PDA

View Full Version : Mysidia Adoptables v1.2.2[Security Release]


Hall of Famer
04-11-2011, 09:09 PM
I'd like to announce that Mysidia Adoptables v1.2.2 is now officially released to public. This is another Mys v1.2.x series security releases that add two more new features together with one user profile fix. Other than the upgrader of Mys v1.2.1 to Mys v1.2.2, it is also possible to upgrade from Mys v1.1.4 to Mys v1.2.2 with a mega-upgrader.


New Features:
1. Donation System: The donation system seemed to be present in Mys v1.1.x series, but with tons of glitches. The new donation system for Mys v1.2.2 was designed by Fadillzzz, and it should be good to use.

2. Friend/Friend list System: Starting from Mys v1.2.2, your members can add each other to friend list by sending out friend requests, which must be approved by another user. You may restrict PM or Trade usage to your friends only with this new feature. In future the friend system will be integrated with lots of new features.

3. Profile Fix: As ChibiKawaii mentioned in Mys v1.2.1's official release thread, the user profiles were messed up if they have yet to set avatars and favorite pets. This issue is now fixed in Mys v1.2.2.

4. Mega-Upgrader from Mys v1.1.4 to Mys v1.2.2: Yes, it is finally possible to upgrade from old Mys v1.1.x series to Mys v1.2.x. An upgrader from Mys v1.1.4 to Mys v1.2.2 is available to download, while users running earlier versions of Mys v1.1.x may need to upgrade to Mys v1.1.4 first to use this upgrader.


To install the script, simply upload all files within the subfolder 'Installation' inside the zip file to your adoptables directory. It should be quite self-explanatory, read ChibiKawaii's tutorials if you have trouble installing the script. Note an installer script can be accessed by the directory 'Install', it can be accessed easily. Do NOT upload the entire Mys122 folder to your server, it will not work this way.

To upgrade from Mysidia Adoptables version 1.2.1, you will have to do is to upload files within the folder 'Upgrade' to your adoptables directory. The config.php file has been removed from subfolder Upgrade, so you are not likely to suffer the same issue as Elfhome had with Mys v1.2.1. When it asks you whether to overwrite your old files, choose yes to proceed. After this is done, run the upgrader script and follow the instructions as provided. It should take only a few secs to upgrade. Keep in mind that the upgrader script is in the 'Install' folder, you may access it through the following link below:

yoursitename.com/install/upgrade.php

or if you are using a subdirectory, use this:

yoursitename.com/adoptablesdirectory/install/upgrade.php


After upgrading to Mys v1.2.2, please do remove your upgrader script file through ftp to prevent security issues in future. This upgrader script only works for users running Mys v1.2.1, do not use if you are running an older version of Mysidia Adoptables.

The Mega-upgrader, on the other hand, has been uploaded to Megaupload separately. In order to upgrade from Mys v1.1.4 to Mys v1.2.2, you pretty much need to overwrite all script files(except for config.php, keep this in mind) in your adoptables directory. Then follow the same procedure as introduced for Mys v1.2.1 to Mys v1.2.2 upgrader. Note you may not be able to upgrade successfully if your site is heavily customized with Mys v1.1.x Mods.


To download Mysidia Adoptables version 1.2.2, please click the link below(it includes both an installation folder and an upgrade folder for users currently running Mys v1.2.1):
http://www.megaupload.com/?d=3OSHWX89

The following link is for Mysidia Adoptables Mega-Upgrader, note you must be using Mys v1.1.4 in order to run this upgrader script:
http://www.megaupload.com/?d=16NII190

Inf3rnal
04-12-2011, 08:54 AM
Sounds like amazing additions!

Testing out version 1.2.2 right now. :3

AlexC
04-12-2011, 11:58 AM
yay! :D *goes to upgrade* I shall be doing this better this time. xD No mistakes. I love how many upgrades there is, it's awesome how active the community is.

bruno954
04-12-2011, 12:24 PM
here has these following errors

Warning: mysql_fetch_array (): supplied argument is not a valid MySQL result resource in C: \ Xampp \ xampp \ htdocs \ inc \ functions.php on line 814

Warning: session_start () [function.session-start]: Can not send session cookie - headers already sent by (output started at C: \ Xampp \ xampp \ htdocs \ inc \ functions.php: 814) in C: \ Xampp \ xampp \ htdocs \ inc \ functions.php on line 21

Warning: session_start () [function.session-start]: Can not send session cache limiter - headers already sent (output started at C: \ Xampp \ xampp \ htdocs \ inc \ functions.php: 814) in C: \ Xampp \ xampp \ htdocs \ inc \ functions.php on line 21

Warning: mysql_num_rows (): supplied argument is not a valid MySQL result resource in C: \ Xampp \ xampp \ htdocs \ inc \ functions.php on line 37

Warning: mysql_numrows (): supplied argument is not a valid MySQL result resource in C: \ Xampp \ xampp \ htdocs \ inc \ functions.php on line 200

Warning: mysql_num_rows (): supplied argument is not a valid MySQL result resource in C: \ Xampp \ xampp \ htdocs \ inc \ functions.php on line 268

Warning: mysql_num_rows (): supplied argument is not a valid MySQL result resource in C: \ Xampp \ xampp \ htdocs \ inc \ functions.php on line 270


please help me I'm Portuguese '-'

Hall of Famer
04-12-2011, 12:37 PM
@ Inf3rnal: Thanks for your comment, glad you like it.

@ Gloometh: I am sure you will be just fine, make sure you only upload script files within the folder Upgrade to your server.

@ Bruno954: There is something wrong with your database info at config.php. Check if you've entered these fields correctly, especially the table prefix. Also check database user permissions.

bruno954
04-12-2011, 01:04 PM
<?php
//Mysidia Adoptables Site Configuration File

$dbhost = 'localhost'; //DB Hostname
$dbuser = 'root'; //DB User
$dbpass = '******'; //DB Password
$dbname = 'digimonadventure'; //Your database name
$domain = '*.*.**.**'; //Your domain name (No http, www or . )
$scriptpath = ''; //The folder you installed this script in
$prefix = 'adopts_';

?>

Note I put the stars not to show

nobackseat
04-12-2011, 04:20 PM
http://www.virtualpetlist.com/showthread.php/3760-Mysidia-Adoptables-Review

I suggest all of the development team take a good look at that thread.

NBS

Hall of Famer
04-12-2011, 04:45 PM
I hate to repeat this, but again most of these flaws already existed back in Rusnak Adoptables I purchased a few months ago. If you ever remember why Kaeliah got sorta mad at you last time, it was because you are firing all these blames on this dev team for something they did not do. You are being way too impatient against a project that has just recently been revived from more than 1 year of inactivity. This may not have been what you meant to say, but its the impression I got from you.

I've been working on fixing the 'loops runs only once' issue, which will be different in Mys v1.3.0. What I've been doing lately were adding new features to the script since it lacked these to begin with, but we will eventually get to the part of performance improvement and codes revision.

nobackseat
04-12-2011, 04:59 PM
I hate to repeat this, but again most of these flaws already existed back in Rusnak Adoptables I purchased a few months ago. If you ever remember why Kaeliah got sorta mad at you last time, it was because you are firing all these blames on this dev team for something they did not do. You are being way too impatient against a project that has just recently been revived from more than 1 year of inactivity.

I've been working on fixing the 'loops runs only once' issue, which will be different in Mys v1.3.0. What I've been doing lately were adding new features to the script since it lacked these to begin with, but we will eventually get to the part of performance improvement and codes revision. You may not like the way I manage this project, but thats life, something you cant change.

So play the blame game. I truly don't care whose fault it is. But users are running these awful scripts everywhere, and I think it is wrong. Two months time is surely long enough to repair these very simple basic issues. (Yes, they were mentioned in my post two months ago.)

Lol, I'm not trying to change the way you manage the project. I'm simply creating awareness of the script in its current state, and it does seem that you fully agree with me on its quality.

I anticipate that you or your team will go resort to "but we're not paid, we're volunteer". I recommend you start paying your development team, and perhaps it may improve someday.

When you bought the script, you inherited its issues too. I believe the owners and maintainers of it should be held responsible for its content. But that's just my opinion.

I wasn't originally trying to be rude. You couldn't have all of the issues down, so you could have taken it as a reminder.

But the way you approach these suggestions isn't surprising. I hope everyone sees it.

NBS

AlexC
04-12-2011, 05:05 PM
it's a script, for crying out loud. An /adoptable/ script. I don't think people are going to be screaming their heads' off because there is some issues and the php isn't up to date. I have run into some glitches, but I get around them, and I know they will be fixed. As long as it doesn't effect my members, that's okay.

Do you really care this much about it, or are you just bored? :/ If you are making such a big deal, fix it yourself.

Hall of Famer
04-12-2011, 05:11 PM
Alright, I admit I approached your suggestion in a wrong way, I apologize for this. I've been in bad mood lately due to my laptop issue, sorry for taking it on you.

Well yeah two months time, lots of stuff happened at this period of time. Yes I was indeed expecting to fix all these issues in Mys v1.2.0, but the dev staff got rather busy by the time Mys v1.2.0 was in development. It is not really about whether I pay them or not, you cant help with real life issues such as school, work and health. I barely managed to finalize Mys v1.2.0 on its scheduled release date. Once the spring semester is over I will be having a lot more freetime to deal with these flaws. Mys v1.3.0 is scheduled for summer, so there's plenty of time by then. I try my best to fix them all, and you can review this script again then.

conan
04-12-2011, 05:12 PM
it's a script, for crying out loud. An /adoptable/ script. I don't think people are going to be screaming their heads' off because there is some issues and the php isn't up to date. I have run into some glitches, but I get around them, and I know they will be fixed. As long as it doesn't effect my members, that's okay.

Do you really care this much about it, or are you just bored? :/ If you are making such a big deal, fix it yourself.

I'm assuming you do not understand the dangers of using a script with all of these issues. Glitches are one thing, being hacked, having all of your passwords stolen, and your site destroyed is another.

nobackseat
04-12-2011, 05:16 PM
it's a script, for crying out loud. An /adoptable/ script. I don't think people are going to be screaming their heads' off because there is some issues and the php isn't up to date. I have run into some glitches, but I get around them, and I know they will be fixed. As long as it doesn't effect my members, that's okay.

Do you really care this much about it, or are you just bored? :/ If you are making such a big deal, fix it yourself.

Actually, I wish the script never existed.

I make such a big deal because I've been approached by numerous clients, daring me to attempt to make some use of the code.

It's a programmer's hell, but that is not something I would expect you to understand.

I won't fix it, because it isn't my responsibility, and I believe that it is in such a crippled state, I couldn't do very much to improve it. It needs to be redone.

NBS

Kaeliah
04-12-2011, 05:33 PM
Actually NBS is right. It's not fair to anyone using the script to have so many loopholes and security issues. Development takes time, but I don't agree with having an un-secure and fairly untested script for mostly young people to use that makes them vulnerable to hackers. In the end if someone get's hacked they're going to point the finger at us and the argument that we haven't had time to fix these issues won't really stand. Not to mention putting pieces of the Rusnak script under the Mysidia name is really a bad idea press wise, as we can see from bad reviews and so many complaints.

Hall of Famer
04-12-2011, 06:02 PM
I fully understand what you are saying, and yeah for now I try to fix loop runs only once flaw among all script files. The release of Mys v1.2.3, if it ever will be released, will look completely different. Sorry about that, it was supposed to be done a long time ago.

AlexC
04-12-2011, 06:05 PM
wait, so the release of the next upgrade will be delayed until these problems can be fixed? D: A complete redo will have to be done of everything?

I'm assuming you do not understand the dangers of using a script with all of these issues. Glitches are one thing, being hacked, having all of your passwords stolen, and your site destroyed is another.

I guess that is right - I am sorry if I appeared ignorent. I have some erm... issues. nothing I'm going into detail for, but I've had problems with direct thinking. I shall leave this discussion.

Kaeliah
04-12-2011, 06:09 PM
Not necessarily. Upgrades are still possible, we'll just have to see where this goes...

Hall of Famer
04-12-2011, 06:10 PM
Well chances are it will not be released as early as I expected before. I am already resolving the while loop runs only once flaw, as stated before. The security issues can be fixed without revising this entire script though, so guess it wont take way too long. It is a shame that it takes this long for me to actually realize these issues are deadly, which I apologize. I may end up doing some mods/addons instead of working on an official release for the rest of April. Sorry it has to be done this way, we dont really have a choice at this moment.

Hall of Famer

nobackseat
04-12-2011, 06:52 PM
HoF,

Thank you very much for your composed replies, and apology.

I only wanted to raise awareness of the current state of the script, never to attach the development team.

I understand you and your team are only trying to improve it.

I apologize for giving the impression of being impatient or rude.

I'll definitely let you know if I find anything else. ;)

NBS

Hall of Famer
04-12-2011, 07:07 PM
Its perfectly fine, you didnt really say anything wrong, its just most of us did not realize how serious security issues are. And please do send me PMs about any programming flaws if you find more.

Nemesis
04-12-2011, 09:32 PM
Well i think its awesome that the script is offered for free and improved during the devs own free time. However given the issues I have decided to put my site on the backburner till its secure and more stable. I wish I could program php now because i'd jump in on it, but im a few semester away from that. Thanks for all the hard work and you will hear from me later!:happyc:

Hall of Famer
04-13-2011, 03:52 AM
Alright, I respect your decision Nemesis. We did not take security issues seriously before since nobody had ever reported them even back in the old days when it was still known as RA. I try my best to fix the flaws before Mys v1.2.3 release, or if there is gonna be any Mys v1.2.x series in future.

Plague
04-22-2011, 04:57 AM
I hope you're able to fix these things soon. I looked into the issues and most of them are not difficult to fix, just time consuming so I'm just going ahead with the fixes and repairs myself. For those who are more skittish about doing so though, a revamp would be great.

@HOF: Don't fret. It's still awesome that you and the others are willing to put so much work into a free script for others. A bit of tinkering and I'm sure you'll all be off and running again with more awesome script.

Nemesis
04-22-2011, 09:00 AM
For my hosting site this is going to be one of the featured and supported scripts:smile:

Irion
04-22-2011, 10:22 AM
Just re-label it as an open source project, the sake of which is to produce something great in the long run and to bring the collective knowledge of the active community working on it up to scratch and up to date.
Pointing out flaws is needed, of course. And it will be worked on.

The script just needs a disclaimer, stating that it's an incomplete open source project and any problems resulting from its use is not the direct responsibility of the main development team- however support can be given in these forums to the best of everyone's abilities, even though there is no real obligation.

It's a cool script with lots of potential- there's no need for anyone to have a miniature hissy fit over all the vulnerabilities (Though bringing it to the dev's is a good thing!) as long as such a disclaimer exists.

Inf3rnal
04-22-2011, 11:09 AM
I thought it was listed as open source to some extent.

Maybe we should setup a Google Code for Mysidia.

Open Source is probably the best way any software like this should go.

Plague
04-23-2011, 12:11 AM
I agree with Irion. Especially if you have a disclaimer so that it's made clear that this is a work in progress people understand that it's on them to take certain measures regarding the security of their site. Which, in a way, is how it should be any way. No matter how you rewrite the code, people using it should be wise enough to change the names of crucial files for security reasons for example. The best coding in the world isn't going to stop stupid mistakes like that or people who do not CHMOD their files properly. In this day and age people should be smart enough to know about bots and install things like Captchas to protect themselves and if they don't quite frankly I put that on them, not the programmers of the engine.

Long story short, I guess what I'm saying is yeah, it would be good to clean up the code a bit and fix some security issues that are directly related to programming, at the same time I wouldn't get to hung up on it. I agree with the individual who brought these issues to the team's attention, at the same time there are a lot of things regarding security that a programmer can't do anything about. That's up to the people downloading and using this script.

Hall of Famer
04-24-2011, 05:56 PM
Well yeah, these are definitely fixable. The staff team is already working on optimizing scripts and improving security. This shall be reflected in Mys v1.2.3 release, which will come in May.

Irion
04-25-2011, 04:43 AM
Sounds good, HoF ^^
And thanks for the welcoming email, hehe. I dunno if it was automated or not XD

blondbananamix
05-22-2011, 08:10 AM
I'm really sorry to post this like a month after, It's just I want to upgrade to this version, I'm on V1.2.0. I have modified my current files and such, so if I update it, will I lose what I changed?
Is there a way I can manually install the donate and the friend system then? I don't need the other features. :3 Sorry again guys. x

Hall of Famer
05-23-2011, 04:55 PM
umm this depends on what script files you've modified. The folder upgrade should contain all officially revised script files in Mys v1.2.2, this should provide you the answer on what customizations you made yourself will be lost if you wish to upgrade.

blondbananamix
05-25-2011, 10:35 AM
okay, thanks, ill have a look and see what I can do. :)

Paz
08-10-2011, 03:30 PM
How do we make our own website? This is what it's for right? :happycbig:

Rozel
08-10-2011, 06:44 PM
How do we make our own website? This is what it's for right? :happycbig:

Yep, just follow this guide:
http://www.mysidiaadoptables.com/forum/showthread.php?t=1663&highlight=Installing

Nemesis
08-11-2011, 12:32 AM
or pm me your email and desired site name and i will have it up and running.

Nemesis
08-14-2011, 09:54 PM
I hate to repeat this, but again most of these flaws already existed back in Rusnak Adoptables I purchased a few months ago. If you ever remember why Kaeliah got sorta mad at you last time, it was because you are firing all these blames on this dev team for something they did not do. You are being way too impatient against a project that has just recently been revived from more than 1 year of inactivity. This may not have been what you meant to say, but its the impression I got from you.
]

This is a necro post, and i can't even figure out who your directing this at. Also you have one post yet your acting like you know whats going on, or like you've been a member here for a while, though you have one post? so who are you?

And whats with your random links for wedding dresses. I think you better check your demographics here :bucktard:

Tequila
08-15-2011, 07:55 AM
Guess this needs locked too. :/ Spammers cleaned up now.