28 replies to this topic

[jesusthekiller]

New topic

Spoiler

WCON

Control your computers over the Internet!

What is it?:

WCON is an API (but not only) which allows you to download and upload data to WCON server.

You have 6 boolean registers (for redstone states) and 5 string registers (up to 5119 characters).

You can change all registers from in-game computer or from online control panel.

Note: HTTP API required.

How to get started?:

Get your software on your computer:

• Run "pastebin get jQLjRUnt install"
  
• Run "install"

Test it:

• Hook up some redstone or lamps
  
• Run "launch" in main directory.
  
• Login into control panel.
  
• Change redstone states and see what happens!

Changelog:

Spoiler

Version 2:

• Added auto updater
  
• Changed how stuff is located
  
• Added getVersion() function
  
• BETTER INSTALLER! YAAAY

Version 1.1:

• Better password hashing on server side.

Version 1.0:

• Initial release

API reference:

Spoiler

sendData(string state, int registry):

Sets given string registry to state.

Returns false at wrong registry, nil at communication error, true at success.

sendRsData(bool state, string side):

Sets given redstone registry to state.

Returns false at wrong side string, nil at communication error, true at success.

getData():

Gets string registers table.

Returns:
nil at server communication error,
"fatal: [ERROR CODE]" at WCON_FATAL_ERROR,
table (5 element, 1 to 5) at success.

getRsData():

Gets redstone registers table.

Returns:
nil at server communication error,
"fatal: [ERROR CODE]" at WCON_FATAL_ERROR,
table (6 element, 1 to 6) at success.

Each element in table corresponds to one side:
1 = top
2 = bottom
3 = right
4 = left
5 = back
6 = front

getSide(int side):

Converts side in int into side in string.

getServer():

Returns server address.

getId():

Returns ID.

getPassword():

Returns password.

getVersion():

Returns Version.

About security:

Spoiler

Passwords are encrypted with SHA-256, than encrypted with SHA-256 again. It means it's basically impossible to crack password. It also means that no one can see passwords, even me.
They are stored in MySQL Database (with randomly generated password), which allows only localhost connections, not in a plain text file.

Screenshots (control pannel):

Spoiler

Homepage:


Login:


Control panel:


Register:


Registration complete:

Legal notice:

Spoiler

THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.

This work is licensed under the Creative Commons Attribution-NonCommercial-ShareAlike 3.0 Unported License. Copy of this license.

[jesusthekiller]

Finished! Version 1.0 is here

[Mailmanq!]

Seems neat, also make it say 'pastebin' not 'patebin'

[jesusthekiller]

mailmanq, on 30 March 2013 - 11:01 AM, said:

Seems neat, also make it say 'pastebin' not 'patebin'

Done, thanks for support

[TheOddByte]

Seems quite nice!
Will try it out later.

[Dlcruz129]

Looks nice!

[theoriginalbit]

Looks good.

2 questions:

• Quote

  5 string registers (up to 5119 characters).
  Why 5119? Whats your math for that?
  
• What measures have you taken to protect my data and passwords?

[kornichen]

How are passwords saved?

[jesusthekiller]

TheOriginalBIT, on 30 March 2013 - 06:29 PM, said:

Why 5119? Whats your math for that?

It's 5KB without 1B for string length. It's easier for me to calculate disk space used.

TheOriginalBIT, on 30 March 2013 - 06:29 PM, said:

What measures have you taken to protect my data and passwords?

kornichen, on 30 March 2013 - 09:17 PM, said:

How are passwords saved?

They are in MySQL Database accessible only from localhost and encrypted (sha1 -> md5 -> sha256) (sha-256 -> sha-256)

[theoriginalbit]

jesusthekiller, on 30 March 2013 - 09:54 PM, said:

They are in MySQL Database accessible only from localhost and encrypted (sha1 -> md5 -> sha256)

Proof:
-image snip-

Ok so what that just told me is that you are storing passwords weakly and have no confidence in the hashes since you blurred out 75% of the hash value...

[jesusthekiller]

TheOriginalBIT, on 30 March 2013 - 11:18 PM, said:

Ok so what that just told me is that you are storing passwords weakly and have no confidence in the hashes since you blurred out 75% of the hash value...

Well, kinda yes , But I think it's safe enough...

[theoriginalbit]

jesusthekiller, on 31 March 2013 - 12:00 AM, said:

Well, kinda yes , But I think it's safe enough...

Remove MD5 out of the hashing sequence and it would be largely more secure. Remove SHA1 and its a little more secure. If you want to do multiple hashing do it with the same algorithm and it will be better than multiple hashing with different algorithms. Lastly add a random salt (which is remembered) to each password and its even better again...

[jesusthekiller]

Thanks

----------------------------

Update on WCON:

Password hashing changed to SHA-256 -> SHA-256. This means all passwords are not valid now, but it's kinda no problem, since no one was using it

[TheEvilSocks]

Notice: Undefined index: password in /var/www/wcon/cpanel.php on line 10
Wrong password or ID! Back


I've just registered and it says this

Also, vurnable for SQL injection....

[jesusthekiller]

Big update is out!

• New installer, featuring making accounts from computer
  
• Auto generated config
  
• Auto-updater
  
• Better security
  
• Moved some stuff

tikiana, on 31 March 2013 - 01:56 AM, said:

Notice: Undefined index: password in /var/www/wcon/cpanel.php on line 10
Wrong password or ID! Back

Sorry! My fault!

tikiana, on 31 March 2013 - 01:56 AM, said:

Also, vurnable for SQL injection....

Nope, it's not. . .

[CastleMan2000]

Oh man, I've got to try this out!

[jesusthekiller]

CastleMan2000, on 31 March 2013 - 07:23 AM, said:

Oh man, I've got to try this out!

[TheOddByte]

This is so awesome!!

[jesusthekiller]

Hellkid98, on 31 March 2013 - 10:26 AM, said:

This is so awesome!!

Thanks

[wakafanykai123]

This is not working for me, I created an account. Installed and all that. I typed in launch and it gives me a repeating error "update:1:attempt to call nil"