|
Mysidia Adoptables v1.2.4[Security Release]
Sorry for my lack of activity for the past two months guys/gals, real life sorta caught up but glad I survived. Mysidia Adoptables v1.3.x's development has been going smoothly, and this time I plan to release the last maintenance version of Mysidia Adoptables v1.2.x series. It is Mys v1.2.4, which adds some minor new features together with fixes of glitches and programming flaws. The most noticeable changes are:
1. User Profile Comments: This new feature enables users to drop profile comments to others profile. It is similar to the visitor messaging system aiming at making conversations easier and more convenient. Guests and banned users cannot leave profile comments. 2. Improvement of Breeding System: From now on admins can create adoptables with multiple breeding classes, simply separate each with comma. The experiment with multiplicity has been successful, which will help with future implementation such as multiple usergroups and trades. 3. Search Engine for Users: This is a minor feature for the search engine, which used to be only applicable for adoptables. It is possible now to search for users by username, usergroup and email account, this works out pretty much the same way as Kaeliah's adoptables search engine. 4. Implementation of Form Validation: As reported by Silverdragontears and her members, experienced users and hackers can use plugins such as firebug and inspectelement to mess up with sites. I've added validation/checkpoints in breeding and pound script to detect such behaviors and users manipulating the sites will get banned. 5. Script Optimization and Easier installation: Further script optimization has been carried out to improve the script and get rid of proramming flaws. The password encryption for Mys v1.2.4 is automatic for both admins and users, no need to run adminencrypt.php script manually. 6. Miscellaneous Bug Fixes: Infamous glitches regarding navlink cannot be deleted, siggy wont show and editing adoptables levels have been resolved, please do lemme know if you find more bugs in this version and I will get rid of them asap. Installation Guide: 1. Use ftp to Upload the folder "installation" to your preferred directory, and change the name from "installation" to whatever you like. 2. Change the CMD of folder "picuploads" to 777, together with its subfolders, this is required to enable user uploading images. 3. Access the installer script at "http://yoursitename.com/install/install.php", follow the instructions and proceed. 4. Congrats, you've successfully installed Mys v1.2.4. There is no need to manually encrypt your password in Mys v1.2.4, so cheers! Note: The value salt code can be generated from a website called: http://strongpasswordgenerator.com/, it can be of any length. Make sure to delete the file install.php after running this script, or your site is potentially at danger if this file is accessed by someone else. Upgrade Guide: 1. Use ftp to Upload every file within the folder "upgrade" to your Mys directory, choose yes when it asks you to rewrite existing files. 2. Access the upgrader script at "http://yoursitename.com/install/upgrade.php", follow the instructions and proceed. Since Mys v1.2.4 is planned as the last maintenance release of Mys v1.2.x series prior to the era of Mys v1.3.0, the work plan of Mysidia's dev team right now is completely concentrated on the next major release. Please keep in touch with us and I will update you all every now and then regarding the development of Mys v1.3.0. To download Mysidia Adoptables v1.2.4, please go to the following links below. I've uploaded both a .rar and .zip format file. Mysidia Adoptables version 1.2.4, rar file: http://www.megaupload.com/?d=A1L507LZ Mysidia Adoptables version 1.2.4, zip file: http://www.megaupload.com/?d=YTLFYNAL Hall of Famer |
woot :D gz on 1,2,4 release :P
|
I'm going to need help with this. I want to use the form validation part =)
|
It's still possible to change the item prices in my shop with inspect element. Can you help me fix that as well?
|
Well item system is not introduced for Mys v1.2.x, so it makes sense form validation is not set up for it. Dont worry, I do plan to implement form validation for all features of Mysidia Adoptables.
|
How soon do you think?
|
instead of using the posted price, use a query at the doadopt.php to look how much that adoptable id costs, easy as that.
|
Ok site dev Maple.... do it ;D
|
It wouldn't let me log on after I upgraded to the new version. It kept saying I didn't have permission to be on this page then I was logged out. Luckily I had a backup, but I think it's a bug.
|
@Silverdragontears:
Well the idea is quite simple, you may look at what I did with the breeding.php and poundpost.php files. The trick is to add checkpoints right before the mysql insert/update/delete line, and the checkpoints can be of anything you can think of. For instance, a user may use firebug/inspectelement to modify the adoptable to any species. You can verify if the user has changed the adoptables to someone else's, or specified adoptables of the same gender to breed. If so, it becomes apparent that the user has inappropriately changed the content of php form. A punishment will be carried out to have him/her banned from your site. Similarly, a user may change the content of poundpost.php so that he/she can adopt pets already belong to someone else's instead of orphan pets. A checkpoint can be added right before the mysql update query to see if the chosen adoptable has owner already. If so, the user has obviously used firebug/inspectelement to change the site content, and he/she will be banned for this action. Hope this explains what I mean by form validation, it is not really that complicated though in future I plan to update the codes once more to prevent possible sql injection. @ Kacekuma: What old versions were you using prior to upgrading? You must have Mys v1.2.3 already before performing this action, and I believe the upgrader works just fine if you have Mys v1.2.3 unless you have modified the structure of your database table. Whenever you have customized your site to such an extent, do not use the simple upgrader. |
Wow The updated killed my theme. XD I guess I really wont do anything with the site until v1.3 is out.
|
umm can you show me a screenshot of how your theme is messed up? I believe it can be fixed without much difficulty.
|
I think its gone gone. I'm working on a new site look anyway so its not so bad.
Is there a tutorial on how to implement your own templates? I can only make one editing the ones provided. |
Works perfect, thanks!
|
@AlkeeyaKC: I see, hopefully the new site template will work out for you. Tutorials for templates? I believe Nyxi and Chibi have posted threads regarding this before.
@Pokepet: This is good to know. I know you have an old RA site, so you'd better keep track with whatever is added/modified in this release so that it wont mess up with your site. |
system battle please :_)
|
When I try to download (mac here!)
I don't get a .zip file, just a folder with some more folders etc, which doesn't work on x10! |
umm you will need winzip to extract the files, google it and you should be able to download a trial version at least.
|
Gahh, everything was going great, it said it was installed, I followed the steps, then...nothing. :ohnoes: Totally blank page. I panicked and deleted everything on x10....reinstalling. Hope that's possible. ;3;
|
I followed the instructions, everything went fine, but I can't log in. I'm listed as the only user but when I try to log in:
"Sorry, we could not log you on with the details specified. You can try again or request a password reset." Then if I try to reset the password, it says: "There's been an error. The details you entered do not match any user in our system! We cannot reset your password at this time. The username Neonyx's email is Jenison_Neonyx@hotmail.com The username has 0 entries." Neonyx is of course me. What do I do? -.- |
Well can you possibly try to reinstall the script and see if you still cannot log in? There are multiple possibilities why you may not sign in after installation.
|
I have reinstalled it multiple times already, all with the exact same result :S
I can make new accounts fine, however. They can log in and out without a hassle, it's just the admin one that the site refuses to log in. It does say that the account exists, and you can't use the same detail/s for any other accounts, yet it denies password reset... Could it be the salt code I was using? I got it off the site that was linked though... Don't know anything about how all that works, so I have to ask lol... But I guess you'd know by now if it was possible for a salt code to be too weird :P lol Either way, is there a certain file I could access and change some details on in to change the admin user? Probably the easiest solution at this stage. And just to make things clear, other than picuploads and its contents, which other files *need* to be chmoded to 777 before the installation? In addition to picuploads, I initially did config.php, but when that install didn't work, I chmoded the entire inc directory to 777 just to see if that would work, lol. Since that didn't work, and since I've heard a few different things on what files need what permissions, I have to ask :) *EDIT: when I say "didn't work", I simply mean wouldn't let the admin log in. The rest of the site installs fine as far as I can tell. |
Well it could be the salt code's problem, but I wonder since it does work even with symbols in your characters. Now I'd advise you to check the password of your admin(user id=1) from phpmyadmin and see if its password is considerably shorter than the other users. If so, the password encryption is not working for the very admin user you just create upon installing the site. I will see how to resolve your problem then.
|
I appologise for my noobishness...
I assume that in "phpMyAdmin", I am supposed to open "adopts_users", and then "password"? And I assume that those really long numbers in the light-blue table are the users' encrypted passwords? For the admin user and the second user that I registered, the numbers are about the same length. Problem is, I can't atually remember how long the admin password was (yes, I forgot it this time >.<) it could have been one letter, or a few words, I don't remember :/ Either way, I am going to delete the Mysidia Adoptables files off my database, then re-download Mysidia Adoptables, then reupload the files, incase something went wrong with my initial download and it escaped my notice. When I reinstall it, I will use a letters-only salt code. I'll be back soon with info on how it goes. **Edit: Okay, so I completely remade it all from scratch; new database, fresh MysAdopts download, fresh install, etc. I used a letters-only salt code, and the only thing I chmoded was "config.php", to 777. I went to my website, logged in as the admin, and it WORKED!! :D There is one minor weirdness though: when I followed the link to http://www.../admin.php, it said "access denied", but when I took the "www." out of the url, the CP worked. Unfortunately, this still leaves the problem's actual cause unknown, but there is a strong possibility that the salt code was to blame. Someone should probably look at that one day. I might, but not tonight. Maybe tomorrow night. Either way, if you're curious, the salt code I was using was: n"8Y-@CM,,WS:$( Perhaps one of those characters are to blame? |
Glad to know it did work for you in the end. I do not know if the salt code was the cause of your problem, but it is a possibility that certain characters such as $ , " and # will mess up with the code since they have special meanings in PHP script. If so, the script may have mistaken these characters as a PHP unique symbols, which in turn mess up the admin password encryption.
|
Hi there-
Was hoping I would not have to post here but I can't even get to the installation page. I unzipped, point my browser at the page directed and get a 404. That's it - I even dug inside and tried to figure things out, but I can't get it working. Quote:
Quote:
Quote:
I'm not sure what little thing I'm overlooking, and would be glad of any help. I've been an HTML/CSS coder for a few years on the side of what I normally do for a living, but this is my first trek into php. My site artist has been working her butt off, I don't want to dissapoint her by not being able to do my part all of a sudden. |
You're wrong on step 2. Not changing the name. You're changing the permissions.
|
Yeah, fiugured that out, but it doesn't matter because I can't seem to install anything, let alone change permissions. I'm not using the server providers that the guides are, so it's not helpful to me at this time.
|
try to download the script again and see if you have the install folder there. It should be a folder that says install within the download
|
Now that megaupload is shut down, I have reuploaded the script files of Mys v1.2.4 to Rapidshare and mediafire. The download links are provided below:
Rapidshare links: https://rapidshare.com/files/2095740...les_v1.2.4.rar https://rapidshare.com/files/2893312...les_v1.2.4.zip Mediafire link: http://www.mediafire.com/?cg0g0hkyxh1nb9f |
Just wanted to pop back in and say I messed around with learning mySQL (blech, hah) and I've managed to get it running. many thanks to everyone for their support.
I thought about this when I heard about Megaupload - fast re-uploading, that's good for everyone, good job :) |
Mega upload got shut down by the government.
|
I've updated the links, but sorry I have not edited the frontpage of Mysidia Adoptables. Please direct your friend to the support forum to view this thread if they are having trouble downloading.
|
I have the newest update and my members are complaining that whenever they press adopt me when the pound is empty they get banned. I tested it myself and it's true. Is there a way to fix this?
|
Umm this feature was added to prevent users from cheating with the pound script, since with the older script you can steal other people's adoptables by using firebug or google chrome. I think the best way to 'fix' this is to make the 'abandoned adoptables center' inaccessible for users if no pounded pets are available.
|
Maybe hof something like you're talking about could be added in a later 1.3.0 or 1.4.0?
Anyways, I'll take a look at some php guides :P |
I know I've asked a few times already, but I was just wondering... since February is here, is there another release date for 1.3.0?
|
I was also wondering when it will be coming.
|
I know some sites are actually revolving their release date/production around the new release, myself included, so I kinda am quite interested... xD
|
I'd love to know, it was the middle of January, then the end of January...
I hope it's out soon. |
| All times are GMT -5. The time now is 09:19 AM. |
Powered by vBulletin® Version 3.8.11
Copyright ©2000 - 2024, vBulletin Solutions Inc.