Jump to content
[MUST READ] Forum Rules ×
Important message for newcomers!

Xera Rebuild

Mahtab Hassan

By Mahtab Hassan
in MyOwnFreeHost General

 Share

Recommended Posts

Mahtab Hassan Collaborator

Mahtab Hassan

Posted
Posted

Hello everyone!

Previously i saw many people moving from mofhy or any other platform to xera and were facing a few issues that can be fixed by just a few efforts. 

Although i created xera but i was unable to completely understand it myself and it was also built on an outdated version of codeigniter(V3) and there was a few missing features as well.

So i was thinking to make a clientarea according to current user need and up-to-dated vendors. I'm going to use Codeigniter 4 with a few tweaks.

So I thought ask seniors for their suggestions on what features i should add in newly build clientarea which can go a long way.

Link to comment
Share on other sites
Fury_Craft Newbie

Fury_Craft

Posted
Posted

Maybe you can add these features:

  • Live language (language is set by your current browser language)
  • Auto records set for GoGetSSL verification, like Spookyhost and InfinityFree
  • Multiple OAuth (Google, Discord, Facebook, Github .... )
  • Other SSL providers
  • Sponsorship links (can access to a plan only with a link)
Link to comment
Share on other sites
User51 Contributor

User51

Posted
Posted

Glad to here that's in consideration, thank you for your works!

Start with the basics (GoGetSSL) and work up to more complex things.

My biggest suggestion is *please* keep the database structure the same. It's a pain to have to migrate everyone over. It would be a relief to just use the same database.

Also, if possible, please keep the code and file structure as similar as possible, to prevent having to remake a lot of links.

Thank you!

Link to comment
Share on other sites
Mahtab Hassan Collaborator

Mahtab Hassan

Posted
  • Author
Posted
11 hours ago, Fury_Craft said:

Maybe you can add these features:

  • Live language (language is set by your current browser language)
  • Auto records set for GoGetSSL verification, like Spookyhost and InfinityFree
  • Multiple OAuth (Google, Discord, Facebook, Github .... )
  • Other SSL providers
  • Sponsorship links (can access to a plan only with a link)

Will consider.

9 hours ago, TinkerMan said:

*Ahem* You forgot TinkerHost :)

 

- I would also suggest ZeroSSL as a provider to add, and LetsEncrypt if possible. 

ZeroSSL are not free meanwhile Let's Encrypt have a rate limit.

8 hours ago, User51 said:

Glad to here that's in consideration, thank you for your works!

Start with the basics (GoGetSSL) and work up to more complex things.

My biggest suggestion is *please* keep the database structure the same. It's a pain to have to migrate everyone over. It would be a relief to just use the same database.

Also, if possible, please keep the code and file structure as similar as possible, to prevent having to remake a lot of links.

Thank you!

Let me make it clear.

Firstly, every time i make something new the database structure will be updated as well because i always try to bring new features and cover old problems. 

Secondly, Codeigniter 4 have a different file and code structure compared to Codeigniter 3. It contains different security patches and some new features.

Here is a list of features I'm thinking to implement:

1. Basic Authentication.

All necessary features like registration and login page along with forgot password page. A user will have a passphrase to reset his/her password instead of requesting reset code.

2. Extended Support

Unlike the old version this version will contain a method for staff to directly move user queries to iFastNet Support team.

3. Multiple Language

Although this feature was present in older versions but in this case the admin have to register a language in a specific file in order to avoid corrupt files.

4. Custom Template

Although this feature was present in older versions but in this case the admin have to register a template in a specific file in order to avoid corrupt files.

5. Mofh and SSL in a file

I'm thinking to use file system for data storage instead of database to reduce query count.

6. Query Caching

I'm thinking to use query caching to prevent repeating a same query multiple times.

More coming soon...

Link to comment
Share on other sites
BastelPichi Proficient

BastelPichi

Posted
Posted
12 hours ago, TinkerMan said:

*Ahem* You forgot TinkerHost :)

 

- I would also suggest ZeroSSL as a provider to add, and LetsEncrypt if possible. 

Generally, just include an Acme client that isnt only tweaked for Lets Encrypt. If you use the proper client, you can have Google, ZeroSSL, Lets ENcrypt and Buypass all by changing just one line of code.

 

Maybe, generally, a kind of simple plugin managment. Thatd be suuuuuuper kool. Alltho thats prolly quite difficult...

Link to comment
Share on other sites
TinkerMan Experienced

TinkerMan

Posted
Posted
2 hours ago, Mahtab Hassan said:

only validate domain via a file validation.

Due note that free hosting has a limitation that says crawlers have to have cookies and JavaScript enabled in order to visit a website. So file validation most likely won’t work as the check for the file will never succeed. 

Link to comment
Share on other sites
BastelPichi Proficient

BastelPichi

Posted
Posted (edited)

IITCENTER IS NOT TRUSTED! They do not have a sub-ca, not do they have a secure keystore. All challenges are run from the production webserver! DO NOT IMPORT IITCENTER'S ROOT INTO YOUR BROWSER!

20 minutes ago, TinkerMan said:

Due note that free hosting has a limitation that says crawlers have to have cookies and JavaScript enabled in order to visit a website. So file validation most likely won’t work as the check for the file will never succeed. 

Theres an super easy bypass...

 

Also, Mahtab is an dev @ iitcenter, so, they could just change that. As they also dont have to stick to any guidelines, an implementation for dns would actually be quite easy.

 

Oh and @Mahtab Hassan .xyz domains are very sus

Edited by BastelPichi
Link to comment
Share on other sites
BastelPichi Proficient

BastelPichi

Posted
Posted (edited)
6 hours ago, User51 said:

Uhh...Screenshot-20230410-082959-Chrome.jpg

How about just sticking to GoGetSSL or ZeroSSL for now..? This really doesn't look like a good option.

That is interesting, I didnt get that. But check the idfastnet diascord server, we are haing a lill rant

The reason why mahtabs wants a collab is to get more people to IITCenter. Hes one of the devs.

 

Just this topic already got him 10 generated certs lmfao...

 

grafik.png

Ahyes.

 

And to make this sure, Xera and all of Mahtabs projects are great. Still, clickbait (in these amounts) and the rest of the stuff that is beeing done here, is simply a no-no.

Edited by BastelPichi
Link to comment
Share on other sites
User51 Contributor

User51

Posted
Posted
6 hours ago, BastelPichi said:

Oh and @Mahtab Hassan .xyz domains are very sus

abc.xyz

6 hours ago, BastelPichi said:

That is interesting, I didnt get that. But check the idfastnet diascord server, we are haing a lill rant

There's a discord?

13 hours ago, Mahtab Hassan said:

Firstly, every time i make something new the database structure will be updated as well because i always try to bring new features and cover old problems. 

Secondly, Codeigniter 4 have a different file and code structure compared to Codeigniter 3. It contains different security patches and some new features.

Sorry let me rephrase:

Keep it as similar as possible, or provide some easy way to migrate.

 

6 hours ago, BastelPichi said:

grafik.png

Ahyes.

 

And to make this sure, Xera and all of Mahtabs projects are great. Still, clickbait (in these amounts) and the rest of the stuff that is beeing done here, is simply a no-no.

"Free logo showcase widget"

The problem with something like this is that, people actually using this tool know what they're looking for. And if I see something that tells me I won a new phone and that you're trusted by Hostinger...

Make a free SSL tool sure. But not like this.

Link to comment
Share on other sites
BastelPichi Proficient

BastelPichi

Posted
Posted
6 hours ago, User51 said:

abc.xyz

There's a discord?

Sorry let me rephrase:

Keep it as similar as possible, or provide some easy way to migrate.

https://dsc.gg/ifastnet

 

Yeah, alphabet, still. WOuld you trust pichisdns.com or pichisdns.xyz better?

 

6 hours ago, User51 said:

"Free logo showcase widget"

The problem with something like this is that, people actually using this tool know what they're looking for. And if I see something that tells me I won a new phone and that you're trusted by Hostinger...

Make a free SSL tool sure. But not like this.

Im not sure about the scam thingy, yes, that is quite bad. (considering the root cert is stored on the same webserver)

And the SiteSeal they have shows an 404 ...

Link to comment
Share on other sites
TinkerMan Experienced

TinkerMan

Posted
Posted
45 minutes ago, BastelPichi said:

Theres an super easy bypass...

Yeah, but do you really want to tech users how to do that, when it may just lead to more issues later?

 

35 minutes ago, BastelPichi said:

Still, clickbait (in these amounts) and the rest of the stuff that is beeing done here, is simply a no-no.

Agree. Don’t use the logos of other companies without permission, especially if they don’t even know you exsist. That’s like extrema false advertising 

Link to comment
Share on other sites
Mahtab Hassan Collaborator

Mahtab Hassan

Posted
  • Author
Posted
6 hours ago, TinkerMan said:

Due note that free hosting has a limitation that says crawlers have to have cookies and JavaScript enabled in order to visit a website. So file validation most likely won’t work as the check for the file will never succeed. 

i will add dns validation soon

 

5 hours ago, TinkerMan said:

Yeah, but do you really want to tech users how to do that, when it may just lead to more issues later?

 

Agree. Don’t use the logos of other companies without permission, especially if they don’t even know you exsist. That’s like extrema false advertising 

firstly I'm not the website developer of this project. secondly if you notice the clientarea is forked from Mofhr and only did a few tweaks.

 

and also do i really need to advertise my ca here? if i really want to advertise my ca i can do it by paying google ads or other advertising platforms.

i just want to add this to my panel so i can make sure users are having good experience.

 

6 hours ago, BastelPichi said:

They do not have a sub-ca, not do they have a secure keystore.

They do

Company Root CA
https://iitcenter.xyz/panel/certificate/IITCRootX1.crt

Root CA
https://iitcenter.xyz/panel/certificate/IITCRootCertificationAuthority.crt

DV SUB CA
https://iitcenter.xyz/panel/certificate/IITCDVCertificationAuthority.crt

ECC SUB CA
https://iitcenter.xyz/panel/certificate/IITCECCCertificationAuthority.crt

 

Root certificate is submitted to CCADB for validation.

 

And I don't want anymore arguments on this topic.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Unfortunately, your content contains terms that we do not allow. Please edit your content to remove the highlighted words below.
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...