Ik ben bezig met een nieuwe rewrite van FlowPanel. GEBRUIK DE VERSIE VAN DE MASTER BRANCH NIET!
De nieuwe rewrite zal meer Object Oriented zijn, zo is mijn code cleaner. De volgende rewrite zal waarschijnlijk in Laravel ofzoiets zijn.
Rank management made easy
License: Apache License 2.0
Instead of iniating a Database connection in every method, I will have to let it connect once in __construct
sql_files file will be updates as soon as possible.
I have found a huge security concern in the new update. I will fix this asap
This is because the database query is executed every time which will result in an error.
These are the features that I am currently working on! If you want other features then leave a comment.
Adding audit log to the website
Adding a permission system
Making a registration system
Be wary of user data. A user can give the following username or reason:
<script>console.log("123")</script>
The script will then run for every user that visits the home
page, since you echo that in the table without checking that the input isn't malicious. This type of attack is called XSS or cross-site scripting.
The username and reason are examples of stored XSS: you store the value the attacker gives you and later you distribute it to (other) users.
You also have a reflected XSS in your code. That is when an attacker can create a link that might execute code. In your example: home.php?naam=javascript_here
. If an attacker can trick a user into going to that link, they can make that user execute whatever code they want.
Restricting the length of the possible usernames or reasons is not enough to mitigate malicious attacks. 255 characters is more than enough to steal someone's cookie, and thus their login (that's why a lot of sites ask you for your password again if you want to change it, even if you just logged in with it. That way even someone who stole your cookie can't change your password unless they knew it in the first place).
The moral of the story: "Never never never ever trust user input. Always assume the user is malicious."
Check every echo you do of user definable things. Add htmlspecialchars
to those to sanitize them. Maybe penalise users that you suspect are trying to attack you. You might also want to check out CSRF and mitigations (samesite, CSRF tokens, ...) in further development.
Title
Because of a wrong path reference in my code, Flowpanel will only work if you put it in the root folder. Otherwise it won't work and you will get an error. I am investigating this issue and trying to fix it as fast as possible.
This is the line that throws the issue:
Line 3 in fcf0bdc
Permission system is non existant but I will add it soon. This will be a big update and will include bug fixes and the new permission system. For now everyone can change everyone's rank which is not smart
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.