Mahtab Hassan Posted May 13, 2022 Share Posted May 13, 2022 (edited) Introduction Xera Lite is a free web hosting solution for MyOwnFreeHost client and support management system designed to work with less specifications. Features Xera Lite features are listed below: 1. MOFH Api Integration 2. Support Ticket System 3. Easy Template System 4. User Management 5. SMTP Support Requirements Your server need to met minimal requirements: 1. PHP v5.6 or above. 2. MySQL v5.2 or above. 3. Valid SSL Certificate. Download Download it from Google Drive. Help Forum: fourm.xera.eu.org Email: [email protected] Edited May 13, 2022 by Mahtab Hassan Added Logo Quote Link to comment Share on other sites More sharing options...
Mahtab Hassan Posted May 13, 2022 Author Share Posted May 13, 2022 (edited) You can see the installation method from here. You can also check demo here. Edited May 13, 2022 by Mahtab Hassan Demo link added Quote Link to comment Share on other sites More sharing options...
Dimitris Posted May 13, 2022 Share Posted May 13, 2022 It's amazing to hear that Xera is ready for testing Just wanted to let you know that the google drive download link is not working and there's a recaptha problem (ERROR for site owner: Invalid site key) on the demo instance that prevents any user from logging in or signing up Quote Link to comment Share on other sites More sharing options...
Mahtab Hassan Posted May 13, 2022 Author Share Posted May 13, 2022 (edited) 8 minutes ago, Dimitris said: It's amazing to hear that Xera is ready for testing Just wanted to let you know that the google drive download link is not working and there's a recaptha problem (ERROR for site owner: Invalid site key) on the demo instance that prevents any user from logging in or signing up You can check now its fixed. I entered a wrong recaptcha key 😅.... Google Drive link is also working now... You can check installation method from xera fourm Edited May 13, 2022 by Mahtab Hassan Quote Link to comment Share on other sites More sharing options...
TinkerMan Posted May 13, 2022 Share Posted May 13, 2022 Looks good! I will take a more in depth look later. Quote Link to comment Share on other sites More sharing options...
Mahtab Hassan Posted May 13, 2022 Author Share Posted May 13, 2022 2 hours ago, TinkerMan said: Looks good! I will take a more in depth look later. Ok check it. I will upload it to a repository soon. Quote Link to comment Share on other sites More sharing options...
JaiktDev Posted May 14, 2022 Share Posted May 14, 2022 Umm, it doesn;t work. tabler files do not load nor the jquery. Database connection works, login doesn't work. I'm using php 7.4 localhost Quote Link to comment Share on other sites More sharing options...
JaiktDev Posted May 14, 2022 Share Posted May 14, 2022 Edit: It works, but only when put in the xera folder.... Quote Link to comment Share on other sites More sharing options...
Mahtab Hassan Posted May 14, 2022 Author Share Posted May 14, 2022 46 minutes ago, JaiktDev said: Umm, it doesn;t work. tabler files do not load nor the jquery. Database connection works, login doesn't work. I'm using php 7.4 localhost As described in documentation you need to change base url in config file. Base url not domain name. Base url should look like https://domain/directory/ or https://domain/directory/ then it will work fine. Remember https is recommended to use xera Quote Link to comment Share on other sites More sharing options...
Mahtab Hassan Posted May 14, 2022 Author Share Posted May 14, 2022 1 hour ago, BastelPichi said: The demo seems to be broken, but it defenetly looks good. What about ssl support? Will it be a plugin? SSL support will be added through plugins. Quote Link to comment Share on other sites More sharing options...
TinkerMan Posted May 14, 2022 Share Posted May 14, 2022 Once you push SSL, I will be looking at this a lot more closely. Right now, I’ve just about fixed MOFHY-Lite, and added almost all the features I want to it (Besides tiny things and aesthetics, the only big thing left is SSL). But the UI here looks a lot better then the one on MOFHY-Lite, keep up the great work! And can you fix the issue on “Create Account” in the demo version? Thanks! Quote Link to comment Share on other sites More sharing options...
Mahtab Hassan Posted May 14, 2022 Author Share Posted May 14, 2022 2 minutes ago, TinkerMan said: Once you push SSL, I will be looking at this a lot more closely. Right now, I’ve just about fixed MOFHY-Lite, and added almost all the features I want to it (Besides tiny things and aesthetics, the only big thing left is SSL). But the UI here looks a lot better then the one on MOFHY-Lite, keep up the great work! And can you fix the issue on “Create Account” in the demo version? Thanks! Well ok Quote Link to comment Share on other sites More sharing options...
TinkerMan Posted May 14, 2022 Share Posted May 14, 2022 Could you fix the ReCapcha error when creating a new account on the demo? Quote Link to comment Share on other sites More sharing options...
Mahtab Hassan Posted May 15, 2022 Author Share Posted May 15, 2022 12 hours ago, TinkerMan said: Could you fix the ReCapcha error when creating a new account on the demo? Recapture error? Quote Link to comment Share on other sites More sharing options...
PlanetCloud Posted May 15, 2022 Share Posted May 15, 2022 (edited) I see this is definitely a huge improvements from the previous version. Using CodeIgniter framework and avoiding most common security vulnerabilities, however there are still some yet these are a bit harder to exploit such as storing password only using hash (prone to rainbow table attack), some confusing logic such as: if($res) { if($this->mailer->is_active()) { return true; } return true; } return false; That could have been re-written as: if($res) { $this->mailer->is_active(); return true; } return false; or: return $res; Depending if the $this->mailer->is_active() call is needed or not, and many others I see that can be optimized or be more concise. Also there's a possibility for spam attacks where Admin's password kept getting reset, and also check this out: https://github.com/PlanetTheCloud/mofh-callback-client. Other notable mention is that when I request reset password for non-existent email, it says that the reset is successful instead of error indicating email is invalid. Either change the message to be more neutral such as "Check your inbox. If your account is with us, you'll receive an email.". I haven't dive in much deeper in other parts of the site but generally this has fixed most of the issues. Congratulations! Edited May 15, 2022 by PlanetCloud Quote Link to comment Share on other sites More sharing options...
TinkerMan Posted May 15, 2022 Share Posted May 15, 2022 7 hours ago, Mahtab Hassan said: Recapture error? Try creating an account in your demo version, you will see what I mean. 23 minutes ago, PlanetCloud said: this is definitely a huge improvements from the previous version. Awesome! So just a few small things to fix! Unfortunately I won’t be able to help much since I have not really learned that much about any PHP frameworks yet. Quote Link to comment Share on other sites More sharing options...
Mahtab Hassan Posted May 15, 2022 Author Share Posted May 15, 2022 (edited) 1 hour ago, PlanetCloud said: I see this is definitely a huge improvements from the previous version. Using CodeIgniter framework and avoiding most common security vulnerabilities, however there are still some yet these are a bit harder to exploit such as storing password only using hash (prone to rainbow table attack), some confusing logic such as: if($res) { if($this->mailer->is_active()) { return true; } return true; } return false; That could have been re-written as: if($res) { $this->mailer->is_active(); return true; } return false; or: return $res; Depending if the $this->mailer->is_active() call is needed or not, and many others I see that can be optimized or be more concise. Also there's a possibility for spam attacks where Admin's password kept getting reset, and also check this out: https://github.com/PlanetTheCloud/mofh-callback-client. Other notable mention is that when I request reset password for non-existent email, it says that the reset is successful instead of error indicating email is invalid. Either change the message to be more neutral such as "Check your inbox. If your account is with us, you'll receive an email.". I haven't dive in much deeper in other parts of the site but generally this has fixed most of the issues. Congratulations! Well it doesn't matter if a user try to reset an account password that is not yet created it will not process any request. By the way $this->mailer->is_active() is used to check whether the smtp mailing is enabled or not. If is enabled then an email will be sent to desired email and if disabled then it will return a boolean. For the callback you can simply check app/controller/C.php. I will add a salting method soon for password protection. By the way you can just simply create your custom templates by understanding some basic functions of Xera(documentation will be available soon). @PlanetCloud, @TinkerMan Thanks for your compliments. Edited May 15, 2022 by Mahtab Hassan Quote Link to comment Share on other sites More sharing options...
Mahtab Hassan Posted May 15, 2022 Author Share Posted May 15, 2022 35 minutes ago, TinkerMan said: Try creating an account in your demo version, you will see what I mean. Awesome! So just a few small things to fix! Unfortunately I won’t be able to help much since I have not really learned that much about any PHP frameworks yet. Well. There is an error while creating new accounts. I will fix it and upload the code on github repository soon. Quote Link to comment Share on other sites More sharing options...
JaiktDev Posted May 15, 2022 Share Posted May 15, 2022 40 minutes ago, TinkerMan said: I won’t be able to help much since I have not really learned that much about any PHP frameworks yet. true, i just started learning laravel Quote Link to comment Share on other sites More sharing options...
TinkerMan Posted May 15, 2022 Share Posted May 15, 2022 PHP Error was encountered Severity: Notice Message: Undefined variable: email Filename: models/Mofh.php Line Number: 163 Backtrace: File: /home/hostella/public_html/xera/app/models/Mofh.php Line: 163 Function: _error_handler File: /home/hostella/public_html/xera/app/controllers/U.php Line: 852 Function: create_account File: /home/hostella/public_html/xera/index.php Line: 315 Function: require_once @Shen Wei, at least I can submit the forum now, but still getting an error: Quote Link to comment Share on other sites More sharing options...
PlanetCloud Posted May 15, 2022 Share Posted May 15, 2022 2 hours ago, Mahtab Hassan said: Well it doesn't matter if a user try to reset an account password that is not yet created it will not process any request. #UXMatters Quote By the way $this->mailer->is_active() is used to check whether the smtp mailing is enabled or not. If is enabled then an email will be sent to desired email and if disabled then it will return a boolean. Then check the logic code again, as you can just call it and return. Quote For the callback you can simply check app/controller/C.php. About this, I also have a comment... shouldn't have used a single letter for the file name as it violates PSR rules. PSR is a coding style standard that I and many others use so we can easily work on other's code. Also it's a security risk now I realized it... Check again https://github.com/PlanetTheCloud/mofh-callback-client. Quote I will add a salting method soon for password protection. Good Quote Link to comment Share on other sites More sharing options...
Mahtab Hassan Posted May 16, 2022 Author Share Posted May 16, 2022 6 hours ago, BastelPichi said: PHP has Passwort hashing with saltsintegrated. lol Yes.... Quote Link to comment Share on other sites More sharing options...
Mahtab Hassan Posted May 16, 2022 Author Share Posted May 16, 2022 Xera is now available on github check it out here. Quote Link to comment Share on other sites More sharing options...
MeTooIDK Posted May 21, 2022 Share Posted May 21, 2022 On 5/13/2022 at 3:56 PM, Mahtab Hassan said: Introduction Xera Lite is a free web hosting solution for MyOwnFreeHost client and support management system designed to work with less specifications. Features Xera Lite features are listed below: 1. MOFH Api Integration 2. Support Ticket System 3. Easy Template System 4. User Management 5. SMTP Support Requirements Your server need to met minimal requirements: 1. PHP v5.6 or above. 2. MySQL v5.2 or above. 3. Valid SSL Certificate. Download Download it from Google Drive. Help Forum: fourm.xera.eu.org Email: [email protected] hi a eyes on logo Quote Link to comment Share on other sites More sharing options...
Mahtab Hassan Posted May 21, 2022 Author Share Posted May 21, 2022 2 hours ago, MeTooIDK said: hi a eyes on logo Yes, This is an eye of a fox. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.