rejetto forum

The Throwback (retro) template. With large folder and mobile support.

danny · 127 · 56404

0 Members and 1 Guest are viewing this topic.

Offline stibuz95

  • Occasional poster
  • *
    • Posts: 4
    • View Profile
Hi, im using this really simple and complete template (i love its fastness and autoload of thumbnails <3).
I'm not good in HTML language (i used only C in my life) and i'm trying to understand how to do some little changes.
How can i add the "user changes his password from the site"-feature (like in the stock template, im using latest beta 2.4). And how can i add some text stuffs in homepage (i dont understand where i find sections on the tpl file). I will search alone how to edit html text, but i need to find where i ve to do my changes.
Thanks all for the help :D (and very gj with this template !!!)


Offline stibuz95

  • Occasional poster
  • *
    • Posts: 4
    • View Profile
Thank you very much! I found the way :DD
It's remained a little little problem: is there a way to delete the auto-refresh on main page? I didnt' find the code about this thing.. I wanna maintain for upload, deny, unauthorized ecc.. but not from main page, how can i do?
(i will post my little fork if someone could need :) )


Offline stibuz95

  • Occasional poster
  • *
    • Posts: 4
    • View Profile
Ok, i think i'm really near to my objective :D
I found the line that causes page-refresh, now i wanna that this line (better to say script) is executed only if i'm not in a Specific Page. This is the code i have, i didnt understand really good if statements in this tpl language, what i can modify? (Really thanks in every case!!)
Code: [Select]
[nofiles]
{.if|{.%connections% < 50.}|{:<table class="lil" width="100%" bgcolor="#CCCCCC"><tr style="font-size:7pt">
<td align="left"><form class=hide name=searchForm method=GET action="javascript:searchQuery()"><input style="padding:0;border:1;height:18px;background-color:#F5FDF6" placeholder="Search files" type=input name=query size=23 maxlength=32><input style="padding:0,1,0,1;border:0;height:21px;vertical-align:-0.8px;" type=submit name=searchBtn value="&#128269;"><input type=hidden name=choice value="file"><input type=hidden name=choice value="folder"><input type=hidden name=choice value="both" checked=1><input type=hidden name=recursive checked=1><input type=hidden name=root value="root"><input type=hidden name=root value="current" checked=1></form></td>
<td align="right"><div style="padding:0px;float:right;height:14pt"><nobr><a href="%encoded-folder%~upload" class=inbtn><b><font color="green">&#8679;&nbsp;Upload Files</font></b></a></nobr></div></td></tr></table>{.if|{.get|can upload.}|{:<marquee scrolldelay="100"><a id="mar" href="https://mysite.net:8920" target="_blank">StepFlix Server</a></marquee>:}.}:}.}
if(window.location.href != "https://mysite.net") {<script>setTimeout(function () {window.location.href= '../'; }, 2000);</script>}

Edit:
Ok i did the trick but i dont' know it is the better way. I've added this line into the [nofiles] section, that the page has to refresh on the latest good dirrectory.
Code: [Select]
{.if|{.match|*recursive*|%url%.}|<script>setTimeout(function () {window.location.href= '../'; }, 2000);</script>.}
« Last Edit: October 31, 2019, 10:29:49 AM by stibuz95 »


Offline stibuz95

  • Occasional poster
  • *
    • Posts: 4
    • View Profile
If someone need the fantastic Throwback template with these little changes:
a) put some headers to try to obfuscate the site from google's bot and similar
b) Put the Login-Text near the "sign-in"-button (i think its more readable)
c) Modified the HTTP FS <marquee> with my own useful site (i use Emby as media server, so i put the link to it)
c bis) search "yoursite" to modify
d) Added a line in [no files] section (that is active when there are no accessible file in directory, in my case when nobody is logged too) that do the refresh on page only if in the url name there is "recursive" word that it's in the address every time u do a search. The nice thing is that if your search is TRUE, u automatically will be out [no files] section, so the refresh script will not start :D

I hope could be useful for someone :)



Offline LeoNeeson

  • Tireless poster
  • ****
    • Posts: 700
  • Status: On hiatus (unspecified time)
    • View Profile
    • twitter.com/LeoNeeson
HFS security has been backdoored so you should not use HFS at all.
HFS is open source (you can even compile it, following my instructions). There are several long-time experienced users on the forum, who had closely analyzed how HFS works, and nobody has complained before about any misuse or malicious backdoor. You can rest assured, that it's safe to use, but don't take my word about it, you can use a network traffic monitor like Wireshark and see by yourself... ::)

It seems danny had a very bad day today. He even has deleted his throwback (retro) template on the first post. I'm glad to have a backup of those files (just in case I need them). I hope he can review his attitude, because he was hostile and negative (just because he doesn't seem to understand how HFS works). :( HFS was several times reviewed by security experts (and all those vulnerabilities were solved/fixed), so his comments are like an insult to HFS.
« Last Edit: February 11, 2020, 10:36:39 PM by Mars »
HFS in Spanish (HFS en Español) / How to compile HFS (Tutorial)
» Currently taking a break, until HFS v2.4 get his stable version.


Offline rejetto

  • Administrator
  • Tireless poster
  • *****
    • Posts: 13271
    • View Profile
Unfortunately, it didn't help.  HFS security has been backdoored so you should not use HFS at all. 

You cannot consider this a "security" problem. It's a bug that prevented the software from working, temporarily.
If your key breaks and you cannot enter your house, it's very disappointing for sure and you can blame me or the key, but it's not "security".


Offline danny

  • Tireless poster
  • ****
    • Posts: 165
    • View Profile
...I hope he can review his attitude...
I did revise it.  Thanks. 
However, there is no permission to publish any of my works.  Please remove them.

This is because I don't want to suggest using them.  Personally, I have upgraded to encrypted FTP + encrypted DNS, which is a peaceful combination. 

EDIT:  Clarifying that.  Some usage is okay, but cleartext over the internet was not okay. 
And mainly, I wanted Throwback12 and all Photo (photo by default) versions removed because of overdo's and the photos everytime idea, which works on-LAN, but isn't successful over the internet and could cause overload in some cases.  Basically, it lost to the superior Throwback11mp.  An update based on Throwback11mp + updated modules, can be found at http://rejetto.com/forum/index.php?topic=12055.msg1065284#msg1065284


Offline LeoNeeson

  • Tireless poster
  • ****
    • Posts: 700
  • Status: On hiatus (unspecified time)
    • View Profile
    • twitter.com/LeoNeeson
» EDIT: I'm sorry, I've edited my post again and I've removed any negative connotation about this issue. Sometimes I'm a little bit "temperamental" (it's my fault) and I recognize that I've totally over-reacted to this. Positive Rejetto's attitude had me change my mind. Eventually, we will get another active user that takes his place (I mean, if one user goes, another will eventually come in the future). That's life cycle...



Since the template (originally posted on the first post of this thread) was deleted/cancelled (he left the forum), an old style type of (retro/simple/throwback) template can however being totally rewritten (or being forked), and it could reborn, if any of you want to take back this. Please use this thread to post constructive useful material. :)
 
« Last Edit: February 11, 2020, 10:40:22 PM by LeoNeeson »
HFS in Spanish (HFS en Español) / How to compile HFS (Tutorial)
» Currently taking a break, until HFS v2.4 get his stable version.


Offline rejetto

  • Administrator
  • Tireless poster
  • *****
    • Posts: 13271
    • View Profile
guys, peace and love.
Danny is free to do what he wants.
Also I took no offense in his statements, I just made "technical" comments about them.

The problems that happened can be considered inacceptable by some, I understand that and I'm sorry and I apologize for the inconvenience to Danny and everyone else.

To be honest I expected to see more angry comments from more people. Also counting the number of daily "check for updates" requests I can tell you that it didn't decrease these days.


Offline danny

  • Tireless poster
  • ****
    • Posts: 165
    • View Profile
guys, peace and love. Danny is free to do what he wants. Also I took no offense in his statements, I just made "technical" comments about them.
That is really great.  I'd like to know if the following modifications to the windows hosts file will block phone-home modifications to settings...

0.0.0.0 hfsservice.rejetto.com hfstest.rejetto.com

Will that entry to the windows hosts file prevent external modifications to hfs.ini settings? 

Our ancient dns is spoof-able, it rarely happens, that happened to me; so, I would like to request an opt-out. 


Offline LeoNeeson

  • Tireless poster
  • ****
    • Posts: 700
  • Status: On hiatus (unspecified time)
    • View Profile
    • twitter.com/LeoNeeson
» Edit1: (14-02-2020, 02:04 PM) @Everyone: About editing the Windows host file, you can do it, but is NOT recommend at all (because you will broke HFS functionality and security). You can disable updates, but you could end exposing your PC to vulnerabilities, fixed on new versions. You always must keep HFS updated (the same like you update your Windows).



» Edit2: (20-02-2020, 02:12 AM) @Danny: I might have been unclear in my initial explanation (on a private message I've sent you 09-02-2020), but what I meant to tell you, is that HFS will maintain/keep your settings untouched, if you have the 'ip-services=' setting filled with some value (of any type). For example (see the text marked in red and green):

Quote
ip-services=0.0.0.0
ip-services-time=99999.99999

With the above setting, HFS will never download any setting from Rejetto's server. The same goes if you use:

Quote
ip-services=http://checkip.amazonaws.com/
ip-services-time=88888.88888

...or also if you use:

Quote
ip-services=http://whatismyip.akamai.com/
ip-services-time=77777.77777

With any of those settings, everything will be keep untouched on your 'hfs.ini' (the settings marked in red, are my recommendation for you, instead of using DNS blocking).

But keep in mind, that using the first setting ip-services=0.0.0.0 (and the same as doing 'DNS blocking'), it will disable/broke the following HFS features: 'Self test' and 'Dynamic DNS updater' (since those features rely on finding your external IP address). To test if those settings were applied, go to (in Expert mode): "Menu > IP address > Find external address", and it should give you an error (if you have used ip-services=0.0.0.0).

Using any of the last two settings (those with the text marked in green), will enable those features again (and nothing will be downloaded from Rejetto's server).



Correct me if I'm wrong, but I think this problem/issue started when have you followed a Rejetto comment (posted here), and you have cleaned the 'ip-services=' settings value, like this:

Code: [Select]
ip-services=
ip-services-time=

And using that 'empty' setting, it makes HFS automatically 'fetch' from Rejetto's server, a correct working value (and if you have 'hfs.ini' write protected, it makes this worst, since this 'fetch' will happen every time you start HFS). And that was what made you (Danny) enter on 'panic mode'.

So, remember that 'ip-services=' must be always filled with some value, because HFS needs this setting to some of his features ('Self test' and 'Dynamic DNS updater'). It's also recommended to regularly make a backup of your 'hfs.ini', instead of having it write protected.

Now that everything is more calm down, I'm sure you will understand how HFS works (but don't be afraid to ask if you have any more questions, of if you don't understand my explanation). We are all here to help.

Cheers,
Leo.-
« Last Edit: February 20, 2020, 05:12:24 AM by LeoNeeson »
HFS in Spanish (HFS en Español) / How to compile HFS (Tutorial)
» Currently taking a break, until HFS v2.4 get his stable version.


Offline rejetto

  • Administrator
  • Tireless poster
  • *****
    • Posts: 13271
    • View Profile
i cannot esclude that a restart could be necessary for the "hosts" to be effective while the software is running.

Leo just said but i need to stress out: to everyone,
this is a server software therefore people using it on the internet should stay updated for security fixes.
Of course you can opt for doing it manually.


Offline danny

  • Tireless poster
  • ****
    • Posts: 165
    • View Profile
It seems that the open-source router projects could do it with DNSmasq settings:
address=/hfstest.rejetto.com/0.0.0.0
address=/www.rejetto.com/0.0.0.0
address=/hfsservice.rejetto.com/0.0.0.0

P.S.
Write protecting the hfs.ini file was not effective because there were additional tmp file(s) automatically added, which happens to bypass the server operator's choices.  He or she may become disturbed at that point.  And, I did. 
So, I hope that the host blocking can restore the server-operator's control of changes and settings.

Edit:
Days later, no cpu spikes, no settings changed themselves. 
Hosts-block by either windows hosts file or router, all worked, so far. 


Offline danny

  • Tireless poster
  • ****
    • Posts: 165
    • View Profile
...he deleted most of his comments...
Well, unfortunately, too many words from me just won't do anyone any good.  However, there is a cleaned-up open source Throwback template located at post#1 here.  It is quite like Throwback11MP along with some of the Throwback13-Gigabit project.  Think of that as a "best of" collection in one file.  It has finished the same way that it started, with simplifying as the main goal. 

Edit:
That tidy version is attached to this post.
Edit2:
Same with updated error-handler is also attached to this post.