Post: [PHP] SPRX/Projects Website
06-04-2017, 08:18 PM #1
(adsbygoogle = window.adsbygoogle || []).push({}); Please delete this thread.
Last edited by HamoodDev ; 06-14-2018 at 04:28 PM. Reason: DELETED

The following 4 users say thank you to HamoodDev for this useful post:

Black Panther, gοd, tyman1294, xPurpBoyyx

The following user groaned HamoodDev for this awful post:

JB
11-30-2017, 03:56 AM #74
Fred
I am error
Originally posted by JB View Post
This is nothing compared to the heaps of other vulnerabilities in this code.


Please write something, or just upload something you have laying around so I can actually learn something from someone that knows what the fuck they are doing. Even I can look at this and see the pile of shit that it is. I just want to see something done by a pro simply so I can learn from the best practices.
11-30-2017, 03:39 PM #75
JB
[i]Remember, no Russian.[/i]
Originally posted by Fred View Post
Please write something, or just upload something you have laying around so I can actually learn something from someone that knows what the fuck they are doing. Even I can look at this and see the pile of shit that it is. I just want to see something done by a pro simply so I can learn from the best practices.


I've got some stuff I wrote over a year ago on my Github account. I'm actually working on a port of Inferno Shoutbox to IPB4 (and possibly Flarum & xenForo 2) of which I'm happy to share the code with you.
11-30-2017, 03:49 PM #76
JB
[i]Remember, no Russian.[/i]
Originally posted by HamoodDev View Post
i'm still learning, can't you guess from the fucking code?


Yes, and the point of my rant is that you understand the seriousness of the implications of leaving vulnerabilities in your code. It is not meant as a personal attack but as a way for you to understand how much of an issue vulnerabilities can be. No developer wants to release vulnerable code but it does happen, even to the best at times. The important thing is that you learn from these mistakes, how to patch them quickly and effectively, and how to avoid similar pitfalls the next time you write something.

Simply throwing a temper tantrum and saying "i'm still learning, can't you guess from the fucking code?" when I am doing you a favour and telling your users to drop this vulnerable code is not the correct response. I am more than willing to show you where the issues in your code are in private (so they aren't disclosed in a public-facing forum), but not if you are going to respond like this. Own your mistakes, and don't make excuses. Excuses are a sign of a bad developer.

Also, please quote me next time as otherwise I'll likely not see your reply. I don't often go hunting for responses. You can add me on Discord if you want to speak privately. Marzz#1238
12-06-2017, 03:26 AM #77
CyberNomadic
Web Developer
Uses PDO but doesn't sanitize? Hmm. I may not be as harsh as JB here ,but for a newbie it is fine, however when releasing something, ALWAYS remember to make sure your code is 100% secure. You are putting the information of people in your hands and potentially at risk. I would reccomend closing the source until the vulns are fixed.
12-06-2017, 07:38 PM #78
JB
[i]Remember, no Russian.[/i]
Originally posted by CyberNomadic View Post
Uses PDO but doesn't sanitize? Hmm. I may not be as harsh as JB here ,but for a newbie it is fine, however when releasing something, ALWAYS remember to make sure your code is 100% secure. You are putting the information of people in your hands and potentially at risk. I would reccomend closing the source until the vulns are fixed.


One of the points of using PDO is to use prepared statements which heavily implies you should be preparing queries which in turns provides sanitization when done right. There's no excuse these days for SQL injections.

The following user thanked JB for this useful post:

CyberNomadic
12-07-2017, 01:11 AM #79
CyberNomadic
Web Developer
Originally posted by JB View Post
One of the points of using PDO is to use prepared statements which heavily implies you should be preparing queries which in turns provides sanitization when done right. There's no excuse these days for SQL injections.


True true. Long time no talk,glad to see you're still around.

The following user thanked CyberNomadic for this useful post:

JB
12-07-2017, 01:12 AM #80
JB
[i]Remember, no Russian.[/i]
Originally posted by CyberNomadic View Post
True true. Long time no talk,glad to see you're still around.


Aye man it's been too long. Are you on discord? Think I saw you in MLB's server.
12-12-2017, 04:40 PM #81
Algebra
[move]mov eax, 69[/move]
Originally posted by JB View Post
[s]Why are you supporting a version of PHP that is almost EOL, and more importantly not supporting a version that has massive enhancements, improvements and optimisations?[/s] Saw in the comments above it now supports PHP 7.

Also, please try to adhere to certain code standards, namely PSR-1 and PSR-2 at a very minimum.

Edit for anyone who will be downloading this to use in a production environment

Don't. It's full of vulnerabilities, poor code and in some cases, site-breaking bugs. Honestly, considering it's using PDO (which fully supports prepared & sanitized statements), I was shocked to see there's fucking SQL injection vectors in the source. If necessary I'll fucking write a replacement to this, because it's god damn awful. If any of you are using this, remove it instantly or risk putting your website, server and users at risk of exploitation.


Man I just looked at this source lol
12-12-2017, 04:46 PM #82
Algebra
[move]mov eax, 69[/move]
Originally posted by JB View Post
Aye man it's been too long. Are you on discord? Think I saw you in MLB's server.


The source it's self needs to be rewritten from the actual shell of the website to the very end. There's no helping this source and you'd be crazy to even attempt to fix it.

Copyright © 2024, NextGenUpdate.
All Rights Reserved.

Gray NextGenUpdate Logo