webpasswdWebPasswd is a password app that I have been working on, its a self hosted PHP app, that stores usernames and password (along with notes) in an encrypted file.

I’ve released it under the MIT license and available on github at https://github.com/sam159/WebPasswd


PKCS#5 Padding with PHP

Here is a quick class for dealing with PKCS#5 style padding.

This padding is useful for encrypting data with DES/AES which have a multi-byte block size. MCrypt will by default pad out to the next block boundary with Null bytes which will show up in the decrypted data.

A good explanation can be found here.

class PKCS5Padding {
  public static function Pad($unpaddedString, $blockSize) {
    $additionalChars = $blockSize - strlen($unpaddedString) % $blockSize;

    $char = chr($additionalChars);

    return $unpaddedString.str_repeat($char, $additionalChars);
  public static function UnPad($paddedString) {
    $additionalChars = ord(substr($paddedString, -1, 1));

    return substr($paddedString, 0, -$additionalChars);

//Example use. $td is the resource returned by mcrypt_module_open
$paddedData = PKCS5Padding::Pad($data, mcrypt_enc_get_block_size($td));

Asus DSL-N55U Using VPN + DMZ

My ADSL router supports a built-in VPN server, but I also make use of the DMZ feature to expose my webserver without having to forward all the ports I need.

The problem I ran into is that the VPN traffic was forwarded to the DMZ host (feature or a bug?)

My resolution has been to port forward the VPN traffic back to the router. This involves adding forwarding to port 1723 TCP for PPTP control and 43 GRE (added as the ‘other’ protocol) and pointed both to the LAN IP of the router.

PHP: Dpi of a png image

I recently needed to determine the DPI of a set of PNG files (so that I could convert the size to points), with the exception of imagemagick there is no way to do this.

So here is a pure-php method of extracting the DPI from a PNG file, it searches for the pHYs chunk (which may or may not exist).

function read_png_dpi($source)
  $fh = fopen($source, 'rb');
  if (!$fh)
    return false;
  $dpi = false;
  $buf = array();
  $x = 0;
  $y = 0;
  $units = 0;
  while(!feof($fh)) {
    array_push($buf, ord(fread($fh, 1)));
    if (count($buf) > 13)
    if (count($buf) < 13)
    if ($buf[0] == ord('p') &&
        $buf[1] == ord('H') &&
        $buf[2] == ord('Y') &&
        $buf[3] == ord('s'))
      $x = ($buf[4] << 24) + ($buf[5] << 16) + ($buf[6] << 8) + $buf[7];
      $y = ($buf[8] << 24) + ($buf[9] << 16) + ($buf[10] << 8) + $buf[11];
      $units = $buf[12];
  if ($x == $y)
    $dpi = $x;
  if ($dpi != false && $units == 1) //meters
    $dpi = round($dpi * 0.0254);
  return $dpi;

Htaccess Builder

Here is a new tool for creating those often frustrating .htaccess files. It has the catchy name of Htaccess Builder and has been created by yours truly.

It is still in beta (like all great web 2.0 things) and I am looking for input to improve and expand it.

At the time of writing you can (not an exhaustive list):

  • Mass redirect urls
  • Redirect domains
  • Map urls to an index file (for fancy/pretty urls)

It has a Uservoice page at https://htaccess.uservoice.com for any and all input, so please let me know what you think and what’s missing that you would like to see.

Spotify Notifier

Spotify is my music player of choice and naturally I want to be able to know what I’m listening to without bringing up Spotify.

At work this is no problem as macs have growl (yes, iMac at work :). At home I have a Windows machine, although while there is growl for windows, Spotify doesn’t use it :sadface:

Solution? Write my own notifier of course, made possible by the fact that Spotify has the current track in its window title.

Long story short, it does this:

Fades in, and fades out again when a new song is playing. It also remembers its position when closed.

Its not configurable, changes to fade speed, time etc. would need to be done in code.

Written in C# with VS2008, source available via GitHub.
ClickOnce install/launcher: ClickOnce (click launch rather than install)
Traditional Installer: SpotifierNotifier- (Zip) (RAR)

New in version 1.0.1 21/05/2012 (Thanks to Petter Östergren for suggesting improvements)

  • Popup can now be resized
  • Popup remembers position/size when moved rather than closed
  • Should not steal focus

Creating a RAID array

Specifically a soft Raid 1 array on ubuntu 11.10. This guide is not for raiding your boot/main drive, but rather an extra ‘data’ array.

First thing you will need is a computer/server with 2+ drives (that you don’t mind loosing the data on), the Raid mirror will end up being the smallest of the two. You may use/mix advanced format 4KB drives, but I’ll get to that later.
Continue reading

New programming slang

Source Linky

Some of my favourites:

It is an error, which disappears or alters when it is attempted to be identified by analogy to Heisenberg uncertainty principle in quantum physics.

Reality 101 failure
The program (or more likely feature of a program) does exactly what was asked for, but when it’s deployed it turns out that the problem was misunderstood and the program is basically useless.

This is a prototype that ends up in production.

MEGA MOnolithic meTHod. Usually, it stretches over two screens in height and often contained inside aGod Object (an object that knows or does too much). Megamoths of greater size than 2k LOC have been sighted. Beware of the megamoth!

Htaccess rule creator for new to old urls

Here is a tool to create redirection rules, primarily for rewriting pages based on a query string to a nice seo url.
Created because .htaccess files are the easiest way to break an entire site.


Old Url: http://www.xnet.tk/index.php?page=123&something=else
New Url: http://www.xnet.tk/htaccess/rules/

The generated rule would be:

RewriteCond %{QUERY_STRING} ^page=123&amp;something=else$
RewriteRule .*  htaccess/rules/? [R=301,L]

It can’t handle crossing domains (yet).

Easy php output compression

Below is what I regard as a reliable method of doing gzip output compression.

One thing that normally breaks gzip compression is something printing/echoing before the ob_start (usually the result of an error, debug output, errant space somewhere etc…), this is where the ob_get_length and ob_flush come in.

The problem is that headers_sent is not a reliable way to tell if any thing has been output because it may still be in the output buffer, so if we flush it before hand problem solved.


function doPage()
   echo 'Hello World';

if (ob_get_length() > 0)

if (!headers_sent() &amp;&amp; @ob_start("ob_gzhandler"))
   //Probably a good idea to exit here as more output would break it