Jump to content


Photo

Xenochat


  • Please log in to reply
30 replies to this topic

#1 Darkhomb

Darkhomb

    Captain

  • Xenocide Artwork Department
  • 628 posts

Posted 20 March 2006 - 06:15 AM

So no one still uses IRC and I my last attempt was not successful to get people to chat and I was thinking how about integrating a chat into the forums? You click one link and it will pop up a new window and auto login with your user name on the board.. I have a test script on my server but it wont auto login, check it out. I even have different rooms for the diff departments and it looks nicer too.

http://xenocide.2069.org/chat/

#2 Vaaish

Vaaish

    Artwork Department

  • Xenocide Inactive
  • 1,625 posts

Posted 20 March 2006 - 08:29 AM

well it appears to let me log in :) no one seems to be on there.

#3 Micah

Micah

    Colonel

  • [[Administrators]]
  • PipPipPipPipPip
  • 2,290 posts

Posted 20 March 2006 - 11:15 AM

That's a really nice web chat client, maybe the best I've seen in a while. We went looking for a chat client to incorporate into the website a long while ago, but we didn't find anything worth putting up with.

#4 guyver6

guyver6

    Captain

  • Xenocide Programming Department
  • 599 posts

Posted 20 March 2006 - 01:02 PM

Well, me and some programmers are hanging all the time on IRC. Actually I think I always have something more important to do, but I'm there anyway ;).

There's awesome multi-platform IRC client XChat, that you can use to chat on IRC.

I really like the idea (and the look ;) ) of this java chat also. The only problem is deciding where we chat and chat :)
Posted Image
Sourceforge: guyver6
LinkedIn: Andrzej Haczewski
"A good business idea, they say, can be explained in one sentence. Similarly, each program entity should have one clear purpose."

Join #xenocide at irc.freenode.net.

#5 red knight

red knight

    Xenocide Project Leader

  • Xenocide Inactive
  • 3,310 posts

Posted 20 March 2006 - 01:04 PM

If it is good, it could be a good idea to link to freenode #xenocide channel

Greetings
Red Knight
Sourceforge Nick: flois - Federico Andres Lois
Visit my blog at: flois.blogspot.com

Posted Image

Pookie cover me, I am going in.

#6 Mr_S

Mr_S

    Sergeant

  • Xenocide Sound Department
  • 53 posts

Posted 20 March 2006 - 01:11 PM

nobody on the chat....a pity, this is a good job : nice interface, easy to use !!! congratulations !

To be or not to be - Shakespeare
To do is to be - Socrate
To be is to do - Aristote
To be do be do - Sinatra

#7 guyver6

guyver6

    Captain

  • Xenocide Programming Department
  • 599 posts

Posted 20 March 2006 - 01:41 PM

If it is good, it could be a good idea to link to freenode #xenocide channel

Greetings
Red Knight

<{POST_SNAPBACK}>


Could it work as an IRC client? That flash chat
Posted Image
Sourceforge: guyver6
LinkedIn: Andrzej Haczewski
"A good business idea, they say, can be explained in one sentence. Similarly, each program entity should have one clear purpose."

Join #xenocide at irc.freenode.net.

#8 Mad

Mad

    Creative Text Department

  • [Xenocide Senior Members]
  • 1,958 posts

Posted 20 March 2006 - 01:48 PM

Could it work as an IRC client? That flash chat

<{POST_SNAPBACK}>

You mean like just being a nice webfrontend for #xenocide?
Keep smiling while dying

Of course I have gone mad with power! It would be completely ridiculous to go mad without power!
And no, this is not a quote from the Simpson's movie, I want it on paper, that I actually wrote that quite some time before the movie came out.

Posted Image

#9 Darkhomb

Darkhomb

    Captain

  • Xenocide Artwork Department
  • 628 posts

Posted 20 March 2006 - 04:03 PM

Sorry to say it can not, they are currently trying to implement it. I just threw this out into the open because when I first came to this board I made a java and CGIIRC web page so people would have to download irc, and made the channels and stayed in the efnet servers and still no one came in. Now programmers use the irc but no one else So I decided to try this.

Though it does not yet support external irc servers. It can be integrated to this forum so all you have to do is click chat at the top and it will pop up a new window and auto login as the user you logged in the forum with. So its both easy and convenient, but still looks like no one will use it..

#10 ATeX

ATeX

    Sound Department

  • Xenocide Inactive
  • 545 posts

Posted 20 March 2006 - 05:07 PM

It does let us log in. And it looks very nice. But where does this password authentication come from? I don't really trust that, especially since it's Flash.

I prefer a real IRC client.


cheers,

Thomas

Edited by ATeX, 21 March 2006 - 03:46 AM.


#11 Darkhomb

Darkhomb

    Captain

  • Xenocide Artwork Department
  • 628 posts

Posted 20 March 2006 - 06:25 PM

I'd appreciate it if you remove my name and other addresses from that. Obviously since I set the site up its my site. And even though that info comes with a simple whois script, I don't want it posted when there is no reason to. Why does it matter if its under construction? Though its not, that index has been there for years, I just put that there so whoever goes to my main site can't move forward. I have many uses for that server but none you need to know about.

The password isn't needed unless youíre an admin. Like I said, its made for this server so thatís my site for everyone to test, all you need is a username not a password unless i change it for people to register then the passwords would be safeguarded.

As for the security of it, just because its a 5 dollar script doesn't mean its cheap, and its not flash its php, the flash is just the interface, then there is something called group and public permissions on unix server, and if you don't know how mysql databases work on web servers then don't try to justify saying it seems bad.

And then your going to say you prefer a real irc client? Irc is on public servers and there is no security what so ever, and occasionally they run in debug mode so everything you say could be recorded. At least this way it would be server based and no one except admin could log anything (except the other people your talking to of course) but who needs that kind of security for this kind of chat anyways. But everything you pointed out holds nothing of relevance.

Edited by Darkhomb, 20 March 2006 - 07:00 PM.


#12 ATeX

ATeX

    Sound Department

  • Xenocide Inactive
  • 545 posts

Posted 21 March 2006 - 03:51 AM

Removed. My apologies.

I know it's PHP. This is what I do for living. I code Flash-PHP-XML-MySQL and by doing so, I also know the risks of security. Why it bothers me? Any person from Xenocide who has no clue about the authentication system can log in with their respective account details. Sniffing that with Flash is a piece of cake.

By having this said, I think I made myself clear why I prefer an IRC client.


greets,

Thomas

#13 fux0r666

fux0r666

    Alien Concept Task Force

  • Xenocide Artwork Department
  • 1,028 posts

Posted 21 March 2006 - 05:02 AM

if you're present on an IRC server, /who and /whois queeries are easily done by anyone. Perhaps you would more fully explain your objection, AteX.

Here I go an angry brother gonna make his move
But can I buck him in the city so I never lose?
See I'm a get him in the crowd with a couple heavies
And lay the barrel to the ground, hold the gat steady
And now I'm ready for my adversary, talk is cheap
I'm looking for a way to make a plan gonna keep it neat
So don't be telling me to get the non-violent spirit
'cause when I'm violent is the only time the devils hear it
'cause all I want to see is m****f***ing brains hanging


Posted Image

#14 ATeX

ATeX

    Sound Department

  • Xenocide Inactive
  • 545 posts

Posted 21 March 2006 - 05:46 AM

Any person from Xenocide who has no clue about the authentication system can log in with their respective account details.

With respective account details I mean the username and password used to enter the Xenocide forums. It has been said the chat would be connected to the DB from the forums and thus people are likely going to use their details.

Sniffing that with Flash is a piece of cake.


It's not about personal details. Do you like your password to be sniffed?


greets,

Thomas

#15 Darkhomb

Darkhomb

    Captain

  • Xenocide Artwork Department
  • 628 posts

Posted 21 March 2006 - 06:50 AM

Tell me how you would sniff the passwords hosted on the server? Since the user wouldn't submit anything themselves. Also if they did, tell me how it would be different then logging in this board.

#16 red knight

red knight

    Xenocide Project Leader

  • Xenocide Inactive
  • 3,310 posts

Posted 21 March 2006 - 07:01 AM

Flash is a client side technology, for that you need to somehow give the ability to the client to perform tasks over the server.

The common way to do that (not the good way clearly) is to add a way to do a database query, giving a point of access that would in some cases provide you the ability to do an SQL injection attack if not properly coded.

A proper solution would be to provide a web service to wrap arround the boards authetication facility in that case it is way difficultier to perform an attack of those characteristics.

On the other hand, a client app is as vulnerable as the IRC protocol so I do not know what all this fuss is about.

Greetings
Red Knight

Edited by red knight, 21 March 2006 - 07:02 AM.

Sourceforge Nick: flois - Federico Andres Lois
Visit my blog at: flois.blogspot.com

Posted Image

Pookie cover me, I am going in.

#17 ATeX

ATeX

    Sound Department

  • Xenocide Inactive
  • 545 posts

Posted 21 March 2006 - 08:48 AM

Ok, I completely misunderstood. I had that picture of the fake hotmail login pages in my head.

Besides that, as Red Knight explained, Flash is safe when you don't have the ability to decompile it and get the structure/list of the server side scripts that could possibly change, insert or query important data. I suggest we decompile it ourselves to see if that's possible.


greets,

Thomas

#18 rincewind

rincewind

    Programming Department

  • Xenocide Programming Department
  • 541 posts

Posted 21 March 2006 - 11:20 AM

You can get that list with a very simple network monitor (e.g. tcpdump) and then just search for HTTP-requests. The point is rather to have those scripts validate their input and handle potential security implications.
Posted Image

I love boost!!! The next best thing since the invention of C++.

#19 ATeX

ATeX

    Sound Department

  • Xenocide Inactive
  • 545 posts

Posted 21 March 2006 - 11:49 AM

That's also a possibility. But when you decompile, you have more insight in the PHP scripts as you can see how and what data is sent and received to the SWF, and how it's interpreted.

Doesn't matter anyhow. If this thing is safe enough, it would be nice to have a chat directly plugged into Xenocide's IPB forums.


greets,

Thomas

Edited by ATeX, 21 March 2006 - 11:50 AM.


#20 Darkhomb

Darkhomb

    Captain

  • Xenocide Artwork Department
  • 628 posts

Posted 21 March 2006 - 11:54 AM

Ok, if you want to be that worried about security, then I can just disable registration and no password is required, it can auto log you in with your username for the convenence with out requiring anything else but theres also the change someone else can already have your name then....

#21 ATeX

ATeX

    Sound Department

  • Xenocide Inactive
  • 545 posts

Posted 21 March 2006 - 12:01 PM

What about:

- disabling the login panel (you enter directly when opening the chat)
- disabling the password (like you said)
- when entering, it automaticly gives you the same username (and because all usernames on the forum are unique, there will be no conflict)
- as a consequence: to access the chat, you must be logged on onto the forums

#22 Darkhomb

Darkhomb

    Captain

  • Xenocide Artwork Department
  • 628 posts

Posted 21 March 2006 - 12:09 PM

If it is embedded into the forums there will be no login. and I think the password can be disabled as well. but Im not sure if you can change username inside or not.

If someone wants to help me test this i can put a temp vbb board on myserver and integrade this into it?

#23 ATeX

ATeX

    Sound Department

  • Xenocide Inactive
  • 545 posts

Posted 21 March 2006 - 12:14 PM

I can help you a bit with that during the breaks.

Just in case it might not be customisable enough:

1) To alter it legally we must either ask the author if we can modify it a bit so it can easily be integrated into IPB. It might even be interesting when we give away the source code afterwards.

2) We code our own plugin (the ROI may be too low for this)

EDIT: 3) We search another plugin for IPB. After all, there are lots of them.

one of them with statistics and all: http://www.123flashc...m/ipb_chat.html

Edited by ATeX, 21 March 2006 - 12:18 PM.


#24 Darkhomb

Darkhomb

    Captain

  • Xenocide Artwork Department
  • 628 posts

Posted 21 March 2006 - 12:19 PM

Edit, Sorry read you wrong you were saying if we couldn't customize it enough.


As long as one works, i don't really care.. the one i have does all of that as well. Forum admins pick.

Edited by Darkhomb, 21 March 2006 - 12:24 PM.


#25 ATeX

ATeX

    Sound Department

  • Xenocide Inactive
  • 545 posts

Posted 21 March 2006 - 12:23 PM

the less work the better,

let's try it

Edited by ATeX, 21 March 2006 - 12:26 PM.


#26 ATeX

ATeX

    Sound Department

  • Xenocide Inactive
  • 545 posts

Posted 21 March 2006 - 12:28 PM

I just noticed, the one I posted is not an option. Just look at those prices
http://www.123flashchat.com/buy.html

That makes it even easier to choose :)

#27 Darkhomb

Darkhomb

    Captain

  • Xenocide Artwork Department
  • 628 posts

Posted 21 March 2006 - 12:34 PM

We can still look at other options, have you set up IPB before? I never have, someone else always has.. nothing perfect just something that works is needed.. I'll look into this after i get some food.

#28 ATeX

ATeX

    Sound Department

  • Xenocide Inactive
  • 545 posts

Posted 21 March 2006 - 12:39 PM

I've set up the last trial edition of IPB before. That's "version 2.0 PF3" or something. I still have it on my HD so we can use that.

Let me know when you are ready.

#29 Darkhomb

Darkhomb

    Captain

  • Xenocide Artwork Department
  • 628 posts

Posted 21 March 2006 - 12:50 PM

PM

#30 Guest_Azrael_*

Guest_Azrael_*
  • Guests

Posted 23 March 2006 - 05:04 PM

phpFreeChat is a good one, it's what we use at Fallen

#31 ATeX

ATeX

    Sound Department

  • Xenocide Inactive
  • 545 posts

Posted 23 March 2006 - 05:23 PM

interesting, far lighter than the overloaded flash chats. The lighter the better. I'm all for it.


greets,

Thomas