Profile

Work

I am a Full-Stack Web & Software Developer with over fifteen years of experience. Over countless hours I have discovered that I have a passion and talent for creating works that are both highly functional and technically sound.

I have also discovered that I have a knack for understanding new theories & concepts – I am an adamant perfectionist when it comes to just about anything I do.

Current Skill set

Web
  • Responsive Mobile first HTML & CSS3 – Bootstrap, SASS
  • JavaScript (Vanilla JS, JQuery, Angular)
  • PHP (Web Server & CRON)
  • CRM / CMS packages – WordPress, OsCommerce, Marketo
  • MySQL
  • Git
  • SEO & PPC
Applications
  • Java
  • Python
Legacy Technology
  • ASP (classic)
  • Visual Basic
  • Adobe Flash
Software Packages
  • Adobe Photoshop
  • MySQL
  • Jet Brains Web Suite
  • Microsoft Word
  • Microsoft Excel
  • Microsoft Access
  • Maya 3d
  • and more…

Study

At the start of 2019, I am entering my 4th year of a 6 year course Studying a Bachelor of
Computer Science with gaming specialisation at Charles Sturt University

Hobbies

Pyrotechnic

A license Pyrotechnician in the state of N.S.W. Australia for over twenty years, performing
professional grade pyrotechnic shows ranging from from Chinese String Crackers, Indoor Close
Proximity Fireworks, Aerial Shells up to 125mm and Aerial Salutes up to 75mm.

A founding member of the Pyrotechnics Industry Association of Australia (PIAA), Based in Sydney
but have performing shows all over NSW for all types of events.

Car Enthusiast

An active member in the Skylines Australia NSW car club I regularly volunteer to help run events.

Social Media

You can connect with me professionally on LinkedIn,
or stalk me through Twitter

Portfolio

Employment

Wizardry Fireworks

PRODOCOM Australia

Hannover Fairs Australia

E-Web Marketing

Freelance Websites

Personal Projects

Tipping Comp

cruizen’

National Pyrotechnics

iblott accessories

Blog

FBML – Ajax – Facebook Authentication

I finally decided to try and stop direct URL requests to pages that run my Facebook app and i came across some code in Facebook’s Dev Wiki. Facebook call it “Verifying The Signature” and you can read more about it here.

I needed my site to only show my pages if Facebook is requesting it, and not show anything or show an error when a user tries to go direct to the source.

IE: My Facebook app’s canvas page is on a sub domain like http://facebook.mydomain.com/, so when a user entered that into a browsers URL it would spit out a bunch <HTML> code. Now, this wasn’t directly an issue, but the code was all broken because most pages contained FBML which does nothing in a regular browser.

So, up til now it wasn’t a large drama until i implemented some AJAX functions and the processing pages had little to no verification on them so anyone could have made a simple form and resubmitting data very easily. Since my app contains closing dates for sections then it was quite easy to backdate submissions and really cause havoc if you so wished.

So now I’ve managed to turn the Dev Wiki Page code into a working validation function. But i had to still do some work on this code. It’s not 100% “Right in front of you” from that page.

make sure you take a look at the wiki page, but essentially, this is what it’s doing

  1. Remove the “fb_sig_” prefix from all of the keys.
  2. Sort the array alphabetically by key.
  3. Concatenate all key/value pairs together in the format “k=v” (omitting the signature itself, since that is what we are calculating).
  4. Append your secret key, which you can find by going to the Developers application and following the link for your application.
  5. Take the md5 hash of the whole string.

Bellow is my functioning code for the validation (Sorry about it not being formatted, My theme doesn’t format code too well)

PHP:

function CheckUser($appsecret) {
$fbsig = array();
foreach($_POST as $key=>$value) {
if(substr($key,0,7) == 'fb_sig_') {
$fbsig[substr($key,7)] = $value;
}
}
ksort($fbsig);
foreach($fbsig as $key=>$value) {
$string .= $key . '=' . $value;
}
$string .= $appsecret;
if (md5($string) == $_POST['fb_sig']) { return true; }
}

function IsFacebook($appsecret) {
if (!CheckUser($appsecret)) {
echo "You have tried to access this page outside of facebook.
Please go back to <a href=\"http://www.facebook.com\">facebook</a>
and stop trying to hack our app appart";
exit;
}
}

This code is pasted into each page you want to run the validation on

// this is accessed from your Dev page, ONLY you and facebook should ever know this
$appsecret = ############################

$facebook = new Facebook($appapikey,$appsecret); // Initiate Facebook
$fb_user = $facebook->require_login(); // make sure the user is logged into Facebook first

$uid = $facebook->get_loggedin_user(); // get the users details

// Make sure it's facebook requesting the page

IsFacebook($appsecret);

Published by
March 2, 2010 4:38 pm

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Creative

I studied Digital Media for 12 months at Mt Druitt TAFE. While  doing so we studied The 3D Modeling Program ‘Maya’. During the course I produced a number of 3D scenes and a couple of 3D animated movies.

I have also played in other programs such as Bryce 3D, 3D Studio Max, Lightwave, Vue D’esprit and a few others. However, i have always returned to Maya as a personal preference.

Bellow are a number of works that i have produced from these various programs.

Bryce 3D: Balls

Vue D’esprit: Sulfuric

Maya: Living Room

Maya: Gauntlet

Loading...