Jump to content
XCOMUFO & Xenocide

Xenochat


Darkhomb

Recommended Posts

So no one still uses IRC and I my last attempt was not successful to get people to chat and I was thinking how about integrating a chat into the forums? You click one link and it will pop up a new window and auto login with your user name on the board.. I have a test script on my server but it wont auto login, check it out. I even have different rooms for the diff departments and it looks nicer too.

[url="http://xenocide.2069.org/chat/"]http://xenocide.2069.org/chat/[/url]
Link to comment
Share on other sites

That's a really nice web chat client, maybe the best I've seen in a while. We went looking for a chat client to incorporate into the website a long while ago, but we didn't find anything worth putting up with.
Link to comment
Share on other sites

Well, me and some programmers are hanging all the time on IRC. Actually I think I always have something more important to do, but I'm there anyway ;).

There's awesome multi-platform IRC client XChat, that you can use to chat on IRC.

I really like the idea (and the look ;) ) of this java chat also. The only problem is deciding where we chat and chat :)
Link to comment
Share on other sites

[quote name='red knight' date='Mar 20 2006, 08:04 PM']If it is good, it could be a good idea to link to freenode #xenocide channel

Greetings
Red Knight
[right][post="151635"]<{POST_SNAPBACK}>[/post][/right][/quote]

Could it work as an IRC client? That flash chat
Link to comment
Share on other sites

[quote name='guyver6' date='Mar 20 2006, 08:41 PM']Could it work as an IRC client? That flash chat
[right][post="151651"]<{POST_SNAPBACK}>[/post][/right][/quote]
You mean like just being a nice webfrontend for #xenocide?
Link to comment
Share on other sites

Sorry to say it can not, they are currently trying to implement it. I just threw this out into the open because when I first came to this board I made a java and CGIIRC web page so people would have to download irc, and made the channels and stayed in the efnet servers and still no one came in. Now programmers use the irc but no one else So I decided to try this.

Though it does not yet support external irc servers. It can be integrated to this forum so all you have to do is click chat at the top and it will pop up a new window and auto login as the user you logged in the forum with. So its both easy and convenient, but still looks like no one will use it..
Link to comment
Share on other sites

It does let us log in. And it looks very nice. But where does this password authentication come from? I don't really trust that, especially since it's Flash.

I prefer a real IRC client.


cheers,

Thomas Edited by ATeX
Link to comment
Share on other sites

I'd appreciate it if you remove my name and other addresses from that. Obviously since I set the site up its my site. And even though that info comes with a simple whois script, I don't want it posted when there is no reason to. Why does it matter if its under construction? Though its not, that index has been there for years, I just put that there so whoever goes to my main site can't move forward. I have many uses for that server but none you need to know about.

The password isn't needed unless you’re an admin. Like I said, its made for this server so that’s my site for everyone to test, all you need is a username not a password unless i change it for people to register then the passwords would be safeguarded.

As for the security of it, just because its a 5 dollar script doesn't mean its cheap, and its not flash its php, the flash is just the interface, then there is something called group and public permissions on unix server, and if you don't know how mysql databases work on web servers then don't try to justify saying it seems bad.

And then your going to say you prefer a real irc client? Irc is on public servers and there is no security what so ever, and occasionally they run in debug mode so everything you say could be recorded. At least this way it would be server based and no one except admin could log anything (except the other people your talking to of course) but who needs that kind of security for this kind of chat anyways. But everything you pointed out holds nothing of relevance. Edited by Darkhomb
Link to comment
Share on other sites

Removed. My apologies.

I know it's PHP. This is what I do for living. I code Flash-PHP-XML-MySQL and by doing so, I also know the risks of security. Why it bothers me? Any person from Xenocide who has no clue about the authentication system can log in with their respective account details. Sniffing that with Flash is a piece of cake.

By having this said, I think I made myself clear why I prefer an IRC client.


greets,

Thomas
Link to comment
Share on other sites

[quote]Any person from Xenocide who has no clue about the authentication system can log in with their respective account details.[/quote]
With respective account details I mean the username and password used to enter the Xenocide forums. It has been said the chat would be connected to the DB from the forums and thus people are likely going to use their details.

[quote]Sniffing that with Flash is a piece of cake.[/quote]

It's not about personal details. Do you like your password to be sniffed?


greets,

Thomas
Link to comment
Share on other sites

Flash is a client side technology, for that you need to somehow give the ability to the client to perform tasks over the server.

The common way to do that (not the good way clearly) is to add a way to do a database query, giving a point of access that would in some cases provide you the ability to do an SQL injection attack if not properly coded.

A proper solution would be to provide a web service to wrap arround the boards authetication facility in that case it is way difficultier to perform an attack of those characteristics.

On the other hand, a client app is as vulnerable as the IRC protocol so I do not know what all this fuss is about.

Greetings
Red Knight Edited by red knight
Link to comment
Share on other sites

Ok, I completely misunderstood. I had that picture of the fake hotmail login pages in my head.

Besides that, as Red Knight explained, Flash is safe when you don't have the ability to decompile it and get the structure/list of the server side scripts that could possibly change, insert or query important data. I suggest we decompile it ourselves to see if that's possible.


greets,

Thomas
Link to comment
Share on other sites

That's also a possibility. But when you decompile, you have more insight in the PHP scripts as you can see how and what data is sent and received to the SWF, and how it's interpreted.

Doesn't matter anyhow. If this thing is safe enough, it would be nice to have a chat directly plugged into Xenocide's IPB forums.


greets,

Thomas Edited by ATeX
Link to comment
Share on other sites

Ok, if you want to be that worried about security, then I can just disable registration and no password is required, it can auto log you in with your username for the convenence with out requiring anything else but theres also the change someone else can already have your name then....
Link to comment
Share on other sites

What about:

- disabling the login panel (you enter directly when opening the chat)
- disabling the password (like you said)
- when entering, it automaticly gives you the same username (and because all usernames on the forum are unique, there will be no conflict)
- as a consequence: to access the chat, you must be logged on onto the forums
Link to comment
Share on other sites

If it is embedded into the forums there will be no login. and I think the password can be disabled as well. but Im not sure if you can change username inside or not.

If someone wants to help me test this i can put a temp vbb board on myserver and integrade this into it?
Link to comment
Share on other sites

I can help you a bit with that during the breaks.

Just in case it might not be customisable enough:

1) To alter it legally we must either ask the author if we can modify it a bit so it can easily be integrated into IPB. It might even be interesting when we give away the source code afterwards.

2) We code our own plugin (the ROI may be too low for this)

EDIT: 3) We search another plugin for IPB. After all, there are lots of them.

one of them with statistics and all: [url="http://www.123flashchat.com/ipb_chat.html"]http://www.123flashchat.com/ipb_chat.html[/url] Edited by ATeX
Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
×
×
  • Create New...