CutCodeDown

Squire / Paladin => Milestones => Topic started by: Jason Knight on 2 Dec 2020, 09:36:25 am

Title: Milestone 02 Dec 2020 14:27 GMT
Post by: Jason Knight on 2 Dec 2020, 09:36:25 am
Alright, this one should actually work since rather than a rushed "here's where I'm at", this is a more polished and tested release where user creation, deletion, and editing is implemented, as are the one to many user permissions.

https://cutcodedown.com/paladinX/milestone_02_Dec_2020_14_27/

Again, see the installation instructions (https://forums.cutcodedown.com/index.php?topic=402.0) post for how to set things up.

Beware that the /setup routine requires that the database be EMPTY -- no tables -- before you start. Any existing tables should be wiped. I've put a "upgrade" option on my to-do list. For now because the data structures are so in-flux, I'm not willing to commit to that part YET.

Also note that the admin panel is 100% form driven off a single URI (/admin). As such it's very hard to XSS exploit, but normal navigation -- forward/back/refresh -- is UTTERLY BANJAXED. This is on purpose, and the errors you see are in fact EXPECTED. They'll even "break" if you try to open multiple admin tabs at once. (only the most recent one will work!)

Administration action pages are not revisitable or re-usable. PERIOD. Get used to it. You can't XSS if you can't predict what random hash is required on the form for actions to work.

'Cause that's how I roll.
Title: Re: Milestone 02 Dec 2020 14:27 GMT
Post by: Jason Knight on 2 Dec 2020, 10:01:53 am
actions/admin/admin.process.phpsource
Timestamp comments line 2..13

Milestone maker didn't remove old milestone on just this one file?

Error in stamp detection regex. Fixed for next release.
Title: Re: Milestone 02 Dec 2020 14:27 GMT
Post by: benanamen on 2 Dec 2020, 05:06:04 pm
Add new user problem

https://github.com/benanamen/paladinx/issues/1 (https://github.com/benanamen/paladinx/issues/1)
Title: Re: Milestone 02 Dec 2020 14:27 GMT
Post by: Jason Knight on 2 Dec 2020, 06:22:35 pm
Add new user problem

https://github.com/benanamen/paladinx/issues/1 (https://github.com/benanamen/paladinx/issues/1)

Please report using the format suggested in the sticky. Again, for me even that shithub page is useless broken crap that tells me as a user to go F*** myself.