Well i think its awesome that the script is offered for free and improved during the devs own free time. However given the issues I have decided to put my site on the backburner till its secure and more stable. I wish I could program php now because i'd jump in on it, but im a few semester away from that. Thanks for all the hard work and you will hear from me later!:happyc:

Alright, I respect your decision Nemesis. We did not take security issues seriously before since nobody had ever reported them even back in the old days when it was still known as RA. I try my best to fix the flaws before Mys v1.2.3 release, or if there is gonna be any Mys v1.2.x series in future.

I hope you're able to fix these things soon. I looked into the issues and most of them are not difficult to fix, just time consuming so I'm just going ahead with the fixes and repairs myself. For those who are more skittish about doing so though, a revamp would be great.

@HOF: Don't fret. It's still awesome that you and the others are willing to put so much work into a free script for others. A bit of tinkering and I'm sure you'll all be off and running again with more awesome script.

For my hosting site this is going to be one of the featured and supported scripts:smile:

Just re-label it as an open source project, the sake of which is to produce something great in the long run and to bring the collective knowledge of the active community working on it up to scratch and up to date.
Pointing out flaws is needed, of course. And it will be worked on.

The script just needs a disclaimer, stating that it's an incomplete open source project and any problems resulting from its use is not the direct responsibility of the main development team- however support can be given in these forums to the best of everyone's abilities, even though there is no real obligation.

It's a cool script with lots of potential- there's no need for anyone to have a miniature hissy fit over all the vulnerabilities (Though bringing it to the dev's is a good thing!) as long as such a disclaimer exists.

I thought it was listed as open source to some extent.

Maybe we should setup a Google Code for Mysidia.

Open Source is probably the best way any software like this should go.

I agree with Irion. Especially if you have a disclaimer so that it's made clear that this is a work in progress people understand that it's on them to take certain measures regarding the security of their site. Which, in a way, is how it should be any way. No matter how you rewrite the code, people using it should be wise enough to change the names of crucial files for security reasons for example. The best coding in the world isn't going to stop stupid mistakes like that or people who do not CHMOD their files properly. In this day and age people should be smart enough to know about bots and install things like Captchas to protect themselves and if they don't quite frankly I put that on them, not the programmers of the engine.

Long story short, I guess what I'm saying is yeah, it would be good to clean up the code a bit and fix some security issues that are directly related to programming, at the same time I wouldn't get to hung up on it. I agree with the individual who brought these issues to the team's attention, at the same time there are a lot of things regarding security that a programmer can't do anything about. That's up to the people downloading and using this script.

Well yeah, these are definitely fixable. The staff team is already working on optimizing scripts and improving security. This shall be reflected in Mys v1.2.3 release, which will come in May.

Sounds good, HoF ^^
And thanks for the welcoming email, hehe. I dunno if it was automated or not XD

I'm really sorry to post this like a month after, It's just I want to upgrade to this version, I'm on V1.2.0. I have modified my current files and such, so if I update it, will I lose what I changed?
Is there a way I can manually install the donate and the friend system then? I don't need the other features. :3 Sorry again guys. x