Wikidot Rulez

21 Jul 2008 11:55

Hi there,

Did you know that…


Comments: 0

New Way Of Dealing With Uploaded Files

06 Jul 2008 09:41

Unfortunately, it seems that our last approach (described here) to finally get the uploaded files right was not exactly possible. As authorization in Wikidot is based on cookies and sessions, they will not pass through cross-domain solution.

Allowing to read session_id from cookie in user uploaded HTMLs in not a good idea because of possible session spoofing.

So we designed an authorization mechanism that allows owner of a particular session browsing files from a certain wiki.

When a request to restricted user uploaded file (on the * domain) is performed, we will check if the cookie is set, then if it points to a valid session and if the user bound to the session is granted a permission to view the file.

If the auth cookie is not set, we'll redirect the browser to the * site (which can read the original session-cookies) that will generate a unique key and redirect back to the original domain appending the unique key to the GET request. The original domain will then set the cookie and the access will be granted (or not).

Comments: 2

Django-like routing in PHP

05 Jul 2008 16:06

As I've recently work with Django, the way it does the URL-based routing seemed really cool for me. I missed that in PHP, so I decided to code something like this.

Here is a class that uses (extends) my Controller class that does the routing:

class Controller_Ajax_Auth extends Controller_Ajax {
    protected $routes = Array(
        ':^info$:'                => 'info',
        ':^challenge$:'            => 'challenge',
        ':^login$:'                => 'login',
        ':^logout$:'            => 'logout',
    protected function info($url) {
        $r = Array();
        /* something */
    protected function challenge($url) {
        /* $q = something */
    protected function login($url) {
        /* set $auth to true if logged */
    protected function logout($url) {
        /* logout */

This mainly routes URLs info, challenge, login and logout to corresponding methods in the same object.

But you can route out of the object to other Controller subclass instance:

    protected $routes = Array(
        ':^auth/(.*)$:'            => 'Controller_Ajax_Auth',

This gets URL and passes what's after auth/ to the new object of class Controller_Ajax_Auth (see the code above). Generally the first ()s in the left side of each line define what's passed to the method/object on the right side.

The controller has abstract errorHandler and defaultAction methods that need to be overridden. The first is called when a exception is thrown in a performed action. The latter is called, when routing comes to some object and then no routing line matches.

Comments: 1

Static Files From Mirror Server

27 Jun 2008 14:23

Today I've configured the mirror server, to serve static files ( from the main server using Lighttpd.

The only thing to do is assign an IP address (preferably a portable one) and make a change in DNS settings.

Now static files are server with a proxy from lighttpd working on the main server, but we could change it later.

This thing closes work that needed to be done with the mirror server (as4). All we have to deal with is now magic file detection and ozone_session errors.

PS: we have two lighttpd configuration files now:

  • /etc/lighttpd.conf — for serving static files
  • /etc/lighttpd-mirror.conf — for acting as a live mirror.

After assigning an IP address to the static server, we may want to produce one lighttpd configuration based on IP (or host name), but it's not important now.

Comments: 2

Unless otherwise stated, the content of this page is licensed under Creative Commons Attribution-ShareAlike 3.0 License