Jump to content
[MUST READ] Forum Rules ×
Important message for newcomers!

Xera Lite || MyOwnFreeHost Clientarea

Mahtab Hassan
 Share

Recommended Posts

Mahtab Hassan Collaborator

Mahtab Hassan

Posted
Posted (edited)

7U5FSrn.png

Introduction

Xera Lite is a free web hosting solution for MyOwnFreeHost client and support management system designed to work with less specifications.

 

Features

Xera Lite features are listed below:

1. MOFH Api Integration

2. Support Ticket System

3. Easy Template System

4. User Management

5. SMTP Support

 

Requirements

Your server need to met minimal requirements:

1. PHP v5.6 or above.

2. MySQL v5.2 or above.

3. Valid SSL Certificate.

 

Download

Download it from Google Drive.

Help

Forum: fourm.xera.eu.org

Email: [email protected]

Edited by Mahtab Hassan
Added Logo
Link to comment
Share on other sites
  • Replies 106
  • Created
  • Last Reply

Top Posters In This Topic

Popular Days

Top Posters In This Topic

Popular Days

Dimitris Contributor

Dimitris

Posted
Posted

It's amazing to hear that Xera is ready for testing :D 

Just wanted to let you know that the google drive download link is not working and there's a recaptha problem (ERROR for site owner: Invalid site keyon the demo instance that prevents any user from logging in or signing up

Link to comment
Share on other sites
Mahtab Hassan Collaborator

Mahtab Hassan

Posted
  • Author
Posted (edited)
8 minutes ago, Dimitris said:

It's amazing to hear that Xera is ready for testing :D 

Just wanted to let you know that the google drive download link is not working and there's a recaptha problem (ERROR for site owner: Invalid site keyon the demo instance that prevents any user from logging in or signing up

You can check now its fixed. I entered a wrong recaptcha key 😅.... Google Drive link is also working now... You can check installation method from xera fourm

Edited by Mahtab Hassan
Link to comment
Share on other sites
Mahtab Hassan Collaborator

Mahtab Hassan

Posted
  • Author
Posted
46 minutes ago, JaiktDev said:

Umm, it doesn;t work. tabler files do not load nor the jquery. Database connection works, login doesn't work. I'm using php 7.4 localhost

As described in documentation you need to change base url in config file. Base url not domain name. Base url should look like https://domain/directory/ or https://domain/directory/ then it will work fine. Remember https is recommended to use xera

Link to comment
Share on other sites
TinkerMan Experienced

TinkerMan

Posted
Posted

Once you push SSL, I will be looking at this a lot more closely. Right now, I’ve just about fixed MOFHY-Lite, and added almost all the features I want to it (Besides tiny things and aesthetics, the only big thing left is SSL). But the UI here looks a lot better then the one on MOFHY-Lite, keep up the great work!

 

And can you fix the issue on “Create Account” in the demo version? Thanks!

Link to comment
Share on other sites
Mahtab Hassan Collaborator

Mahtab Hassan

Posted
  • Author
Posted
2 minutes ago, TinkerMan said:

Once you push SSL, I will be looking at this a lot more closely. Right now, I’ve just about fixed MOFHY-Lite, and added almost all the features I want to it (Besides tiny things and aesthetics, the only big thing left is SSL). But the UI here looks a lot better then the one on MOFHY-Lite, keep up the great work!

 

And can you fix the issue on “Create Account” in the demo version? Thanks!

Well ok

Link to comment
Share on other sites
PlanetCloud Collaborator

PlanetCloud

Posted
Posted (edited)

I see this is definitely a huge improvements from the previous version. Using CodeIgniter framework and avoiding most common security vulnerabilities, however there are still some yet these are a bit harder to exploit such as storing password only using hash (prone to rainbow table attack), some confusing logic such as: 

if($res)
{
	if($this->mailer->is_active())
	{
		return true;
	}
	return true;
}
return false;

That could have been re-written as: 

if($res)
{
	$this->mailer->is_active();
	return true;
}
return false;

or: 

return $res;

Depending if the $this->mailer->is_active() call is needed or not, and many others I see that can be optimized or be more concise.

Also there's a possibility for spam attacks where Admin's password kept getting reset, and also check this out: https://github.com/PlanetTheCloud/mofh-callback-client.

Other notable mention is that when I request reset password for non-existent email, it says that the reset is successful instead of error indicating email is invalid. Either change the message to be more neutral such as "Check your inbox. If your account is with us, you'll receive an email.".

I haven't dive in much deeper in other parts of the site but generally this has fixed most of the issues.

Congratulations!

 

Edited by PlanetCloud
Link to comment
Share on other sites
TinkerMan Experienced

TinkerMan

Posted
Posted
7 hours ago, Mahtab Hassan said:

Recapture error? 

Try creating an account in your demo version, you will see what I mean. 
 

23 minutes ago, PlanetCloud said:

this is definitely a huge improvements from the previous version.

Awesome! So just a few small things to fix! Unfortunately I won’t be able to help much since I have not really learned that much about any PHP frameworks yet. 

Link to comment
Share on other sites
Mahtab Hassan Collaborator

Mahtab Hassan

Posted
  • Author
Posted (edited)
1 hour ago, PlanetCloud said:

I see this is definitely a huge improvements from the previous version. Using CodeIgniter framework and avoiding most common security vulnerabilities, however there are still some yet these are a bit harder to exploit such as storing password only using hash (prone to rainbow table attack), some confusing logic such as: 

if($res)
{
	if($this->mailer->is_active())
	{
		return true;
	}
	return true;
}
return false;

That could have been re-written as: 

if($res)
{
	$this->mailer->is_active();
	return true;
}
return false;

or: 

return $res;

Depending if the $this->mailer->is_active() call is needed or not, and many others I see that can be optimized or be more concise.

Also there's a possibility for spam attacks where Admin's password kept getting reset, and also check this out: https://github.com/PlanetTheCloud/mofh-callback-client.

Other notable mention is that when I request reset password for non-existent email, it says that the reset is successful instead of error indicating email is invalid. Either change the message to be more neutral such as "Check your inbox. If your account is with us, you'll receive an email.".

I haven't dive in much deeper in other parts of the site but generally this has fixed most of the issues.

Congratulations!

 

Well it doesn't matter if a user try to reset an account password that is not yet created it will not process any request. 

 

By the way $this->mailer->is_active() is used to check whether the smtp mailing is enabled or not. If is enabled then an email will be sent to desired email and if disabled then it will return a boolean.

 

For the callback you can simply check app/controller/C.php.

 

I will add a salting method soon for password protection. 

 

By the way you can just simply create your custom templates by understanding some basic functions of Xera(documentation will be available soon).

 

@PlanetCloud, @TinkerMan Thanks for your compliments. 

Edited by Mahtab Hassan
Link to comment
Share on other sites
Mahtab Hassan Collaborator

Mahtab Hassan

Posted
  • Author
Posted
35 minutes ago, TinkerMan said:

Try creating an account in your demo version, you will see what I mean. 
 

Awesome! So just a few small things to fix! Unfortunately I won’t be able to help much since I have not really learned that much about any PHP frameworks yet. 

Well. There is an error while creating new accounts. I will fix it and upload the code on github repository soon. 

Link to comment
Share on other sites
TinkerMan Experienced

TinkerMan

Posted
Posted 
PHP Error was encountered

Severity: Notice

Message: Undefined variable: email

Filename: models/Mofh.php

Line Number: 163

Backtrace:

File: /home/hostella/public_html/xera/app/models/Mofh.php
Line: 163
Function: _error_handler

File: /home/hostella/public_html/xera/app/controllers/U.php
Line: 852
Function: create_account

File: /home/hostella/public_html/xera/index.php
Line: 315
Function: require_once

@Shen Wei, at least I can submit the forum now, but still getting an error:

 

 

Link to comment
Share on other sites
PlanetCloud Collaborator

PlanetCloud

Posted
Posted
2 hours ago, Mahtab Hassan said:

Well it doesn't matter if a user try to reset an account password that is not yet created it will not process any request. 

#UXMatters

Quote

By the way $this->mailer->is_active() is used to check whether the smtp mailing is enabled or not. If is enabled then an email will be sent to desired email and if disabled then it will return a boolean.

Then check the logic code again, as you can just call it and return.

Quote

For the callback you can simply check app/controller/C.php.

About this, I also have a comment... shouldn't have used a single letter for the file name as it violates PSR rules. PSR is a coding style standard that I and many others use so we can easily work on other's code. Also it's a security risk now I realized it... Check again https://github.com/PlanetTheCloud/mofh-callback-client.

Quote

I will add a salting method soon for password protection. 

Good

 

Link to comment
Share on other sites
MeTooIDK Enthusiast

MeTooIDK

Posted
Posted
On 5/13/2022 at 3:56 PM, Mahtab Hassan said:

7U5FSrn.png

Introduction

Xera Lite is a free web hosting solution for MyOwnFreeHost client and support management system designed to work with less specifications.

 

Features

Xera Lite features are listed below:

1. MOFH Api Integration

2. Support Ticket System

3. Easy Template System

4. User Management

5. SMTP Support

 

Requirements

Your server need to met minimal requirements:

1. PHP v5.6 or above.

2. MySQL v5.2 or above.

3. Valid SSL Certificate.

 

Download

Download it from Google Drive.

Help

Forum: fourm.xera.eu.org

Email: [email protected]

hi a eyes on logo

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Unfortunately, your content contains terms that we do not allow. Please edit your content to remove the highlighted words below.
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...