus no matter how good the technology is to prevent hackers and social engineers, will find a way round and it usually is by exploitation, bringing us back to that humans are the largest threat to security.
Overall I believe Mitnick, raises important issues that we are in fact incredibly vulnerable to attacks from social engineers.
References:
Mitnick K, & Simon W, 2003, “The Art of Deception”, Wiley Publishing, Inc, Indiana.
Studying an IT/Computing course and looking how to do a hotel database?
A few years ago, i created such a system. Basically, its a relational database that uses forms, SQL and some visual basic. This was created for an AVCE ICT project, but it can easily be adapted/modified to suite your specification (it includes the technical documentation).
The hotel reservation system was created using Microsoft Access 2002, but it can be opened in Access 2000, as well as Access 2002/XP,2003, and 2007. The SQL code checks room availability by queering which rooms are not booked – thus preventing double booking.
More information on the hotel reservation system
Update: The Research paper can be found here
Just a quick post today!
I will be publishing the results and research paper shortly on the research section of digiwebbs, the abstract for the research changed slightly for my final research project.
Nevertheless the research did support previous research that people are aware of privacy issues on Social Network sites such as MySpace/Facebook.
A further research topic that i may take up is
- can we really have privacy on Social Networking Sites…
or anther idea that came from my research
- could social network sites content (such as posts,photos,status updates etc) be used as evidence in court?
