axew3
Forum Replies Created
-
Forum: Plugins
In reply to: [w3mypq] 2.4.0 – Front end additions and default templateWhen you do things, sometimes you forget things along the way.
One thing I should have realized is that, of course, the HTML body file included to display the encryption tool is
w3mypq_body.html.So, why don’t we use
w3mypq_body.php?They look exactly the same, but can you see the difference in what can be done with the file once it is a PHP file instead of just HTML? A PHP file can run code on the fly.
For example, consider the internationalization of the entire frontend. Even though browsers now automatically translate pages, PHP is useful for much more than just that!
Quite smart eh!? No way to stolen our Private keys. We are safe everywhere. I am right?
Not true. It depend what the malicious code do. Could for example create a copy of the keys somewhere and get the value when the user go to upload the file.
And do not forget: Nobody can guarantee that your keys are safe if the underlying plugin code has been modified.
If an attacker gains unauthorized access to your website files, alters the JavaScript execution scripts, or injects malicious code into the plugin, the RAM isolation defenses can be broken, and your private keys can be silently stolenβor worse.Ultimately, security relies on total infrastructure integrity. If you do not trust the administrator of the site or the server hosting it, you cannot say: “I am safe and secret.”
Subsystem Dependencies: Note that the plugin relies completely on external libraries and the browser’s native underlying architecture (such as the Web Crypto API the JS noble lib or the w3Gemini engine). The plugin takes for granted that this underlying subsystem is secure and untampered with. If your browser is compromised, outdated, or running malicious extensions, the security guarantees of this plugin are void.
Forum: Plugins
In reply to: [w3mypq] 1.0.0 released! But version 2.0 is arriving soon with major updates!I think users max files quota per day would be the lacking option.
Imagine many users uploading 500MB or 1GB each and several times at day!
WoW! It is really required.
Forum: Developing with WordPress
In reply to: Sanitize binary bits. Binary for Post-Quantum decryptionForgive me my intent was to promote nothing but just to show to who helped me to fix an hard issue, a result.
I could had it on slack? Maybe. Or where? Anyway ok!
threadi, you’ll be mentioned into the w3mypgp code, into the file
/wp-w3mypgp.php file.
I will return back informing when finally, after a very hard effort, the plugin that accomplish now to all guidelines, has been published.
Forum: Developing with WordPress
In reply to: Sanitize binary bits. Binary for Post-Quantum decryptionHello threadi! w3mypgp plugin have been submitted to the plugin repo at wp.org. The world cannot wait to be safe π anyway there are 466 plugins in queue so or i will publish into github or into the site just a download link, or we have to wait do not know how much before to see it released! π
It was a dead domain registered that i own since 2003 so it will be dedicated to the security online the w3mypgp plugin for WP and various html/js tools (standalone html files containing encryption libraries as worker modules within) for a security online that’s quite different from others. There are no possible traps, there are no known bugs.
There is no way (or let say, it is quite impossible) to fuck things like these (all natively processed inside the browser)
π [self promotion link redacted]
Forum: Developing with WordPress
In reply to: Sanitize binary bits. Binary for Post-Quantum decryptionGreat thank You!
I will return back with a link.
Think i will release without fixing the multilang, only Eng on version 1.0. Next release will fix this.
Can’t wait anymore, You know the world require to be safe immediately! ahaha
Forum: Developing with WordPress
In reply to: Sanitize binary bits. Binary for Post-Quantum decryptionIt worked. You magic!
Going to submit the plugin asap! There is some minor warning about not used nonces, i will check to fix also this aspect.
Thank You!
Ps the plugin use hard front end javascript, alerting some message into some task. Is there a way to pass those vars so to be translated like on php example esc_html_e(“Public ML-DSA
(Sign) Key”, “w3mypgp”)or it need to be injected from php (hope it is clear what i mean) the translated phrase?
- This reply was modified 1 month, 2 weeks ago by axew3.
Forum: Plugins
In reply to: [WP w3all phpBB] 3.0.4 and LoginHello Halil!
This maybe you already knows: The integration requires the cookie of phpBB set to be available all over the domain, so
.mydomain.com
so it is visible by any site and subsite on mydomain.com. ex myforum.mydomain.com or something.mydomain,com
what mydomain,com cannot do, is to read cookies released under a specific path like
if myforum.mydomain.com set the cookie to be available only on myforum.mydomain.com *so it set the cookie path to be myforum.mydomain.com , mydomain.com or others cannot see it.
The phpBB cookie must be released as / root
And, can you please test that if you just change the starting part
public static function w3_phpbb_ban($phpbb_uid = '', $uname = '', $uemail = ''){on file class.wp.w3all-phpbb.php
to be
public static function w3_phpbb_ban($phpbb_uid = '', $uname = '', $uemail = ''){ return false; ....all works fine instead?
Forum: Plugins
In reply to: [WP w3all phpBB] Which CF rules should I set?To delete the user from phpBB you have to hook the related event listener
https://area51.phpbb.com/docs/dev/3.3.x/extensions/events_list.html#php-events
in this case i assume should be core.delete_user_after
if you know how to manage the addition, anyway, you see that the listener return 4 params
mode, retain_username, user_ids, user_rows
there are not emails.
So into the function that hook the listener core.delete_user_after, it is required to:
- Perform a query to get all users emails, fast because there are users ids.
- Get the array value of emails and pass it to a cURL post
- Add the code in WP that get the cURL request containing the emails payload, check value for security (sanitize emails), and delete users in wp.
Should be easy if you want the
/ext/w3all/phpbbwordpress/event/acp_listener.php
modified to add the listener and the related function (but you should be able cloning one existent) let know as i can i will do.
Remember that if you edit php files adding listeners into a phpBB extension, you have to DISABLE the extension and (if i do not wrongly remember) delete data, add the hook listener and the related function even empty with no code, and then RE-ENABLE the extension!
Forum: Plugins
In reply to: [WP w3all phpBB] Which CF rules should I set?Good morning! +- all ok and you!?
So, you get the problem when the phpBB (where the phpBB ext is installed) should add the user in WP, due to the cURL request sent from phpBB to WP when an user complete the registration process in phpBB.
A friend of mine have Cloudflare back for his site with no problems about that, i also have write some line of code that allow him to subscribe/unsubscribe users, based on their groups in phpBB, into specified newsletters served by amazon and memberpress memberships, and all these tasks are all managed in the same easy way (not using the wp rest api).
Now, could so this be better to do this change, into the phpBB ext code, so to accomplish with easy to same features, but calling/using the native WP rest api that maybe will resolve the problem without changing the Cloudflare settings?
Anyway i will ask him and return back.
The integration code require a bug and deep improve and i could be quite ready to move it to the next level rewriting all from scratch.
May as published this, that is coming very soon
https://www.w3it.org/mypgp/w3mypgp/
- This reply was modified 2 months ago by axew3.
Forum: Plugins
In reply to: [WP w3all phpBB] user_unread_privmsg php warningYes! But there are many points where the UID 1 in WP or the phpBB UID 2 are switched. It can be done easily since the integration is by email, and could be cleaned on next version but is it really useful?
Forum: Plugins
In reply to: [WP w3all phpBB] A few questions about the phpBB extensionHello Halil!
- Users added to phpBB are instantly added to Wp.
- When a user is deleted, they are instantly deleted from WP as well.
- When the userβs email address changes, it also changes in WordPress.
Users are added into WP if they register in phpBB immediately, if the extension in phpBB has been installed. The plugin code run only in WP and not in phpBB. If the extension in phpbb is not installed then they are added in WP when they visit as logged in phpBB the wp side (because the plugin code on class.wp.w3all-phpbb.php check for the session on private static function verify_phpbb_credentials(){) and if the user still not exist will be added, or when they will login in WP (using public static function w3_check_phpbb_profile_wpnu($username){ ) if they are still not existent. The same goes for email, it will change immediately in WP when updated in phpBB only if the phpBB extension is installed in phpBB (and is well configured to work) or the update will work as described for the user addition in WP when do not exist.
Note that the phpBB extension value of the url that point to WP need to finish with a slash / if i am not wrong. The phpBB extension code, to add an user in WP, simply load via a cURL the WP url indicated into the setting, and the plugin code in WP that receive this cURL request from phpBB is on file functions.php where:
# Add phpBB user in WP via cURL
function w3all_add_phpbb_user() {in case of email update or url update instead, the phpBB ext code execute the update directly doing a query. The cURL request should maybe be done using native WP REST but i did like this in the past and work the same practically (even i suspect that REST would be faster but ok since it is used just to add an user in WP). It can be easily improved.
If the user is banned, it would be nice to be able to add them to a special role in WP. That way, I could add some special restrictions for them.
it was like this, but actually the code just logout the user and do not go to change the user state in WP and this also can be easily changed.
Hmm. Changing the email addresses for comments might be too expensive, so Iβve developed a more effective method for online display.
i did not understand this, but if you mean that there is a faster way to achieve data in phpBB for all users that appears into the widget last topic, i know that there is but actually it was done like that and should be quite fast. The email address, after the ID (intval), that by the way will not match the same into phpBB and WP db so you cannot use IDs to get user’s data, the email is the most efficient probably and commonly used in these cases.
I updated the super secret encrypt decrypt files code that i did randomly and very confused, but that now anyway work really strong than everything else. The One way to be secret
https://www.axew3.com/w3/2025/11/super-secret-storage-of-network-files-and-messages/
Online example
https://www.axew3.com/www/deApps/w3mypgp/w3mypgp.html
- This reply was modified 4 months ago by axew3.
Forum: Plugins
In reply to: [WP w3all phpBB] read-only db userYes!
Forum: Plugins
In reply to: [WP w3all phpBB] user_unread_privmsg php warningTested it.
Into file, for example
/wp-content/plugins/wp-w3all-phpbb-integration/common/apps/phpbb_last_topics/render.php
having the widget last topics active, so adding on it your code simplified like this
<?php global $w3all_phpbb_usession;
//print_r($w3all_phpbb_usession);//exit;
if ($w3all_phpbb_usession->user_unread_privmsg > 0) {
$a = $w3all_phpbb_usession->user_unread_privmsg > 9 ? ' ttttttt' : '';
$b = $w3all_phpbb_usession->user_unread_privmsg > 99 ? ' ttttt' : '';
echo '<span class="ccccccc">' . $a . $b. $w3all_phpbb_usession->user_unread_privmsg . '</span>'; } ?>It work fine BUT
NOT FOR THE USER WP ID 1 OR phpBB USER ID 2
because the UID 1 is excluded and his session is never existent, the var
$w3all_phpbb_usession
return always an empty string as value! So maybe it is the problem?
PS good point to be notified into the explain page
Forum: Plugins
In reply to: [WP w3all phpBB] user_unread_privmsg php warningHello, i did not tested this by long time, anyway, before i attempt to,
where/how you are using this?
into a widget or template file or where?