129 posts
Location
I honestly don't know
Posted 25 June 2015 - 04:23 AM
HydroMail
powered by bedrock
What Is HydroMail
Spoiler
HydroMail Is an email client that works across mc servers and singleplayer worlds. and can send emails to real email addressesFeatures
Spoiler
- SHA256 Password Hashing
- Ability to send and receive emails
- a decent GUI, thanks to bedrock by oeed
Bugs (not the bunny)
Spoiler
do i even have to say what heppened here
if r == 'DS' th/en
.
please pm me if you find anyWhere can i get such an amazing program?
Spoiler
just run pastebin run a4RndyaN
or click here
http://pastebin.com/a4RndyaNhow do i create an account?
Spoiler
go to http://trey.playat.ch/Mail/how do I send emails to real email accounts (ex: gmail)?
Spoiler
when you are entering in the 'To' textbox of the 'send' window, enter a valid email address.
ex:
^the send screen^
^Send an email to the HydroMail User 'Bob'^
—————————————————————————————————————————-
^This will send an email to bob @ gmail.com^
note: to send an email to a real email address, such as gmail, you can use '@' and '[at]' interchangeably.
NOTE: If you send an email to a real email address, the recipient will not be able to reply!Screenshots
Spoiler
P.S. once you create an account, you should post it here. that way anyone can email you
mine is Trey
Edited on 15 September 2015 - 08:09 PM
283 posts
Posted 25 June 2015 - 04:25 AM
i was actually kind of hoping for bugs (yes the bunny)
but it is a cool system. nice work.
2679 posts
Location
You will never find me, muhahahahahaha
Posted 25 June 2015 - 09:04 AM
guess, my account name?
Creator
3790 posts
Location
Lincoln, Nebraska
Posted 25 June 2015 - 03:00 PM
Any particular reason this is in bytecode?
In the past, most people only do this to hide malicious intents.
1140 posts
Location
Kaunas, Lithuania
Posted 25 June 2015 - 05:13 PM
If the reason is to 'hide' the source code so it would be harder for hackers to hack your program then keep in mind that turning Lua bytecode back to Lua source is very easy. You shouldn't be worrying about the client side protection anyways, it's the server side that must be secured and prepared for invalid input.
1715 posts
Location
ACDC Town
Posted 25 June 2015 - 05:31 PM
I ran it on an advanced computer in LurCraft, and it gave me this error:
bios:14: [string "a4RndyaN"]:2 nesting of [[...]] is deprecated
I'll look at the code to see a problem. In the meantime, fiiiiiiiixx iiiitttt!!
…umm, I can't read bytecode.
Edited on 25 June 2015 - 03:32 PM
8543 posts
Posted 25 June 2015 - 05:43 PM
Downloads removed. Obfuscated installers serve only to hide malicious code within them and are not allowed. Please replace the installer with a clear text version.
1852 posts
Location
Sweden
Posted 25 June 2015 - 06:40 PM
What's the reason that you used bytecode? It's clearly not the option when posting something here on the forums, as it's stated by the comments above.
And how do you store the passwords on your server? Are you using salts? Is it hashed before it sends it to the webserver?
Security is important and we'd love some more information about the program if we're going to use it.
One final thing, please post some screenshots of the program, as it tends to attract more people to use your program.
1847 posts
Location
/home/dannysmc95
Posted 25 June 2015 - 08:02 PM
Either they want to be cool or they are doing something else with them messages…
129 posts
Location
I honestly don't know
Posted 25 June 2015 - 10:18 PM
I used bytecode because I didn't really feel comfortable with giving everyone the format for making calls to the php script, because someone may try to abuse it.
I'll post an installer later for the normal code, if that is what I have to do
1847 posts
Location
/home/dannysmc95
Posted 25 June 2015 - 10:35 PM
I used bytecode because I didn't really feel comfortable with giving everyone the format for making calls to the php script, because someone may try to abuse it.
I'll post an installer later for the normal code, if that is what I have to do
That is why you use santising scripts like my app store does to stop them from breaking or misusing anything!
1140 posts
Location
Kaunas, Lithuania
Posted 25 June 2015 - 10:37 PM
When writing a program which access the internet and that is public then it doesn't matter in what language it was written or in what environment it is running, people can easily find out the server and the PHP calls. Like I already mentioned you have to protect the server itself, you may even consider your own client to be malicious to your own server just because it can send messages to it. BTW, how are you securing the passwords?
1852 posts
Location
Sweden
Posted 25 June 2015 - 10:40 PM
- snip -
I totally agree with you there, it's the server who should protect against any "malicious" business or whatever.
And as he mentioned in the first post, he's using SHA256 hashing, he wasn't more specific than that.
129 posts
Location
I honestly don't know
Posted 26 June 2015 - 12:41 AM
ok i published the uncompiled program, please dont abuse it (i mean that in more ways than one…)
1029 posts
Location
Missouri, United States, America, Earth, Solar System, Milky Way, Universe 42B, Life Street, Multiverse, 4th Dimension
Posted 26 June 2015 - 05:21 AM
ok i published the uncompiled program, please dont abuse it (i mean that in more ways than one…)
how could they abuse it?
And how have you
compiled something?
1847 posts
Location
/home/dannysmc95
Posted 26 June 2015 - 08:57 AM
ok i published the uncompiled program, please dont abuse it (i mean that in more ways than one…)
In all honesty if you do not want anyone to abuse it set up a way to stop it via IP logging and blocking if they do a request more than 2 times a second, orrrrrr don't post it. Most people can handle it but I have a huge API on my server and people have attempted to abuse it so I set up ways of stopping it.
But yeah it's all up to you, but if you really have trust issues, don't post it…
129 posts
Location
I honestly don't know
Posted 26 June 2015 - 08:04 PM
yea i understand, but when someone creates this username: ' DROP TABLE users; its a bit concerning.
luckily i had some sql injection protection :D/>
1847 posts
Location
/home/dannysmc95
Posted 26 June 2015 - 10:21 PM
Yeah well it is probably someone reading what we are putting and trying it xD
2679 posts
Location
You will never find me, muhahahahahaha
Posted 26 June 2015 - 10:24 PM
That'd be ironical!
1847 posts
Location
/home/dannysmc95
Posted 26 June 2015 - 11:30 PM
That'd be ironical!
Pretty much!
1715 posts
Location
ACDC Town
Posted 28 June 2015 - 11:16 AM
This looks really cool, and it works in ccemuredux perfectly. Only I have a few suggestions.
1. Can you have the inbox area auto-update the emails every few seconds, or add a refresh button?
2. Assume this is possible with bedrock, can you have the body be typed as a multiline text box rather than a single scrolling line of text?
673 posts
Posted 28 June 2015 - 06:12 PM
you should make the usernames have to be in the same format as Minecraft usernames (numbers, letters, and underscores), I tried to make a user called
'); DROP TABLE users;--
and it let me ;-;
Good thing you said you had protection against SQL injection :P/>
EDIT: Just made an actual account, it's name is "Atenefyr"
EDIT 2: It would be wise if you made Username and Password local variables (or delete them when the program is closed). You should probably also add a salt to the passwords, and save the salt on the database.
EDIT 3: You seem to mention "null" a lot in the program, when in reality it's "nil".
EDIT 4: The "body" part of the email should be larger, possibly it's own view after you press some sort of "Continue" button.
Edited on 28 June 2015 - 04:28 PM
129 posts
Location
I honestly don't know
Posted 28 June 2015 - 06:28 PM
This looks really cool, and it works in ccemuredux perfectly. Only I have a few suggestions.
1. Can you have the inbox area auto-update the emails every few seconds, or add a refresh button?
2. Assume this is possible with bedrock, can you have the body be typed as a multiline text box rather than a single scrolling line of text?
a refresh button will be released in the next update, as or an auto refresh ill try to implement one
you should make the usernames have to be in the same format as Minecraft usernames (numbers, letters, and underscores), I tried to make a user called
'); DROP TABLE users;--
and it let me ;-;
Good thing you said you had protection against SQL injection :P/>
EDIT: Just made an actual account, it's name is "Atenefyr"
EDIT 2: It would be wise if you made Username and Password local variables. You should probably also add a salt to the passwords, and save the salt on the database.
i tried to make username and password local but for some reason the functions that used those variables thought they were null. ill play around with it and see if i can make it work
673 posts
Posted 28 June 2015 - 06:29 PM
you should make the usernames have to be in the same format as Minecraft usernames (numbers, letters, and underscores), I tried to make a user called
'); DROP TABLE users;--
and it let me ;-;
Good thing you said you had protection against SQL injection :P/>
EDIT: Just made an actual account, it's name is "Atenefyr"
EDIT 2: It would be wise if you made Username and Password local variables. You should probably also add a salt to the passwords, and save the salt on the database.
i tried to make username and password local but for some reason the functions that used those variables thought they were null. ill play around with it and see if i can make it work
I had a lot of feedback, sorry
EDIT 3: You seem to mention "null" a lot in the program, when in reality it's "nil".
EDIT 4: The "body" part of the email should be larger, possibly it's own view after you press some sort of "Continue" button.
They think it's nil because you define the variables later in the program when earlier functions can't access them. Lua is a little different than other scripting languages, which you seem to have came from.
Edited on 28 June 2015 - 04:33 PM
129 posts
Location
I honestly don't know
Posted 07 July 2015 - 08:11 AM
HydroMail will be down for a while, see OP for more info
673 posts
Posted 07 July 2015 - 03:27 PM
So basically you tried to make a backup but the server went down while you were making a backup, and you lost all your files. GG server owners 10/10 for no auto backups -IGN
Edited on 07 July 2015 - 01:27 PM
129 posts
Location
I honestly don't know
Posted 12 September 2015 - 03:58 AM
HydroMail Is Back (and much faster)