Thursday, May 27, 2010

Extending django model with custom search method

This is really fun. Been requested to developed a prototype for a simple system, my immediate choice is django, this time rather than using sqlalchemy, i'm using anything that comes with django umbrella. In this prototype, I add an ajax based auto completion/suggestion search input form, just to give a small 'wow' effect to my customer. Using jquery ajax call, and returning json list of dictionaries.

The best part actually the way how you can extend django model to add you own specific method, for example i add a search method in profile model.

once extended you can simply call it :

searchObj =['q']).order_by('prof_firstname')

and in the same time, the search box actually allowed user to search for profile firstname or lastname and aslo ic number using the same input box.

and here how you can do it in your models (this is my django profile model file):
make sure you add the ProfileManager class inside your model (highlighted in yellow).

# Load modules needed
import operator

from django.db import models
from django.db.models import Q

class ProfileManager(models.Manager):
    def search(self, search_terms):
        terms = [term.strip() for term in search_terms.split()]
        q_objects = []

        for term in terms:

        # Start with a bare QuerySet
        qs = self.get_query_set()

        # Use operator's or_ to string together all of your Q objects.
        return qs.filter(reduce(operator.or_, q_objects))

class Profile(models.Model):
    """ table profile """
    prof_ic = models.CharField(max_length = 12, primary_key = True) # mungkin ic ada abjad (tentera)
    prof_firstname = models.CharField(max_length = 32)
    prof_lastname = models.CharField(max_length = 32)
    prof_dob = models.DateTimeField()
    prof_gender = models.CharField(max_length = 1)
    prof_race = models.CharField(max_length = 32)
    prof_address_1 = models.CharField(max_length = 128)
    prof_address_2 = models.CharField(max_length = 128)
    prof_city = models.CharField(max_length = 32)
    prof_state = models.CharField(max_length = 32)
    prof_country = models.CharField(max_length = 32)
    prof_postcode = models.CharField(max_length = 16)
    prof_telno = models.CharField(max_length = 16)
    prof_mobileno = models.CharField(max_length = 16)
    prof_email = models.EmailField(max_length = 128)
    prof_img = models.ImageField(max_length = 256, upload_to = 'profile')
    prof_sysdate = models.DateTimeField()
    objects = ProfileManager()

    class Meta:
        app_label = "pingat"

Getting IP Address/Interfaces with Python

# easy_install netifaces

in python shell:

// list all interfaces

>>> import netifaces
>>> netifaces.interfaces()

['lo0', 'gif0', 'stf0', 'en0', 'fw0', 'en1', 'vboxnet0']

// now get the addresses only for AF_INET

>>> for iface in netifaces.interfaces():
...     if netifaces.AF_INET in netifaces.ifaddresses(iface) and\
...     'addr' in netifaces.ifaddresses(iface)[netifaces.AF_INET][0]:
...             print iface, netifaces.ifaddresses(iface)[netifaces.AF_INET][0]['addr']

Tuesday, April 27, 2010

DJango Models

somehow i prefer to group all my models in one folder, however in django when u create your app, the models is inside your app folder.

# python startapp dummy
# ls dummy

in order put all apps models in a single folder structure what u need to do is as follow:

# create your model folder inside your project - i named it models
 mkdir models

# edit your models and add a meta class a follow 
class Meta:
    app_label = "appName"

# and import it your models in models/ file
from modelfile import yourmodel

Thursday, April 15, 2010

Having fun with extjs 3.2 ...

Actually this is a snippet of development project I'm handling right now. Using Extjs 3.2.0 on the client side and Django/Python on the server side. Took me 2 weeks to come out with all this layout and forms. What can i say, this is my first encounter with it, and it is quite fun.

Tuesday, April 6, 2010

sanitize your code please...!

few days ago "accidentally" found a few sql injection in one of local ipta web site. I did informed the engineer/developers but no action taken. This morning i requested to do more intensive pen test, and they allowed it with the acknowledgement of IT director.

Managed to penetrate to their internal oracle db, that stores all the confidential informations, enough to proved to them how severe the exploit was. So i send them a reports with sample data gathered and all urls/uris/pages affected to their developers.

The action taken was to blocked/denied my vps static ip address (from where i did the penetration test) instead of repairing their codes that only takes few minutes to repair.

And tonight I still can penetrate through my DSL dynamic connection and it is not just about me , the whole world too...

this is lame guys ... please sanitize your codes...

07th April 2010:
latest updates ... they actually blocked my ip only for one reason, my ip is making lots of connection and consuming/slowing down their bandwidth/server ... now the banned has been removed becoz of "miss-understanding" , but still exploitable...

ok enough of this crap i'm not security dude by profession, better concentrate on my own projects from now on...

Wednesday, March 17, 2010

linux/*nix bash 4.x autocd ..

for those who dont know about latest features in bash 4.x :

sometime you know the folder name but to reach to that folder you need to go from one to another.

eg: /home/project/web/avs/desktop

with bash new autocd you can simply type

cd /home/**/desktop

the double '*' character indicate 'autocd'

same thing when you are frustrated with php, you can simply do:

rm -f /**/*.php

ok, first you must enable the autocd by using the following command:

shopt -s globstar autocd

happy "bash"ing :)

Monday, March 8, 2010

python psycopg2 in imac

I been banging my head making psycopg2 running on this imac with this error trying importing the module:

Symbol not found: _PQbackendPID

after googling around (almost 1 hour exactly), one important thing is about the multi architecture python supported, for this reason u need to specified for python u r using 32 bit with following command:

defaults write Prefer-32-Bit -bool yes

Build and install your psycopg2 again . And voila, everything works.

Mac OS X if very yummy, but coming from linux/ubuntu world where packages are easily available and almost up to date, this is a little frustration for me.

Oh well, I already fell in love with iMac (been using it for 3 days already :P ), this will be just like the old days for me with linux, where you must do things your self, compile, problem and trouble shoot your self. Things like this will make you bolder.... i mean wiser.

- Mac g33k