• Welcome to PHPVIBE Forums. Please log in.
T

[ Video Sharing CMS v4 ] BUG , Vulnerabilities , Security

Started by theprocss,

Previous topic - Next topic

0 Members and 1 Guest are viewing this topic.

Go Down Pages1

theprocssTopic starter

Hi Alexander ,

there are people for everything..
I worry a bit about security.
If there are spaces to put HTML or PHP




See Online: http://www.videoinedit.com/profile/ricardo-marques/1023038/
PS: Sorry for use your live demo to test this.


YOU HAVE TO SEE THIS:

I haved put this: <meta http-equiv="refresh" content="0; url=http://example.com/" />



I only care about safety.

Because I'll have a lot of people on my website.
and there are people of all kinds ... you know what I mean.

If I have 500,000 users registered in the system.
and if any hacker trying to hack was really bad.


Just I posted this to you guys fix with this
I found other things .. I can get IP of the people who enter in my profile (Not the owner of site)
i can bypass the cloudflare using the "About" on the profile.

only spent 10 minutes on it
If you want i can report more bugs.


  •  

imran95k

#1
Hi,

I am using phpvibe now about 3 month. This is a nice and user friendly script. but there are so many option missing in this script. i will mention below all the feature which is important to me if phpvibe likes my post and find a solution on next upgrade will be very happy.

1. smtp email : there are no smtp email setup option inside cpanel. so when someone try to register they don't get confirmation email. only option is left to login with gmail, facebook or twitter. it would be great if people can create account directly from the website.

2. Administrator are unable to modify user password. so when someone forget id or pass there are no option to recover them. because the email option doesent work to recover. and administrator also unable to reset manually from the admin area.

3. It would be great if we can add option like twitter so that if subscriber want than they can tweet and can send message and can follow. so it would be great if we can add one Chat option near subscriber. and also We need one special VERIFIED icon for the verfied user which can be maintained only by the administrator.


4. Auto FB share and Auto Tweet and Auto Google plus option: When we upload any video , music or image on the site if it shares to fb,twitter and google+ automatically from feed or rss would be great for search engine optimization and to get more visitors.

5. Upgrading Script: if there is a newer version of phpvibe available than we should be able to upgrade by one single click from the admin area like wordpress.. if possible please think about this.

6. Technician: Let people hire phpvibe expert to resolve all website setup issue directly. you give direct support and you earn money and we are also happy when our site is fully functional. there are so many issues with setup. so think about it. you charge people to help no problem but let people hire phpvibe expert. add one option in the forum to send you email to hire people.

And help people to hire expert so that they can customized their site with different color and different setting option as they want with some customized feature...

7. Vide thumsnails are not perfect: phpvibe generates only one video thumbnails, but generate at least 5-6 thumbnails so that we can select the perfect one.

8. player issue: all player are not good in mobile mod. for mobile mod only easy player works perfectly. other player has so many issue in mobile mod.

9. Different resolution video: to keep in mind the slow internet speed we must have video resolation maintaining system like youtube. so that people can choose 240p/460p/720p/1080p video resolution.

10. we must have youtube upload option. so that instead of embeeding video from youtube we can directly upload to our site. coz sometime youtube video doesent embeed and giving error. which is very bad for a website.

11. add download option near video: there are so many asian country who got slow internet. they like to download the video . than once downloaded then they watch the video without problem. so Download Video option is very important.

12. Article and pages : article and pages option doesent work properly. difficult to search article on the site and difficult to find pages.  need to think a nice way for the articles.

13. if possible add voice search option which will make the site totally different.. and please add all country language automatic. so that people can browse site in their own language..

these are the option which are missing in my thought.. if some of them at least get resolved by phpvibe will so happy.
  •  

theprocssTopic starter

#2
imran95k,

you can make a Suggestions here : http://www.phpvibe.com/forum/suggestions/

  •  

imran95k

#3
thank you so much.. i have post on suggestion..
  •  

PHPVibe A.

#4
@theprocss thank you for the security issue, probably got broken in the last upgrade.

Since we are on vacation (no way for me to touch the code), I can point you that in lib/functions.html.php there is a security cleaning function called

Code Select 
function antixss_light($text) {


add this to injections array:  "<meta" and  "http-equiv="

PHPVibe A.

#5
The rest (suggestions), will be forwarded after the vacation.
Go Up Pages1

Similar topics (7)