Robertt (OP)
Member
Offline
Activity: 112
Merit: 10
|
|
January 22, 2016, 04:12:54 AM |
|
Bitcointap.xyz I'll pay 0.0005 per small bug. All payments will be sent within 12 hours. Thanks, let me know if you find anything :-)
|
|
|
|
lolnabtc
Member
Offline
Activity: 84
Merit: 10
|
|
January 22, 2016, 04:31:39 AM |
|
is the site ready? becasue when I click Dashboard or Generator, it will go back to Purchase page.
I can only go to Purchase & Support page...
|
|
|
|
Robertt (OP)
Member
Offline
Activity: 112
Merit: 10
|
|
January 22, 2016, 04:32:37 AM |
|
I added some packages, basically I'm just looking for small bugs/glitches. I think I'll lock this thread until I get the new domain
|
|
|
|
jacee
Legendary
Offline
Activity: 1302
Merit: 1025
|
|
January 22, 2016, 04:36:08 AM |
|
Hi, Profile section won't open. Also the settings and messages button doesn't work.
|
|
|
|
Robertt (OP)
Member
Offline
Activity: 112
Merit: 10
|
|
January 22, 2016, 04:38:02 AM |
|
Hi, Profile section won't open. Also the settings and messages button doesn't work. Yeah, that's because I haven't added it yet. I'll work on that in a second
|
|
|
|
jacee
Legendary
Offline
Activity: 1302
Merit: 1025
|
|
January 22, 2016, 04:39:25 AM |
|
Hi, Profile section won't open. Also the settings and messages button doesn't work. Yeah, that's because I haven't added it yet. I'll work on that in a second Lock this thread and finish your site first then. Bug testing won't work if things are not yet settle in your site. Goodluck!
|
|
|
|
Robertt (OP)
Member
Offline
Activity: 112
Merit: 10
|
|
January 22, 2016, 06:36:43 AM |
|
Alright, I've fixed up most of the site. Ignore the profile/settings page, still a work in progress. The rest should work, please let me know if you find anything wrong. Thanks. Also want to know if there are any problems while signing up or logging in
|
|
|
|
Alaki
|
|
January 22, 2016, 07:05:42 AM Last edit: January 22, 2016, 07:20:28 AM by Alaki |
|
Alright, I've fixed up most of the site. Good. Site looks decent. Ignore the profile/settings page, still a work in progress.
Yep, jacee pointed it out. They sh'ld be rewarded. The rest should work, please let me know if you find anything wrong.
Basically, I/anyone Can't buy a package. Error by paypal -> Your purchase couldn't be completed Error Message This recipient is currently unable to receive money. There's a problem with the merchant's PayPal account. Please try again later Also want to know if there are any problems while signing up or logging in. It's fine/working. P.S. Mah BTC address -> 18kW8q61si6KnhBGMtj8PfJs8Zhrsrux3A
|
|
|
|
Robertt (OP)
Member
Offline
Activity: 112
Merit: 10
|
|
January 22, 2016, 07:07:42 AM |
|
Yeah, I don't have a PayPal account atm Anyway I'll send you both 0.001 in 5 hours :-) thanks
|
|
|
|
BitBustah
|
|
January 22, 2016, 09:33:14 AM |
|
I signed up. Got no email -- is that normal?
Once signed in I can only view the "Purchase" page. Not else opens. Normal?
|
|
|
|
Robertt (OP)
Member
Offline
Activity: 112
Merit: 10
|
|
January 22, 2016, 10:03:51 AM |
|
I signed up. Got no email -- is that normal?
Once signed in I can only view the "Purchase" page. Not else opens. Normal?
Yeah, I've got no content in the dashboard yet Nothing else opens yet because for new users it's only purchase page I think I'll add a bug testing group
|
|
|
|
rajat08
|
|
January 22, 2016, 10:15:36 AM |
|
I signed up. Got no email -- is that normal?
Once signed in I can only view the "Purchase" page. Not else opens. Normal?
Yeah, I've got no content in the dashboard yet Nothing else opens yet because for new users it's only purchase page I think I'll add a bug testing group I think its better to finish the whole website then ask people to test. Its better that way. Anyways best of luck to you for sales with the generator.
|
|
|
|
Sigals
Member
Offline
Activity: 76
Merit: 10
|
|
January 22, 2016, 11:03:39 AM |
|
Password is sent in plaintext when logging in - this isn't very good.
Password should be hashed client side and only the hash sent.
|
|
|
|
Robertt (OP)
Member
Offline
Activity: 112
Merit: 10
|
|
January 22, 2016, 11:04:56 AM |
|
Password is sent in plaintext when logging in - this isn't very good.
Password should be hashed client side and only the hash sent.
Actually, the password is hashed on my side. I'll look around the code and see if it's sent in plaintext although I'm pretty sure it isn't. How'd you find that?
|
|
|
|
xinzark
Legendary
Offline
Activity: 1120
Merit: 1001
|
|
January 22, 2016, 11:12:03 AM |
|
I don't think I found much things to report but when I try to click Profile/settings/messages with my phone in chrome browser site doesn't respond or nothing happens. Don't know if it is any bug or those pages aren't ready And the password accepting function is also not that great. I signed up with a 1 digit password and your site allowed me to do that. Make users to enter at least 6 digit password for their own safety otherwise you will have face problems in future about hacked account issues And I can't even understand what your site is about
|
|
|
|
Robertt (OP)
Member
Offline
Activity: 112
Merit: 10
|
|
January 22, 2016, 11:13:52 AM |
|
I don't think I found much things to report but when I try to click Profile/settings/messages with my phone in chrome browser site doesn't respond or nothing happens. Don't know if it is any bug or those pages aren't ready And the password accepting function is also not that great. I signed up with a 1 digit password and your site allowed me to do that. Make users to enter at least 6 digit password for their own safety otherwise you will have face problems in future about hacked account issues And I can't even understand what your site is about Users are responsible for their own account. The site is an account generator on an old domain, getting another one today. If an account is hacked there isn't a problem, I'll just reset their password. It takes a few minutes to report it. Either way, use a stronger password and you'll be fine.
|
|
|
|
mxnsch
|
|
January 22, 2016, 11:33:14 AM |
|
Bitcointap.xyz I'll pay 0.0005 per small bug. All payments will be sent within 12 hours. Thanks, let me know if you find anything :-)
I was a little bored and there are indeed a couple of issues with your site. Here are my findings after 5 minutes of fiddling: * You should enable a forced password complexity * Accounts should be forced to validate via mail (or just don't ask for email if you dont need it) * If a support ticket is submitted, there is an error "Forbidden, You don't have permission to access /support.php on this server." * If i enter a XSS locator [1] in username and password, your login form fails [1] <SCRIPT>alert(String.fromCharCode(88,83,83))</SCRIPT>
|
██ ███ nope ██ ███
|
|
|
Bitcoin_Delivery
|
|
January 22, 2016, 11:42:49 AM |
|
Hi Rob....basically i still didn't understand what you sell with packages... Daily Package / $3....for what? No doubt that t site isn't a scam, but would be nice if you can explain to me (and others) what function your site have? You sell "mining power" or what? Thanks!
|
|
|
|
Robertt (OP)
Member
Offline
Activity: 112
Merit: 10
|
|
January 22, 2016, 11:44:07 AM |
|
Hi Rob....basically i still didn't understand what you sell with packages... Daily Package / $3....for what? No doubt that t site isn't a scam, but would be nice if you can explain to me (and others) what function your site have? You sell "mining power" or what? Thanks!
It's an account generator. I would look for bugs my self but I'm not on a pc right now so that limits my abilities. @mxnsch Thanks for that, the first two aren't really bugs but the last three I'll count. what's your btc address?
|
|
|
|
Sigals
Member
Offline
Activity: 76
Merit: 10
|
|
January 22, 2016, 11:48:02 AM |
|
Password is sent in plaintext when logging in - this isn't very good.
Password should be hashed client side and only the hash sent.
Actually, the password is hashed on my side. I'll look around the code and see if it's sent in plaintext although I'm pretty sure it isn't. How'd you find that? You can see the POST request to login.php here https://i.imgur.com/HZL5V22.pngLook at the form data sent - password is in plaintext.
|
|
|
|
|