As of 2/27/16
Changelog:
Fixes and Adjustments:
Whats left:
For more info:
http://negative-edge.net/index.php?/topic/15-a-list-of-changes-and-updates-notes-to-myself/
How are the vehicles being stored if it's not in the session? Sounds like a potential security issue...
--
You received this message because you are subscribed to the Google Groups "AJAX-chat" group.
To unsubscribe from this group and stop receiving emails from it, send an email to ajax-chat+...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
How is it being handled? One of the reasons it is usually tied in the session is security. Simply a cookie can be manipulated into giving inappropriate access. Hence the question of how is being done and the concern over security.
LOL not a security issue at all.
There are other ways around doing this rather than relying on php sessions or even javascript sessions
And besides from recent experience from others especially those on a free host or paid host who dont have access to dont know or dont have a directory to store sessions, this new way I am hqaving the mods identifiying users eliminates that problem.
Am 28.02.2016 um 01:19 schrieb Negative Edge <s...@clubsyn-x-treme.net>:For standalone, when you register with my mod, your login info is stored via mysql(i) and each row created has its id (auto increment), that becomes your chats userID when verified with your login info, your ip is recorded with multiple hashes and stored as another form of id, these two forms of ids is my way of having the chat identifying you. registered people only and everything that I make is called with the $_GET[access'] superglobal variable and in javascript/jquery var access = window.location.search
even when login in it sets it, that global var is your id.
As a prevention from anyone attempting to access your id, info. etc by simply putting another users id at the end of the url, not that id is not the onlything that being checked, that i guess you can call super encrypted id is also checked and must match the users account along with their id which is the identification method im now using making it highly impossible to obtain another users info/account
each of my mods and alterations does a check before proceeding. and if it doesn't match the records, you will get a This account does not belong to you and kicked out of the chat.
If I want to make it even more strict, I can place automatically place a ban on whoever attempts to access someone else s account.
Does this mean you'll not be supporting integration with phone? Or will you be duplicating login checks?
I am not using a hash in the url at all.
Your id is at the end of the url and the id is checking the hash with the matching id to verify you.
So the ID is the only thing being given to the server to compare besides IP which can be spoofed? Or did I miss something?
its simple as http://your-domain/chat/?access=yourID
--
I haven't had a chance yet to review your message, but on a side note getting these errors when mailing you...
This is an automatically generated Delivery Status Notification
THIS IS A WARNING MESSAGE ONLY.
YOU DO NOT NEED TO RESEND YOUR MESSAGE.
Delivery to the following recipient has been delayed:
Message will be retried for 2 more day(s)
Technical details of temporary failure:
The recipient server did not accept our requests to connect. Learn more at https://support.google.com/mail/answer/7720
[clubsyn-x-treme.net141.8.224.124: socket error]
Everything takes place before logging in using standalone and itergrated via verify.php Everything gets checked in the verify.php also if a different ip is ues when logging in that gets updated and re-hashed. If a use spoofs their ip after logging in, they will be simple kicked out off the chat and have to relogin to have everything updated.
There is no way someone can match someones hashed ip even though its hashed multiple amount of times and once again its set when going through the verify.php each time, its not a one time thing.
so if you login and lets say you are not on your normal connection, perhaps a tether or a public wifi, wifth standalone, that ip gets updated as soon as the verify.php starts its process. Passwords are also hashed multiple amounts of times so its not like someone can obtain your password to login unless you are foolish enough to give it to them.
Integrated packages, mainly forums always have a members table or a session table in mysql(i) where I can compare your current ip to whats stored in the forums table, besides you have to log into the forum/portal in order for the chat to recognize you and again that same procedure I meantioned that takes place in standalone happens with this in the verify.php
Once again, everything happens "before" logging in, not afterwards. and if anything happens with the ip being changes, the chat already has a feature where it will kick you out (invalid ip address)
I haven't had a chance yet to review your message, but on a side note getting these errors when mailing you...
This is an automatically generated Delivery Status Notification
THIS IS A WARNING MESSAGE ONLY.
YOU DO NOT NEED TO RESEND YOUR MESSAGE.
Delivery to the following recipient has been delayed:
He's still sending from the old address via this group. He might want to change that.... He keeps posting from old address like "50x" times. Lol
Your address is bouncing per gmail just so you are aware. If you don't care,I'll stop trying to help you. Just say so.
I've visited the chat to try to communicate with him to no success. Ignoring these kind of things is something I wouldn't do if it was happening to me, but so be it.
Or ignore it cuz its going to him, or post to the group cuz he responds, or visit the chat he's posted up so many times... but I can understand where you're coming from, if someone didn't give me the 8th piece of the triforce, or the 3rd medal I'd never assemble the means to save Hyrule...
On Sunday, February 28, 2016 at 4:40:21 PM UTC-7, Bobby Russ wrote:Your address is bouncing per gmail just so you are aware. If you don't care,I'll stop trying to help you. Just say so.
everything thats mailed to me from this gmail account is forwarded to my POP3 email on my server--
You received this message because you are subscribed to the Google Groups "AJAX-chat" group.
To unsubscribe from this group and stop receiving emails from it, send an email to ajax-chat+...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
The fact that you claim I haven't spoken a word in chat is a sign of ignorance on your part. This isn't the first time that myself and others have had trouble communicating with you, but whatever... Fine, I'm done thing to communicate with you. Best of luck to you.
--
You are funny if you think this all over a bad email. But I thought we agreed to move on... One final thought. I was simply trying to help you. I didn't expect you and your friend there to take it so poorly dishing out insults instead of trying to have a discussion. While you may feel it's good to be so dismissive when you are the leader of a project, it tends to be poor form. I have given up on trying to talk to you. I wish you the best and won't waste either of our time further.
--