Blog posts

Paper Work

Finally, 3 days ago I have finished my work on a paper and sent it to referees to be examined. If they accept my paper, I will present it at Cankaya University in april. If they like it it will be also published in Journal of Cankaya University.


by zgrw on 2013-03-17 09:39:17

Setting Up SVN Server With Apache Support

Hello,

Yesterday I set up an SVN server on my local computer to use for our projects. My aim was to build an environment to enable my teammates commit their code changes. All commands below should be run as superuser.

First of all, you should install apache2, server;

apt-get install apache2

Well you have installed necessary tools. For default apache will read /var/www/. It is ok, this path is only to publish web sites. It is nothing to do with SVN.
Now, for our SVN server, we need to create some directories;

mkdir /var/svn

Now we are going to add a repository.

svnadmin create /var/svn/repos

Now change directory to /var/, create a user called svn and change owner and mod of the directory;

cd /var
adduser svn
chown -R svn:svn svn
chmod -R 777 svn

To be able to use svn directories we need to add both our user and www-data user to the svn group;

usermod -a -G svn www-data


It is good so far, now we will enable apache modulde;

apt-get install libapache2-svn

Now we have installed module to our server machine and we have to configure it, open configuration file with you favorite editor;

vi  /etc/apache2/mods-enabled/dav_svn.conf

Find the <Location /> element. It should look like this;

<Location /svn> #url path example: www.example.com/svn
  DAV svn #enable SVN
  SVNPath /var/svn/repos #path to repo
  AuthType Basic
  AuthName "Subversion Repository"
  AuthUserFile /etc/apache2/dav_svn.passwd #user passwords are stored here
  Require valid-user #disable anonymous login
</Location>

After saving your file you should create a user to be able to use svn server

htpasswd -cm /etc/apache2/dav_svn.passwd username

You should use this command only first time, it will create the password file and add first user in it. If you wish to add another user, you should use command withoud -c option. Now you have configured your domain successfully and ready to use it. You can add your first file to your repository after restarting apache server as fallows;

/etc/init.d/apache2 restart
svn import --username user_name test.file https://www.example.com/svn/test.file -m "First"


If you wish to use your svn as a subdomain, you must configure your apache server. To do so, change directory to /etc/apache2/sites-enabled and copy 000-default as svn-site. Open new file with your favorite editor and make it look like as fallows;

<IfModule mod_ssl.c>
<VirtualHost *:80>
        ServerAdmin admin@example.com
        ServerName svn.example.com
        ServerAdmin admin@example.com
        ServerName svn.example.com
        <location />
                DAV svn
                SVNPath /var/svn/repos
                AuthType Basic
                AuthName "Subversion repository"
                AuthUserFile /etc/apache2/dav_svn.passwd
                Require valid-user
        </location>
</VirtualHost>

That's all.
May the source be with you.


by zgrw on 2012-10-24 14:13:48

Computer Engineering Society Elections [Turkish]

Gecenlerde BMO'nun secimleri vardi. Ihlamur sokak vs vs adreste. Gerisini hatirlamiyorum...
Aklimda sadece Ihlamur sokak kalmis, ancak dert etmiyorum; bu adamlarin hepsi Bilgisayar Muhendisi, yari catlak olacaklar, benim gibi... Ayirt etmek kolay.
Ihlamur sokaga gittim, bir kalabalik, oranin hemen dogru yer oldugunu anladim.
Nasil mi? Insanlar adeta hayallere dalmislar, cevredekilerle konusuyorlar ama kafalarinda bir kodlar donuyor. Yuzlerinden okumak mumkun bunu. Belki is yerindeki bugi dusunuyor, belki son projesinin kodlarini hayalinde... Akilda bir sey kosuyor, belki sabah yazdigi kodu debug ediyor, kimbilir...
Tanimak zor degildi, bizden bir yerdi, benden bir parca vardi. Iceri girdim, biraz daha farkliydi icerisi, oy kabini biraz ciddilestiriyordu ortami. Oyumu kullandim demokratik bir sekilde. Biraz eksiklikler vardi elbet; yeni kurulmus bir oda nihayetinde.
Oradakiler bilgisayar muhendisiydi, bu adamlar sevmez ki yazi yazmayi, boyle oy olmamaliydi dedim icimden. Yine de dedim ya bizden bir yerdi, her ne kadar ayri dunyalarin adamlari olsa da orada, kahve, cay ve su eksik edilmemisti.
Biz bir de alisigizdir garip yerlerde yemek yemeye (kod yazarken, film izlerken, uyurken...) orada da durum ayni, doner hazirdi ayraniyla. Kaldirim kosesinde karnimizi da doyurduk. Gencecik odamiz sagolsun iyi bakti yeni uyelerine. Her bir isirigimda etrafima tekrar baktim, uzun sacli, top sakalli, kirli sakalli insanlar vardi cevremde.
Bira muhabbetleri, network sozcukleri, Java, C++lar havada ucusuyordu, orasi bizim ait oldugmuz yerdi...


Isimsiz


by zgrw on 2012-09-10 21:24:11

How to secure PHP login page with google one time authenticator

Hello,

This is my first blog post and I am a little bit excited. Today, I am going to explain you "How to apply 2 step verification" on your PHP login pages.



I will explain all of the steps for a Linux host but they should also work for a Windows host.

First step;
Download ga4php library from this link
Uncompress package and put ga4php.php into your website directory. (It is under lib directory)

Second step;
Create a new php file, in my example I named it auth.php. Then, you should create a class which extends GoogleAuthenticator class and then you should overload "getData, putData, getUsers" functions. Here is a example code;

require_once("ga4php.php");
$mysql_conn = mysql_connect("db_host", "db_user", "db_pass") or die ("error occured...");
$db = mysql_select_db("db_name", $mysql_conn) or die("error occured...");
class MyGoogleAuth extends GoogleAuthenticator
{
        function getData($username)
        {
                $res = mysql_query("select token from users where uname='$username'") or die(mysql_error());
                $token = mysql_result($res, 0);
                return $token;
        }
        function putData($username, $data)
        {
                mysql_query("update users set token='$data' where uname='$username'") or die(mysql_error());
                return true;
        }
        function getUsers()
        {
                ;
        }
}


I generated this file according to examples in the library. Here you should add a token field to your users table.

Then, we will create one more php page. In my example is is called "setToken.php". This page will create token for the users. You should call two methods, one to generate token, other one to display the required information for google authenticator application.

echo $key = $ga->setUser($uname, "TOTP");
$url = $ga->createUrl($uname);


Here, if you use TOTP parameter, it means it will be a time based authentication. If you don't write anything, it will be Counter based authentication. If you want to display a qrcode image on screen, you will need a qrcode generator library for this purpose. Here is the library that I have used on my project. After downloading the file, uncompress it into the same directory of your web page project. You should add "include("phpqrcode/qrlib.php");" line to head of your setToken.php file. Then, you should add fallowing lines to the file;

QRcode::png($url, 'qrcode.png');//this will create a qrcode image
echo "<img src='qrcode.png' />";


Now, just open your google authenticator application and scan the qrcode screen. Note that, this information is very fragile, should not have seen by other persons. So, it is best to send this information through a SSL tunnel.

Last step;
Finally, you have configured your users and google authenticator application for 2 step verification. Now, you should add 1 more input field to your login page for one-time-password. You can verify the password by adding fallowing lines to your code;

$ga = new MyGoogleAuth();
$auth = $ga->authenticateUser($uname, $token); //uname is the username and token is the OTP


If $auth is true then OTP is verified, if it is false then it means user has entered wrong OTP information.

I hope this article helps you. You may also secure your SSH login with google authenticator. Here is how to.


by zgrw on 2012-09-03 21:46:56

1 2 3 4 5