What do you think of my TeamSpeak website..

Do you Like it?


  • Total voters
    24

JetFox

Active Member
Sep 25, 2015
175
76
73
This has been a helluva long project over time six months easily on and off

But if ya don't mind let me know what you think http://beta.myfreeteamspeak.tk/
Features:
Transfer My Server, (Basically on the fly transfer, say one servers being ddosed transfer it to a new ip in a click of a button)
Generate the server (easy peasy lemon squeazy)
Generate Tokens Of Course
Uhh basically still in need of more recommendations to add but.. yeah.. that's about it so far..
 

swarmdeco

Member
Feb 27, 2016
25
48
48
Hey @JetFox , good work on the UI (Needs to keep improving!) but something REALLY IMPORTANT during software development is to keep an eye on security. I bypassed your login screen in less than a minute (I'll send you the details via PM, not going to go full disclousure, I'm not that kind of guy), and I can smell other vulnerabilities on your site...

An advice, NEVER let the security testing go at the last phase of a software development, there are some vulnerabilities that will make you re-write almost 50% of your code. If you launch this tool to the public as it is, it will damage your tool reputation (and yourself as a coder).

Keep it up my friend! Thank you for contributing with the community.
 
Last edited:

Asphyxia

Owner
Administrator
Apr 25, 2015
1,845
2
2,199
327
Nice work swarmdeco and thanks for being nice about it --- you earned bonus points around here. :cool:

Also, nice work at beginning to work with PHP JetFox. Keep on improving your development/programming skills, but definitely be careful about validating and sanitizing inputs. Users can for example put something evil in a username or password field to bypass a login or something 100X worse.

You can find information many places online on sanitizing and validating user input for PHP. If someone is entering an age, make sure the age is between 18 and 199 --- make sure it is an integer, you do not want half ages. If someone is entering an email, make sure it is an email and no --- PHP does not have a good way to validate emails by default, their email validation sucks really bad. :(

Refer to this: http://stackoverflow.com/questions/13073970/good-php-framework-for-strong-security

Also CodeIgniter is easy to use if you're working with a framework for the first time and has a great user guide which is really easy to understand.
https://www.codeigniter.com/

Here is a more advanced framework: http://www.zend.com/en

Definitely I encourage you to look around at open source project to see how they handle user accounts, registrations and all of that lovely stuff. It might make your head hurt, but it will hurt your head more if your website gets defaced and nothing works. ♥

If you want me to go through your PHP source with you, I am willing to point out any issues I see and help you solve the issues.
 
Last edited:

swarmdeco

Member
Feb 27, 2016
25
48
48
...
You can find information many places online on sanitizing and validating user input for PHP. If someone is entering an age, make sure the age is between 18 and 199 --- make sure it is an integer, you do not want half ages. If someone is entering an email, make sure it is an email and no --- PHP does not have a good way to validate emails by default, their email validation sucks really bad. :(

I usually encourage people to use Frameworks instead of Pure-Coding. You will miss something if you try to validate and sanitize everything by hand, belive me, you will. And it will take you A LOT OF TIME to do that as well... Frameworks includes pre-validating functions and SQLinjections/XSS protections by default (depends on the framework of course), and it will make your code maintenable, because now you understand your code, let me ask you in a year! hahaha

CodeIgniter is a PHP-Framework to build sites/apps with PHP, it comes with the MVC paradigm (Model-View-Controller, if you don't know what I'm talking here or what does that means I recommend you to study it! :D), it will take a little bit of time to learn it, but you'll speed your process 500%.

And if you want to go deeper, I usually make webapps using Django/Python, in matter of hours you can have a big webapps (check https://killboard-mdiazcl.rhcloud.com/kb/, I did that in an afternoon, pulls data from an API and parse it and store everything on a Database and show it nicely ;)).

Any help you might need send me a PM ;)
 

JetFox

Active Member
Sep 25, 2015
175
76
73
Nice work swarmdeco and thanks for being nice about it --- you earned bonus points around here. :cool:

Also, nice work at beginning to work with PHP JetFox. Keep on improving your development/programming skills, but definitely be careful about validating and sanitizing inputs. Users can for example put something evil in a username or password field to bypass a login or something 100X worse.

You can find information many places online on sanitizing and validating user input for PHP. If someone is entering an age, make sure the age is between 18 and 199 --- make sure it is an integer, you do not want half ages. If someone is entering an email, make sure it is an email and no --- PHP does not have a good way to validate emails by default, their email validation sucks really bad. :(

Refer to this: http://stackoverflow.com/questions/13073970/good-php-framework-for-strong-security


https://www.codeigniter.com/

Here is a more advanced framework: http://www.zend.com/en

Definitely I encourage you to look around at open source project to see how they handle user accounts, registrations and all of that lovely stuff. It might make your head hurt, but it will hurt your head more if your website gets defaced and nothing works. ♥

If you want me to go through your PHP source with you, I am willing to point out any issues I see and help you solve the issues.

Thanks for the information, I'll probably start rewriting most of it tonight.. I know it really really needs a rewrite from teamspeak code perspective and a quick question

$serversnapshot=$ts3->SnapshotCreate();
Creates a bunch of text with backslashes in it, but inserting those into a database removes every backslash.. Do you perhaps know a way to fix that?
 

DifferentUser

Member
Feb 19, 2016
53
23
58
You really need to escape every input you execute to your query this is a high security issue but dont worry its easy

google after mysql_real_escape_string and you will find your magic ;)
 

JetFox

Active Member
Sep 25, 2015
175
76
73
You really need to escape every input you execute to your query this is a high security issue but dont worry its easy

google after mysql_real_escape_string and you will find your magic ;)

Already have those in?
 

DifferentUser

Member
Feb 19, 2016
53
23
58
can you send me a pm with your code you use? then i will be able to help you out when i am at home around 2230
 

Asphyxia

Owner
Administrator
Apr 25, 2015
1,845
2
2,199
327
JetFox, I would consider after you do rewrite your development to release a copy of your current code (insecure, no offense) so that we can demonstrate what can happen. It would be a great demonstration/concept for all of our forum users (only if you don't mind). :)

https://forum.phalconphp.com/discus...mark-question-vs-raw-php-and-other-lang#C1118
This guy right here explains very well why to use a framework:
I don't think using raw php is really a smart option, unless you're doing something very simple... We're using frameworks because we want to organize better our application, have a philosophy of work, reduce the development time, make use of patterns of design, make the code more testable, use OOP programming with all its benefits, use a common structure with a community, frameworks provide built-in security, reduce the number of bugs, have an elegant architecture, increase reusability of code, etc.

Using Raw-PHP is coming back to the old years where PHP was a mix of sql, html and php, making the application less maintainable, making undesirable to work in an application, leading to bugs hard to detect, opening the door to security problems, etc.

Regarding the benchmarks, It's sad to see how most of the PHP frameworks are always in the latest positions specially the most robust ones, only the very basic are getting good results. Some frameworks are using direct raw access to databases or a database gateway (micro orm), giving good/bad results, Phalcon is compared using a full ORM like Doctrine (in Symfony/Silex).

If you compare:

Database-Server: Mysql Object Relational Mapper (ORM) classification: Full

You'll see that Phalcon seems to be the fastest full ORM in the PHP world so far.

In defense of the PHP world, I could say that all PHP frameworks must be loaded in every request, run the test and unload all the resources allocated, in counter part, some of the frameworks/tools tested are the webserver themselves, which gives an advantage that PHP does not have.
 
Last edited:

JetFox

Active Member
Sep 25, 2015
175
76
73
Will do, workin with codeigniter is pretty different, not used to it yet.. but will be

JetFox, I would consider after you do rewrite your development to release a copy of your current code (insecure, no offense) so that we can demonstrate what can happen. It would be a great demonstration/concept for all of our forum users (only if you don't mind). :)

https://forum.phalconphp.com/discus...mark-question-vs-raw-php-and-other-lang#C1118
This guy right here explains very well why to use a framework:
 

JetFox

Active Member
Sep 25, 2015
175
76
73
Would you recommend using CodeIgniter, or just rewriting my current code using PDO?



JetFox, I would consider after you do rewrite your development to release a copy of your current code (insecure, no offense) so that we can demonstrate what can happen. It would be a great demonstration/concept for all of our forum users (only if you don't mind). :)

https://forum.phalconphp.com/discus...mark-question-vs-raw-php-and-other-lang#C1118
This guy right here explains very well why to use a framework:
 

Asphyxia

Owner
Administrator
Apr 25, 2015
1,845
2
2,199
327
Would you recommend using CodeIgniter, or just rewriting my current code using PDO?
It would be easier to use PDO, but escape chars by itself is lazy. Validation should be done like I mentioned anyways. Make sure when someone clicks a button (submit), the PHP script called is first checking all user inputs possible. Is age an integer? Is username alpha-numeric (numbers/letters)? Is the email an email? There should be no non-email characters. Be very strict, you are the boss/owner of your server and everyone is your visitor, keep everyone in check. Use a whip on their ass or they will do it to you. You must be a nun and enforce every single rule/input VERY strictly.

Learning a framework does take some time and if you want a quick fix I do recommend using prepared statements (anywhere you have a $_GET or $_POST in your code, be very careful, that could turn into a knife at your neck and absolutely watch out on the queries/sql): http://www.w3schools.com/php/php_mysql_prepared_statements.asp
 

JetFox

Active Member
Sep 25, 2015
175
76
73
Went ahead and just messaged you source code... doesnt have much comments on it and is very messy but have fun? I know there are a bunch of vulnerabilities but I just wanted to get to know how certain things work with ts3 framework.

It would be easier to use PDO, but escape chars by itself is lazy. Validation should be done like I mentioned anyways. Make sure when someone clicks a button (submit), the PHP script called is first checking all user inputs possible. Is age an integer? Is username alpha-numeric (numbers/letters)? Is the email an email? There should be no non-email characters. Be very strict, you are the boss/owner of your server and everyone is your visitor, keep everyone in check. Use a whip on their ass or they will do it to you. You must be a nun and enforce every single rule/input VERY strictly.

Learning a framework does take some time and if you want a quick fix I do recommend using prepared statements (anywhere you have a $_GET or $_POST in your code, be very careful, that could turn into a knife at your neck and absolutely watch out on the queries/sql): http://www.w3schools.com/php/php_mysql_prepared_statements.asp
 
Top