NetTalk Central

Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.


Topics - GordonF

Pages: [1] 2
1
Web Server - Ask For Help / NetWebYear Planner Alignment
« on: October 14, 2021, 03:34:04 AM »
Can anyone help with correcting the vertical alignment of the planner entries relative to the time cells on the left.

I've attached an image from the hotdates example (No. 12), I've forced the event to display at the very left just to highlight the issue.

As you can see the event starts and ends lower than the corresponding time row boundary, also the click to insert areas are similarly offset, meaning if a user clicks in the top few pixels of a time row they actually get a record start time for the time cell before. The effect changes a little with the theme used but it is always there, using the base theme (which I do in my app) the date column headers are partially covered by an event in the first time slot.

I've also attached an image with one of the date/time click rows (08:35) bordered in blue to clarify the issue.

Any help would be greatly appreciated as I have used the planner to create a very useful appointment book and this is the final refinement I need.

Gordon

2
Web Server - Ask For Help / Tree control that supports multi-line text
« on: October 13, 2021, 02:11:46 AM »
Hi,

Sorry I seem to be asking questions very frequently, but in my defence I only started using WebServer early this year so I've a lot to learn.

I would like to be able to produce a view in my web app similar to my desktop app (image attached), this is to allow for display, insertion and revision of clinical notes, as well as showing revision data in a lower level than the current note version.

My desktop app has a tree structure that allows for multi line text fields, that is text with line breaks not just text wrapping although that too. On clicking I can detect the node clicked and respond accordingly.

I have started looking at the Tree control in WebServer and it supports text wrapping but I can't make it display line breaks for multi line text, although that may well be my lack of knowledge. The second problem I ran into is determining which node was clicked, I can detect the user clicked in the ValidateValue routine and also in validate::atree, but I have no idea how to determine the specific node that was clicked.

It seems to be so close to what I need so any help would be greatly appreciated, even if it is use a different specific control.

Best Regards
Gordon

3
Web Server - Ask For Help / NetWebYear or other scheduler
« on: October 01, 2021, 03:18:42 AM »
Hi,

I've tried using NetWebYear to create a basic appointment book and in truth it provides all I must have apart from a couple of features:

1. The ability to change the background colour of specific time slots for a given date to make non working times such as lunch obvious, I know I could put an appointment in but it's no ideal.

2. Ideally select a colour for individual events.

Are either of these possible.

Failing that I've looked at FullCalendar but that will be a steep learning curve for me as I've not used a jquery plugin before and I don't know if its even possible.

I know I ask a lot of questions but I do appreciate the help I receive.

Gordon

4
Web Server - Ask For Help / Security analysis vulnerability reported
« on: September 30, 2021, 03:12:58 AM »
Hi,

One of our customers has run a security analysis on their system and has reported that there is a significant vulnerability with regard to our Nettalk WebServer application. The analysis was performed by Barclays Bank for their ongoing PCIDSS Compliance of card payment machines on the LAN. It appears to me in my limited knowledge that the Session ID is what they are highlighting, but beyond that I'm lost.

Does anyone have any suggestions, comments or advice about what we can do about this or what we can reply with? I would be most grateful if anyone has anything to share.

I have pasted part of their email below:


"

THREAT:
The scanner found a Web application on the target that uses cookies. The application seems to use cookies (likely, session IDs) in an insecure way. Specifically, the
scanner created a web session with the target using a session ID specified by the scanner itself. The target application simply started a new session with this specified
session ID. This issue is generally called "session-fixation" and is vulnerable to session-hijacking attacks.
One scenario where this could be used to hijack an unsuspecting user's Web session is as follows. Assuming an online store, www.examplestore.com, has this security
issue. If an attacker uses social engineering techniques to make a target user click on a link (in an email or on a malicious Web site) like http://www.examplestore.com/?
PHPSESSID=12345, where PHPSESSID is the cookie used for identifying the session, the store will start a new session for the unsuspecting user with the session ID
12345. Then, since the attacker knows the session ID already, the attacker can simply hijack the session moments after the user has visited the store.

IMPACT:
By exploiting this vulnerability, an attacker could use the hijacked session for information gathering, invasion of privacy, property theft, or credit-card theft.
For more information about the way session-fixation attacks can be performed and the possible consequences of such attacks, read this paper.

SOLUTION:
This is a common issue web-developers come across, and many application-specific solutions exist.
The PHP package itself provides a "php.ini" based global configuration option called "session.use_only_cookies" (introduced in PHP Version 4.3.0). This is disabled by
default for backward compatibility. When enabled, this allows PHP session IDs to be set only via HTTP cookies. This makes GET/POST based hijack attacks possible
only when there is significant activity by an unsuspecting user.
For more information, read the Sessions and Security description provided on PHP's Web site.

For solutions in other web packages, check the relevant documentation.

RESULT:
GET /?SESSIONID=0123456789abcdef0123456789abcdef HTTP/1.0
Host: 77-44-120-131.xdsl.murphx.net
HTTP/1.1 200 OK
Date: Thu, 16 Sep 2021 15:53:57 GMT
Expires: Wed, 16 Sep 2020 15:53:57 GMT
Content-Length: 2577
Content-Type: text/html
Cache-Control: no-store, no-cache, must-revalidate, private,post-check=0, pre-check=0, max-age=0
Pragma: no-cache
Set-Cookie: SESSIONID=0123456789abcdef0123456789abcdef; path=/; secure; HttpOnly; SameSite=Strict
Connection: close
Access-Control-Allow-Origin: *
X-Frame-Options: sameorigin
Referrer-Policy: strict-origin-when-cross-origin
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block
<!DOCTYPE html><html class=" nt-html no-js">
<head>
<title>EDGE Anywhere</title>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<meta name="viewport" content="initial-scale=1">
<link href="/themes/base/theme.css?c=12.17" rel="stylesheet" />
<link href="/redactor/redactor.min.css?c=12.17" rel="stylesheet" />
<script src="/scripts/all.js?c=12.17" type="text/javascript"></script>
<script src="/redactor/redactor.min.js?c=12.17" type="text/javascript"></script>
</head>
<body class=" PageBody">
<div id="body_div" class=" PageBodyDiv">
...... rest of page

"

5
Web Server - Ask For Help / Div Grid on a form
« on: September 28, 2021, 04:16:25 AM »
Am I correct in thinking Div Grid is intended to allow 2 dimensional field placement rather than 1 dimensional, in other words like Flex Grid?

If so is there an example that presents a form in 2 dimensions with correct vertical alignment, with perhaps 3 or 4 columns. I have tried and all I seem to get are 2 columns that don't respond correctly on resize. I fully anticipate that I am not using the feature correctly, however the only options I can find are for HTML Method (I set it to Div Grid) and the individual field start/span for row and column, I've also tried various span and last on row/line settings. Oddly I don't really see any difference between Div FlexBox and Div Grid mode, could it relate to me using 'base' as my theme and the CSS it contains?

I would really like to have a form with several fields on a row for several rows all vertically aligned into columns (perhaps 3), I know this may sound like a browse but that isn't what I require, it is just a section of a larger form. Table mode will let me do this but it is non responsive to browse width.

As ever any help would be greatly appreciated.

Gordon

6
Web Server - Ask For Help / Time entry format problem
« on: September 27, 2021, 04:24:54 AM »
I have an issue where seemingly similar time entry fields on a form are formated hh:mm or sometimes hh:mm:ss even though I've selected hh:mm from the picture dropdown, on examining the generated code it produces:

packet.append(p_web.CreateInput('time','TRPH:TRIContactTime',p_web.GetSessionValue('TRPH:TRIContactTime'),loc:fieldclass,loc:readonly,clip(loc:extra) & ' ' & clip(loc:autocomplete),'@T06B',loc:javascript,p_web.PicLength('@t01'),'Triage Contact Time','TRPH:TRIContactTime',,'imb',,,,'UpdateTriage')  & p_web.CRLF) !a

As you can see it has a picture of @T06B, I checked NetWeb.tpw and the @T06B is hardcoded into the template as below

%gPacket.append(p_web.CreateInput('time','%FormField',p_web.Get%ValueScope(%DataField),loc:fieldclass,loc:readonly,clip(loc:extra) & ' ' & clip(loc:autocomplete),'@T06B',loc:javascript,%mltemp,%FormFieldTooltip,'%FormId',%FormFieldPlaceHolder,%datado,%vNumLow,%vNumHigh,%vNumStep,'%procedure')  & p_web.CRLF) !a

Should it not be using %FormFieldPictureTime as in the template code below, I changed the template and the fields now work as expected.

%gPacket.append(p_web.CreateInput('time','%FormField',p_web.Get%ValueScope(%DataField),loc:fieldclass,loc:readonly,clip(loc:extra) & ' ' & clip(loc:autocomplete),'%FormFieldPictureTime',loc:javascript,%mltemp,%FormFieldTooltip,'%FormId',%FormFieldPlaceHolder,%datado,%vNumLow,%vNumHigh,%vNumStep,'%procedure')  & p_web.CRLF) !a

Am I missing something and so shouldn't change the template?

NT12.17 I'll be moving to 12.26 in the next couple of days.

Gordon


7
Web Server - Ask For Help / The Tree field type on a form?
« on: September 23, 2021, 01:06:14 AM »
I'm intrigued by the Tree field type available on a form, am I correct in assuming this will allow a tree style browse structure to be built into a form?

If so is there an example that uses it or some documentation, if my assumption is incorrect is any form of tree control available in WebServer?

Gordon

8
Web Server - Ask For Help / Global setting of DatePicker Options
« on: September 14, 2021, 07:18:55 AM »
Is there a way to set DatePicker options globally so the default behaviour can be configured, for instance allowing year selection and a default year range, I can do this locally on each date field by setting the options but it would be nicer in my case to set defaults at a higher level and then override on the few occasions it is required.

Gordon


9
Web Server - Ask For Help / Odd lookup behaviour
« on: September 07, 2021, 07:31:15 AM »
Using NT 12.17

I have a form that allows a client record to be attached to a record in one of 2 ways, either select from an existing list (lookup) or add one on the fly that gets saved to a separate table to be validated later by another user.

So the form has a radio choice of existing or new then:

If new there are a selection of client fields to be entered manually including a drop list for titles from a Titles table (work perfectly)

If existing is selected an existing client a drop list is displayed and the client related entry fields become read only to display the selected client details. Again it all works perfectly, well most of the time on odd occasions the client fields are cleared after selection. I have narrowed this down to a drop list field, in this case the client title which is file loaded drop list (actually set to read only if existing client).

Here is a snippet of code from the Validate::lvClientCode Routine with the extra assign fields, the drop list field is lvClientTitleGUID. When the error occurs all the fields after lvClientTitleGUID in the list are blank, so if I moved it down several lines the fields above populate correctly, unfortunately I can't move it any lower than just before the pushevent so the clientcode is blanked. I have changed it to a queue loaded drop and all is well, could it relate to the fact that the title field drop value::.. routine opens and closes all the files including clients?

  p_Web.SetValue('lookupfield','lvClientCode')
  do AfterLookup
  do Refresh::lvClientTitleGUID
  do Refresh::lvClientSurname
  do Refresh::lvClientFirstname
  do Refresh::lvClientDoB
  do Refresh::lvClientGender
  do Refresh::lvClientAddr1
  do Refresh::lvClientAddr2
  do Refresh::lvClientAddr3
  do Refresh::lvClientAddr4
  do Refresh::lvClientAddr5
  do Refresh::lvClientPostcode
  do Refresh::lvClientHomePhone
  do Refresh::lvClientMobilePhone
  do Refresh::lvClientEmail
  p_web.PushEvent('parentupdated')
  do Refresh::lvClientCode   ! Field is auto-validated
  do SendMessage
  p_web.ntForm(loc:formname,'ready')
  p_web.PopEvent()

I hope someone can shed some light, if not I'll try to modify an example to recreate the problem, however it is very intermittent.

Gordon

10
My requirement is to be able to ask a session's webhandler to show a message page, however I want to do this not in response to user interaction but from a separate process in the webserver application, possibly using the webserver class methods.

In effect I'd like to cause something like this to be executed:

p_web.Script(p_web.WindowOpen('MyMessagePage'))

Given I will have the specific SessionID is there any way from the WebServer class to

1. set a session value for a specific session using the SessionID, there appears to be a possible method _SetSessionValue, however I'm unsure of it's usage.
2. send the session's webhandler an event or in some other way communicate with it to cause it to execute some code.

I'm aware that the message page will only be shown if the user has the browser page open and the session is still active.

Any enlightenment gratefully received.

Gordon

11
I think this is a question for Bruce but please feel free to comment.

A while back I posted a message about record locking (not literally) in a multi user system. The strategy that I proposed and Bruce clarified is working out ok so far, however I have one issue I'd like comments on please.

The record locking actually places records in a lock table and is in effect soft locking, under normal circumstances the locks get cleared, such as record update, update cancel, user logout and session timeout. However I do get occasional locks that don't get cleared due to people navigating away from an update in their browser, they stay in the product but the page never gets completed or cancelled so the lock never gets deleted.

I can only think of two ways to tackle this:

1. Detect the user has navigated away from the update page, they may have pressed the browser back button or closed the tab, unfortunately I don't know how to do this

2. I add a SessionID and DateTimeStamp to the lock records, so I can have a housekeeping task that clears old locks, that's easy I just have a thread running that bins locks older than a certain number of minutes, crude but it works. However I would like to also check for locks with sessionids that are no longer active in case any tidy up was missed. The way I've done this is to get a list of unique SessionIDs from the lock table and use _GetSessionLoggedIn to check if they logged in (no locks unless logged on this system), it works fine.

The thing that concerns me about doing this in the webserver procedure is the time it could take and the fact it could potentially disrupt the webservers functionality. So I call a procedure on a new thread and reference the webserver class and the _GetSessionLoggedIn  method in there, but now I'm becoming concerned that calling a method in the referenced class from a different thread may also clash with the same class instance running in the webserver procedure, is it a bad idea?

Any advice would be appreciated.

Gordon

12
When I place a Text field on a form it works as expected, scrollable and return creates new lines. However, if I change the field to read only I appear to get a read only string field with no box, no scrolling and line feeds are removed, basically just a continuous line of text. What am I doing incorrectly?

I'm using NT 12.17.

Any help would be appreciated, I'm sure it is just my lack of NT knowledge that is causing me difficulty.

Best Regards
Gordon

13
Web Server - Ask For Help / LetsEncrypt Certificate Renewal
« on: June 15, 2021, 03:59:48 AM »
My first few sites to use my webserver application went live mid May and I have a question about LetsEncrypt.

Am I correct in thinking a webserver app will auto renew the LetsEncrypt certificate so long as port 80 and port 443 are open or do I need to include code to renew periodically?

Also if it is automatic how frequently or how long before it expires does it get renewed?

Does it make any difference if the webserver is running as a service?

Any clarification will be appreciated.

Gordon

14
I've searched and can't find an answer to my question, so I'm hoping someone can help.

I have a memory rather than file based form and I use it in 2 modes and display information in one mode and and allow interaction with save or cancel in the other mode, I use 2 tabs to do this. What I would like to be able to do is hide the save button on a condition, I realise I can disable the save button conditionally but this also disables the cancel button and I need the cancel to remain active. I guess I could achieve this by using 2 forms but that seems like a less than ideal method.

Any help would be greatly appreciated.

Gordon

15
Web Server - Ask For Help / HTML data entry masks
« on: May 21, 2021, 04:11:45 AM »
Has anyone used html data entry masks, I'm particularly thinking about dates and times so the separators such as / and : are fixed in the input and the entry moves from dd to mm to yyyy as the elements are filled, no need to type a separator. I understand how this can be done in html code but I'm uncertain where to place the mask details in a webserver form field definition.

Gordon


Pages: [1] 2