Mahtab Hassan Posted April 9, 2023 Share Posted April 9, 2023 Hello everyone! Previously i saw many people moving from mofhy or any other platform to xera and were facing a few issues that can be fixed by just a few efforts. Although i created xera but i was unable to completely understand it myself and it was also built on an outdated version of codeigniter(V3) and there was a few missing features as well. So i was thinking to make a clientarea according to current user need and up-to-dated vendors. I'm going to use Codeigniter 4 with a few tweaks. So I thought ask seniors for their suggestions on what features i should add in newly build clientarea which can go a long way. Quote Link to comment Share on other sites More sharing options...
Burke Knight Posted April 9, 2023 Share Posted April 9, 2023 Quote Link to comment Share on other sites More sharing options...
Mahtab Hassan Posted April 9, 2023 Author Share Posted April 9, 2023 17 minutes ago, Burke Knight said: 💗 Quote Link to comment Share on other sites More sharing options...
Fury_Craft Posted April 9, 2023 Share Posted April 9, 2023 Maybe you can add these features: Live language (language is set by your current browser language) Auto records set for GoGetSSL verification, like Spookyhost and InfinityFree Multiple OAuth (Google, Discord, Facebook, Github .... ) Other SSL providers Sponsorship links (can access to a plan only with a link) Quote Link to comment Share on other sites More sharing options...
TinkerMan Posted April 9, 2023 Share Posted April 9, 2023 1 hour ago, Fury_Craft said: Auto records set for GoGetSSL verification, like Spookyhost and InfinityFree *Ahem* You forgot TinkerHost - I would also suggest ZeroSSL as a provider to add, and LetsEncrypt if possible. Quote Link to comment Share on other sites More sharing options...
User51 Posted April 9, 2023 Share Posted April 9, 2023 Glad to here that's in consideration, thank you for your works! Start with the basics (GoGetSSL) and work up to more complex things. My biggest suggestion is *please* keep the database structure the same. It's a pain to have to migrate everyone over. It would be a relief to just use the same database. Also, if possible, please keep the code and file structure as similar as possible, to prevent having to remake a lot of links. Thank you! Quote Link to comment Share on other sites More sharing options...
Mahtab Hassan Posted April 10, 2023 Author Share Posted April 10, 2023 11 hours ago, Fury_Craft said: Maybe you can add these features: Live language (language is set by your current browser language) Auto records set for GoGetSSL verification, like Spookyhost and InfinityFree Multiple OAuth (Google, Discord, Facebook, Github .... ) Other SSL providers Sponsorship links (can access to a plan only with a link) Will consider. 9 hours ago, TinkerMan said: *Ahem* You forgot TinkerHost - I would also suggest ZeroSSL as a provider to add, and LetsEncrypt if possible. ZeroSSL are not free meanwhile Let's Encrypt have a rate limit. 8 hours ago, User51 said: Glad to here that's in consideration, thank you for your works! Start with the basics (GoGetSSL) and work up to more complex things. My biggest suggestion is *please* keep the database structure the same. It's a pain to have to migrate everyone over. It would be a relief to just use the same database. Also, if possible, please keep the code and file structure as similar as possible, to prevent having to remake a lot of links. Thank you! Let me make it clear. Firstly, every time i make something new the database structure will be updated as well because i always try to bring new features and cover old problems. Secondly, Codeigniter 4 have a different file and code structure compared to Codeigniter 3. It contains different security patches and some new features. Here is a list of features I'm thinking to implement: 1. Basic Authentication. All necessary features like registration and login page along with forgot password page. A user will have a passphrase to reset his/her password instead of requesting reset code. 2. Extended Support Unlike the old version this version will contain a method for staff to directly move user queries to iFastNet Support team. 3. Multiple Language Although this feature was present in older versions but in this case the admin have to register a language in a specific file in order to avoid corrupt files. 4. Custom Template Although this feature was present in older versions but in this case the admin have to register a template in a specific file in order to avoid corrupt files. 5. Mofh and SSL in a file I'm thinking to use file system for data storage instead of database to reduce query count. 6. Query Caching I'm thinking to use query caching to prevent repeating a same query multiple times. More coming soon... Quote Link to comment Share on other sites More sharing options...
Mahtab Hassan Posted April 10, 2023 Author Share Posted April 10, 2023 11 hours ago, Fury_Craft said: Other SSL providers I'm going to partner with a new ssl service provider named IITCenter Quote Link to comment Share on other sites More sharing options...
BastelPichi Posted April 10, 2023 Share Posted April 10, 2023 12 hours ago, TinkerMan said: *Ahem* You forgot TinkerHost - I would also suggest ZeroSSL as a provider to add, and LetsEncrypt if possible. Generally, just include an Acme client that isnt only tweaked for Lets Encrypt. If you use the proper client, you can have Google, ZeroSSL, Lets ENcrypt and Buypass all by changing just one line of code. Maybe, generally, a kind of simple plugin managment. Thatd be suuuuuuper kool. Alltho thats prolly quite difficult... Quote Link to comment Share on other sites More sharing options...
SpookyKipper Posted April 10, 2023 Share Posted April 10, 2023 3 hours ago, Mahtab Hassan said: IITCenter they only support file validation? I found this https://iitcenter.xyz/ Quote Link to comment Share on other sites More sharing options...
Mahtab Hassan Posted April 10, 2023 Author Share Posted April 10, 2023 55 minutes ago, SpookyKipper said: they only support file validation? I found this https://iitcenter.xyz/ currently we only validate domain via a file validation. Quote Link to comment Share on other sites More sharing options...
SpookyKipper Posted April 10, 2023 Share Posted April 10, 2023 36 minutes ago, Mahtab Hassan said: currently we only validate domain via a file validation. but byet free hosting won't support that Quote Link to comment Share on other sites More sharing options...
TinkerMan Posted April 10, 2023 Share Posted April 10, 2023 2 hours ago, Mahtab Hassan said: only validate domain via a file validation. Due note that free hosting has a limitation that says crawlers have to have cookies and JavaScript enabled in order to visit a website. So file validation most likely won’t work as the check for the file will never succeed. Quote Link to comment Share on other sites More sharing options...
BastelPichi Posted April 10, 2023 Share Posted April 10, 2023 (edited) IITCENTER IS NOT TRUSTED! They do not have a sub-ca, not do they have a secure keystore. All challenges are run from the production webserver! DO NOT IMPORT IITCENTER'S ROOT INTO YOUR BROWSER! 20 minutes ago, TinkerMan said: Due note that free hosting has a limitation that says crawlers have to have cookies and JavaScript enabled in order to visit a website. So file validation most likely won’t work as the check for the file will never succeed. Theres an super easy bypass... Also, Mahtab is an dev @ iitcenter, so, they could just change that. As they also dont have to stick to any guidelines, an implementation for dns would actually be quite easy. Oh and @Mahtab Hassan .xyz domains are very sus Edited April 10, 2023 by BastelPichi Quote Link to comment Share on other sites More sharing options...
User51 Posted April 10, 2023 Share Posted April 10, 2023 3 hours ago, SpookyKipper said: I found this https://iitcenter.xyz/ Uhh... How about just sticking to GoGetSSL or ZeroSSL for now..? This really doesn't look like a good option. Quote Link to comment Share on other sites More sharing options...
BastelPichi Posted April 10, 2023 Share Posted April 10, 2023 (edited) 6 hours ago, User51 said: Uhh... How about just sticking to GoGetSSL or ZeroSSL for now..? This really doesn't look like a good option. That is interesting, I didnt get that. But check the idfastnet diascord server, we are haing a lill rant The reason why mahtabs wants a collab is to get more people to IITCenter. Hes one of the devs. Just this topic already got him 10 generated certs lmfao... Ahyes. And to make this sure, Xera and all of Mahtabs projects are great. Still, clickbait (in these amounts) and the rest of the stuff that is beeing done here, is simply a no-no. Edited April 10, 2023 by BastelPichi Quote Link to comment Share on other sites More sharing options...
User51 Posted April 10, 2023 Share Posted April 10, 2023 6 hours ago, BastelPichi said: Oh and @Mahtab Hassan .xyz domains are very sus abc.xyz 6 hours ago, BastelPichi said: That is interesting, I didnt get that. But check the idfastnet diascord server, we are haing a lill rant There's a discord? 13 hours ago, Mahtab Hassan said: Firstly, every time i make something new the database structure will be updated as well because i always try to bring new features and cover old problems. Secondly, Codeigniter 4 have a different file and code structure compared to Codeigniter 3. It contains different security patches and some new features. Sorry let me rephrase: Keep it as similar as possible, or provide some easy way to migrate. 6 hours ago, BastelPichi said: Ahyes. And to make this sure, Xera and all of Mahtabs projects are great. Still, clickbait (in these amounts) and the rest of the stuff that is beeing done here, is simply a no-no. "Free logo showcase widget" The problem with something like this is that, people actually using this tool know what they're looking for. And if I see something that tells me I won a new phone and that you're trusted by Hostinger... Make a free SSL tool sure. But not like this. Quote Link to comment Share on other sites More sharing options...
BastelPichi Posted April 10, 2023 Share Posted April 10, 2023 6 hours ago, User51 said: abc.xyz There's a discord? Sorry let me rephrase: Keep it as similar as possible, or provide some easy way to migrate. https://dsc.gg/ifastnet Yeah, alphabet, still. WOuld you trust pichisdns.com or pichisdns.xyz better? 6 hours ago, User51 said: "Free logo showcase widget" The problem with something like this is that, people actually using this tool know what they're looking for. And if I see something that tells me I won a new phone and that you're trusted by Hostinger... Make a free SSL tool sure. But not like this. Im not sure about the scam thingy, yes, that is quite bad. (considering the root cert is stored on the same webserver) And the SiteSeal they have shows an 404 ... Quote Link to comment Share on other sites More sharing options...
User51 Posted April 10, 2023 Share Posted April 10, 2023 8 minutes ago, BastelPichi said: Yeah, alphabet, still. WOuld you trust pichisdns.com or pichisdns.xyz better? Good point 😆. Still would trust pichisdns.xyz more than pichisdns.tk Quote Link to comment Share on other sites More sharing options...
BastelPichi Posted April 10, 2023 Share Posted April 10, 2023 6 minutes ago, User51 said: Good point 😆. Still would trust pichisdns.xyz more than pichisdns.tk https://surbl.org/tld The reason why .com used so often should be obvious. Quote Link to comment Share on other sites More sharing options...
TinkerMan Posted April 10, 2023 Share Posted April 10, 2023 45 minutes ago, BastelPichi said: Theres an super easy bypass... Yeah, but do you really want to tech users how to do that, when it may just lead to more issues later? 35 minutes ago, BastelPichi said: Still, clickbait (in these amounts) and the rest of the stuff that is beeing done here, is simply a no-no. Agree. Don’t use the logos of other companies without permission, especially if they don’t even know you exsist. That’s like extrema false advertising Quote Link to comment Share on other sites More sharing options...
BastelPichi Posted April 10, 2023 Share Posted April 10, 2023 1 hour ago, TinkerMan said: Yeah, but do you really want to tech users how to do that, when it may just lead to more issues later? Well the CA would have to change somethign anyways, which is not gonna happen. Quote Link to comment Share on other sites More sharing options...
Mahtab Hassan Posted April 10, 2023 Author Share Posted April 10, 2023 6 hours ago, TinkerMan said: Due note that free hosting has a limitation that says crawlers have to have cookies and JavaScript enabled in order to visit a website. So file validation most likely won’t work as the check for the file will never succeed. i will add dns validation soon 5 hours ago, TinkerMan said: Yeah, but do you really want to tech users how to do that, when it may just lead to more issues later? Agree. Don’t use the logos of other companies without permission, especially if they don’t even know you exsist. That’s like extrema false advertising firstly I'm not the website developer of this project. secondly if you notice the clientarea is forked from Mofhr and only did a few tweaks. and also do i really need to advertise my ca here? if i really want to advertise my ca i can do it by paying google ads or other advertising platforms. i just want to add this to my panel so i can make sure users are having good experience. 6 hours ago, BastelPichi said: They do not have a sub-ca, not do they have a secure keystore. They do Company Root CA https://iitcenter.xyz/panel/certificate/IITCRootX1.crt Root CA https://iitcenter.xyz/panel/certificate/IITCRootCertificationAuthority.crt DV SUB CA https://iitcenter.xyz/panel/certificate/IITCDVCertificationAuthority.crt ECC SUB CA https://iitcenter.xyz/panel/certificate/IITCECCCertificationAuthority.crt Root certificate is submitted to CCADB for validation. And I don't want anymore arguments on this topic. Quote Link to comment Share on other sites More sharing options...
Burke Knight Posted April 10, 2023 Share Posted April 10, 2023 1. People need to learn to either edit posts, or do multi-quote. 2. Arguments will stop, or topic will be locked. 3. Any "no-no's" need to be fixed if this topic is to be continued. There are ToS's for a reason. Quote Link to comment Share on other sites More sharing options...
Mahtab Hassan Posted April 11, 2023 Author Share Posted April 11, 2023 13 hours ago, Burke Knight said: 1. People need to learn to either edit posts, or do multi-quote. 2. Arguments will stop, or topic will be locked. 3. Any "no-no's" need to be fixed if this topic is to be continued. There are ToS's for a reason. alright Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.