DomainAgent 0.1 Alpha released

alex

I just pushed recent changes to the code and I can say it’s the first version working out-of-the-box. Still plenty to do, but if you’re impatient you can grab a zipped version from GitHub.

Installation
Upload all the files to your desired location
Edit INCLUDES/database.php and provide MySQL connection details
Point your browser to install.php

What needs fixing:
MySQL queries sanitization
This version works, but it’s still far from stable, and still needs some functionality, so let’s call it “Alpha”
I know there will be a lot of critique, and I welcome it. Keep in mind it’s my first PHP project

DestroyeRCo

I'll try to install it on my free shared hosting account Thanks for sharing your work.

alex

Not such a great idea (yet) as there's no login implemented, meaning everyone would be able to access it. I'm in the middle of adding authentication.

DestroyeRCo

:O I see, then I'll have to install php in my nginx VPS :S

alex

You could restrict access to the directory using htaccess though

Ellimist

$dName = mysql_real_escape_string(htmlentities($_POST['dname']));

Use PDO, bitte?

alex

@Ellimist said: Use PDO, bitte?

will do, once I learn what it is!

alex

@prae5 said: It installs fine, creates tables, etc... When you add a Registrar it works and if i check out the table in mysql the content is there. However, it never displays it in the web gui - Likewise it then prevents you adding a domain as it isn't listing it.

I can't replicate it

MrAndroid

@alex said: will do, once I learn what it is!

Please take down the project until you make it use MySQLi or PDO. You will thank me later.

Cronus

I have the same issue as @alex The entries are created but nothing is being displayed on the page.

Using Debian 7 and lighttpd and php5.4.4-14 if it helps

alex

@MrAndroid said: Please take down the project until you make it use MySQLi or PDO. You will thank me later.

please get off your high horse sir

@Cronus said: The entries are created but nothing is being displayed on the page.

redownload it and try again, just pushed new commits

Noerman

@alex said: Keep in mind it’s my first PHP project

joepie91

Go have a read at http://wiki.hashphp.org/PDO_Tutorial_for_MySQL_Developers, to learn how to do MySQL in PHP properly.

mysql_ is deprecated, dangerous, and must be avoided. No exceptions.

Additionally, only use htmlspecialchars (not htmlentities!) on output and not in a query, so that the data in your database is 'clean' and untouched.

alex

@joepie91 said: Go have a read at http://wiki.hashphp.org/PDO_Tutorial_for_MySQL_Developers, to learn how to do MySQL in PHP properly.

thanks for the link, currently looking at NetTuts+, but will checki it later on

@joepie91 said: use htmlspecialchars (not htmlentities!) on output and not in a query

will do, next on my list

At some point I would like to rewrite it using a framework, most likely Laravel, but not until most of the functionality is included, as this project is my way to learning PHP, using framework will be next step

joepie91

@alex said: thanks for the link, currently looking at NetTuts+, but will checki it later on

That seems like a surprisingly good article. A few remarks:

• The article says it's not officially deprecated yet; by now, however, it is.
• Be sure to use the prepare method - the quote method is still very insecure!
• There's quite a few tutorials using insecure practices floating around on NetTuts+... while this particular one is good, others might not be. If in doubt, make a thread here and ask people whether they can see any issues with it

@alex said: At some point I would like to rewrite it using a framework, most likely Laravel, but not until most of the functionality is included, as this project is my way to learning PHP, using framework will be next step

That would probably be a good idea.

alex

@joepie91 said: If in doubt, make a thread here and ask people whether they can see any issues with it

will do thanks for all the tips!

alex

// allow letters and numbers
$action = preg_replace('/[^-a-zA-Z0-9_]/', '', $_GET['action']); 
// allow only numbers for id
$id = preg_replace("/[^0-9]/","", $_GET['id']);    

Am I doing it right?

kandosan

lol is he still locked out read this post

http://dagent.org/2013/05/locked-out-of-let/

alex

@kandosan said: lol is he still locked out read this post

nah, it's been sorted here

udk

@alex look at PHP's filter_var() with sanitization filters: http://www.php.net/manual/en/filter.filters.sanitize.php

alex

@udk said: @alex look at PHP's filter_var() with sanitization filters: http://www.php.net/manual/en/filter.filters.sanitize.php

thanks for the link, but is there anything wrong with doing it with regular expressions?

udk

Use whatever you're comfortable with. Probably slightly slower to use regex, but for this sort of thing it isn't going to cause issues. One thing I do love filter_var() for is validating email addresses - regex for that can get extremely complicated if done right.

natestamm

@alex Not if you know what you're doing No. <-period

JoeMerit

can you make a function in the software that will automatically take the shittiest domains and create domain auctions for them on LET, will save a lot of work for a lot of people.

upfreak

@JoeMerit said: can you make a function in the software that will automatically take the shittiest domains and create domain auctions for them on LET, will save a lot of work for a lot of people.

You probably want AutoDomainAgent™ @Dewlance

Cronus

@alex Works now, just need to check the case on your tables, creates domains but looks for Domains

alex

@Cronus said: @alex Works now, just need to check the case on your tables, creates domains but looks for Domains

done

blergh_

MySQL ERROR: SQLSTATE[42S22]: Column not found: 1054 Unknown column 'Domains.RegID' in 'field list'

herp-derp.

alex

@blergh_ said: herp-derp.

save yourself time and move on, unless you know how to redownload fixed version

blergh_

@alex
re-download fixed version? do you even git, bro.

Ben1002

@blergh_

It would take you 30 seconds to add the column that is missing.