Add-on Install & Upgrade 1.4.3

[BobbyWibowo]

@Fred. I'm not really familiar with encryption, to be honest. But if you store an encrypted text into the database, the only way to know what the original text was is by encrypting the exact same string again and compare the encrypted hash, no? If we take that into account, then basically there's no way to automate that if you want the login to be encrypted. Because the add-on has to send the actual password to XenForo, although I'd assume through secure connection already.

 

[GeorgioGalben]

greate tool; what url to put to check for if i use extensions from ******* ? (such as *******-Custom Node Style, *******-Multi Prefixes...and so on)

 

[rdn]

greate tool; what url to put to check for if i use extensions from ******* ? (such as *******-Custom Node Style, *******-Multi Prefixes...and so on)

If I were you, get rid all ******* addons ASAP.

 

[GeorgioGalben]

If I were you, get rid all ******* addons ASAP.

Ouch! 2months a go i purchased some addons from there. I don't understand... why all ******* stuff was removed from RM!?

 

[BobbyWibowo]

Ouch! 2months a go i purchased some addons from there. I don't understand... why all ******* stuff was removed from RM!?

I've known about *******'s issue since the first time it gets into public. A quick Google search shows many threads about it on top results:
******* logging passwords? Just saw this thread over at TAZ
******* add-on cannot be uninstalled
Official Notice of ******* about the relationship with Vxf .vn and Copyright issues (they finally admitted about their relationship with the leeching/nulling group)
******* Resource Removal

 

[Fred.]

@Fred. I'm not really familiar with encryption, to be honest.

Same here, I don't know how to implement it. I just want things to be secure. More is better.

I removed this add-on again because it's not working well with my secure server setup.

 

[BobbyWibowo]

@Fred. Though what I said about how encryption works might be correct though. Even though I said that I wasn't familiar, I've read a few articles about it.
So yeah, basically there shouldn't be any way to login to XenForo if the password was encrypted from our forums' database. But I'd say, as long as the add-on login through a secure connection, there's nothing to worry about. You'll just have 'not' to store your credentials.

 

[eberkund]

@Fred. Though what I said about how encryption works might be correct though. Even though I said that I wasn't familiar, I've read a few articles about it.
So yeah, basically there shouldn't be any way to login to XenForo if the password was encrypted from our forums' database. But I'd say, as long as the add-on login through a secure connection, there's nothing to worry about. You'll just have 'not' to store your credentials.

Yeah, it seemed accurate to me.

 

[Lemminator]

hi @Chris D

have you some idea why i can't update this add-on

i become this error message

ErrorException: copy(./library/BatchUpdateTags/ControllerAdmin/Thread.php): failed to open stream: Permission denied - library/AddOnInstaller/Model/AddOn.php:60
Generiert durch: Anonymous, Vor 21 Minuten
Stapelverfolgung
#0 [internal function]: XenForo_Application::handlePhpError(2, 'copy(./library/...', '/www/htdocs/w01...', 60, Array)
#1 /www/htdocs//library/AddOnInstaller/Model/AddOn.php(60): copy('/www/htdocs/w01...', './library/Batch...')
#2 /www/htdocs//library/AddOnInstaller/Model/AddOn.php(64): AddOnInstaller_Model_AddOn->recursiveCopy('/www/htdocs/w01...', './library/Batch...')
#3 /www/htdocs/w01263e7//library/AddOnInstaller/Model/AddOn.php(64): AddOnInstaller_Model_AddOn->recursiveCopy('/www/htdocs/w01...', './library/Batch...')
#4 /www/htdocs/w01263e7//library/AddOnInstaller/Model/AddOn.php(64): AddOnInstaller_Model_AddOn->recursiveCopy('/www/htdocs/w01...', './library')
#5 /www/htdocs/w01263e7//library/AddOnInstaller/ControllerAdmin/AddOn.php(251): AddOnInstaller_Model_AddOn->recursiveCopy('install/addons/...', '.')
#6 /www/htdocs/w01263e7//library/XenForo/FrontController.php(347): AddOnInstaller_ControllerAdmin_AddOn->actionInstallUpgrade()
#7 /www/htdocs/w01263e7//library/XenForo/FrontController.php(134): XenForo_FrontController->dispatch(Object(XenForo_RouteMatch))
#8 /www/htdocs/w01263e7//admin.php(13): XenForo_FrontController->run()
#9 {main}
Benötigter Status
array(3) {
  ["url"] => string(63) "http://xxx/admin.php?add-ons/install-upgrade"
  ["_GET"] => array(1) {
    ["add-ons/install-upgrade"] => string(0) ""
  }
  ["_POST"] => array(3) {
    ["resource_url"] => string(62) "https://xenforo.com/community/resources/batch-update-tags.4460"
    ["_xfToken"] => string(8) "********"
    ["_xfConfirm"] => string(1) "1"
  }
}

 

[Chris D]

The add on you files are upgrading don't appear to be writeable.

 

[Lemminator]

The add on you files are upgrading don't appear to be writeable.

ok i have found it . 1 .php have chmod 644 ...

 

[Joeychgo]

Nice mod, but after I installed, and tried to update an addon, I got this: Login to XenForo.com has failed. Make sure you login with your XenForo username and password.

 

[Chris D]

Are you using version 1.2.2 of this add-on?

There were issues in an older version. Aside from that, there are no known issues. The username and password would need to be your XF forum username and password (not your customer account).

 

[Neutral Singh]

@Chris D

Just installed, trying to upgrade an add-on through this add-on, get the following error below... if its a server only error, what should i ask the web-host to sort this thing out? Which directory permission is showing this error?

TIA

 

[BobbyWibowo]

@Neutral Singh The installer add-on couldn't make a directory somewhere. Probably required by the add-on you were about to install. I'm not quite sure myself, but I'd guess that it'd tell you the path where it couldn't make the directory. Try to check your PHP error log to see if there was a warning telling the actual path (you also may actually be able to get more information by going to XenForo's Server Error Logs, I guess). Changing that path's permission to chmod 777 may be sufficient. I suppose you do have FTP access to the website right? Usually on an Apache shared hosting, the PHP error log should be on the website's root directory and named 'error_log'.

 

[Xon]

It will be trying to create the "<webroot>/install/addons" directory, or a directory under there.

 

[Joeychgo]

Chris, I have one addon that shows it needs an update, but when I press the upgrade button a panel comes up that says "Add-on is fully up to date."

 

[Chris D]

This can, unfortunately, happen.

The detection method of updates being needed is done via the version number displayed in the title bar of the resource, e.g. in the case of this resource it's 1.2.2. It's not uncommon for add-on developers to release a new version, and give it a new version number in the Resource Manager, but not actually update the version number in the XML file.

I need to improve this detection code at some point, or work in a completely different method to do it. It's actually possible there's another bug here, too, but we're in the process of making some pretty big changes (there's several collaborators on this, now) so we'll hopefully get this fixed quite soon.

In the meantime, do you have an "Ignore this update" button?

 

[BobbyWibowo]

Yeah, from all add-ons that behaves that way on my board, they're all because the add-on's developer didn't change the version number on the XML file, but did on the resource page.
Other checking method for this add-on? Well, I guess downloading the file in advance and then check the XML within it, is the only foolproof method.

 

[DroidOne]

Yeah, from all add-ons that behaves that way on my board, they're all because the add-on's developer didn't change the version number on the XML file, but did on the resource page.
Other checking method for this add-on? Well, I guess downloading the file in advance and then check the XML within it, is the only foolproof method.

Just bumped into the same issue. Resource version on the resource page is updated, XML is not. Have 3-4 add-ons with the same issue.

Another way would be to check the XML during the upload process to the resource manager, maybe?