Loading facebook’s public post comment with graph api v2.0

Recently, my gf has to work on a project where she organizes games on by posting questions to facebook pages. Page’s followers who answer correctly and with a bit of luck will receive a small gift. The game is part of an ads campaign for her customer.

Score guessing game comment

Typical comment for a sport game score guessing with a lucky number at the end

Continue reading


Using django orm on external python script

So I had to do a database migration which concerns importing massively external data into current production database. Since I have already implemented quite a few methods to do all validation, duplicate handling and so on using django orm, I don’t want to write those code again using raw mysql commands. It would be a pain if I forget to set a certain field which breaks the system later on. I decided to look around on the internet for help to import existing django project to my script. It turns out to be straight foward (thankyou internet!)
Basically, I needed to add my project path to system path and tell python to import my project settings:

os.environ.setdefault(“DJANGO_SETTINGS_MODULE”, “<app_name>.settings”)
from <app_name>.models import *
from <app_name>.views import <whatever method you need>

For my case, I wanted to run a multithread process to boost the data processing speed on my quad-core cpu, so I needed to close the django db connection before invoking the threads. The reason is django only uses a single connection for all threads and this causes confict between them. By explicitly closing db connection before starting a thread, each thread will create it own connection.

from django import db
for alias, info in db.connections.databases.items():
//start your thread

django lazy queryset

I just found an interesting thing about django database queryset laziness: The query would not be executed until the object is referenced. That means only when we actually get the value of the result of the query, the sql query is executed.

//would not work
//this works

Reason is simple: first statement does not fire the reference to the returned value so the query is not executed. The query is executed in 2nd statement when the array reference ([0]) is called.

More info: https://docs.djangoproject.com/en/dev/topics/db/queries/#querysets-are-lazy
p/s: the .get() method returns the object, not a queryset so we do not need the [0] for sql to be executed.

Slot select plugin javascript

Recently, I had to develop a small script to select slot from a schedule. Since I am not a javascript master, it took me sometime so I think it worth sharing here.

To use it, simply create a div with id=select_slot where you want to put it and call setup_slot_select() passing 2 arrays with the row and column values.

You can find the example features in index.html of the archive at here


Live: http://hieurl.github.io/js.slot.picker/
Github: https://github.com/hieurl/js.slot.picker 


Preventing against XSRF

After trying to exploit the XSRF (previous post), it is considerable to put in mind techniques to prevent against the this attack. This post will try to evolve from very basic protection and to better security approach by discussing their weaknesses. The technique discussed in this post including changing state by POST request, CAPCHA, prevention token and crytographic token.
Continue reading

A simple example of Cross-site request forgery attack using PHP

Cross-site request forgery (XSRF) is an attack which exploits websites that have weak authorization by taking the advantage of browser session and same-origin policy. To understand clearly about Cross-site request forgery, you can read the wiki page here. This post will demonstrate a simple exploitation using this technique.
Continue reading

Ruby on Rails vs Zend: my first impression

I have developed several websites using Zend framework in the past. Recently, I have just started to read a book about Ruby on Rails and trying to learn a little bit about it since every body is talking about Ruby on Rails and stuffs. Since I quited web programming a long time ago, this is only my personal comparison between Rails 2012 vs Zend 2010.

Continue reading

Tracking online advertising using javascript on GreaseMonkey

Recently, I’m involved in a project where I have to test the ads banner by putting it on several websites. Of course I don’t have the money to buy ads slots on all of those sites, so I have to write several scripts to replace the banners on those websites with my banner on my browser.

I choose the browser for project to be Firefox and use an add-on called GreaseMonkey to execute custom javascript on the webpage. Continue reading

CS422 project

It’s a project for Software analyst and design, but we were too lazy to do it as the summer vacation has already begun when the project was announced.

So 3 days working including more than 2 days for documentation and 3 or 4 hours of coding and we have this application.
It’s can resize/rotate/gray-scale multi-image.

It’s really a shame but I want to post it here anyway.
I was responsible for Designing the solution and coding (which take about 5 or 6 hours in total!), Quoc did the GUI and Nam did the document based on my design.