PlanetCloud

I'm well aware inspect element can be used to get around this but at least users cannot accidentally register sensitive domains. See this topic:

and the JS would be like "Whoops this is taken" or "Contains blacklisted keywords" before submit.

If then someone were to register the sensitive/reserved keywords with inspect element or other ways.. we can blacklist their IP instead or something, as we now know they're malicious.

I got onto this late and I didn't read MOST of the posts but I say the JS to hide and restrict subdomains should be a Wybe plugin. @Anyx @AA22Dev.

It should have a blacklisted domains (as in the hosting's cpanel domain), and blacklisted keywords.

On 12/7/2022 at 12:39 PM, Burke Knight said:

That's basically what this thread is about, it seems. 😂

On 12/8/2022 at 12:35 PM, BastelPichi said:

2 posts? You honestly think thats gonna keep me away? IVE WORKED MY WAY WAY FROM THE GROUND, NOT EVEN PLANET CLOUD IS GONNA STOP ME

I WILL NOT REST UNLESS IM ON THE TOP OF THE LEADERBOARD LIST

I'm not going to stop you....

I'm just going to beat you

https://imgur.com/a/TCTvwCY

Is this how I'm going to be suppressed from reaching 2K posts?

Oh nvm it's now approved ^W^

I see... Imagine if someone started a "chat" thread where people would "spam" messages there and raise their post count 🤔

Was late to the party wow... and will be busy for the next few days as well.

Yes I'm going steady with my 1001th posts and may soon reach 1003!

aaaand where's byet chat? for some reason my chat are always invincible there 🤔

On 11/23/2022 at 8:07 PM, AA22Dev said:

cat results

Can't agree more.

13 hours ago, AA22Dev said:

Verified now let me see new messages...

 

Rest of the message:

I am not a bot, I am a {{THIS_WORLD.WIKI.INTTELIGENCE_CREATURE.sort('desc').pop().take(1)}}.

Thank You.

Beep boop ...

To view the rest of the message please verify you're not a bot:

Oooo I see, okay

Hi, I came waaay too late.

You may find these interesting: https://github.com/InfinityFreeHosting/mofh-client/issues/41, https://github.com/InfinityFreeHosting/mofh-client/issues/46.

It has response samples n stuff. also the library itself is cool and you should use it instead of making new one.

On 11/11/2022 at 4:40 AM, Anyx said:

I'd like to personally thank @Aqib and @PlanetCloud for their insanely talented work, introducing new scripts, improving and maintaining existing ones. It's safe to say this project would be nowhere without their hard work, so thank you for devoting your time to improving our MOFH experience.

I'm alive and not a bot. Here to say you're welcome.

3 minutes ago, Anyx said:

I'm going to be announcing 2.3.0 with Element removing and adding soon (forgot to announce we added element removing). Stay tuned!

Thanks again!

You're welcome again. 

I'm still alive btw.

You're welcome.

2 hours ago, Mahtab Hassan said:

Well it doesn't matter if a user try to reset an account password that is not yet created it will not process any request. 

#UXMatters

Quote

By the way $this->mailer->is_active() is used to check whether the smtp mailing is enabled or not. If is enabled then an email will be sent to desired email and if disabled then it will return a boolean.

Then check the logic code again, as you can just call it and return.

Quote

For the callback you can simply check app/controller/C.php.

About this, I also have a comment... shouldn't have used a single letter for the file name as it violates PSR rules. PSR is a coding style standard that I and many others use so we can easily work on other's code. Also it's a security risk now I realized it... Check again https://github.com/PlanetTheCloud/mofh-callback-client.

Quote

I will add a salting method soon for password protection. 

Good

I see this is definitely a huge improvements from the previous version. Using CodeIgniter framework and avoiding most common security vulnerabilities, however there are still some yet these are a bit harder to exploit such as storing password only using hash (prone to rainbow table attack), some confusing logic such as:

if($res)
{
	if($this->mailer->is_active())
	{
		return true;
	}
	return true;
}
return false;

That could have been re-written as:

if($res)
{
	$this->mailer->is_active();
	return true;
}
return false;

or:

return $res;

Depending if the $this->mailer->is_active() call is needed or not, and many others I see that can be optimized or be more concise.

Also there's a possibility for spam attacks where Admin's password kept getting reset, and also check this out: https://github.com/PlanetTheCloud/mofh-callback-client.

Other notable mention is that when I request reset password for non-existent email, it says that the reset is successful instead of error indicating email is invalid. Either change the message to be more neutral such as "Check your inbox. If your account is with us, you'll receive an email.".

I haven't dive in much deeper in other parts of the site but generally this has fixed most of the issues.

Congratulations!

37 minutes ago, TinkerMan said:

Update: The simicolons have been fixed.

By the Support team?

21 hours ago, PlanetCloud said:

Hmm I see... I've provided the reason to the suspended call. Your code should filter the reason to see if the cause of the suspension is x and notify the client appropriately. I'll try to implement another method to help with parsing common errors. Will code it tomorrow.

I've updated the code to include this feature.

// Function to be executed when an account has been suspended
$callback->onAccountSuspended(function ($username, $reason, ..., $common_reason) {
    echo "Account {$username} has been suspended with the following reason: {$reason}";
    if ($common_reason) {
        $reason = str_replace(['DAILY_EP', 'DAILY_CPU', 'DAILY_HIT', 'DAILY_IO'], ['Entry Process', 'CPU Usage', 'Website Hits', 'Input/Output'], $common_reason);
    }
    echo "Your account has been suspended because the daily {$reason} quota has been exhausted";
});

You can handle the reason quite elegantly as well.

2 hours ago, TinkerMan said:

So a reseller could tell their clients that they were suspended because of x, otherwise they will come to whatever support channel you have an go “Why am I suspended???  I want my account back!!! I did nothing worng! Please?”

my fairly accurate representation of an annoyed clieny. 

Hmm I see... I've provided the reason to the suspended call. Your code should filter the reason to see if the cause of the suspension is x and notify the client appropriately. I'll try to implement another method to help with parsing common errors. Will code it tomorrow.

I'd like to point out that there's an issue with the domain availability API where if the account is being created but not activated yet, the domain can still be registered, as seen in the screenshot below:

Both have the same main domain under different account. So you should not rely on MOFH API alone.

# Check domain availability
$domains = $db->select('accounts', 'id', ['main_domain' => $main_domain]);
if (count($domains) > 0) {
    throw new Rejection('Domain is not available.');
}
$response = MofhClient::availability($main_domain);
if (!$response->isSuccessful()) {
    throw new Rejection('Domain is not available.');
}

Here is my implementation to check the domain's availability. Please note that I make my own wrapper (MofhClient) to handle the errors that may be returned by the API. The errors are logged and will not be shown to the end user unless the DEBUG mode is enabled in the config.

8 hours ago, TinkerMan said:

Cool! Maybe just allow the temp suspensions to have their own call? Ex cpu, ep

Hmm, why should that be the case?

6 hours ago, TinkerMan said:

You have to send the custom domain to the MOFH API so the nameservers can be checked.

 

See: https://github.com/InfinityFreeHosting/mofh-client

• availability
  • domain: The domain name or subdomain to check.

 

	$client = Client::create();
	$request = $client->availability(['domain' => $FormData['domain']]);
	$response = $request->send();
	if($response->isSuccessful()==0&&strlen($response->getMessage())>1){
		//Something went wrong, display error message
		echo $response->getMessage();
		exit;
	}
	elseif($response->isSuccessful()==1&&$response->getMessage()==1){
		//The domain name can be used!
		echo $FormData['domain'];
		exit;
	}
	elseif($response->isSuccessful()==0&&$response->getMessage()==0){
		//Domain is already in use
		echo 'Sorry! domain name already registered';
		exit;
	}

 

Ah... that's what you meant... well I have another way of handling that and also Project LOGGED (v1.x) is not meant to have anything to do with composer (yet).. I'll consider it though. I'm not sure will the inode limits be enough or how it will perform. Will have to do some testing.

5 hours ago, TinkerMan said:

@PlanetCloud

Ah yes, I see... is that price for 1 user or for hostin companies to implement their builder? I think there's a difference....

34 minutes ago, TinkerMan said:

@PlanetCloud, you can get the basic code needed to validate domain names from MOFHY, just take care not to copy anything it it has become kind of famous for.

What do you mean validate domain names?

9 minutes ago, TinkerMan said:

What do you mean? It's free.

Very limited IIRC

6 minutes ago, Ostad Fardeen said:

Excellent! But can you add custom domain feature to next update so that users can sign up with their own custom domain?

Yes, will be considered on future version. Kindly advise the user to use any subdomain, and then add their custom domain afterwards through the cPanel.