Jump to content
[MUST READ] Forum Rules ×
Important message for newcomers!

PlanetCloud

Senior Members
 View Profile  See their activity

  • Posts

    1140

  • Joined

  • Last visited

  • Days Won

    37

 Content Type 

Everything posted by PlanetCloud

  1. PlanetCloud
    Basically Project LOGGED is NOT (yet) a client area but i is a good start for your site. If you want a peace of mind, security, and reliability, Project LOGGED is the way to go. You can then focus on your site's design and bring in new clients before working on the client area. The MOFHY client area is plagued with fatal security flaws and should not be used unless they've fixed those (been a while since I checked up on them) As or the MOFH-R or Xera, I'm not quite familiar nor have I seen them (Please link me to em). Hopefully they have no issues. For the main site, use "manual" as they need to be fast and light. If you're familiar with WordPress, you can make it in WordPress and then convert it to HTML.
  2. PlanetCloud
    Guys, @Fhostis literary new here and yet ya'll talk like he knows everything...
  3. PlanetCloud
    if only I have time and motivation to finish this
  4. PlanetCloud
    I'm well aware inspect element can be used to get around this but at least users cannot accidentally register sensitive domains. See this topic: and the JS would be like "Whoops this is taken" or "Contains blacklisted keywords" before submit. If then someone were to register the sensitive/reserved keywords with inspect element or other ways.. we can blacklist their IP instead or something, as we now know they're malicious.
  5. PlanetCloud
    I got onto this late and I didn't read MOST of the posts but I say the JS to hide and restrict subdomains should be a Wybe plugin. @Anyx @AA22Dev. It should have a blacklisted domains (as in the hosting's cpanel domain), and blacklisted keywords.
  6. PlanetCloud
    I'm not going to stop you.... I'm just going to beat you https://imgur.com/a/TCTvwCY Is this how I'm going to be suppressed from reaching 2K posts? Oh nvm it's now approved ^W^
  7. PlanetCloud
    I see... Imagine if someone started a "chat" thread where people would "spam" messages there and raise their post count 🤔
  8. PlanetCloud
    Was late to the party wow... and will be busy for the next few days as well. Yes I'm going steady with my 1001th posts and may soon reach 1003! aaaand where's byet chat? for some reason my chat are always invincible there 🤔
  9. PlanetCloud
    Can't agree more.
  10. PlanetCloud
    Rest of the message: I am not a bot, I am a {{THIS_WORLD.WIKI.INTTELIGENCE_CREATURE.sort('desc').pop().take(1)}}. Thank You.
  11. PlanetCloud
    Beep boop ... To view the rest of the message please verify you're not a bot:
  12. PlanetCloud
    Oooo I see, okay
  13. PlanetCloud
    Hi, I came waaay too late. You may find these interesting: https://github.com/InfinityFreeHosting/mofh-client/issues/41, https://github.com/InfinityFreeHosting/mofh-client/issues/46. It has response samples n stuff. also the library itself is cool and you should use it instead of making new one.
  14. PlanetCloud
    I'm alive and not a bot. Here to say you're welcome.
  15. PlanetCloud
    You're welcome again. I'm still alive btw.
  16. PlanetCloud
    You're welcome.
  17. PlanetCloud
    #UXMatters Then check the logic code again, as you can just call it and return. About this, I also have a comment... shouldn't have used a single letter for the file name as it violates PSR rules. PSR is a coding style standard that I and many others use so we can easily work on other's code. Also it's a security risk now I realized it... Check again https://github.com/PlanetTheCloud/mofh-callback-client. Good
  18. PlanetCloud
    I see this is definitely a huge improvements from the previous version. Using CodeIgniter framework and avoiding most common security vulnerabilities, however there are still some yet these are a bit harder to exploit such as storing password only using hash (prone to rainbow table attack), some confusing logic such as: if($res) { if($this->mailer->is_active()) { return true; } return true; } return false; That could have been re-written as: if($res) { $this->mailer->is_active(); return true; } return false; or: return $res; Depending if the $this->mailer->is_active() call is needed or not, and many others I see that can be optimized or be more concise. Also there's a possibility for spam attacks where Admin's password kept getting reset, and also check this out: https://github.com/PlanetTheCloud/mofh-callback-client. Other notable mention is that when I request reset password for non-existent email, it says that the reset is successful instead of error indicating email is invalid. Either change the message to be more neutral such as "Check your inbox. If your account is with us, you'll receive an email.". I haven't dive in much deeper in other parts of the site but generally this has fixed most of the issues. Congratulations!
  19. PlanetCloud
    By the Support team?
  20. PlanetCloud
    I've updated the code to include this feature. // Function to be executed when an account has been suspended $callback->onAccountSuspended(function ($username, $reason, ..., $common_reason) { echo "Account {$username} has been suspended with the following reason: {$reason}"; if ($common_reason) { $reason = str_replace(['DAILY_EP', 'DAILY_CPU', 'DAILY_HIT', 'DAILY_IO'], ['Entry Process', 'CPU Usage', 'Website Hits', 'Input/Output'], $common_reason); } echo "Your account has been suspended because the daily {$reason} quota has been exhausted"; }); You can handle the reason quite elegantly as well.
  21. PlanetCloud
    Hmm I see... I've provided the reason to the suspended call. Your code should filter the reason to see if the cause of the suspension is x and notify the client appropriately. I'll try to implement another method to help with parsing common errors. Will code it tomorrow.
  22. PlanetCloud
    I'd like to point out that there's an issue with the domain availability API where if the account is being created but not activated yet, the domain can still be registered, as seen in the screenshot below: Both have the same main domain under different account. So you should not rely on MOFH API alone. # Check domain availability $domains = $db->select('accounts', 'id', ['main_domain' => $main_domain]); if (count($domains) > 0) { throw new Rejection('Domain is not available.'); } $response = MofhClient::availability($main_domain); if (!$response->isSuccessful()) { throw new Rejection('Domain is not available.'); } Here is my implementation to check the domain's availability. Please note that I make my own wrapper (MofhClient) to handle the errors that may be returned by the API. The errors are logged and will not be shown to the end user unless the DEBUG mode is enabled in the config.
  23. PlanetCloud
    Hmm, why should that be the case?
  24. PlanetCloud
    Ah... that's what you meant... well I have another way of handling that and also Project LOGGED (v1.x) is not meant to have anything to do with composer (yet).. I'll consider it though. I'm not sure will the inode limits be enough or how it will perform. Will have to do some testing.
  25. PlanetCloud
    Ah yes, I see... is that price for 1 user or for hostin companies to implement their builder? I think there's a difference....
×
×
  • Create New...