version 2.4

NaitLee · **Reply #270 on:** June 06, 2020, 06:09:15 PM

Seems simple (or complex, depending on our math skills) encryption can be done in just a template (client/page: javascript, server/template: math macros in changepwd ajax)

rejetto · **Reply #271 on:** June 06, 2020, 06:16:43 PM

Quote from: MarkV on June 04, 2020, 10:33:24 PM

Small note regarding the representation of IPv6 in address lines and logs. As you know, IPv6 uses colons as separators, unless IPv4, which uses dots. In order to solve the ambiguity that arises with appended ports (which, stupidly, also use a colon as separator), literal IPv6 addresses are written inside of square brackets "[" and "]".

suggestion accepted.
Apparently apache log don't require changes instead.

Quote

Edit: Btw, does the Boru_V1 theme have a few image errors or is it my browser?
https://rejetto.com/forum/Themes/Boru_v1/images/useron.gif
The image above will only display an error message.

yes, it's broken. I may fix it someday.

Quote from: Chris Harris on June 05, 2020, 02:22:33 AM

I have loaded beta 9 and I found Windows 10 Defender said it had a virus and took it off my system. I have seen this on earlier versions.

here it comes again -_-

i have less free time now guys, so be patient

rejetto · **Reply #272 on:** June 07, 2020, 08:58:41 AM

Quote from: NaitLee on June 05, 2020, 05:15:25 PM

Files with commas in its name cannot be downloaded in Google Chrome, with the error ERR_RESPONSE_HEADERS_MULTIPLE_CONTENT_DISPOSITION.

thanks for reporting. Fixed in next release.

rejetto · **Reply #273 on:** June 07, 2020, 09:15:58 AM

Quote from: NaitLee on June 06, 2020, 05:19:25 PM

How about having a encryption when we change our password?
(This can be put off, since HFS is open source, and the method we use should be careful.)

i overlooked this problem, and it's not as easy as the login.
The link posted by mars should be technically ok but requires generation of keys using another program (openssl), and it takes several seconds so it should be done before.
I will postpone this problem for a later version (2.5 or later), and for the time being i'm just adding a warning about the low security of the action.

rejetto · **Reply #274 on:** June 07, 2020, 10:57:51 AM

as an alternative method, we can just use the old password to encrypt the new one (no openssl required).

Mars · **Reply #275 on:** June 07, 2020, 02:53:38 PM

this is what I tried to do last night but I have a problem of transferring values by using a form to process the data

for now I explore the way to use ask () by inserting three input fields instead of one, which would simplify the transfer problem that I am facing

an attempt with the attached template, but I am faced with the processing of the form to send it to the section as with ASK, it follows that the data is found in the url

Mars · **Reply #276 on:** June 07, 2020, 06:46:52 PM

the exchange of data between the form and the section is now under control, it only remains to implement the encryption protocols...

rejetto · **Reply #277 on:** June 07, 2020, 10:29:06 PM

https://github.com/rejetto/hfs2/releases/tag/v2.4-rc01

(again) first release candidate

mars, i appreciate your effort, but the encryption was the only problem

dj · **Reply #278 on:** June 08, 2020, 04:13:33 AM

a bug in rc1:
not all requests are loaded (I've no limits set, 4 requests, 1 request denied with HTTP 429 Too Many Requests)

beta08 works fine

rejetto · **Reply #279 on:** June 08, 2020, 07:55:05 AM

how can i reproduce your problem?

dj · **Reply #280 on:** June 08, 2020, 08:20:19 AM

it happens with my template

it doesn't happen with beta08. beta9 and 10 I haven't tested.

rejetto · **Reply #281 on:** June 08, 2020, 09:05:37 AM

templates like yours are a quite special case, with the main section not requiring the file list, because it does it later with a further request.
What happens now is that you actually cause the listing to be done twice on the server, with the first one just discarded without being used.
To support cases like this (btw, same method used by hfs3 project) I will see to introduce a section-flag to let you specify that you don't need the %list%.
I considered having this automatic without flag, but it would require the server to execute the template to know if the %list% is used or not, because you can include other sections at run-time. I want it to be done before execution.

p.s. TBH, before this post i had tested your tpl, but by accident i ran an older hfs, so i saw no problems

MarkV · **Reply #282 on:** June 08, 2020, 09:46:07 AM

Quote from: rejetto on June 07, 2020, 10:57:51 AM

as an alternative method, we can just use the old password to encrypt the new one (no openssl required).

You can also use the current wall clock time string from the system, as a source of randomness. Could also be used to salt the password if necessary.

rejetto · **Reply #283 on:** June 08, 2020, 09:58:27 AM

ok dj, RC2 should make your template work without changes in a non-very-busy server.
To have perfect support also on busy servers you should apply these changes
1. add this text to the very top: [|no list]
2. support error 429 when you fetch, and retry the fetch.

rejetto · **Reply #284 on:** June 08, 2020, 09:59:33 AM

Quote from: MarkV on June 08, 2020, 09:46:07 AM

You can also use the current wall clock time string from the system, as a source of randomness. Could also be used to salt the password if necessary.

thanks mark but it's not randomness we need for this (salt excluded)

version 2.4

NaitLee

Re: version 2.4

rejetto

Re: version 2.4

rejetto

Re: version 2.4

rejetto

Re: version 2.4

rejetto

Re: version 2.4

Mars

Re: version 2.4

Mars

Re: version 2.4

rejetto

Re: version 2.4

dj

Re: version 2.4

rejetto

Re: version 2.4

dj

Re: version 2.4

rejetto

Re: version 2.4

MarkV

Re: version 2.4

rejetto

Re: version 2.4

rejetto

Re: version 2.4