Nabeel

Changed Files: Added static to setBidOnSchedule() as needed View complete changes Download from here

Changed Files: OFCharts::show_chart() was missing static attribute, corrected it now View complete changes Download from here

Changed Files: Merge pull request #127 from Vansers/master Updated Event upon success on login. View complete changes Download from here

Changed Files: Added Event Trigger for Pilot ID Change Added CodonEvent::Dispatch for Pilot ID that has been changed, so future add-on modules will be able to update whatever they have with Pilot ID's View complete changes Download from here

Changed Files: Updated Event upon success on login. Added Auth::$userinfo in the event upon on login. View complete changes Download from here

After thinking about it for some time, I have decided to change the license for phpVMS to the much simpler BSD 3-clause license. Development has pretty much stopped as my work schedule gives me almost no time for side-projects, so hopefully this fosters more forks and development, which I will be happy to merge back into the mainline branch(es). Nabeel

Changed Files: Formatting for license View complete changes Download from here

Changed Files: Changed project license to BSD 3-clause View complete changes Download from here

Can you send me a support ticket, so I can have your user id, etc? Thanks

This is usually a problem with the server rejecting the credentials. Google, as far as I know, doesn't allow their SMTP to be used by scripts and automated daemons

Changed Files: Merge pull request #122 from equinoxmatt/master SQL Injection fix View complete changes Download from here

Changed Files: SQL Injection fix View complete changes Download from here

Changed Files: Changed to static method View complete changes Download from here

Changed Files: Merge pull request #117 from agarzon/master Global variables can't be used as parameters, they are global already. View complete changes Download from here

Changed Files: Fixing bug Declaring static properties and use it as object View complete changes Download from here

Changed Files: Global variables can't be used as parameters, they are global already. View complete changes Download from here

Good would have been an alert :\ Delete the core/lib/ofc_image_upload.php file, or replace it with the one from the latest download. ofc_image_upload.php is something that's not even used. The rest of the library is just an interface to the charts, which are used internally, and no URL parameters are passed in.

That looks like your database credentials were likely incorrect

Hi all, I've updated the download to 2.1.936 - basically to null the file where I believe the exploit is coming from. I looked through the other files, and I think they look OK. Please update as soon as possible - really the only updated file was core/lib/php-ofc-library/ofc_upload_image.php. Instead of deleting it, I patched it, so then it will get patched on an upload. Sorry for all the trouble guys! Please be sure to look through your server and account very carefully - if you see something suspicious, delete it, or rename it to add a .txt extension so it can't be found, until you can verify if the file is safe or not. Thanks!

Changed Files: Patch for php-ofc-library exploit View complete changes Download from here

Yeah, unfortunately it's through a 3rd party library. I'm going to try to patch the exact location. phpVMS itself is pretty secure; I follow the thought of "trust no input", and combed through pretty diligently. I'll have another pass to see if I'm missing anything

Hi, Don't contact them for anything. Just clean out any files you don't recognize. I'm looking to determine where the hack is, and then patch the ofc library, and release an update. Unfortunately, the exploit comes from a 3rd party library. My host caught it and shut down those accounts almost immediately, so there was only 1 compromised account on the fivedev servers. But it was also shut off immediately. Thanks for looking out and letting me know. I'll try to get something together real soon.

If it's fine on Xen, but not KVM, then it's a host problem. The application doesn't know (or care) what it's on - the speed depends on how fast it can process, and how fast it can get to MySQL and how fast it can process. I prefer Xen over KVM, esp in production environments, it's a lot more stable, and behaves more like an actual dedicated box. KVM chews through resources pretty fast, and if that host has a lot of nodes on the host (which a lot of hosts do, same as shared hosting), then there will be the slow performance that you're seeing. Contact your host and tell them that it's slow. SSH into the phpVMS server and do a ping to MySQL, also look at the CPU using through htop. Most likely, it's that the node is over saturated and doesn't have the CPU to work as fast.

In the phpVMS GitHub project, there is an ongoing effort for PHP5.4 compatibility in the dev branch.

Thanks for the heads up - I've contacted the addon's author. Remember - don't trust ANY input - cast values to the appropriate type (in this case, integer) and then escape everything that comes in