Mahtab Hassan

Update: Minor bug fixes

https://github.com/mahtab2003/Xera/commit/732a2537d08661c03c9aeb6b5f8dfbaee2baf847

5 hours ago, TinkerMan said:

Nice! Can’t wait to see how this project continues!

Will start soon

Update: Routes updated for xera and fixed a few minor bugs.

Upcoming Updates: 

1. Self-signed SSL certificates Module for Xera (File-based) (Estimated Time: 2 Weeks).
2. Update SMTP Module (Codeignitor 3) (Estimated Time: 1 Week).
3. Add additional features modules (Estimated Time: Unknown).
4. Migration from CI-3 to CI-4 (Additional support for PHP 8.x) (Estimated Time: Unknown).
5. Built-in community forum for Xera (Estimated Time: Unknown).

That's it for now.

Xera development is live again and build will receive regular updates again

On 4/13/2023 at 11:01 AM, BastelPichi said:

Well in any way, I wouldnt make the work of integrating it nto Xera...

ok i will not add IITCenter to Xera. for any further questions ask in the IITCenter Topic.

any further post will only be related to Xera

1 hour ago, BastelPichi said:

I dont think you actually understand how this works. You need super crazy security to become a trusted CA. (Which you dont have). Also the CCADB only stores information about the certificate, not submit it to actual browsers.

 

Heres Microsofts page:

https://social.technet.microsoft.com/wiki/contents/articles/31633.microsoft-trusted-root-program-requirements.aspx

Mozillas page:

https://wiki.mozilla.org/CA/Application_Instructions

 

How come you are not the dev but still wrote the software and can add things to the software?

 

--- EDIT---

Source: https://cabforum.org/wp-content/uploads/CA-Browser-Forum-BR-1.8.7.pdf

Storing the certificate on a cpanel webserver doesnt seem like that to me

i don't have anything to do with the security stuff because I'm not responsible for that, you can ask @IITCenter about this problem

13 hours ago, Burke Knight said:

1. People need to learn to either edit posts, or do multi-quote.

2. Arguments will stop, or topic will be locked.

3. Any "no-no's" need to be fixed if this topic is to be continued. There are ToS's for a reason.

alright

6 hours ago, TinkerMan said:

Due note that free hosting has a limitation that says crawlers have to have cookies and JavaScript enabled in order to visit a website. So file validation most likely won’t work as the check for the file will never succeed. 

i will add dns validation soon

5 hours ago, TinkerMan said:

Yeah, but do you really want to tech users how to do that, when it may just lead to more issues later?

 

Agree. Don’t use the logos of other companies without permission, especially if they don’t even know you exsist. That’s like extrema false advertising 

firstly I'm not the website developer of this project. secondly if you notice the clientarea is forked from Mofhr and only did a few tweaks.

and also do i really need to advertise my ca here? if i really want to advertise my ca i can do it by paying google ads or other advertising platforms.

i just want to add this to my panel so i can make sure users are having good experience.

6 hours ago, BastelPichi said:

They do not have a sub-ca, not do they have a secure keystore.

They do

Company Root CA
https://iitcenter.xyz/panel/certificate/IITCRootX1.crt

Root CA
https://iitcenter.xyz/panel/certificate/IITCRootCertificationAuthority.crt

DV SUB CA
https://iitcenter.xyz/panel/certificate/IITCDVCertificationAuthority.crt

ECC SUB CA
https://iitcenter.xyz/panel/certificate/IITCECCCertificationAuthority.crt

Root certificate is submitted to CCADB for validation.

And I don't want anymore arguments on this topic.

55 minutes ago, SpookyKipper said:

they only support file validation?

I found this https://iitcenter.xyz/

currently we only validate domain via a file validation.

11 hours ago, Fury_Craft said:

Other SSL providers

I'm going to partner with a new ssl service provider named IITCenter

11 hours ago, Fury_Craft said:

Maybe you can add these features:

• Live language (language is set by your current browser language)
• Auto records set for GoGetSSL verification, like Spookyhost and InfinityFree
• Multiple OAuth (Google, Discord, Facebook, Github .... )
• Other SSL providers
• Sponsorship links (can access to a plan only with a link)

Will consider.

9 hours ago, TinkerMan said:

*Ahem* You forgot TinkerHost

 

- I would also suggest ZeroSSL as a provider to add, and LetsEncrypt if possible. 

ZeroSSL are not free meanwhile Let's Encrypt have a rate limit.

8 hours ago, User51 said:

Glad to here that's in consideration, thank you for your works!

Start with the basics (GoGetSSL) and work up to more complex things.

My biggest suggestion is *please* keep the database structure the same. It's a pain to have to migrate everyone over. It would be a relief to just use the same database.

Also, if possible, please keep the code and file structure as similar as possible, to prevent having to remake a lot of links.

Thank you!

Let me make it clear.

Firstly, every time i make something new the database structure will be updated as well because i always try to bring new features and cover old problems. 

Secondly, Codeigniter 4 have a different file and code structure compared to Codeigniter 3. It contains different security patches and some new features.

Here is a list of features I'm thinking to implement:

1. Basic Authentication.

All necessary features like registration and login page along with forgot password page. A user will have a passphrase to reset his/her password instead of requesting reset code.

2. Extended Support

Unlike the old version this version will contain a method for staff to directly move user queries to iFastNet Support team.

3. Multiple Language

Although this feature was present in older versions but in this case the admin have to register a language in a specific file in order to avoid corrupt files.

4. Custom Template

Although this feature was present in older versions but in this case the admin have to register a template in a specific file in order to avoid corrupt files.

5. Mofh and SSL in a file

I'm thinking to use file system for data storage instead of database to reduce query count.

6. Query Caching

I'm thinking to use query caching to prevent repeating a same query multiple times.

More coming soon...

17 minutes ago, Burke Knight said:

💗

Hello everyone!

Previously i saw many people moving from mofhy or any other platform to xera and were facing a few issues that can be fixed by just a few efforts. 

Although i created xera but i was unable to completely understand it myself and it was also built on an outdated version of codeigniter(V3) and there was a few missing features as well.

So i was thinking to make a clientarea according to current user need and up-to-dated vendors. I'm going to use Codeigniter 4 with a few tweaks.

So I thought ask seniors for their suggestions on what features i should add in newly build clientarea which can go a long way.

1 hour ago, TinkerMan said:

It’s really not a good idea, but I have to in order to display it to the user. 
 

Encrypting it is on my to-do list. 

i think you should encrypt private key and store it in a file with unique file structure with an unguessable name.

23 hours ago, TinkerMan said:

I'll just share the 5 lines of code I shared with you with everyone then!

 

(Also, the code does not even work, so...)

 

$fields = array(
  'domain_name'  => $domain,
  'key'  => $SQLSSLInfo['private_key']
);

$fields_string = http_build_query($fields);

 

thank you for sharing the code even though it is of no use.

On 4/6/2023 at 4:19 AM, SpookyKipper said:

Hello,

There isn't any official api to do this, but:

for my own free host, I modified Xera a bit and used JavaScript with the domain checker and cPanel login. I embed them in a (hidden) IFRAME and make 2 post requests within the IFRAME automatically using JavaScript, which the url is the vPanel endpoints.

i will try it

5 minutes ago, TinkerMan said:

I do. It’s a fairly new feature for me, and if possible, I would love to be the sole creator of it for awhile. 
 

I can give some things away though. All the code for the implementation is in PHP, noting has been modified with the vP to make this specific thing work (We all know what happens when you use frontend code, it just gets copied). 

PM me on discord for more 

i see

Hello everyone!

I was wondering, how to install ssl certificates after generating and add spf records without logging in to vPanel.

if anybody can explain. i will be very thankful 

21 hours ago, hello said:

@Mahtab HassanIt seems like that there is a new bug that mofhr and xera is having issues with creating web hosting accounts. They are all stuck on pending. Is this issue Byet side?

callback issue

you can find it in app/helpers/custom_helper.php

2 hours ago, hello said:

Where is that in Xera?

in same file where you get hash_salt from

4 hours ago, hello said:

@Mahtab HassanHello, can you confirm, how do I make the password hash on MOFH-R work on Xera? Because I moved back to Xera. The hash outcome seems a lot different.

Many thanks

copy hash_salt from constant.php 

8 hours ago, ChippyTech said:

Gave up on MOFH-R or Xera?

coding

On 2/7/2023 at 8:38 AM, hello said:

@Mahtab HassanMany other people have same problem

i just gave up

7 hours ago, hello said:

@Mahtab HassanNo possible way to fix it?

i don't think so

On 1/24/2023 at 1:04 PM, hello said:

@Mahtab HassanOk thanks

ok

On 1/2/2023 at 5:17 AM, hello said:

hello, how do I fix the email SMTP problem. When I press test it sends the tets email but when I reset password or something it doesn't send email

Thanks

i don't know.