Secure your web experience

Instructions for browser settings

How to run Internet Explorer securely

How to run Apple's Web browser securely

My experience with bibliography manager

I need a bibliograph manager. My requirements are very clear: 1) web interface; 2) multi-user access; 3) search function is important; 4) comments; 5) better be able to import BibTex format; 5) better be able to generate EndNote and BibTex format; 6) better to be written with PHP so that I can tailor it easily.

I searched a little bit and found some freewares. Below is my experience with some of them.

Refbase - not successfully run

Uncompress the tar.gz file. According to the INSTALL, I changed the database name, username and password in db.inc.php. Since I don't have root access on my web server, I manually created the database and then run the SQL setencens in install.sql file. As the results, tables are created and an initial user user@refbase.net with the password start> are created. Login as user@refbase.net, the first thing is to change the default password. The authenication method is different with the PASSWORD function provided by MySQL. Then created some users.
Some references already exist in the database. The problem is: limited format (no procedding or conference entries; details link cannot work; import function cannot work.

BibAdmin - which is used by INRIA, working well so far

Easy to install and run. It can be used for your publication management or reference management. In parameters.php, I set $pubs_type_biblio = false; for reference management. Then, I found every of my requirements are satisfied here. Only small justifications needed.
BibAdmin provides simple and easy-to-use interfaces. I particularly like their import function of BibTex format text. It works perfect. I noticed that they use md5 as their crypt method for password. I was cheered up with this software and would continue to use and polish it.
A bug for comments was fixed
The bug is that you cannot change access of a comment. A "no permission" warning was given.
Fix: Change function get_com_query() in fc_comments.php file. Change empty($access) to empty($access)||$user.
Change default value of Status for new authors in add.php: change default value of indexed field of bib_auth table to Not an member.
Change default value of Access for comment in add.php: Change default $acc_com value in fc_records.php to 0. It was used to be -1, which means the default value is Me Only.
Change default value of Access for comment in show.php: I want to change to default value to 'Group' instead of 'Me Only'. Function get_com_form() is used to print comment formm here. In the function, the access method is set to 'Me Only' by default. To change it, move the condition empty($access) from the OPTION of 'ME' to the option of 'GROUP';
Fix HTML tag bug in comments: I tried to use HTML tags like [a] and [b] in my comments. But that comment cannot be displayed correctly. I found that BibAdmin try to put all the content of the comment in a javascript sentence like this: [a href="javascript:deletee('link', 'id', 'rich comment', 'user', 'type'); return false;" onclick="deletee('link', 'id', 'rich comment', 'user', 'type'); return false;"]del[/a]. Since rich comment may include double quote, it will result a display problem. We can use String.fromCharCode() method to replace the double quote. Since this delete prompt is not important, we can just delete the content of comment in the parameter list of javascript function.
How to change the size of comment box: All you need is to edit a line in fc_comments.php. Search Comment: and edit the following textarea tag.

A more complete guidance for HTML

For beginners, I would like direct you to W3schools' HTML Tutorial. W3schools is a place where you can find good tutorials for most of web technologies.

For advanced programmer, you may want to read the Specification of HTML 4.01 and the Specification of XML 1.1.

I also collection some interesting knowledge about HTML.

• Define an expression in HTML. Although I cannot find any standard describing this. This works in IE 6 but not in Netscape 7 and not tested in Firefox yet.
  Click Here to test if you are using IE
  The code is as below.

  <div id="mycode" expr="alert('hah!')" onclick="eval(document.all.mycode.expr)" > Click Here to test if you are using IE</div>
  

  You can even execute your script stealthily when the document is loaded. This is often used by malicious code to be executed stealthily. Since IE is more tolerant for those codes, IE is not as secure as Netscape and Firefox.

  <div id="mycode" expr="alert('hah!')" style="background:url('javascript:eval(document.all.mycode.expr)')"> 
  

A more complete guidance for JavaScript

Here I try to collection a complete guidance for JavaScript while I am working on that. First of all, JavaScript is not and unrelated to the Java programming language! Search a little bit, you'll find a lots of articles on that.

For beginners, I would like direct you to W3schools' JavaScript Tutorial. W3schools is a place where you can find good tutorials for most of web technologies.

For advanced programmers, you may want to look at the Core JavaScript Reference and the ECMAScript Specification, which is the standard for JavaScript (Netscape) and JScript (Miscrosoft).

I also collection some interesting knowledge about JavaScript.

• The for and event attributes of the script tag can associate the code with the event. The following example defines JScript code and associates it as the onmouseover event handler for the img element that has the identifier MyImage. But this can only work with IE 6, not Firefox 2.0 on my computer.

  <script for="MyImage" event="onmouseover" 
  type="text/javascript">
      // Carry out some work, e.g.
      alert("hey!")
  </script>
  ...
  <img id="MyImage" src="sample.gif">

• You can also set the background of an element in class "bar" by executing a JavaScript.

  <style>.bar{background-image:url("javascript:alert(’JavaScript’)");}</style>
  

• The example above indicate that JavaScript can also be used as a protocol as ftp and http. For example, you can enter the following url in the address bar of your browser to see what happend.

  javascript:alert("Hello World")
  

  The script will be executed and an alerting box will pop up.
• String.fromCharCode() write Unicode characters. You can get Unicode values (be prepared to download a 33M file.
• When you put a block (say, with id="id1") inside a [select] block, you cannot use document.getElementById("id1") to get the object of the block. Solution: move the block out of [select] block.
• Get text of a span block, use innerHTML property.