Login

Designing Code

An insider's view into the dark world of marketing and how to design code with the right side of your brain.

First OOP Sample

oop in Scrabble lettersWell, I've started my foray into object oriented programming, and I have to say that it's a totally different way of thinking than procedural. The sample of version 1.0 is located [here].

I have written a basic framework with a CMS built into it. The CMS allows for modules to be built for it. I've already create a couple of proprietary modules for Philips Hadco that can't be included here. I can say the it's fairly easy to build these modules (blog, forums, etc...). I'm already going to revise the parameter passing on the framework by passing a "config" object as a parameter that would include such things as "site root", "doc root","url", etc...

I've tried to keep a MVC setup, let me know if I have! Feel free to comment and be totally critical- this is my first attempt and I have no ego to bruise!
Posted by kcbruce at 2010-01-03 12:14pm | Permanent Link | Comments(2)

PHP5 - Recreating .NET's membership password hash algorithm

Premise:

 

I'm writing a php app that runs alongside ASP .NET site. I want to utilize the existing users and roles tables in the MSSQL server and can, except for one thing- matching the hashed passwords in the database. I found a blog that shows how .NET does the hashing (with salt) so I can try to recreate it in PHP.

A developer on Twitter sent me this link which shows the .NET membership procedure for developing the hashes for passwords. 
private static HashAlgorithm passwordHasher = HashAlgorithm.Create("SHA1"); 
 
private bool ValidateUser(string username, string password) 
var user = GlobalApplication.Database.Users.FirstOrDefault(u => u.UserName == username); 
if (user == null) return false; 

byte[] saltBytes = Convert.FromBase64String(user.Membership.PasswordSalt); 
byte[] passwordBytes = Encoding.UTF8.GetBytes(password); 
byte[] bytesToHash = new byte[saltBytes.Length + passwordBytes.Length]; 
saltBytes.CopyTo(bytesToHash, 0); 
passwordBytes.CopyTo(bytesToHash, saltBytes.Length); 
byte[] hash = passwordHasher.ComputeHash(bytesToHash); 
string base64Hash = Convert.ToBase64String(hash); 
return user.Membership.Password == base64Hash;
}

This was very useful is seeing what is done in C# and clues me into the procedures needed to replicate it in PHP
I've gleemed over search results that SHA1 is the hash algorithm used (and PHP has implementations of this). 

However a couple of hurdles I've run into:
  1. converting the UTF-8 password into bytes in PHP comes back as a string of 1's and 0's and the salt unpacks as true binary (returning +7ª\ætR<_9deji|Ï)
  2. not sure the "copyTo()" method is easily replaced by straight out concatenation 

Thoughts?

my PHP code version of above:
----

$hash_password = "bgT8AutbQgtlec0VNhhtmAXdXxvI0V/96Vj48KRz26E=";
$salt = "KzeqXOZ0UjwYOWRlaml8zw==";

$password = "church";

$salt = base64_decode($salt); //convert salt back to it's binary state

$passwordBytes = bstr2bin(utf8_encode($password)); //convert password to utf8 then binary

echo "$salt"; //prints "+7ª\ætR<9deji|Ï"
echo "$passwordBytes"; //prints 11000110110100001110101011100100110001101101000

$bytesToHash = $salt . $passwordBytes; //combine the 2 binary objs
$hash = sha1($bytesToHash, true); //sha1 hash it
$hashedpassword = base64_encode($hash); //base64 encode it into a string

echo "$hashedpassword
$hash_password";
function bstr2bin($input)
// Binary representation of a binary-string
{
  if (!is_string($input)) return null; // Sanity check
  // Unpack as a hexadecimal string
  $value = unpack('H*', $input);
  // Output binary representation
  return base_convert($value[1], 16, 2);
}
function bin2bstr($input)
// Convert a binary expression (e.g., "100111") into a binary-string
{
  if (!is_string($input)) return null; // Sanity check
  // Pack into a string
  return pack('H*', base_convert($input, 2, 16));
}
---
last "echo" prints:
2mOfuA7gRcDEYNJF9fjN83em+Jw=
bgT8AutbQgtlec0VNhhtmAXdXxvI0V/96Vj48KRz26E=

 
Posted by kcbruce at 2009-11-12 4:53pm | Permanent Link | Comments(0)

The Absolute Definitive Word on Social Media Marketing (for about one minute)

I attended the Frederick Chamber of Commerce's Social Media Conference on June 5th and walked away with a ton of good advice and a healthy dose of perspective. What I've gleamed from both the conference and online Social Media content (for which, there is a ton of) follows...

Companies using Social Media for Marketing

One of the main questions for engaging in Social Media from companies is how to directly monetize the outcome. How do they sell their "stuff" to people in the SM arena?

First off, there is no direct selling on Social Networks! It doesn't work that way and it turns people off from your brand. People are on these networks to socialize, not be sold to. To engage in a 2+ way conversation, not be talked to.

Second, you don't and cannot control the message! You can influence it by your actions, but never control it.

So why do it?

You use Social Media to further your company's exposure, to generate buzz, to directly engage in conversation with the people that use your products or services. The benefits are many to your brand.

If you use Social Media correctly:

  1. Your company gets known for:
    • ...being responsive to the consumer's needs, which creates repeat business and good buzz.
    • ...being run by humans, like them. That is appealing and generates more sales.
    • ...being modern and representing "the now", which draws more new (next generation) customers and sales.
  2. You can announce new products and methods your company is releasing or using. People are interested.
  3. You can quickly put out brush fires of "bad press". Your brand could be destroyed if you aren't paying attention. This is critical and, if for no other reason, why you should be paying attention to the conversations going on about you in Social Media. Your silence on negative press about you. Twitter is the best tool for this!Twitter

Social Media Rules of Engagement

  1. Have a strategy when starting a SM campaign. Create a central place (a home base) in the Social Media sphere to draw people to- a blog, Facebook page, Ning page, etc.. Use the other Social Media outlets to interact and direct to this home base.
  2. Take online relationships offline- talk by phone or face-to-face.
  3. Brand monitoring isn't a 9-5 situation- always monitor! Your brand could be badly damaged if there's a problem Friday night that isn't addressed until Monday morning. It's ok to admit you don't know the answer, but you're working hard to find a solution. Be sure to thank the people that bring an issue to your attention- they are helping to better your product. Talk with customers, not AT customers- engage in the conversation!
  4. When projecting yourself (and thus, your company) online, never act any other way than you would act in front of your mother. You can completely ruin your reputation as a competent brand by being angry, rude, dorky or spazzy On the other end, you shouldn't seem too corporate- people want to interact with other people. Be a source of information and help people out when you see an opportunity. Cultivate your "personal brand" to be a positive one- your personal brand online is always tied back to your business' brand.
  5. You have to love what you're talking about- people can detect fake sentiment.
  6. You should have a blog! Populate this blog with useful information about your products and how people can use them to enhance their lives. Big blog rule - if you aren't post at least 2-3 times a week, it's a dead blog, therefore you need to commit yourself to this blog. If your blog dies online, it's a very public death and shows your company can't commit the time to it, and thus, to it's clients.
  7. Twitter is the most real time account of what's being said about/to you, therefore it's the most critical tool in you SM belt. A flash fire can start on Twitter and you must be ready to react to save your brand. RSS dashboards are an essential way to track forum posts, which can slip under the radar far too easily. Twitter has it's own rules of engagement- there is a good article on that topic [here].
  8. In SM, you can't control the message and your brand could be destroyed if you aren't paying attention.

Conclusion

If your company sells to people, you should have some presence in the Social Media sphere. Over the course of a weekend, your brand could suffer massive PR damage without you knowing about it. If you see the debacle on the news- it's already too late. Social Media is a powerful and inexpensive conduit for outreach and image, but it's not a direct sales tool! Remember, if they don't know you, image is everything! So project a great image and win the hearts and minds of your consumers! They will be your best advocates, and that will save advertising costs and increase sales.

Social Media does cost time, but getting your company in the habit of using it as a standard tool and it will help you grow far more than by traditional media alone.

 
Posted by kcbruce at 2009-06-22 11:34am | Permanent Link | Comments(1)

Share |

Home  • Blog  • Portfolio  • Resume  • Scripts  • Photos  • Contact
Phone: 717-793-0647
http://www.kevinbruce.com · Site Modified Jul 21, 2010 · ©2010 Kevin Bruce | Web and Print Designer/PHP Developer
Follow me on LinkedIn Profile   Facebook   Twitter