Creating a Browser Not compatible message

Angel provides a SystemCheck Nugget that you can download from their support center. It works well, and lets your users know if they have all the necessary components installed. Unfortunately, it isn't very "loud" if a user is using an unsupported browser, such as Safari. So today, I am going to detail how to modify the check nugget to have a javascript alert message display.

Additionally, if you aren't the coding type of person, a zipped file with these changes already in place can be found here.

You will only need to modify the default.asp file found in the SystemCheck folder. So open that file now in your favorite editor. Do a find for "switch (caps.browser.type)" (without the quotes). This will take you to the part of the code that you need to edit.

If you wish to display a message to IE 6.0 users add the following code under sBrowserIcon = "explorer";

if (caps.browser.version == "6") {
sBrowserIcon = "whitespace";
sUnsupported = '<tr><td colspan=2><img src="' + sIconPath + 'warning.gif" alt="<%=dLang("Warning")%>" valign=textbottom hspace=2><span style="color:red"><%=dLang("InvalidBrowser")%></span></td></tr>\n';
alert("You have an old version of Internet Explorer. Please use IE 7.0+ or Firefox.");
}

This does two things. It displays a message on the System Check nugget itself that the browser is not supported. Additionally, it will display a popup alert message.

To add one specifically against Safari, you will now add the following code before default:

case 'Safari':
sBrowserIcon = "whitespace";
sUnsupported = '<tr><td colspan=2><img src="' + sIconPath + 'warning.gif" alt="<%=dLang("Warning")%>" valign=textbottom hspace=2><span style="color:red"><%=dLang("InvalidBrowser")%></span></td></tr>\n';
alert("Safari is not a supported browser. Please use Firefox, or if on Windows IE 7 or greater.");

Also be sure to add a break; command before the case 'Safari': line.

If you have any questions, feel free to contact me here or elsewhere.

Cya,
Paul

Adding a 3rd party form in Active Admissions

Recently, I was asked by another college how we successfully implemented forms that we want to submit to third parties, such as our Library system's search network, our Google search, etc. So today, I'm going to cover how that is done. This trick is fairly simple, and best implemented within XSLT.

First you'll create your XSLT document with the following shell...

<xsl:stylesheet version="1.0" xmlns:xsl="http://www.w3.org/1999/XSL/Transform" xmlns:ACControl="urn:This:Control" xmlns:ACXslt="urn:ActiveCampus:XSLTLibrary" exclude-result-prefixes="ACControl ACXslt">
<xsl:output method="xml" indent="yes" omit-xml-declaration="yes"/>
<xsl:template match="/">
<!--- Put your Form Here -->
</xsl:template>
</xsl:stylesheet>

As you can see in the middle, I've highlighted where your form code will eventually go.

Now we'll start creating your form. In this example case, we are going to use a simple Google Search. Below is the Textbox for the search.

<input type="text" name="q" />

This is fairly straight forward... now comes the real fun, the Submit Button.

<input type="submit" name="b1" value="Go" onclick="javascript:WebForm_DoPostBackWithOptions(new WebForm_PostBackOptions(&quot;b1&quot;, &quot;&quot;, false, &quot;&quot;, &quot;http://www.google.com/search&quot;, false, false))" id="b1" />

Hopefully while looking at this you'll notice that instead of actually putting up a quote, in the XSLT, I am actually putting in encoded quotes. This is very important otherwise it won't work.

While I'm on the subject... this would be much more straight forward if Datatel enabled the ability to insert Javascript directly into their Rich Text Editor. Unfortunately they turn that capability off, and the only way to get it switched is via a programmer switch. So I encourage all Active Admissions users to contact Datatel and submit a request to get it turned on. Part of the reason for this is, that I believe schools should have the capability to use all technology, and not be limited. Give us the freedom to create!

Feel free to post, or contact me if you have any questions on this process.

Cya,
Paul

IPSCA Certificate Expires December 29th

CWC uses IPSCA SSL Certificates because they are free for higher ed institutions. They have worked fairly well over the past several years. However, a brief check made us realize that their root certificate will expire on December 29th invalidating all of our campus's certificates.

At the time of the discovery, they did not have a new certificate installed on any browsers. In fact at the time of this posting, only Internet Explorer has their new root certificate. What this means, is that viewers of your website after December 29th will receive an invalid certificate warning, unless they have the most recent December Microsoft updates, and are running on Internet Explorer. Anyone who visits a secure site that uses IPSCA certificates after December 29th on another browser, will get an invalid security certificate error message.

As a result, CWC has moved to GoDaddy. They offer fairly decent prices, and as an added bonus allow us to track certificates automatically.

IPSCA did not even send out a notification to its users until December 22nd!! (7 days before all of their certs expire).

So if you, or your organization uses IPSCA certificates, at this time, I highly recommend that you move to a different organization. Otherwise, come that day... you're going to have a lot of interrupted services on your machines, because even though the SSL may be valid, the root that it points to will be invalid.

If you wish to stick with IPSCA, you can now renew with a new certificate, and if you pay they are offering you 2 to 3 months (depending on which email you get from them) of extended service on your certificate. But you will need to renew it, and install a new chain certificate for it to continue working. However, note, that as of December 23rd... only IE users who have installed the most recent patch will see your certificate as valid.

Happy Festivus,
Paul

Campus Safety

Last spring, I made an entry about a security situation that arose near our campus housing that I did not agree with how it was handled.

Last Friday, a threat towards an unspecified instructor was left in one of our bathrooms. As a result, our school implemented its emergency team, and notified the local PD, who kindly sent three officers to patrol our campus for the day.

Unfortunately, the event happened the week before we launched our new Emergency Notification system (Blackboard connect for those who are curious).

However, we were able to spread the word quickly once we received direction. The committee was meeting, and it took some "ahems" to get into the room and get them to give us a statement to post on the website. Upon doing that, we also spread the word through our social media networks, campus email, and any other means we thought possible. The main reason is that rumors were starting to spread, and many students were getting frazzled by the unexpected police presence and searches going on as they entered class rooms. Additionally, some instructors were taken out of their class as a precautionary measure and replaced with another staff member to proctor the final exam.

Hopefully the incident was just an empty threat. I'm proud that the school did handle things in a much quicker way. There were a couple of issues, that I'll pass up the chain in hopes that next time we can spread word to students and visitors to the campus more effectively.

Merry Christmas, Happy Holidays, or Happy Festivus. Take your pick based on your religion!

Cya,

Paul

Web Advisor Fix for "To Many Cookies" Javascript Error message

Like many schools we have experienced the Javascript error for to many windows open cookie error. Datatel advises that you remove or modify the code to fix the issue. For us, we deemed that as a workaround, and weren't willing to make the change (partially because every upgrade until they fix the issue will require to redo the workaround. Instead, I decided to look into the actual issue, and for a way to fix it.

First I'm going to describe what their code does and why it can be problematic, and at times it feels difficult to locate the source of the error. Then I'll tell you how we solved it, and give some recommendations on how other schools can fix the issue.

The Javascript that produces the error message counts the number of cookies in the current session. They have decided that if you have more than 18 cookies in your session, it is to many and thus, you receive the error message. Web Advisor by itself produces 16 cookies upon the session being generated.

Their code only examines the number of cookies, it does not check to see if the cookie actually belongs to Web Advisor or not. The reason why this can be an issue is how different servers can read cookies via hierarchical methods.

For instance... Lets say your user first visits http://myschool.edu. Our Website for this URL generates 11 cookies. Then you eventually log onto Web Advisor at http://webadvisor.myschool.edu. Upon entering your credentials, Web Advisor generates 16 cookies. However, webadvisor.myschool.edu can actually read cookies generated at cwc.edu. See Table Below for more details...

Left Hand Column can read Top Row of URL Cookies...

	mys.edu	wa.mys.edu	www.mys.edu
mys.edu	XXXXXXXX	No	No
wa.mys.edu	Yes	XXXXXXXXXXXXXXX	No
www.mys.edu	Yes	No	XXXXXXXXXXX

• Based on the table above if you are on myschool.edu it cannot read cookies for any its subdomains.
• If you are at webadvisor.myschool.edu it can read cookies for its parent domain, but cannot view cookies for any siblings (such as www).

So our solution was to do the following. If somebody visits our website at the URL http://myschool.edu, we first clear any established cookies for myschool.edu. We then redirect the visitor to http://www.myschool.edu. As such, now when the user attempts to log into WebAdvisor they should not have the problem any longer.

Similarly... this problem can manifest itself if you have an independent URL for your Web Advisor installation. For instance myschoolWA.com If you allow access to the site via myschoolWA.com and then at some point that user is switched to www.myschoolWA.com then the user may experience the to many cookies error.

Ultimately this issue is not a Datatel or WebAdvisor problem in my opinion. I believe the problem lies within the browsers allowing a subdomain to access cookies of a parent website. While it certainly has its uses it can also lead to Cross site scripting issues if you aren't careful. (Think student website under the myschool.edu domain.)

Remember cookies are in the control ultimately of the user. So depending on the users settings, you may not be able to delete cookies even if you tell it to do so. But by trying to avoid the situation above this should greatly reduce the number of users that receive this error message at your school.

Have a Merry Christmas and Happy Holidays to everyone!

Cya
Paul

Active Admissions & ActiveCampus musings

So we learned a few weeks ago that ActiveAdmissions is moving to a new platform called Recruiter. Additionally, there is no roadmap for improving ActiveCampus. Their developers and executives also admitted that the software is crap... and they blew it by pushing out the software so hard.

So it's great that their is a plan to rework the application and recruiting side... however, it leaves us in no man's land with regard to our current CMS. Should we continue to actively work on a platform that is basically unsupported, with no implementation roadmap down the future? The product is lucky to see 2 updates a year. In the world of the web, that is simply excusable. Additionally, I've learned that in the world of the Web CMS, a closed box solution is simply much to difficult to work with. I'm hoping to gain some knowledge and hopefully push for us to move to an OpenSource CMS in the future. At this point, I don't care about technology, but I'd prefer to stick with .NET for the sake that we're primarily a M$ shop.

Outside of that, I did manage to fix a bug in their Lightbox code. So woohoo there! :) I was a good denizen and passed my fix on up to Datatel so that they could fix it if they ever release another patch. (We're not going on 5 months since the last patch...)

In the past few months, I've been receiving quite a few phone calls and emails asking about the ActiveAdmissions/Campus and whether or not it is worth it to move over. While I won't tell you whether or not you should move to it, I will be very honest with our dealings, explaining the positives (there are a couple) and the negatives... I'm also happy to demonstrate via a PC sharing session as well so that you can see a real world user experience...

Until next time, glad some of you still visit the site.

Paul

Where did the summer go?

Well my spring and summer has been slammed. As a result, this blog has been neglected. However, in that time some major things have happened.

• CWC launched the new Active Admissions website, but not the Online Application.
• I've done a lot of fishing this summer, including catching my first Wyoming fish... 2 large mouth bass and a couple of blue gill so far.
• I haven't attended a single RC Race yet this summer. *sigh*
  

With regard to the new site launch. We launched the site in late June. For the most part it has gone over fairly well. As usual some hate change and they complain very loudly. Oh well.... that's life.

Unfortunately, for a few things we are still pointing back to the old site. I'll be converting those items over to the new site as we move forward. However, some of these tasks will be a bit more difficult as I'll need to do my own custom programming to make them work.

In any case, I have customized our site a bit more, and added my own programming, such as a custom 404 error handler that redirects the user to a page if they reach an old page in error.