#2039 posted by PepeLord86 on 2016/03/17 15:26:46
And Also, WHO THE HELL RUNS THIS SITE?!?
I know, right!?!
I don't know who those old guys are but think it's time for these dinosaurs to step aside and make room for some some new blood - I can help with this, I learned some javascripts in class the other day and I can put those codes in this website at no extra fee.
Also, I notice this website has lots of adverts which display as normal posts - e.g. the Louis Vuitton handbag ads - I assume these guys are your sponsors? - anyway I think it could really help the Louis Vuitton guys and increase your ad revenue if you had some sort of ad streaming down either side of the main page? (There's a lot of space here and it's a waste not to put it to good use)
Let me know if this sounds like something we can look at going forward, also I can advise re: SEO.
Hello, Microsoft Tech Support Here,
I have detected a virus on your website! If you give me access to the webserver, I'll get rid of it in no time!
lol
Triceratops
Anyone here play Primal Rage way back in the 90s in the arcade?
Seriously, yea while this site could stand to be upgraded / improved with new scrpiting etc, the chances of something being exploited also increases, so there is some wisdom in "keeping it simple" for now. Other Quake sites have these fancy gizmo's going and have either folded or lost alot of decent members or are borderline dead as far as new energy goes.
@Specialbomb, its fine to offer your help, but it sounded like maybe you were demanding access, so I can understand the "no thanks".
A long time ago, someone told me :
"If I need your help, I will ask for it"
Thought it was kind of rude, and very narrow minded, but has alot of truth to it. Lots of times people dont appreciate the help to begin with, and you give it out anyway, just a source for future disappointment....my 2 cents.
Teknoskillz
Yeah, I get that. It's like making a painting, and some random guy in the art community says "hey, can I help paint that?" If you let him, he just ends up messing you painting up.
Password Recovery
#2043 posted by digs on 2016/03/24 06:21:36
I can not recover my password. I enter my email, but the letter did not come. I tried to write to metlslime in on the problem, but he does not answer.
#2044 posted by metlslime on 2016/03/24 08:02:37
hmm, the email feature seems broken.
It's using PHP's mail() function, i haven't changed it in a long time, so maybe the server configuration has changed? Or, email services like gmail are rejecting the message. I will have to test soon.
Metlslime
I haven't changed the server config, but that doesn't mean anything. Sometimes there are config changed as a result of an update. I'll have a look at the log files, too.
Also
I tested it with a gmail address too, can you please check a different provider for the recipient so that we can exclude this as the reason?
#2047 posted by negke on 2016/03/26 19:21:28
Minor thing, but it just struck me that the headers of the forum categories are somewhat misleading. Last 10 Discussion threads and Last 10 News threads suggests they're the latest ones in terms of creation date, not the last ones with activity as it actually is.
Says You.
Waitasecond, Passwords Are Stored?!?!
You guys should switch to a hash security system NOW. It's not safe to store passwords like that.
#2050 posted by metlslime on 2016/03/29 01:46:23
it's true, so don't use the same password here as you use somewhere else.
Just To Be Sure
#2051 posted by Rick on 2016/03/29 15:59:04
To change password, just go to "Account", type in a new one and (type it again to) confirm?
#2052 posted by metlslime on 2016/03/29 17:27:54
Correct. I should probably make it more of an explicit process someday.
Hashing Is Easy
I'm pretty sure you can easily get a SHA hash generator working on this site in no time. Wikipedia has a great example,
https://en.wikipedia.org/wiki/Hash_function
Super easy to set up hashes, you just generate it and store it instead of a password on the server. The server takes the password, hashes it, stores it, and uses it for verification later.
#2054 posted by Spirit on 2016/03/30 23:53:08
Func is php so the simple password_hash() would be the best choice. Every thing else requires knowledge.
I would be more interested in HTTPS still.
HTTPS Would Also Be A Good Idea,
But would be pretty hard to implement now. Honestly, SHA is super easy to implement, especially since Spirit mentioned a function just for it in php. Honestly, just a days work really. HTTPS should be a later goal, but getting rid of the password storage system should be top priority.
Specific IPs
#2056 posted by khreathor on 2016/03/31 03:13:17
...and please block Tor exit nodes IPs for non-registered users. Someone posting here through Tor usually has bad intentions.
#2057 posted by Spirit on 2016/03/31 09:30:20
Please don't. Tor is a great tool to protect your privacy especially with func's stupid public IP display. It's no one's business.
Yo Metl
#2058 posted by negke on 2016/04/01 08:03:27
Go hash that shit!
#2059 posted by necros on 2016/04/02 01:48:42
Just don't make a hash of it.
#2060 posted by negke on 2016/04/06 09:38:06
Changing the password doesn't work, either.
Php
Have to check new php versions, when released they sometimes decide to depreciate some older codes, but I dont think they messed with sendmail in a while that ones too dangerous.
Gmail will sometimes reject mail unless the sender is now, IPV6 friendly..and you have IPV6 enabled on the sendmail server. I turned it off and only have IPV4 , so the mails can go thru.
#2062 posted by negke on 2016/04/09 10:28:54
Nevermind. Changing the password does work after all. It just requires enabling the http referer.
How Are You Hosting This?
Are you using a separate webserver, or are you self hosting?
|