Look for bugs in website

[Robertt]

Bitcointap.xyz
I'll pay 0.0005 per small bug.
All payments will be sent within 12 hours.
Thanks, let me know if you find anything :-)

[lolnabtc]

is the site ready?
becasue when I click Dashboard or Generator, it will go back to Purchase page.

I can only go to Purchase & Support page...

[Robertt]

I added some packages, basically I'm just looking for small bugs/glitches.
I think I'll lock this thread until I get the new domain

[jacee]

Hi, Profile section won't open. Also the settings and messages button doesn't work.

[Robertt]

Hi, Profile section won't open. Also the settings and messages button doesn't work.

Yeah, that's because I haven't added it yet.
I'll work on that in a second

[jacee]

Hi, Profile section won't open. Also the settings and messages button doesn't work.

Yeah, that's because I haven't added it yet.
I'll work on that in a second

Lock this thread and finish your site first then. Bug testing won't work if things are not yet settle in your site. Goodluck!

[Robertt]

Alright, I've fixed up most of the site. Ignore the profile/settings page, still a work in progress.
The rest should work, please let me know if you find anything wrong.
Thanks. Also want to know if there are any problems while signing up or logging in

[Alaki]

Alright, I've fixed up most of the site.

Good. Site looks decent.

Ignore the profile/settings page, still a work in progress.

Yep, jacee pointed it out. They sh'ld be rewarded.

The rest should work, please let me know if you find anything wrong.

Basically, I/anyone Can't buy a package.
Error by paypal ->

Your purchase couldn't be completed
Error Message
This recipient is currently unable to receive money.
There's a problem with the merchant's PayPal account. Please try again later

Also want to know if there are any problems while signing up or logging in.

It's fine/working.

P.S. Mah BTC address -> 18kW8q61si6KnhBGMtj8PfJs8Zhrsrux3A

[Robertt]

Yeah, I don't have a PayPal account atm
Anyway I'll send you both 0.001 in 5 hours :-)
thanks

[BitBustah]

I signed up. Got no email -- is that normal?


Once signed in I can only view the "Purchase" page. Not else opens. Normal?

[Robertt]

I signed up. Got no email -- is that normal?


Once signed in I can only view the "Purchase" page. Not else opens. Normal?

Yeah, I've got no content in the dashboard yet
Nothing else opens yet because for new users it's only purchase page
I think I'll add a bug testing group

[rajat08]

I signed up. Got no email -- is that normal?


Once signed in I can only view the "Purchase" page. Not else opens. Normal?

Yeah, I've got no content in the dashboard yet
Nothing else opens yet because for new users it's only purchase page
I think I'll add a bug testing group

I think its better to finish the whole website then ask people to test. Its better that way. Anyways best of luck to you for sales with the generator.

[Sigals]

Password is sent in plaintext when logging in - this isn't very good.

Password should be hashed client side and only the hash sent.

[Robertt]

Password is sent in plaintext when logging in - this isn't very good.

Password should be hashed client side and only the hash sent.

Actually, the password is hashed on my side. I'll look around the code and see if it's sent in plaintext although I'm pretty sure it isn't. How'd you find that?

[xinzark]

I don't think I found much things to report but when I try to click Profile/settings/messages with my phone in chrome browser site doesn't respond or nothing happens. Don't know if it is any bug or those pages aren't ready

And the password accepting function is also not that great. I signed up with a 1 digit password and your site allowed me to do that. Make users to enter at least 6 digit password for their own safety otherwise you will have face problems in future about hacked account issues

And I can't even understand what your site is about 

[Robertt]

I don't think I found much things to report but when I try to click Profile/settings/messages with my phone in chrome browser site doesn't respond or nothing happens. Don't know if it is any bug or those pages aren't ready

And the password accepting function is also not that great. I signed up with a 1 digit password and your site allowed me to do that. Make users to enter at least 6 digit password for their own safety otherwise you will have face problems in future about hacked account issues

And I can't even understand what your site is about 

Users are responsible for their own account.
The site is an account generator on an old domain, getting another one today.
If an account is hacked there isn't a problem, I'll just reset their password. It takes a few minutes to report it. Either way, use a stronger password and you'll be fine.

[mxnsch]

Bitcointap.xyz
I'll pay 0.0005 per small bug.
All payments will be sent within 12 hours.
Thanks, let me know if you find anything :-)

I was a little bored and there are indeed a couple of issues with your site.

Here are my findings after 5 minutes of fiddling:

Code:

* You should enable a forced password complexity
* Accounts should be forced to validate via mail (or just don't ask for email if you dont need it)
* If a support ticket is submitted, there is an error "Forbidden, You don't have permission to access /support.php on this server."
* If i enter a XSS locator [1] in username and password, your login form fails 
[1] <SCRIPT>alert(String.fromCharCode(88,83,83))</SCRIPT>

[Bitcoin_Delivery]

Hi Rob....basically i still didn't understand what you sell with packages...
Daily Package / $3....for what?
No doubt that t site isn't a scam, but would be nice if you can explain to me (and others) what function your site have?
You sell "mining power" or what?
Thanks!

[Robertt]

Hi Rob....basically i still didn't understand what you sell with packages...
Daily Package / $3....for what?
No doubt that t site isn't a scam, but would be nice if you can explain to me (and others) what function your site have?
You sell "mining power" or what?
Thanks!

It's an account generator. I would look for bugs my self but I'm not on a pc right now so that limits my abilities.
@mxnsch Thanks for that, the first two aren't really bugs but the last three I'll count. what's your btc address?

[Sigals]

Password is sent in plaintext when logging in - this isn't very good.

Password should be hashed client side and only the hash sent.

Actually, the password is hashed on my side. I'll look around the code and see if it's sent in plaintext although I'm pretty sure it isn't. How'd you find that?

You can see the POST request to login.php here https://i.imgur.com/HZL5V22.png

Look at the form data sent - password is in plaintext.