Mysidia Adoptables Support Forum  

Home Community Mys-Script Creative Off-Topic
Go Back   Mysidia Adoptables Support Forum > Community Board > Mysidia Adoptables Official Announcement

Notices

Closed Thread
 
Thread Tools Display Modes
  #1  
Old 08-28-2011, 03:44 AM
Hall of Famer's Avatar
Hall of Famer Hall of Famer is offline
Administrator, Lead Coder
 
Join Date: Dec 2008
Location: South Brunswick
Posts: 4,448
Gender: Male
Credits: 327,490
Hall of Famer is on a distinguished road
Default Mysidia Adoptables v1.2.3[Security Release]

It is finally time for another security release of Mys v1.2.x series, after we've been devoting to the development of Mys v1.3.0. Since Mys v1.3.0 will still take a while to be available for public, I feel necessary to release Mys v1.2.3 to fix some security issues especially after a user called Tony brought it up to me. So technically, Mys v1.2.3 is the first true definition of a security release, the new features from this security release are:

1. Secure hash functions: The new user passwords are encrypted with 128 characters hash instead of 32 characters, joined with pepper(hard-coded) and salt(user-defined). This pretty much makes your site unhackable against most hackers. Cant do anything about professionals who break into government sites easily though.
2. Password Encryption Wizard: Since the new password hash is quite different from old md5 method used, you will need to run user password encryption wizard to update your passwords after installing/updating Mys v1.2.3. You wont be able to login without doing this.
3. Script Optimization: We manage to fix many script flaws in old Rusnak Adoptables script as I took over from BMR, good examples are while loop running only once, and mysql_num_row usage.
4. Registration Questions: Starting from Mys v1.2.3 admins can set registration questions to prevent bots from registering. We planned to use recaptcha before, but it is too complicated to install as it requires every user to manually modify her script files after going to recaptcha's official site to get the so-called Key.
5. Random Levelup Money: In Mys v1.1.x, users can gain random money from a range of minimum and maximum values for clicking pets. This feature was somehow removed from Mys v1.2.0 to v1.2.2, but it is now back again. The correct format is "minimum" , "maximum", and a random number will be generated from these two.
6. Miscellaneous Bug Fixes: We also fix a few bugs present in Mys v1.2.2, an infamous example is the donation glitch, from which users can donate negative amount to steal money. This is not possible now, as negative number will be automatically translated into their corresponding absolute value.


Installation Guide:

1. Use ftp to Upload the folder "installation" to your preferred directory, and change the name from "installation" to whatever you like.
2. Change the CMD of folder "picuploads" to 777, together with its subfolders, this is required to enable user uploading images.
3. Access the installer script at "http://yoursitename.com/install/install.php", follow the instructions and proceed.
4. Important: After installation is completed, run the script admin password encryption wizard at "http://yoursitename.com/adminencrypt.php" to encrypt your password before logging in.

Note: The value salt code can be generated from a website called: http://strongpasswordgenerator.com/, it can be of any length. Make sure to delete the file adminencrypt.php after running this script, or you will have to reset your password manually.


Upgrade Guide:
1. Use ftp to Upload every file within the folder "upgrade" to your Mys directory, choose yes when it asks you to rewrite existing files.
2. Access the upgrader script at "http://yoursitename.com/install/upgrade.php", follow the instructions and proceed.
3. Important: After Upgrade is completed, run the script User password encryption wizard at "http://yoursitename.com/userencrypt.php" to encrypt your users' passwords.

Note:The size of column "password" in table prefix.users is now varchar(200) instead of carchar(100), its recommended for you to doublecheck this before updating user passwords. Also removing userencrypt.php after running this script is recommended. To change the salt value, just edit the upgrade.php itself and find the corresponding default value. Replace it with whatever you want.


I am sorry Mysidia Adoptables have not been productive since the beginning of summer, after the release of Mys v1.2.2. The development of Mys v1.3.0 is still our top priority, but there is a chance that a few security releases for Mys v1.2.x series will be available before official release of Mys v1.3.0. I will let you guys/gals know whenever possible.

To download Mysidia Adoptables v1.2.3, please go to the following links below. I've uploaded both a .rar and .zip format file.

Mysidia Adoptables version 1.2.3, rar file:
http://www.megaupload.com/?d=KR3U1YXO
Mysidia Adoptables version 1.2.3, zip file:
http://www.megaupload.com/?d=JCK0NJSD

Hall of Famer
__________________


Mysidia Adoptables, a free and ever-improving script for aspiring adoptables/pets site.
  #2  
Old 08-28-2011, 03:58 AM
ipengu's Avatar
ipengu ipengu is offline
Member
 
Join Date: Aug 2011
Location: Central NY
Posts: 50
Gender: Male
Credits: 7,355
ipengu is on a distinguished road
Default

The htaccess file in both folders is incorrect. You saved it as 'htaccess.txt' should be '.htaccess'
__________________
Coder/Marketer/Etc
Super busy, lack of time for computer related things for awhile.

Current Mods:
Slim Profile | Disallow unfreezing adoptable
Longer Shoutbox | IP Tracking/Account Limiter
Colorblast | Flux Series

In the works:
Integrated Forum (Very unlikely to be a free public mod, at first anyways)15%
Better admin control panel (current one is terrible)
Couple Themes
Few other things.
  #3  
Old 08-28-2011, 04:06 AM
Hall of Famer's Avatar
Hall of Famer Hall of Famer is offline
Administrator, Lead Coder
 
Join Date: Dec 2008
Location: South Brunswick
Posts: 4,448
Gender: Male
Credits: 327,490
Hall of Famer is on a distinguished road
Default

I see, thanks for bringing it up to me. It was another flaw in the old Rusnak Adoptables that we never paid attention to fixing, I am sorry. The file has been reuploaded, enjoy!
__________________


Mysidia Adoptables, a free and ever-improving script for aspiring adoptables/pets site.
  #4  
Old 08-28-2011, 04:13 AM
ipengu's Avatar
ipengu ipengu is offline
Member
 
Join Date: Aug 2011
Location: Central NY
Posts: 50
Gender: Male
Credits: 7,355
ipengu is on a distinguished road
Default

Yea just noticed it was not fixed in even 1.2.2, Guess I never noticed since I uploaded my own anyways.
__________________
Coder/Marketer/Etc
Super busy, lack of time for computer related things for awhile.

Current Mods:
Slim Profile | Disallow unfreezing adoptable
Longer Shoutbox | IP Tracking/Account Limiter
Colorblast | Flux Series

In the works:
Integrated Forum (Very unlikely to be a free public mod, at first anyways)15%
Better admin control panel (current one is terrible)
Couple Themes
Few other things.
  #5  
Old 08-28-2011, 04:18 AM
Hall of Famer's Avatar
Hall of Famer Hall of Famer is offline
Administrator, Lead Coder
 
Join Date: Dec 2008
Location: South Brunswick
Posts: 4,448
Gender: Male
Credits: 327,490
Hall of Famer is on a distinguished road
Default

Quote:
Originally Posted by ipengu View Post
Yea just noticed it was not fixed in even 1.2.2, Guess I never noticed since I uploaded my own anyways.
Well yeah, its hard to keep track with all script flaws made by BMR, we fix it whenever we find anything. I still hold BMR to high regard when it comes to PHP coding though, I am assuming he made the original script at a time when he was still learning PHP. The first release of RA v1.0.0 was in like late 2008 or early 2009, so it makes sense.

So if you spot more issues like this one, notice me quickly so I will fix them in Mys v1.2.4 and future releases. We plan to resolve all flaws with Mys v1.3.0 stable release, or at least most.
__________________


Mysidia Adoptables, a free and ever-improving script for aspiring adoptables/pets site.
  #6  
Old 08-28-2011, 04:22 AM
ipengu's Avatar
ipengu ipengu is offline
Member
 
Join Date: Aug 2011
Location: Central NY
Posts: 50
Gender: Male
Credits: 7,355
ipengu is on a distinguished road
Default

No one is perfect and it sometimes takes an outside look to notice something. I'll let you know of anything I find gonna take me a few hours to upgrade script
__________________
Coder/Marketer/Etc
Super busy, lack of time for computer related things for awhile.

Current Mods:
Slim Profile | Disallow unfreezing adoptable
Longer Shoutbox | IP Tracking/Account Limiter
Colorblast | Flux Series

In the works:
Integrated Forum (Very unlikely to be a free public mod, at first anyways)15%
Better admin control panel (current one is terrible)
Couple Themes
Few other things.
  #7  
Old 08-28-2011, 04:31 AM
Hall of Famer's Avatar
Hall of Famer Hall of Famer is offline
Administrator, Lead Coder
 
Join Date: Dec 2008
Location: South Brunswick
Posts: 4,448
Gender: Male
Credits: 327,490
Hall of Famer is on a distinguished road
Default

umm a few hours? I am assuming that you have modified your scripts thoroughly since you got it in the first place? If so, I wish you good luck. There are two hash functions that I defined in functions.php. passencr($username, $password) is used to encrypt new user passwords, while updatepass($username, $password) is for encrypting existing user passwords. The difference is that the latter receives a string that was already MD5'd, as you may have noticed from Mys v1.2.2.
__________________


Mysidia Adoptables, a free and ever-improving script for aspiring adoptables/pets site.
  #8  
Old 08-28-2011, 04:38 AM
ipengu's Avatar
ipengu ipengu is offline
Member
 
Join Date: Aug 2011
Location: Central NY
Posts: 50
Gender: Male
Credits: 7,355
ipengu is on a distinguished road
Default

I only had 2 files that were in upgrade folder that I had not done mods to. lol

Using the best feature ever to speed up a little bit. Compare two files using Notepad++
__________________
Coder/Marketer/Etc
Super busy, lack of time for computer related things for awhile.

Current Mods:
Slim Profile | Disallow unfreezing adoptable
Longer Shoutbox | IP Tracking/Account Limiter
Colorblast | Flux Series

In the works:
Integrated Forum (Very unlikely to be a free public mod, at first anyways)15%
Better admin control panel (current one is terrible)
Couple Themes
Few other things.
  #9  
Old 08-28-2011, 05:29 PM
Tony's Avatar
Tony Tony is offline
I program.
 
Join Date: Jan 2011
Posts: 75
Gender: Male
Credits: 7,801
Tony is on a distinguished road
Default

Outstanding password encryption! This is exactly what I wanted to see. I'm very proud of you and your staff for taking it upon yourselves to fix bugs and actually release patches and content updates!
  #10  
Old 08-28-2011, 05:35 PM
Hall of Famer's Avatar
Hall of Famer Hall of Famer is offline
Administrator, Lead Coder
 
Join Date: Dec 2008
Location: South Brunswick
Posts: 4,448
Gender: Male
Credits: 327,490
Hall of Famer is on a distinguished road
Default

Thanks a lot Tony. The difficulty here is to update user password to more secured version without forcing each of them to have to change their password after upgrading to Mys v1.2.3. I am glad I eventually found a way to do that, simply further encrypt user password based on what it already is with md5 string.

In recent fute we will try to apply a better cookie saving approach, and perhaps un-register $Globals if we find another way to easily load database info such as user's money. We look to fix all potential security issues prior to an official Mys v1.3.0 release.
__________________


Mysidia Adoptables, a free and ever-improving script for aspiring adoptables/pets site.
Closed Thread

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Mysidia Adoptables v1.3.3[Security Release] Hall of Famer Mysidia Adoptables Official Announcement 122 05-18-2013 04:02 PM
Mysidia Adoptables v1.3.0[Security Release] Hall of Famer Mysidia Adoptables Official Announcement 180 04-01-2012 10:16 PM
Mysidia Adoptables v1.2.0[Security Release] Hall of Famer Mysidia Adoptables Official Announcement 21 03-22-2011 04:13 PM
Mysidia Adoptables v1.1.4[Security Release] Hall of Famer Mysidia Adoptables Official Announcement 15 01-28-2011 11:48 AM
Mysidia Adoptables v1.1.3[Security Release] Hall of Famer Mysidia Adoptables Official Announcement 27 01-26-2011 02:59 PM


All times are GMT -5. The time now is 01:50 PM.

Currently Active Users: 419 (0 members and 419 guests)
Threads: 4,080, Posts: 32,024, Members: 2,016
Welcome to our newest members, jolob.
BETA





What's New?

What's Hot?

What's Popular?


Powered by vBulletin® Version 3.8.11
Copyright ©2000 - 2024, vBulletin Solutions Inc.
vBCommerce I v2.0.0 Gold ©2010, PixelFX Studios
vBCredits I v2.0.0 Gold ©2010, PixelFX Studios
Emoticons by darkmoon3636