Posted by & filed under Xamarin.

The following code shows how to convert a PNG image (Stream) to a Base64 string, and back from a Base64 string to a Stream and into an ImageSource. The example uses SignaturePad (https://github.com/xamarin/SignaturePad), since we needed to convert the resulting signature and store it in a database, and also display it on a website. The resulting Base64 string is only ~40KB, but that size is dependent on the size of input you implement in your app.

In XAML, we added the element:

<ContentPage xmlns:controls="clr-namespace:SignaturePad.Forms;assembly=SignaturePad.Forms" ... >
     <controls:SignaturePadView x:Name="the_signature" StrokeWidth="3" StrokeColor="Black" BackgroundColor="White" HeightRequest="80"></controls:SignaturePadView>

In the following example, the Xamarin SignaturePad element is named “the_signature”, which is of type SignaturePadView, and we will convert the generated PNG to a base64 string:

private async Task Signature()
{
     // convert png image to base64
     System.IO.Stream signature_image = await the_signature.GetImageStreamAsync(SignaturePad.Forms.SignatureImageFormat.Png);
     byte[] bytes = new byte[signature_image.Length];
     signature_image.Position = 0;
     signature_image.Read(bytes, 0, (int)signature_image.Length);
     string signature = Convert.ToBase64String(bytes);
}

To convert it back from base64 and load it into an ImageSource:

byte[] bytes = Convert.FromBase64String(signature);
System.IO.Stream stream = new System.IO.MemoryStream(bytes);
ImageSource the_signature_image = ImageSource.FromStream(() => stream);

Now we can apply “ImageSource the_signature_image” to the SignaturePadView element:

the_signature.Source = the_signature_image;

Posted by & filed under WordPress.

Security

For any new or existing WordPress website, you should ensure that you have some sort of software firewall installed. A plugin that will report on suspicious activity and files within your WordPress file system. We recommend WordFence. Even having the basic version of WordFence will help tremendously.

In regards to file and folder permissions, files should have permissions set to 644 and folders 755. Using a FTP/SFTP program, such as FileZilla, you can easily update all files and/or folders in just a few clicks.

We do not recommend right-clicking your public_html folder and doing this, as it may change the permissions on public_html, which is usually set to 750. Instead, you may want to highlight/select all files and folders in your WordPress directory. Once you have your files/folders selected, right-click one and click File Permissions. At the bottom of the window (see above), check Recurse into subdirectories, then select either Apply to files only or Apply to directories only. Depending on which you choose to do first, type in 644 for files or 755 for directories in the Numeric value: field. It will take a few minutes for each update to run.

My Website Has Been Hacked!

If you can access the admin panel of your site and view the scan logs from WordFence, or other protection plugin, then you should have a list of files that were found to be malicious. If not, that’s OK. You can still perform the following steps.

You will want to login to access your website’s files, using a program like FileZilla or your web host’s File Manager. Look for any files that were listed in the scan, or any files/folders with incorrect permissions. With each file found, you will want to do 2 things:

  1. Fix the permissions on the file/folder. Also make sure the folder that contains this item has proper permissions.
  2. Using a fresh copy of WordPress, upload and replace the file. You can find out your version of WordPress by opening /wp-includes/version.php. You can download the matching version of WordPress from: https://wordpress.org/download/releases/

Once you patch all the malicious files, you will want to run another scan. Again, WordFence is great for this; and is the very first plugin we install on a website. If you do decide to use WordFence, you will be prompted to enter your email address, and if you decide to opt-in you will receive notices about outdated plugins and any issues that arise.

Side Note

Hackers don’t usually have the time to manually attack a website, unless it’s a personal vendetta. Instead, they send out a bot which looks for sites with vulnerabilities. The hacker’s code is then automatically uploaded and executed. Knowing this, the typical flaw in websites that allows attackers to get in are the file permissions. However, there are many other ways an attacker may gain access to your site. Some of the ways include: cross-site scripting (due to how some plugins may be written), and allowing unauthenticated users to upload files. Uploads should be limited to specific file types, and all users who are allowed to upload files should be authenticated first.

Keep Your WordPress Site Updated

It is very important to keep WordPress, plugins and themes updated. In some cases it may not be realistic to update certain things right away, but in that case make sure you take a quick glace at what the new release includes, as it may be patching an exploit.

When you setup and configure wp-config.php, don’t forget to generate and apply the your Unique Keys and Salts, found below your DB_* definitions.

Also make sure you use strong passwords, with uppercase, lowercase, numbers and special characters, having a length no less than 11.

If You Need Help With Your Hacked Site

Feel free to give us a call. We have fixed many hacked websites in our 25+ years of service, and the underlying exploit is almost always the same. It usually takes less than 2 hours to fix a website. In some cases, your website can be restored from a backup. However, if you restore from a backup, we recommend glancing over the files and folders to ensure the correct permissions have been set.

Posted by & filed under WordPress.

Run the following SQL scripts from phpMyAdmin, or other SQL program. Be sure to change ‘http://www.oldurl‘ and ‘http://www.newurl‘ values.

UPDATE wp_options SET option_value = replace(option_value, 'http://www.oldurl', 'http://www.newurl') WHERE option_name = 'home' OR option_name = 'siteurl';

UPDATE wp_posts SET guid = replace(guid, 'http://www.oldurl','http://www.newurl');

UPDATE wp_posts SET post_content = replace(post_content, 'http://www.oldurl', 'http://www.newurl');

UPDATE wp_postmeta SET meta_value = replace(meta_value,'http://www.oldurl','http://www.newurl');

Posted by & filed under News & Updates.

Due to the COVID-19 outbreak, the flu, colds, car accidents, radiation from sun exposure, bumps, scrapes, bruises, and all forms of cancer, we at IAPS have your, and our, safety in mind. For those reasons, we work remotely from home and encourage everyone to avoid illness by eating healthy, getting some exercise, and thinking positively. There is no need to panic!

This year at IAPS, we plan to release our new version of flokah, our small business management web platform, and our eagerly-awaited formDO project, that lets you design your own custom management software (CMS) using forms and built-in reporting options. We also recently created and released a new logo 🙂

Our digital doors are always open, and we will continue to provide quality services and products.

Posted by & filed under Operating Systems.

Edit [2020-08-14]: we have made some changes to this guide based on user feedback.

Over our years providing software development services, we have used many different file backup techniques, including: manually copying files, running Windows backups, 3rd-party software solutions, Rich/Robo Copy, shell scripts (which we’ll talk about), and we even tried one of those external hard-drive software bundles, like WD Passport.

We reluctantly installed Windows 10 on our main computers, figuring that Windows 10 has now had ample time to get most of the kinks worked out, and to our surprise “Backup and Restore” from Windows 7 is being deprecated, and the “Backup and Restore (Windows 7)” in Windows 10 seems to fail no matter what was tried. The only option is to use their new backup option, File History, which we use to an extent.

However, we ran into issues with File History when trying to select specific folders under the AppData directory. It didn’t seem to target them properly and the only way to add them was to add the entire AppData directory, instead of specific directories from within.

So now we create our own backup scripts using a file-transfer command-line tool called rsync.

rsync is an open source utility that provides fast incremental file transfer. rsync is freely available under the GNU General Public License and is currently being maintained by Wayne Davison.

It’s a bit of a process to get this setup on Windows, but it’s worth it. If you have a linux system, then you already have rsync installed by default.

  1. Download and install Notepad++; used to instill proper line-endings for the shell script we will create.
  2. Download, install, and configure Cygwin; this program simulates a shell in Windows, and also provides rsync as an option during installation.
  3. Go through some rsync command-line examples.

1. Notepad++

Notepad++ is a great tool for quick notes and file editing/previewing. It allows for multiple documents to be open at once, and it remembers unsaved documents for you. You can download Notepad++ from here: https://notepad-plus-plus.org/

We will use this program to create a shell file (.sh extension) that we can run from Cygwin. Notepad++ helps us solve an issue where regular text files created in Windows have different line ending characters (\r\n) than those that are used in a Unix/Linux environment (\n).

We’ll use Notepad++ to set the line endings of our shell script to be that of Unix decent. Open Notepad++ and create a new file, then click on Edit > EOL Conversion > Unix (LF), then save your file with a .sh extension (eg. mybackup.sh).

In the very first line of that file, write the following:

#!/bin/bash

All remaining commands will go below this line.

2. Download, install and configure Cygwin

Cygwin provides a local shell (command-line) environment with configuration for many of the same capabilities as you’d have on a Linux OS or Mac machine, and this program will allow us to run the rsync command.

  1. Go to https://www.cygwin.com/
  2. Download your supported executable (.exe), 64 or 32-bit, file from the links found under the section Installing Cygwin.
  3. Open the file to begin the installation process…
  4. During installation, you will be asked which modules to install; you can use the search box at the top to help locate the modules we need. Find and select both ssh and rsync.
  5. Once installed, open the Cygwin terminal.
  6. If you make a mistake or need to install additional modules, you may run the Cygwin installer again to select additional modules.

3. Rsync commands

To view all accessible drives from Cygwin, type the following in your Cygwin terminal:

 cd /cygwin/

From here, we can access our files on our main drives, and plan our backup strategy. Let’s take a look at a rsync command that copies everything from C-drive to D-drive:

rsync -auvhPW --stats /cygdrive/c/ /cygdrive/d/

The above command uses some very specific options/flags, which are explained below, starting with -auvhPW:

  • a = archive, includes -r (recursive, into directories) and -t (times, preserve)
  • u = update, skips files if they are newer
  • v = verbose, to improve quality of transfer
  • h = human-readable output
  • z = compress during transfer (removed)
  • P = equivalent to –partial –progress (providing file transfer progress %)
  • W = copy files whole (equivalent to –whole-file)
  • stats = provides statistics about the transfer upon completion
  • Other flags can be found, and are described, on the rsync website.

This first example will copy all files from your user (MyUserName) /Documents/ folder on your C-drive, to a folder called /Documents/ on your D-drive, which can be an external hard drive, USB stick, etc.:

rsync -auvhPW --stats /cygdrive/c/Users/MyUserName/Documents/ /cygdrive/d/Documents/
  • exclude ‘folder/file’ = allows you to dictate which files or folders to skip during the sync. You may chain –exclude flags to ignore multiple directories:
rsync -auvhPW --stats --exclude 'Private' --exclude 'SemiPrivate' /cygdrive/c/Users/MyUserName/Documents/ /cygdrive/d/Documents/

You may run the above commands right from the Cygwin terminal, or – especially if you have multiple rsync commands – you can save those commands to mybackup.sh and then run the following command:

./cygwin/c/path/to/file/mybackup.sh

Posted by & filed under PHP Development.

Through our years of programming, we have optimized and re-optimized our code in attempt to make things easier for us, and to reduce redundant code.

During our endeavours, we implemented an abstract class containing a function that returns a new object instance:

abstract class i_object {
    final public static function i() {
        return count(func_get_args()) ? call_user_func_array(array(new static, '__construct'), func_get_args()) : new static;
    }
}

You can then create your business logic class like this:

class user extends i_object {
    public $id;
    function __construct($id = null, $populate = false) {
        $this->id = $id;
        if ($populate)
            $this->populate();
        return $this; // * important
    }
    function populate() {
        // populate from db
    }
}

Then, when you want to create a new “user” object:

$user = user::i($id, true);

We check for arguments in i_object::i(), so the object is then instantiated with those same params.

* It is imperative that you return $this; in the __construct function of the class extending the abstract class.  If omitted, nothing will be returned when calling ::i().

Posted by & filed under Hosting, News & Updates.

Please note that access via FTP is no longer permitted, as at March 7th, 2017 @ 12:01am EST.

The following describes how to configure SFTP access for a cPanel user.

Aside from logging into cPanel and using the File Manager tool to manage your website files, you can also connect via SFTP, not to be confused with shell access, which is prohibited.

Create your SSH Keys

You will first need to setup your SSH Keys:

  • While logged into cPanel, click on “SSH Access” under the “Security” section, then click on “Manage SSH Keys”:
  • If you do not have any Private Keys setup, click on “Generate a New Key”.
    • You may keep the Key Name as “id_rsa”, or change it to something more specific.
    • You will be asked for a Key Password, which is optional but highly recommended.  You will need this password each time you use the key.
    • Key Type: RSA
    • Key Size: 4096
    • Click “Generate Key”.
  • From the “SSH Access” page, click “Manage” beside your new key, listed under “Public Keys”:
    • The “Authorization Status” should be listed as “not authorized”.
    • Click “Authorize” to permit access using this key.
  • From the “SSH Access” page, click “View/Download” beside your key in the list of “Private Keys”:
    • Scroll down to the bottom of this page to where it says “Convert the … key to PPK format”.
      • If you supplied a password during creation of this key, enter it here.
    • Click “Convert”.
    • Then scroll down to the bottom of the page, and click “Download” to download the “.ppk” Private Key file.
    • DO NOT share your Private Key with anyone.

Configure your Connection

In FileZilla, setup your connection as follows:

  • Host: hosting.iaps.ca
  • Protocol: SFTP – SSH File Transfer Protocol
  • Logon Type: Key file
  • User: your cPanel username
  • Key file: the “.ppk” key-file you downloaded from cPanel.
  • Example:

Once you click connect, you will be prompted for the key password you set while generating the SSH Key.

That’s it!  Your connection and transfers are now secure.

Posted by & filed under formdo.com, Hosting, PHP Development, WordPress.

Hosting
This year we will be upgrading our hosting services by more than doubling speed, ram and space, which is expected to occur early March.

formDO
We will be releasing our flagship project, formDO, late April!

flokah (ubudget)
We have some really awesome updates prepared for this project, which will be released shortly after the launch of formDO; most likely sometime in May or June.

Clothing/Apparel
We are now selling light-weight, polyester hoodies for CAD$35, available in 2 colours (dark grey, beige), and 5 sizes (S, M, Lg, XL, XXL). All hoodies come with a pressed “iaps” logo, placed over the heart. For more information, please contact us. We plan on setting up a shop page for our apparel in early Spring, which is when we plan on introducing collared golf shirts into our product line.

Blankslate/Patternfly WordPress Theme
As per our post in October of last year, WordPress PatternFly (Bootstrap) Theme, we will be applying this theme to our own website, and also releasing it to the public via https://en-ca.wordpress.org/themes/. This should be done by August, along with a client login panel with further integrated support tickets, and access to invoice history.

Summer
This summer will commence our first application and integration of formDO into a small farming business, located just outside London, Ontario.

Posted by & filed under PHP Development, WordPress.

Over the past few months, we have been working with PatternFly, which is built on Bootstrap, to provide an enterprise look and feel to our data management applications. To our surprise, or not, we found zero (0) WordPress themes supporting PatternFly. While utilizing the open source WordPress theme Blankslate, we have put together a nice little WordPress PatternFly theme. You can see it in action at www.carwrapquotes.com.

We plan on publicly releasing this theme, once we tighten everything up, but for now, if you would like a copy to use or play around with, please let us know. This theme-package comes complete with a child theme for you to provide overrides. We also recommend using the following plugins, in order of most important to least important, although not required:

  • Theme My Login – Template overrides have been provided within the packaged parent theme. You may further override these templates by copying them, from TML itself or from the parent theme, to your child theme.
  • Wordfence Security – Security is always a good idea! This should actually be listed first, but it’s not.
  • Debug Print R – Because debugging is sometimes necessary, and this makes debugging easier to read.
  • Nav Menu Roles – Easily set a nav menu item to only display based on logged in status and role.
  • Slim Stat Analytics – To accompany your Google Analytics.
  • Widget Logic – Great way to limit widget visibility.

Posted by & filed under Notices & Alerts.

We highly encourage everyone to use passwords with at least 9 characters, containing uppercase and lowercase letters, numbers, and, if permitted, special characters.

Recommended Password Storage Solutions

KeePass is great little program for managing personal passwords, and LastPass works great to manage passwords for teams.  They are completely different from each other, and KeePass does have a slight learning curve to it, while being more geared towards people that want to have an offline password storage system.  Comparatively, LastPass integrates well with your browser, provides user/team-based permissions to password sets, and has a user-friendly interface.  We have experience with both of these options.  However, we do prefer KeePass.  The best part is, both of these solutions are FREE!

The Generator

The below form generates strong passwords for online accounts. Keep in mind that if you ever lose a password, you can easily reset your password using the “Forgot Password?” form found on most websites. It’s better to lose a strong password, and have to reset it, than to use a weak password and have your account hacked!


3NH9UA=*8LeZi-YR