Register a SA Forums Account here!
JOINING THE SA FORUMS WILL REMOVE THIS BIG AD, THE ANNOYING UNDERLINED ADS, AND STUPID INTERSTITIAL ADS!!!

You can: log in, read the tech support FAQ, or request your lost password. This dumb message (and those ads) will appear on every screen until you register! Get rid of this crap by registering your own SA Forums Account and joining roughly 150,000 Goons, for the one-time price of $9.95! We charge money because it costs us money per month for bills, and since we don't believe in showing ads to our users, we try to make the money back through forum registrations.
The Something Awful Forums > Discussion > Serious Hardware/Software Crap > The Cavern of COBOL > The Web Design & Development Megathread
 
  • Post
  • Reply
Dietrich
Sep 11, 2001

stoops posted:

I would like to get into HTML5 a bit, focusing more on canvas, and being able to draw spectrograms.

At my work, my colleagues use c++ and other programs to draw spectrograms, but, with me being the "web guy", I want to be able to port this onto the web.

Is this at all possible right now?

I googled spectrograms and html5 and i saw that a web audio api can do that, sorta, but with wav files.

If anyone can recommend me some solid books, even if it's just basic canvas drawings for now, I'd appreciate.

It's more than possible, but I would recommend using a charting/graphing library until you get your feet under you. Trying to make one from scratch will be many hours of investment to solve a solved problem.

Here are quite a few: http://www.unheap.com/?s=graph

I use flot. It's nice.

* # ¿ Jul 2, 2013 15:59
  • Quote
Adbot
ADBOT LOVES YOU

# ¿ Apr 27, 2024 17:23
  • Quote
Dietrich
Sep 11, 2001

kedo posted:

I've seen d3.js used on some interesting canvas projects as well, though I haven't used it myself.

That is badass.

* # ¿ Jul 2, 2013 16:13
  • Quote
Dietrich
Sep 11, 2001

gmq posted:

The beginning of the end of my job if it actually works as advertised. I guess I can always learn and go full stack. :gbsmith:

That looks pretty amazing!

* # ¿ Jul 24, 2013 15:31
  • Quote
Dietrich
Sep 11, 2001

hayden. posted:

I'm trying to use JavaScript to pull in reddit submissions.

Using this works fine and pulls in the submissions, but it responds as though no one is logged in and uses the default subreddits:

code:
$.getJSON("http://www.reddit.com/hot/.json?jsonp=?", function(data) {
	$.each(data.data.children, function(i,item){
		$('#images').append(item.data.title + '<br><br>');
		//$("<img/>").attr("src", item.data.title).appendTo("#images");
	});
});
If I just point my browser to http://www.reddit.com/hot/.json then it responds but including my default subreddits.

I have almost no idea what I'm doing. Anyone have suggestions in how to make my code above pull in items as though I'm logged in? I've been looking around trying to figure out how to use the reddit API with JavaScript and have found nothing. I would guess logging in through the API first would fix it? No idea.

It probably isn't sending your login cookie along to reddit with that request to get your stuff. You may have to do some other stuff with the API to get an auth token you can send along with the request to get a user's settings respected.

* # ¿ Jul 26, 2013 19:39
  • Quote
Dietrich
Sep 11, 2001

Lumpy posted:

You must have never designed a website that was supposed to generate revenue.

"Hey boss, our company had 19.1M in expenses, the site only brought in 19M. Good thing we told 5% of our users to gently caress off!"

(Cue: people without JS/ modern browsers would never buy anything online anyway justification...)

If you can't provide a good user experience (note: not astounding or unbelievable, just good enough to get the job done) without javascript / cutting edge Css, its not the users fault.

If only that hypothetical business had spent the time to make their site workable with javascript blocked, the story would be:

"Hey boss, our company had 24.5M in expenses, the site only brought in 19.1M. Good thing we support MidasWWW!

* # ¿ Aug 2, 2013 13:29
  • Quote
Dietrich
Sep 11, 2001

 Is it common to have the client side javascript hash the password and pass the hash rather than the plain text password to the server for verification against the stored hash? With HTTPS you don't have to worry about man in the middle attacks in general, but it seems like that would be most secure.

* # ¿ Aug 19, 2013 15:51
  • Quote
Dietrich
Sep 11, 2001

NtotheTC posted:

Well the flow for the plugin I typically use is:

- User signs up, their "account" record is created in the db (with active=false) as well as an "activation" record that has an FK link to that account and contains an activation_key field with a randomly generated key in it e.g. 3eadab4aa0766b619a08ab5b047bdb0365131ee0.

- Email sent to that user that includes a url with that key, e.g. https://www.your-domain.com/activate/3eadab4aa0766b619a08ab5b047bdb0365131ee0/

- When they click the url it finds the activation record, sets the account it links to to active=true

You obviously need to limit the actions the user can perform if they're not activated, be that logging in or viewing certain areas etc. For password resets I imagine you can have a similar system, create a "password_change" record, fk-link it to the user's account, then send them a unique link using the generated key that allows them to reset their password.

I'm not sure whether it's better to delete "spent" activation/password reset records or keep them for posterity, maybe someone else can chime in on that front.

Whatever you do, you don't want the activation/password reset records to be re-usable. In the same transaction as you set the account to active or apply the new password, you should set the linking record to inactive or populate a date field with the date used and the IP used from. This can be useful auditing information. You can, for example, see that 900 users were activated from the same IP address in 2 hours.

* # ¿ Sep 6, 2013 13:15
  • Quote
Dietrich
Sep 11, 2001

DreadCthulhu posted:

Are there any obvious security practices besides that one that I should make sure to have in place? Couldn't find anything specific on OWASP etc, maybe security stack exchange will have more.

1) If you have a pending activation or password change out there and they request a new one, disable the previous one first and you should probably tell them to check their spam folder before sending out another one.

2) Don't deactivate the account because they used the password reset link.

3) Don't let them specify an e-mail address to send the reset link to, it should be the one on their account that they activated from. There is some debate on if you should tell the user which e-mail you sent the password to if you're using a Login+Pass or Login/Email+Pass system rather than an Email+Pass system. The concern is that if the Login is the same as a displayed name on your site, people can request a password reset and then see the victim user's email address. So consider that.

4) All reset and activation requests should only be valid for a fixed period of time, generally a short one.

Probably more, but those are the obvious ones.

* # ¿ Sep 6, 2013 19:55
  • Quote
Adbot
ADBOT LOVES YOU

# ¿ Apr 27, 2024 17:23
  • Quote
Dietrich
Sep 11, 2001

fletcher posted:

I'm curious what you design savvy folks think of linkedin.com. I haven't used it much but my god it feels like such a clusterfuck of a UI.

It's specifically designed to make corporate users feel right at home! :downsgun:

* # ¿ Nov 15, 2013 05:05
  • Quote
  • 1
  • 2
  • 3
  • 4
  • 5
  • Post
  • Reply
The Something Awful Forums > Discussion > Serious Hardware/Software Crap > The Cavern of COBOL > The Web Design & Development Megathread