[Release] Signature Generator

Discussion in 'Community Discussion' started by powerdan, Jun 12, 2012.

  1. Hey together,

    I will not announce my Good Bye and Farewell but i have some Software for you:

    You know/remember the Delta Team Signatures? They were all servedy by a piece of software i release as open source today!

    If you want to use it, feel free. If you want to change it, feel free. It would be nice, if you send me an E-Mail if you are actual use it.

    Please notify the following important things:

    1. Your PHP Installation needs sqlite, gd and ttf Support.
    2. The Maindirectory, the members.db and the cache Directory needs to have Write Permissions for the webserver
    3. You can edit the Signatures via the /admin/ Interface. You have to set the .htaccess Protection correctly for that. In this htpasswd admin:admin are valid credentials.

    If you have questions, mail me.

    Dortmund, the 12th of June 2012
    Download: http://tools.mcdeltateam.com/signature.tar.gz
    FlevasGR, _Stads_ and Squizzel_Boy like this.
  2. Just reviewed the code, gets a thumbs up from me on implementation and security minus 2 things.

    The last line should be readfile($cacheFile) as that is MUCH more efficient than echo file_get_contents();

    Other than that, security mostly passes too, the code itself is perfectly fine and poses no vulnerabilities that I can see. however cache.php should not be in a public access directory as it provides a vulnerability to let someone constantly wipe the cache and waste resources. This should be locked to the admin interface. Looks like that code is duplicated as its already also at flush.php?

    So, anyone wanting to use this, It is perfectly safe for you to do, just delete cache.php in the top folder.

    And also, change the admin password! You can use this (a very rough guide but I guess its simple for people who have no clue what a shell is): http://www.htaccesstools.com/articles/create-password-for-htpasswd-file-using-php/

    You would open admin/.htpasswd (Your Windows computer may not see this file, but you should hopefully see it on your FTP client)

    and replace this:


    admin:$apr1$KfDBja27$8rLmBGY5v2Xx3F6dPa7mn0

    with

    admin:NEWPASSWORDGIBBERISHHERE

    Nice job sharing this power, as i'm sure it can be useful to some.
    PThagaard likes this.
  3. Did not really understand a word of that... :D
  4. Heh, if you don't, you probably shouldn't try to use his code anyways ;) Need at least a LITTLE tech understanding to manage a website... Otherwise you'll end up hacked and/or the code not working.
  5. I did not have even tried to understand it :p, so yeah. But I am 13 years old. And when I saw the first words of this post I stopped reading... :D
  6. There is a third vuln i know but doesnt really care of: Its possible to download the members.db SQL Lite table and see which Users are in the System.

    One word to the flush.php vuln: It was a hotfix because people want to change their avatar they have to wait till someone flushes the cache. So the idea was to give them people the opportunity to force a rebuild of the avatar. Because the script can only purge the cache ordner that is not a critical vuln. (And yeah the code is redudant because its not a real good structure. It was a 1-hour-performance and not a big deal project)

    Whatever: Thanks for the feedback
  7. well the nocache (w/e the spelling) in the actual index.php would take care of people wanting to manually reflush THEIR cache. No need to wipe out the entire cache directory :)

    Also, a redirect to the image instead of a passthrough may be even better to better support

    1) Browser caches
    2) HTTPd level performance improvements for static resources vs dynamic content.

    And you could move members.db into the admin directory.
  8. I was coding basic PHP when I was 13 :)
    _Stads_ likes this.
  9. 爆頭.png
  10. Thanks powerdan and goodbye! I hope and wish you the best for the future!
  11. I think some people misunterstood me. Sorry for that.

    I wanted to say that i stay on EMC and do NOT announce my goodbye like a lot other people yesterday
    _Stads_ likes this.
  12. Yay your staying! Still I wish you the best and thanks for the software! ;)
  13. Sorry to be a pain but does ANYONE have experience with google sites? I am wanting to host this tool on my google site...
  14. Hmmm, from my experiance google sites and anything other than html dont really go together
  15. Anyone?
  16. Oh sorry didn't see that! but I still need someone to help me...