Voldemort Posted April 13, 2007 Share Posted April 13, 2007 This was a project I did last week with the help of a friend... it was originally a custom tagbox, but the added ajax and it now functions like a chatbox too. I pretty much need it tested for errors and vulnerabilities... oh, and here's a picture of the old admin panel... I updated it yesterday to include an admin posting area (so you don't have to post with a special name in order to get the bold/colored name) Link to comment https://forums.phpfreaks.com/topic/46834-test-my-tagboxchatbox/ Share on other sites More sharing options...
redbullmarky Posted April 13, 2007 Share Posted April 13, 2007 got a link? Link to comment https://forums.phpfreaks.com/topic/46834-test-my-tagboxchatbox/#findComment-228278 Share on other sites More sharing options...
Voldemort Posted April 13, 2007 Author Share Posted April 13, 2007 Ya, just woke up and realized that http://www.chatcubed.com/regular Link to comment https://forums.phpfreaks.com/topic/46834-test-my-tagboxchatbox/#findComment-228396 Share on other sites More sharing options...
MadTechie Posted April 13, 2007 Share Posted April 13, 2007 Erm.. Server problems mainly First thing is upgrade to PHP 5.2.1 PHP/4.4.4 has a few secuirty risks Session Spoffing Exploit http://www.chatcubed.com/regular/tmp/ Link to comment https://forums.phpfreaks.com/topic/46834-test-my-tagboxchatbox/#findComment-228412 Share on other sites More sharing options...
agentsteal Posted April 13, 2007 Share Posted April 13, 2007 Multiple users can register with the same username. User Enumeration: http://www.chatcubed.com/~root Link to comment https://forums.phpfreaks.com/topic/46834-test-my-tagboxchatbox/#findComment-228704 Share on other sites More sharing options...
Voldemort Posted April 13, 2007 Author Share Posted April 13, 2007 I still have it on PHP4 from testing... had to make sure it would still run (had a topic in the help section about that, now solved) How could I avoid the multiple usernames? Names are stored in a cookie, so I'm not really sure if it even could be done. Link to comment https://forums.phpfreaks.com/topic/46834-test-my-tagboxchatbox/#findComment-228887 Share on other sites More sharing options...
MadTechie Posted April 13, 2007 Share Posted April 13, 2007 will be harder.. you need to create a "whos online" or registration Link to comment https://forums.phpfreaks.com/topic/46834-test-my-tagboxchatbox/#findComment-228895 Share on other sites More sharing options...
Voldemort Posted April 13, 2007 Author Share Posted April 13, 2007 I don't think it's really worth the extra trouble... Where should I post if I want to see if my code can be simplified... I think I made it a bit too complicated. Link to comment https://forums.phpfreaks.com/topic/46834-test-my-tagboxchatbox/#findComment-228906 Share on other sites More sharing options...
MadTechie Posted April 13, 2007 Share Posted April 13, 2007 Php Help section subject could be "can this be optermized" or something Link to comment https://forums.phpfreaks.com/topic/46834-test-my-tagboxchatbox/#findComment-228908 Share on other sites More sharing options...
Voldemort Posted April 14, 2007 Author Share Posted April 14, 2007 Now that everything's how I want it, can anyone download it, test it, and tell me if they encounter any problems? I think I've fixed everything worth fixing, and now I just need to make sure it works anywhere. http://www.chatcubed.com/lmd18.zip Just a quick question: My 500 error page (when I 'Options NoIndex' the /tmp folder) shows the contact email as webmaster@chatcubed.mymaindomain.com. How do I make it not display the main domain, and just the chatcubed one? I've put in a blank index.htm for right now, but this problem has bugged me in the past. Link to comment https://forums.phpfreaks.com/topic/46834-test-my-tagboxchatbox/#findComment-229452 Share on other sites More sharing options...
corbin Posted April 21, 2007 Share Posted April 21, 2007 Glad to see that the username strips out <scr<script>ipt language="javascript">alert('hi');</sc<script>ript> Anyway, I didn't come across anything that was glitched or a security hole. Link to comment https://forums.phpfreaks.com/topic/46834-test-my-tagboxchatbox/#findComment-234485 Share on other sites More sharing options...
Voldemort Posted April 21, 2007 Author Share Posted April 21, 2007 thanks I'm now working on the look of it on a seperate domain and trying to work on the code. Link to comment https://forums.phpfreaks.com/topic/46834-test-my-tagboxchatbox/#findComment-234902 Share on other sites More sharing options...
Recommended Posts