MAMP and phpMyAdmin at Mac

Apache and PHP are included by default in Mac OS.

Enable Apache on Mac OS X:
sudo apachectl start

Apache htdoc at Mac OS:
REMEMBER to change the permission of this folder in Finder.
Let apache own the permission:
sudo chown -R _www /Library/WebServer/Documents/wedance

Enable PHP for Apache:
sudo vim /etc/apache2/httpd.conf
Uncomment the following line (remove #):
LoadModule php5_module libexec/apache2/

Restart apache:
sudo apachectl restart

Install MySQL: The DMG Archive.
Open System Preferences -> MySQL -> Ensure the MySQL Server is running.

cd /usr/local/mysql/bin
This program enables you to improve the security of your MySQL installation:

To get started, log into MySQL’s root (administrative) account by issuing this command:
mysql -u root -p
Exit: exit

If failed, try:
mysql -u root -p --connect-expired-password
SET PASSWORD FOR 'root'@'localhost' = PASSWORD('mySuperSecretPassword');

Download phpMyAdmin:
$cfg['Servers'][$i]['host'] = '';


JVM (Java Virtual Machine), to run Java bytecode.
JRE (Java Runtime Environment) = JVM + Java Core Library.
JDK (Java Development Kit) = JRE + Java Compiler.

Java SE (Java Standard Edition) = JDK
Java EE (Java Enterprise Edition)
Java ME (Java Micro Edition): Mobile device, TV, etc.

The conversion of dp units to screen pixels is simple: px = dp * (dpi / 160). You should always use dp units when defining your application’s UI, to ensure proper display of your UI on screens with different densities.
public static int px_from_dp(int dp) {
return (int) (dp * Resources.getSystem().getDisplayMetrics().density);
public static int dp_from_px(int px) {
return (int) (px / Resources.getSystem().getDisplayMetrics().density);

Setup Smart HTTP for Git + Gitweb in CentOS 7

I want my project url something like this:

So the clone command can be in this format: $ git clone

Create separate config file for Git: /etc/httpd/conf.d/git.conf

SetEnv GIT_PROJECT_ROOT /opt/git
ScriptAlias /git/ /usr/libexec/git-core/git-http-backend/

<LocationMatch "^/git/*">
AuthType Basic
AuthName "Git Access"
AuthUserFile /opt/git/.htpasswd
Require valid-user

Remember to grant permission: $ chown -R apache /opt/git

Create password for authentication: $ htpasswd /opt/git/.htpasswd andy

$ systemctl restart httpd

You can init a demo repository for testing:

$ cd /opt/git
$ mkdir myproject.git
$ cd myproject.git
$ git init --bare

$ git clone to test



Setup Gitweb:

$ yum install gitweb

  • The html resource: /var/www/git
  • The config file: /etc/gitweb.conf

Now we need to modify the config file to set project root:

our $projectroot = "/opt/git";

Start tracking existing project:
cd <localdir>
git init
git add .
git commit -m 'message'
git remote add origin <url>
git push -u origin master



  1. Download CodeIgniter
  2. Place the folder into apache htdoc, delete the “user_guide” folder.
  3. Copy .htaccess to root directory to remove index.php in URL, also edit $config[‘index_page’].
  4. Edit config.php to set timezone, base_url, encryption key, session, cookie, etc.
  5. Setting CodeIgniter’s ENVIRONMENT constant in index.php to a value of ‘production’ before publishing.


Web security with CodeIgniter

URL Security:

XSS attacks: xss-filtering

$data = $this->security->xss_clean($data);

Bitmap injection:

if ($this->security->xss_clean($file, TRUE) === FALSE)
// file failed the XSS test

The function returns TRUE if the image is safe, and FALSE if it contained potentially malicious information that a browser may attempt to execute.

SQL injection: escaping-queries

The secondary benefit of using binds is that the values are automatically escaped, producing safer queries. You don’t have to remember to manually escape data; the engine does it automatically for you.

Web development

Cookie: a small amount of information sent by a server to a browser, and then sent back by the browser on future page requests.
If your server has previously sent any cookies to the browser, the browser will send them back on subsequent requests.
Alternate model: client-side JavaScript code can set/get cookies.
  • Cookies are only data, not program code.
  • Cookies cannot erase or read information from the user’s computer.
  • Cookies are usually anonymous (do not contain personal information).
  • Cookies CAN be used to track your viewing habits on a particular site.

Security issues:

XSS attacks, SQL injection, bitmap injection, CSRF

Man-in-the-middle attack (network sniffing)

Session hijacking

Form validation scenario:

  1. A form is displayed.
  2. You fill it in and submit it.
  3. If you submitted something invalid, or perhaps missed a required item, the form is redisplayed containing your data along with an error message describing the problem.
  4. This process continues until you have submitted a valid form.

On the receiving end, the script must:

  1. Check for required data.
  2. Verify that the data is of the correct type, and meets the correct criteria. For example, if a username is submitted it must be validated to contain only permitted characters. It must be of a minimum length, and not exceed a maximum length. The username can’t be someone else’s existing username, or perhaps even a reserved word. Etc.
  3. Sanitize the data for security.
  4. Pre-format the data if needed (Does the data need to be trimmed? HTML encoded? Etc.)
  5. Prep the data for insertion in the database.

In order to implement form validation you’ll need three things:

  1. A View file containing a form and displaying error message in correct place.
  2. A View file containing a “success” message to be displayed upon successful submission.
  3. A controller method to receive and process the submitted data.


Encoding, and encryption too, are two-way processes. Passwords are secrets that must only be known to their owner, and thus must work only in one direction. Hashing does that – there’s no un-hashing or de-hashing, but there is decoding and decryption.

DO NOT use weak or broken hashing algorithms like MD5 or SHA1. These algorithms are old, proven to be flawed, and not designed for password hashing in the first place. Only use strong password hashing algorithms like BCrypt (which has a limit of 72 characters), which is used in PHP’s own Password Hashing functions.



香港賽馬會 ﹣ 賽馬資訊

噴射飛航 -港澳碼頭船期表「港澳連城」通行證