View Full Version : Mysidia Adoptables v1.2.4[Security Release]
Hall of Famer
11-24-2011, 08:29 AM
Sorry for my lack of activity for the past two months guys/gals, real life sorta caught up but glad I survived. Mysidia Adoptables v1.3.x's development has been going smoothly, and this time I plan to release the last maintenance version of Mysidia Adoptables v1.2.x series. It is Mys v1.2.4, which adds some minor new features together with fixes of glitches and programming flaws. The most noticeable changes are:
1. User Profile Comments: This new feature enables users to drop profile comments to others profile. It is similar to the visitor messaging system aiming at making conversations easier and more convenient. Guests and banned users cannot leave profile comments.
2. Improvement of Breeding System: From now on admins can create adoptables with multiple breeding classes, simply separate each with comma. The experiment with multiplicity has been successful, which will help with future implementation such as multiple usergroups and trades.
3. Search Engine for Users: This is a minor feature for the search engine, which used to be only applicable for adoptables. It is possible now to search for users by username, usergroup and email account, this works out pretty much the same way as Kaeliah's adoptables search engine.
4. Implementation of Form Validation: As reported by Silverdragontears and her members, experienced users and hackers can use plugins such as firebug and inspectelement to mess up with sites. I've added validation/checkpoints in breeding and pound script to detect such behaviors and users manipulating the sites will get banned.
5. Script Optimization and Easier installation: Further script optimization has been carried out to improve the script and get rid of proramming flaws. The password encryption for Mys v1.2.4 is automatic for both admins and users, no need to run adminencrypt.php script manually.
6. Miscellaneous Bug Fixes: Infamous glitches regarding navlink cannot be deleted, siggy wont show and editing adoptables levels have been resolved, please do lemme know if you find more bugs in this version and I will get rid of them asap.
Installation Guide:
1. Use ftp to Upload the folder "installation" to your preferred directory, and change the name from "installation" to whatever you like.
2. Change the CMD of folder "picuploads" to 777, together with its subfolders, this is required to enable user uploading images.
3. Access the installer script at "http://yoursitename.com/install/install.php", follow the instructions and proceed.
4. Congrats, you've successfully installed Mys v1.2.4. There is no need to manually encrypt your password in Mys v1.2.4, so cheers!
Note: The value salt code can be generated from a website called: http://strongpasswordgenerator.com/, it can be of any length. Make sure to delete the file install.php after running this script, or your site is potentially at danger if this file is accessed by someone else.
Upgrade Guide:
1. Use ftp to Upload every file within the folder "upgrade" to your Mys directory, choose yes when it asks you to rewrite existing files.
2. Access the upgrader script at "http://yoursitename.com/install/upgrade.php", follow the instructions and proceed.
Since Mys v1.2.4 is planned as the last maintenance release of Mys v1.2.x series prior to the era of Mys v1.3.0, the work plan of Mysidia's dev team right now is completely concentrated on the next major release. Please keep in touch with us and I will update you all every now and then regarding the development of Mys v1.3.0.
To download Mysidia Adoptables v1.2.4, please go to the following links below. I've uploaded both a .rar and .zip format file.
Mysidia Adoptables version 1.2.4, rar file:[/URL]
http://www.megaupload.com/?d=A1L507LZ (http://www.megaupload.com/?d=KR3U1YXO)
Mysidia Adoptables version 1.2.4, zip file:
[url]http://www.megaupload.com/?d=YTLFYNAL
Hall of Famer
mapleblade
11-24-2011, 11:05 AM
woot :D gz on 1,2,4 release :P
SilverDragonTears
11-24-2011, 01:22 PM
I'm going to need help with this. I want to use the form validation part =)
SilverDragonTears
11-24-2011, 04:51 PM
It's still possible to change the item prices in my shop with inspect element. Can you help me fix that as well?
Hall of Famer
11-24-2011, 05:22 PM
Well item system is not introduced for Mys v1.2.x, so it makes sense form validation is not set up for it. Dont worry, I do plan to implement form validation for all features of Mysidia Adoptables.
SilverDragonTears
11-24-2011, 06:19 PM
How soon do you think?
mapleblade
11-26-2011, 03:05 AM
instead of using the posted price, use a query at the doadopt.php to look how much that adoptable id costs, easy as that.
SilverDragonTears
11-26-2011, 12:32 PM
Ok site dev Maple.... do it ;D
KaceKuma
11-26-2011, 11:47 PM
It wouldn't let me log on after I upgraded to the new version. It kept saying I didn't have permission to be on this page then I was logged out. Luckily I had a backup, but I think it's a bug.
Hall of Famer
11-27-2011, 08:53 PM
@Silverdragontears:
Well the idea is quite simple, you may look at what I did with the breeding.php and poundpost.php files. The trick is to add checkpoints right before the mysql insert/update/delete line, and the checkpoints can be of anything you can think of.
For instance, a user may use firebug/inspectelement to modify the adoptable to any species. You can verify if the user has changed the adoptables to someone else's, or specified adoptables of the same gender to breed. If so, it becomes apparent that the user has inappropriately changed the content of php form. A punishment will be carried out to have him/her banned from your site.
Similarly, a user may change the content of poundpost.php so that he/she can adopt pets already belong to someone else's instead of orphan pets. A checkpoint can be added right before the mysql update query to see if the chosen adoptable has owner already. If so, the user has obviously used firebug/inspectelement to change the site content, and he/she will be banned for this action.
Hope this explains what I mean by form validation, it is not really that complicated though in future I plan to update the codes once more to prevent possible sql injection.
@ Kacekuma:
What old versions were you using prior to upgrading? You must have Mys v1.2.3 already before performing this action, and I believe the upgrader works just fine if you have Mys v1.2.3 unless you have modified the structure of your database table. Whenever you have customized your site to such an extent, do not use the simple upgrader.
AlkseeyaKC
12-02-2011, 11:57 AM
Wow The updated killed my theme. XD I guess I really wont do anything with the site until v1.3 is out.
Hall of Famer
12-02-2011, 02:27 PM
umm can you show me a screenshot of how your theme is messed up? I believe it can be fixed without much difficulty.
AlkseeyaKC
12-02-2011, 03:17 PM
I think its gone gone. I'm working on a new site look anyway so its not so bad.
Is there a tutorial on how to implement your own templates? I can only make one editing the ones provided.
PokePets
12-03-2011, 03:36 AM
Works perfect, thanks!
Hall of Famer
12-04-2011, 12:00 PM
@AlkeeyaKC: I see, hopefully the new site template will work out for you. Tutorials for templates? I believe Nyxi and Chibi have posted threads regarding this before.
@Pokepet: This is good to know. I know you have an old RA site, so you'd better keep track with whatever is added/modified in this release so that it wont mess up with your site.
sensacion
12-06-2011, 05:28 PM
system battle please :_)
Rainwolfeh
12-13-2011, 09:13 PM
When I try to download (mac here!)
I don't get a .zip file, just a folder with some more folders etc, which doesn't work on x10!
Hall of Famer
12-13-2011, 10:12 PM
umm you will need winzip to extract the files, google it and you should be able to download a trial version at least.
Rainwolfeh
12-14-2011, 09:38 PM
Gahh, everything was going great, it said it was installed, I followed the steps, then...nothing. :ohnoes: Totally blank page. I panicked and deleted everything on x10....reinstalling. Hope that's possible. ;3;
Neonyx
12-31-2011, 09:36 AM
I followed the instructions, everything went fine, but I can't log in. I'm listed as the only user but when I try to log in:
"Sorry, we could not log you on with the details specified. You can try again or request a password reset."
Then if I try to reset the password, it says:
"There's been an error. The details you entered do not match any user in our system! We cannot reset your password at this time.
The username Neonyx's email is Jenison_Neonyx@hotmail.com
The username has 0 entries."
Neonyx is of course me.
What do I do? -.-
Hall of Famer
01-02-2012, 12:35 PM
Well can you possibly try to reinstall the script and see if you still cannot log in? There are multiple possibilities why you may not sign in after installation.
Neonyx
01-02-2012, 01:45 PM
I have reinstalled it multiple times already, all with the exact same result :S
I can make new accounts fine, however. They can log in and out without a hassle, it's just the admin one that the site refuses to log in.
It does say that the account exists, and you can't use the same detail/s for any other accounts, yet it denies password reset...
Could it be the salt code I was using? I got it off the site that was linked though... Don't know anything about how all that works, so I have to ask lol... But I guess you'd know by now if it was possible for a salt code to be too weird :P lol
Either way, is there a certain file I could access and change some details on in to change the admin user? Probably the easiest solution at this stage.
And just to make things clear, other than picuploads and its contents, which other files *need* to be chmoded to 777 before the installation? In addition to picuploads, I initially did config.php, but when that install didn't work, I chmoded the entire inc directory to 777 just to see if that would work, lol. Since that didn't work, and since I've heard a few different things on what files need what permissions, I have to ask :)
*EDIT: when I say "didn't work", I simply mean wouldn't let the admin log in. The rest of the site installs fine as far as I can tell.
Hall of Famer
01-03-2012, 12:39 PM
Well it could be the salt code's problem, but I wonder since it does work even with symbols in your characters. Now I'd advise you to check the password of your admin(user id=1) from phpmyadmin and see if its password is considerably shorter than the other users. If so, the password encryption is not working for the very admin user you just create upon installing the site. I will see how to resolve your problem then.
Neonyx
01-04-2012, 10:24 AM
I appologise for my noobishness...
I assume that in "phpMyAdmin", I am supposed to open "adopts_users", and then "password"? And I assume that those really long numbers in the light-blue table are the users' encrypted passwords? For the admin user and the second user that I registered, the numbers are about the same length. Problem is, I can't atually remember how long the admin password was (yes, I forgot it this time >.<) it could have been one letter, or a few words, I don't remember :/
Either way, I am going to delete the Mysidia Adoptables files off my database, then re-download Mysidia Adoptables, then reupload the files, incase something went wrong with my initial download and it escaped my notice. When I reinstall it, I will use a letters-only salt code. I'll be back soon with info on how it goes.
**Edit: Okay, so I completely remade it all from scratch; new database, fresh MysAdopts download, fresh install, etc. I used a letters-only salt code, and the only thing I chmoded was "config.php", to 777. I went to my website, logged in as the admin, and it WORKED!! :D
There is one minor weirdness though: when I followed the link to http://www.../admin.php, it said "access denied", but when I took the "www." out of the url, the CP worked.
Unfortunately, this still leaves the problem's actual cause unknown, but there is a strong possibility that the salt code was to blame. Someone should probably look at that one day. I might, but not tonight. Maybe tomorrow night. Either way, if you're curious, the salt code I was using was:
n"8Y-@CM,,WS:$(
Perhaps one of those characters are to blame?
Hall of Famer
01-04-2012, 12:37 PM
Glad to know it did work for you in the end. I do not know if the salt code was the cause of your problem, but it is a possibility that certain characters such as $ , " and # will mess up with the code since they have special meanings in PHP script. If so, the script may have mistaken these characters as a PHP unique symbols, which in turn mess up the admin password encryption.
Papyrus
01-16-2012, 02:10 PM
Hi there-
Was hoping I would not have to post here but I can't even get to the installation page. I unzipped, point my browser at the page directed and get a 404. That's it - I even dug inside and tried to figure things out, but I can't get it working.
1. Use ftp to Upload the folder "installation" to your preferred directory, and change the name from "installation" to whatever you like.
Did this.
2. Change the CMD of folder "picuploads" to 777, together with its subfolders, this is required to enable user uploading images.
I assume this means changing the name? Not sure. Couldn't get any help from Google. This shouldn't matter I'd think, in just getting the site to work itself though.
3. Access the installer script at "http://yoursitename.com/install/install.php", follow the instructions and proceed.
I change the "yoursitename" to mine, and I've even changed the folder names around to what I had changed mine to when I got desperate. Nothing is working: all 404's. In fact, for some reason I can't find "install/php", only install_func and such inside the folder. I'm probably looking someplace wrong or something.
I'm not sure what little thing I'm overlooking, and would be glad of any help. I've been an HTML/CSS coder for a few years on the side of what I normally do for a living, but this is my first trek into php. My site artist has been working her butt off, I don't want to dissapoint her by not being able to do my part all of a sudden.
ChibiMaestro
01-16-2012, 02:27 PM
You're wrong on step 2. Not changing the name. You're changing the permissions.
Papyrus
01-16-2012, 02:52 PM
Yeah, fiugured that out, but it doesn't matter because I can't seem to install anything, let alone change permissions. I'm not using the server providers that the guides are, so it's not helpful to me at this time.
Kommeo
01-17-2012, 08:35 PM
try to download the script again and see if you have the install folder there. It should be a folder that says install within the download
Hall of Famer
01-20-2012, 06:14 AM
Now that megaupload is shut down, I have reuploaded the script files of Mys v1.2.4 to Rapidshare and mediafire. The download links are provided below:
Rapidshare links:
https://rapidshare.com/files/2095740598/Mysidia_Adoptables_v1.2.4.rar
https://rapidshare.com/files/2893312471/Mysidia_Adoptables_v1.2.4.zip
Mediafire link:
http://www.mediafire.com/?cg0g0hkyxh1nb9f
Papyrus
01-21-2012, 02:16 AM
Just wanted to pop back in and say I messed around with learning mySQL (blech, hah) and I've managed to get it running. many thanks to everyone for their support.
I thought about this when I heard about Megaupload - fast re-uploading, that's good for everyone, good job :)
AlkseeyaKC
01-21-2012, 07:34 AM
Mega upload got shut down by the government.
Hall of Famer
01-27-2012, 05:16 PM
I've updated the links, but sorry I have not edited the frontpage of Mysidia Adoptables. Please direct your friend to the support forum to view this thread if they are having trouble downloading.
KaceKuma
01-29-2012, 09:39 AM
I have the newest update and my members are complaining that whenever they press adopt me when the pound is empty they get banned. I tested it myself and it's true. Is there a way to fix this?
Hall of Famer
01-30-2012, 12:35 AM
Umm this feature was added to prevent users from cheating with the pound script, since with the older script you can steal other people's adoptables by using firebug or google chrome. I think the best way to 'fix' this is to make the 'abandoned adoptables center' inaccessible for users if no pounded pets are available.
Bibarel
01-30-2012, 12:15 PM
Maybe hof something like you're talking about could be added in a later 1.3.0 or 1.4.0?
Anyways, I'll take a look at some php guides :P
AlexC
02-02-2012, 05:22 PM
I know I've asked a few times already, but I was just wondering... since February is here, is there another release date for 1.3.0?
Corsair
02-02-2012, 06:11 PM
I was also wondering when it will be coming.
AlexC
02-02-2012, 06:23 PM
I know some sites are actually revolving their release date/production around the new release, myself included, so I kinda am quite interested... xD
Bibarel
02-02-2012, 08:02 PM
I'd love to know, it was the middle of January, then the end of January...
I hope it's out soon.
Magnie
02-03-2012, 09:14 AM
Mega upload got shut down by the government.
I would like to "bump" this post. Can a new file be uploaded or can someone else upload the files? Preferably in .tar.gz or .zip please. :)
Abronsyth
02-03-2012, 09:58 AM
I'd contacted HOF about the release date, and he said that it was to be out around the end of January, but, depending on exams and such, it may be delayed 1-2 weeks. I'm not sure if this is still the case, but this was what he'd said earlier in January :)
Corsair
02-03-2012, 07:33 PM
Now that megaupload is shut down, I have reuploaded the script files of Mys v1.2.4 to Rapidshare and mediafire. The download links are provided below:
Rapidshare links:
https://rapidshare.com/files/2095740598/Mysidia_Adoptables_v1.2.4.rar
https://rapidshare.com/files/2893312471/Mysidia_Adoptables_v1.2.4.zip
Mediafire link:
http://www.mediafire.com/?cg0g0hkyxh1nb9f
THE NEW DOWNLOAD IS HERE
Sorry for the caps I just wanted people to see it.
AlexC
02-04-2012, 05:44 PM
I messaged HoF about the new release and he said it would be postponed a few weeks in to February due to technical difficulties that aren't finished.
Neonyx
02-18-2012, 11:21 AM
Papyrus, you are uploading the entirety of the extracted folder "installation", right? And don't forget, it must be extracted before you upload it.
And at the risk of sounding patronising (as I don't know your level of knowledge on this topic), are you sure you actually uploaded the folder/uploaded it properly?
In any case, have a read over this (http://www.mysidiaadoptables.com/forum/showthread.php?t=1663), as it may help.
Since you are having no success, I'd actually recommend you start again from scratch, following that abovementioned thread to the letter, as it's very detailed and perfect for even complete n00bs like me, lol. Especially since you are clearly lacking knowledge on how to change the CMD of a file, I'd doubly-recommend you follow that thread :) It's very helpful, and the site it recommends using as the host of your site is also very good, since it's free and you get heaps of awesome things, like heaps of storage space and a high bandwidth allocation, and you can even pay a small fee to upgrade later if you need to, if your site gets popular. I'd really recommend it for your own good :)
Bibarel
02-24-2012, 06:55 PM
When's the estimated date that 1.3.0 will come out HoF? :eye:
Hall of Famer
02-25-2012, 09:28 PM
I will try to make the preview available by the end of next week, and the beta release should come in early March. I am so sorry about the delay, real life stresses have caught up with me but it is starting to change for the better. I promise I wont let you guys/gals down for another time. The new features addition is almost completed, so its just about revising old codes to improve its efficiency, fix mistakes and so on.
Abronsyth
02-25-2012, 09:52 PM
Just out of my insane amounts of curiosity, what percentage would you say is completed? 50%? 80%? 3,456%?
Bibarel
02-26-2012, 09:27 AM
So, will the beta be for premium members only? Or for all of us?
AlexC
02-26-2012, 02:55 PM
I'm glad to hear about the new date... I am MUCH looking forward to it.
I'd like to know that too Bibarel.
Hall of Famer
02-26-2012, 03:57 PM
The Beta will be available to everyone this time.
And the new date can be anytime on the second week of March, when I am having my spring break and can definitely finish all these minor things that have been the cause of the delay.
Fangs
02-26-2012, 04:41 PM
Hello everybody. I hope this is the right thread to ask for help installing the script...
I just tried to install the newer version of it (from scratch), but i always end up with an error message:
The first one I get after setting the sitesettings (and come to the sitesettings.php) - so at the veryend of the installation
Warning: mysql_fetch_array(): supplied argument is not a valid MySQL result resource in /www/htdocs/fangso/TheWoods/install/sitesetting.php on line 67
When I try to access my page afterwards I get this message:
Warning: mysql_fetch_array(): supplied argument is not a valid MySQL result resource in /www/htdocs/fangso/TheWoods/inc/functions.php on line 1655 Warning: mysql_num_rows(): supplied argument is not a valid MySQL result resource in /www/htdocs/fangso/TheWoods/inc/functions.php on line 61 Warning: mysql_num_rows(): supplied argument is not a valid MySQL result resource in /www/htdocs/fangso/TheWoods/inc/functions.php on line 65 Warning: mysql_fetch_array(): supplied argument is not a valid MySQL result resource in /www/htdocs/fangso/TheWoods/inc/functions.php on line 1677 Warning: mysql_num_rows(): supplied argument is not a valid MySQL result resource in /www/htdocs/fangso/TheWoods/inc/functions.php on line 449 Warning: mysql_num_rows(): supplied argument is not a valid MySQL result resource in /www/htdocs/fangso/TheWoods/inc/functions.php on line 585 Warning: mysql_num_rows(): supplied argument is not a valid MySQL result resource in /www/htdocs/fangso/TheWoods/inc/functions.php on line 589 Warning: file_get_contents(templates//template.html): failed to open stream: No such file or directory in /www/htdocs/fangso/TheWoods/inc/functions.php on line 1724
Any Idea how to fix this or what I did wrong? :/
Thanks in advance
Bibarel
02-26-2012, 04:49 PM
The Beta will be available to everyone this time.
And the new date can be anytime on the second week of March, when I am having my spring break and can definitely finish all these minor things that have been the cause of the delay.
SWEET!
I'm kinda glad that it's on the second week, it gives me time to gather my images
Corsair
02-26-2012, 05:09 PM
Well it's good to hear it will be out soon.
Hall of Famer
02-26-2012, 08:54 PM
Hello everybody. I hope this is the right thread to ask for help installing the script...
I just tried to install the newer version of it (from scratch), but i always end up with an error message:
The first one I get after setting the sitesettings (and come to the sitesettings.php) - so at the veryend of the installation
Warning: mysql_fetch_array(): supplied argument is not a valid MySQL result resource in /www/htdocs/fangso/TheWoods/install/sitesetting.php on line 67When I try to access my page afterwards I get this message:
Warning: mysql_fetch_array(): supplied argument is not a valid MySQL result resource in /www/htdocs/fangso/TheWoods/inc/functions.php on line 1655 Warning: mysql_num_rows(): supplied argument is not a valid MySQL result resource in /www/htdocs/fangso/TheWoods/inc/functions.php on line 61 Warning: mysql_num_rows(): supplied argument is not a valid MySQL result resource in /www/htdocs/fangso/TheWoods/inc/functions.php on line 65 Warning: mysql_fetch_array(): supplied argument is not a valid MySQL result resource in /www/htdocs/fangso/TheWoods/inc/functions.php on line 1677 Warning: mysql_num_rows(): supplied argument is not a valid MySQL result resource in /www/htdocs/fangso/TheWoods/inc/functions.php on line 449 Warning: mysql_num_rows(): supplied argument is not a valid MySQL result resource in /www/htdocs/fangso/TheWoods/inc/functions.php on line 585 Warning: mysql_num_rows(): supplied argument is not a valid MySQL result resource in /www/htdocs/fangso/TheWoods/inc/functions.php on line 589 Warning: file_get_contents(templates//template.html): failed to open stream: No such file or directory in /www/htdocs/fangso/TheWoods/inc/functions.php on line 1724Any Idea how to fix this or what I did wrong? :/
Thanks in advance
Chances are you have either not created a database yet or that your database info is entered incorrectly.
AlexC
02-27-2012, 03:09 PM
I've got a question for 1.3.0 I read in one of the blogs that the multiple alternate image plugin will be in it - is that still happening? That'd be lots of fun to have. :D
Fangs
02-28-2012, 07:21 AM
Thanks Hall of Famer - it was indeed a problemn with the database...kind of strange since I set up a new one for this project. Well after deleting the old unused database and setting up another new one it worked :)
I'm also looking forward to the new version of the script. But for now I'm happy to get the actual one up and running^^
Hall of Famer
02-28-2012, 11:17 AM
I see, so you fixed this already? Thats so good to know, dont hesitate to ask questions if you need help, just post your problem in the questions/supports subforum instead of this thread.
vBulletin® v3.8.11, Copyright ©2000-2024, vBulletin Solutions Inc.