Mysidia Adoptables v1.2.3[Security Release]

[Hall of Famer]

It is finally time for another security release of Mys v1.2.x series, after we've been devoting to the development of Mys v1.3.0. Since Mys v1.3.0 will still take a while to be available for public, I feel necessary to release Mys v1.2.3 to fix some security issues especially after a user called Tony brought it up to me. So technically, Mys v1.2.3 is the first true definition of a security release, the new features from this security release are:

1. Secure hash functions: The new user passwords are encrypted with 128 characters hash instead of 32 characters, joined with pepper(hard-coded) and salt(user-defined). This pretty much makes your site unhackable against most hackers. Cant do anything about professionals who break into government sites easily though.
2. Password Encryption Wizard: Since the new password hash is quite different from old md5 method used, you will need to run user password encryption wizard to update your passwords after installing/updating Mys v1.2.3. You wont be able to login without doing this.
3. Script Optimization: We manage to fix many script flaws in old Rusnak Adoptables script as I took over from BMR, good examples are while loop running only once, and mysql_num_row usage.
4. Registration Questions: Starting from Mys v1.2.3 admins can set registration questions to prevent bots from registering. We planned to use recaptcha before, but it is too complicated to install as it requires every user to manually modify her script files after going to recaptcha's official site to get the so-called Key.
5. Random Levelup Money: In Mys v1.1.x, users can gain random money from a range of minimum and maximum values for clicking pets. This feature was somehow removed from Mys v1.2.0 to v1.2.2, but it is now back again. The correct format is "minimum" , "maximum", and a random number will be generated from these two.
6. Miscellaneous Bug Fixes: We also fix a few bugs present in Mys v1.2.2, an infamous example is the donation glitch, from which users can donate negative amount to steal money. This is not possible now, as negative number will be automatically translated into their corresponding absolute value.


Installation Guide:
1. Use ftp to Upload the folder "installation" to your preferred directory, and change the name from "installation" to whatever you like.
2. Change the CMD of folder "picuploads" to 777, together with its subfolders, this is required to enable user uploading images.
3. Access the installer script at "http://yoursitename.com/install/install.php", follow the instructions and proceed.
4. Important: After installation is completed, run the script admin password encryption wizard at "http://yoursitename.com/adminencrypt.php" to encrypt your password before logging in.

Note: The value salt code can be generated from a website called: http://strongpasswordgenerator.com/, it can be of any length. Make sure to delete the file adminencrypt.php after running this script, or you will have to reset your password manually.


Upgrade Guide:
1. Use ftp to Upload every file within the folder "upgrade" to your Mys directory, choose yes when it asks you to rewrite existing files.
2. Access the upgrader script at "http://yoursitename.com/install/upgrade.php", follow the instructions and proceed.
3. Important: After Upgrade is completed, run the script User password encryption wizard at "http://yoursitename.com/userencrypt.php" to encrypt your users' passwords.

Note:The size of column "password" in table prefix.users is now varchar(200) instead of carchar(100), its recommended for you to doublecheck this before updating user passwords. Also removing userencrypt.php after running this script is recommended. To change the salt value, just edit the upgrade.php itself and find the corresponding default value. Replace it with whatever you want.


I am sorry Mysidia Adoptables have not been productive since the beginning of summer, after the release of Mys v1.2.2. The development of Mys v1.3.0 is still our top priority, but there is a chance that a few security releases for Mys v1.2.x series will be available before official release of Mys v1.3.0. I will let you guys/gals know whenever possible.

To download Mysidia Adoptables v1.2.3, please go to the following links below. I've uploaded both a .rar and .zip format file.

Mysidia Adoptables version 1.2.3, rar file:
http://www.megaupload.com/?d=KR3U1YXO
Mysidia Adoptables version 1.2.3, zip file:
http://www.megaupload.com/?d=JCK0NJSD

Hall of Famer