slope 2 The Xtreme - Chronicles of Quizorthia Logo endicon
Good morning, Guest Dec 17, 2017

 Navigation
Home
Account
 - Login
 - Register
News
2 The Xtreme
null- Campaigns
null- Characters
null- Races
null- Magic
null- Space
null- Banking
null- Spacecraft
null- Store
null- Children
null- BMI
Test Graphics
null- Carrara 6
null- Isicander Project
null- Poser 6
Contact the GM
Newsletter
Site Map
Public Ban List
 

 Account

Anonymous Avatar
Good morning, Guest


 ► Register
 ► Member List

Username:


Pass Word/Phrase:
Remember Me


[ Register Now ]
It's free

We currently have 83 registered users.
 

 OpenRPG Server
Our OpenRPG server named
2 The Xtreme
is Inactive
 

 Stats
The News page has been viewed 7,063 times.
We received a total of
1,904,822
page views since
June 09, 2002
 



80 Total (16 Pages, 5 per page)

1 2 3 4 5 ... Next Last


  Security Update      
Posted by: MGCJerry on Feb 25, 2017 @ 20:19 EST
Last Edited: Feb 26, 2017 @ 11:34 EST

Been getting lots of bot searching for database dumps in many kinds of formats.

Update:
Its getting out of hand. ALL of the exploit searching now results in the entire block getting server side banned. They are also commented in the lists so I know not to remove them.

Oh let me count the ways why all 106 or 206 attempts WILL fail:
• Full database backups are NOT stored in /public_html. Actually database backups are downloaded to my machine. The only backups I have on the server is "default settings", and RPG Manager backups. This way I can factory reset the CMS if needed. And that backup has a salted password hash that the system forces me to reset on restore.
• The requested filenames are all wrong too. Not even close.

Nice try, but here's your YOU FAIL award.

The next CMS update will have an anti-hammering system in place so these excessive requests will get rejected by the CMS. Completely. Right now I have to do them by hand. Also during the next update all block-lists from my sites will be merged, and I will chop as many class B & C addresses as possible to eliminate an excessive lists. This will become an automated function as well after the next security update.

Comments are disabled for this story

     

  [Changelog] Large Sitewide Updates      
Posted by: MGCJerry on Oct 16, 2016 @ 12:04 EDT
Last Edited: Dec 2, 2016 @ 17:43 EST
downvote story upvote story Score: 10.0 10.0
2 people like this story! 0 people hate this story.

Latest Updates highlighted

The commenting and voting system has been placed on hold so I can complete a number of other systems.

I have updated a number of items around the RPG scripts. The original store has been retired and replaced with a new system that will see additional use in other areas. The store does *not* save to inventories yet, once the store is completed, the inventory system will get completed as well. After that, there are a number of changes that need to be made to the RPG system to allow anonymous users as well as registered users to interact more in-depth with the system. Once that is completed, users will have the ability to do more with their character data. Below is a changelog of what has been updated.

Core System
• Several back-end admin & GM interface updates.
• Lots of code cleaned up and made more coherent.
• First pass to make the systems more standardized for user editing.
• More admin & GM configuration options.
• Major changes to imageManager class.
• Improved item linking system to accommodate new modules.
• Second pass on user editing systems. User adding/editing will not be fully functional until the account system is completed.
• Began provisions for granting users "as GM" to give control over RPG system with addition of GM & admin functions.

Store
• Replaced old midicart system with a more up-to-date self built system.
• Products have been updated
• Tax & shipping rates have been expanded to the other systems. If enabled, your orders now have tax added to the order based on the character's residence tax rate (if set). If enabled, shipping price is also affected as well.
• Added Order History. You can see your characters past orders.
• Store has specific quantity of item stock. The store can run out of stock of items.

Bank
• Account numbers have been depreciated and only remain for visuals. Pin numbers will be needed to use the bank, as well as the store
• GM deposits and withdraws have been enabled.
• All transactions; debit, withdraw & store purchases now show up in the ATM in a transaction log.
• Funds transfer. You can now send funds to any other character with an associated account.
• Added memo field for bank transactions.
• Rearranged ATM display.

Characters
• Script structure changes that removed a lot of redundancy and streamlined the code & database. This allowed the addition of additional genders and a number of other code and structure improvements.
• Homeworld is now ID based instead of text based.
• Addition of Residence. This affects the store, more later
• Spellbook administration is completed. Spells can now be assigned to characters via GM interface.
• Improved character sheets. Character sheets now also print with full headers and page counts and has spaces for player to write information. They're actually functional now on printed paper.
• Addition of family relations. A characters parents and/or children are now displayed.
• Added age-group display. Now you can see what age-group that character fits. Child, Adult, elderly, etc. Also added configuration interface for admins.
• Several Character portraits updated and/or created.
• Necessary changes to accommodate "Campaign System". Character's ages now reflect based on the time period in which campaign they are played on.
• Added Language field
• Rearranged character information display
• Added "view by campaign" category

Magic
• Magic system has had an internal overhaul. Changes to database & code structure and removed lots of redundancy.

Races
• Added Character List. When viewing race details, it also shows a list of characters that are that race.
• Added an age-group display. Each race now displays what ages fit into which age-groups. For races that do not have an age group set, it will use an extrapolated version of real-world human age-groups.
• All Races pictures replaced.
• Additional Races images completed.

Space
• Addition of Tax field, used by the store.
• Altered how body parent data is handled, based on ID instead of name. This corrected a bug if an item is renamed, its children would get "lost" and would never show back up.
• Added a character display. You will now see a list of what characters are from that location.
• Corrected bug with homeworld display in "Also Inhabits" popup.

Spacecraft
• First pass of the code and cleaned up a lot of bugs.

Campaign System
• Addition of NEW "Campaign system". This system allows for campaign tracking. Characters can be added as PCs or NPCs.
• Old OpenRPG Logs are now back online within this system.
• Added player list.

Lots of work has occurred to the system over the last month.

Comments are disabled for this story

     

  Now Live, User Registration      
Posted by: MGCJerry on Jul 3, 2016 @ 19:08 EDT
Last Edited: Aug 14, 2016 @ 17:34 EDT
downvote story upvote story Score: 5.0 5.0
1 people like this story! 1 people hate this story.

Registration is now Open!
Aug 14, 2016

There is now a new user registration system in place on 2 The Xtreme. Registration is now open. You will need a valid email account to sign-up. For the people who were previously registered on 2 The Xtreme awhile back, your accounts are now live.

Benefits of registering?

  • Character creation
  • Posting Comments (coming soon)
  • Upvoting and downvoting (coming soon)

There are still a handful of things that need to be completed, but the system is operation enough for use. RPG content still needs to be linked to the new system.

Comments are disabled for this story

     

  Current Events - Behind the scenes of index.php      
Posted by: MGCJerry on Apr 11, 2016 @ 16:59 EDT
Last Edited: May 3, 2016 @ 21:24 EDT
downvote story upvote story Score: 10.0 10.0
3 people like this story! 0 people hate this story.

Lately I've been seeing a lot of people trying to load /etc/passwd using this CMS. Sorry my friends, the $_GET[page] request URI doesn't work like this. index.php?page=../../../../../../../../../../../../../../../../../etc/passwd

Edited: May 3, 2016
Yea, this doesn't work either. index.php?page=whateverpage=../../../../../../../../../../../../../../../../../etc/passwd

This CMS does NOT work like this:
include($_GET['page']);

Here is how this CMS loads pages in a step by step...
First off, $_GET & $_POST are NOT used directly.
1. Bans are checked against the list. If your IP is found in the block list, all you get is a banned page and the script exits.
2. Rogue Admin rules (which are set by admins) are checked. I have "../" as a rule that triggers a ban. As well as "http://" or even "ftp://". If Rogue Admin finds these - anywhere, it carries out the action that is configured for that rule and ALL site variables are set to false. Since remote requests are not utilized, I have bans setup for them. This CMS cannot load remote resources anyhow- By design.
3. "api.sanitation" Removes all non-text characters for $_GET['page'] (quotes, slashes, dots, punctuation, etc) Note: "api.sanitation" is the only place where $_GET and $_POST are used. All variables get a first sanitation pass and creates a new global. This global is used exclusively in the CMS. If nothing is left after sanitation, the variables are unset entirely. The result is this will show you the home page.
4. After sanitation, "header.php" fetches the current list of all pages (The menus stem from this output). If you are requesting a specific page and the page exists in the list AND is enabled, AND you have permission to see it, the "header.php" will tell "index.php" what page to load from the database. If the page doesnt exist in the page list, you will get a 404 error page. If you are not allowed to see the page you get a 403 error.

Your URI actually NEVER sees the database, or is ever used in a database query. It is compared to a current list of pages, and the script will build its query from its own results, never yours. Even if I deleted the http & ftp rules, there is an include restriction built into modules system where it will once again only load a local file if it is present in its own list AND in a specific location. Else all you get is a 404, and I get am includes error report. For clarity: ?page= does NOT perform ANY file operations of any kind in any portion of the system.

Hope you enjoyed this look behind the scenes. Remember, reading is your friend. You don't want to look like a dingus because you didn't read the documents its bad for your image.

Comments are disabled for this story

     

  Welcome to the new 2 The Xtreme Chronicles of Quizorthia      
Posted by: MGCJerry on Dec 31, 2015 @ 18:59 EST
Last Edited: Jan 26, 2016 @ 21:00 EST
downvote story upvote story Score: 8.0 8.0
4 people like this story! 1 people hate this story.

Once again, 2 The Xtreme has had a major change. Though this site is being placed back online, 2 The Xtreme is no longer a running game. This site will now simply be an online archive of the 2 The Xtreme universe and will likely remain inactive for the immediate future. 2 The Xtreme can restart if there is enough interest to resume the game.

Updated: January 26, 2016
I have merged the old site stats with the new site. There is a gap between May 24, 2014 and January 24, 2016 because the site was primarily offline. Copying the stats by hand for this missing period just isn't going to happen. The site start date has also been reset back to when the stats begin, June 9, 2002.

Updated: January 23/24, 2016:
The old Newsletter module, and actual newsletters have been restored. Though I said I would not have a "wall of shame", I decided against it. I now have a public ban list. You can find it in the menu. The stats have once again been reset. There is now a system in place that will tell me how popular specific pages are on the site.

Updated: January 19, 2016:
I have restored the old news articles from the previous site. All comments and votes did not make the transfer. I had to mess with the database a little to get the votes for this story to properly show & update.

Updated: January 16, 2016:
I seen there were a number of misreporting page views with the RPG system, and I was unable to reliably alter the page view data, so all the stats have been reset to today.

Updated: January 9, 2016:
There have been a handful of changes to a few of the underlying systems to improve administrator side of things. After looking at the current statistics system, I decided it needed to be slightly expanded, especially on the RPG system. I'm still not sure how I'm going to handle the old game logs. I would love to place them back online but I still working on ideas of putting these old logs back online.

Regarding the RPG modules that were in use on the old site.
The RPG system has entered 95% completion. Much of the internal core has been adopted to function on my new system. User created characters, they will remain in the database. They are presently locked from editing. There will eventually be capacity to resume creating and editing characters as there was on the old site, but with a username/password combo. That username & password combo will only be valid for that ONE (1) character. Once this function is live, incomplete, and stupid characters will be deleted at will. Providing there is enough interest, a system can be put in place to allow you to store your characters on-site.

Old site features have also been changed.
• The forums are gone. They're dead Jim.
• PHP-Nuke downloads are also gone.
• PHP-Nuke support of any kind also gone.

Expect to see just as few updates in the future as have occurred in the past; not many. Also, there is no public Wall of Shame. Everyone's favorite anti-spam system, "Rogue Admin" is live as well and is just as aggressive as it has always been. I expect to see tons of wordpress and drupal exploits making their way across this site. The ban page is much more tame. Time for me to move on, it was fun in the past with Rogue Admin kicking around the 1337, Google, cut-n-paste skiddies.

Otherwise, enjoy.
MGCJerry

Comments are disabled for this story

     

80 Total (16 Pages, 5 per page)

1 2 3 4 5 ... Next Last


[ Home | Account | Carrara 6 | News | Isicander Project | 2 The Xtreme | Poser 6 | Contact the GM ]
[ Newsletter | Site Map | Public Ban List | Campaigns | Characters | Races | Magic | Space ]
[ Banking | Spacecraft | Store | Children | BMI ]

This page was generated in 0.02625 seconds using 21 queries.
This page consumed 1.92 MiB of memory during its creation.

MGCMS Programming by MGCJerry
Copyright © 1992-2006, 2008-2012, 2015, 2016 Jerry Meszaros (MGCJerry)
ALL RIGHTS RESERVED
Best Viewed with any modern standards compliant browser.