Nothing fishy about this site. I believe it works the same way something I'm writing will work. You log in with your minecraft login (https might be nice, but it seems to be no less secure than minecraft.net), then if your account is authentic, it throws away the password, generates a unique key and then matches you against that key every time instead of your password. Unless the cookie expires, or you log out, then you have to log back in.
This is actually no less secure than logging into a random minecraft server. The server itself checks your login even though you've logged into the client (The reason we get those stupid 503 errors), over http, no less, so that stuff can easily be grabbed by any nefarious server admins with the know-how.
Fred im gonna add the 2 servers we currently have into the thread mayby itll make it better :ohmy.gif: But seriously people should join this. If you dont trust it just read what everyones saying :biggrin.gif:
For those who dont believe it we DONT save your passwords we just connect to minecraft and see if the acc is real or not.
Heres the code for it.
<?
//Listen up, there's a good chance someone like Notch is going to want to inspect my login script to make sure I'm playing fair. I'm
//not saving any passwords, that's just wrong. I am however confirming that the owners of these minecraft accounts have access.
//Everybody's happy! YAYYY!!
unset($baddy);
//unset($uname);
if(isset($logout))
{
setcookie("uname", strip_tags($login), time()-60*60*24*30 , "/", ".mineverse.com");
setcookie("status", $tmpstatus, time()-60*60*24*30 , "/", ".mineverse.com");
OK, what I was promised to see here is code that reads $_POST vars, does some http minecraft.net fiddling with curl or whatnot and then unsets the questionable $_POST[...] vars.
What I actually see is code that unsets $baddy, whatever $baddy is, where it comes from and what it's used for, checks if $logout is set or not, and if so deletes two cookies.
Althought I'm not a hater of your login, I'm interested in how you make people believe that this infact is legit. And this snippet of code proves abso-****ing-lutely nothing.
Please, explain this grievance.
edit: what I also find idiotic unpleasant so to speak is to write:
If you have doubts, contact me, I'll show you the source code.
on the login page but not link the contact or provide ANY way on this website EXCEPT LOGGING IN.
This makes me more and more think this is actual hardcore-scam. Please prove me wrong
OK, what I was promised to see here is code that reads $_POST vars, does some http minecraft.net fiddling with curl or whatnot and then unsets the questionable $_POST[...] vars.
What I actually see is code that unsets $baddy, whatever $baddy is, where it comes from and what it's used for, checks if $logout is set or not, and if so deletes two cookies.
Althought I'm not a hater of your login, I'm interested in how you make people believe that this infact is legit. And this snippet of code proves abso-****ing-lutely nothing.
Please, explain this grievance.
edit: what I also find idiotic unpleasant so to speak is to write:
If you have doubts, contact me, I'll show you the source code.
on the login page but not link the contact or provide ANY way on this website EXCEPT LOGGING IN.
This makes me more and more think this is actual hardcore-scam. Please prove me wrong
Well, you could approach this with a little less attitude, but since we're mean to strangers, I'll just go forward. It's true, holylifestar must've copied and pasted from a different thread. That's not the whole script.
For those who dont believe it we DONT save your passwords we just connect to minecraft and see if the acc is real or not.
Heres the code for it.
<?
//Listen up, there's a good chance someone like Notch is going to want to inspect my login script to make sure I'm playing fair. I'm
//not saving any passwords, that's just wrong. I am however confirming that the owners of these minecraft accounts have access.
//Everybody's happy! YAYYY!!
unset($baddy);
//unset($uname);
if(isset($logout))
{
setcookie("uname", strip_tags($login), time()-60*60*24*30 , "/", ".mineverse.com");
setcookie("status", $tmpstatus, time()-60*60*24*30 , "/", ".mineverse.com");
OK, what I was promised to see here is code that reads $_POST vars, does some http minecraft.net fiddling with curl or whatnot and then unsets the questionable $_POST[...] vars.
What I actually see is code that unsets $baddy, whatever $baddy is, where it comes from and what it's used for, checks if $logout is set or not, and if so deletes two cookies.
Althought I'm not a hater of your login, I'm interested in how you make people believe that this infact is legit. And this snippet of code proves abso-****ing-lutely nothing.
Please, explain this grievance.
edit: what I also find idiotic unpleasant so to speak is to write:
If you have doubts, contact me, I'll show you the source code.
on the login page but not link the contact or provide ANY way on this website EXCEPT LOGGING IN.
This makes me more and more think this is actual hardcore-scam. Please prove me wrong
You didn't have to come at us guns blazing like that.
Well, you could approach this with a little less attitude
I don't think so, if some website requires me to enter sensible informations, my suspicion level is at max. And if you offer an investigation about the legitimacy of the script then I'd say I can afford having an initial 'attitude'.
Well, you could approach this with a little less attitude
I don't think so, if some website requires me to enter sensible informations, my suspicion level is at max. And if you offer an investigation about the legitimacy of the script then I'd say I can afford having an initial 'attitude'.
this still shows very little transparency regarding the whole storing-the-password tale. You're revealing maybe a bit too much stuff.
Check your PMs.
Quote from EpicDude86 »
You didn't have to come at us guns blazing like that.
Well sorry, but you guys pretty much ask every php dev and security engineer for it.
We've made it very clear that we're willing to be transparent. I'm pretty sure Fred's offered to give administrative access to Mods to check it all out and make sure it's on the level. Unfortunately no one wants to do that they just want to hurl accusations and damnations.
This is actually no less secure than logging into a random minecraft server. The server itself checks your login even though you've logged into the client (The reason we get those stupid 503 errors), over http, no less, so that stuff can easily be grabbed by any nefarious server admins with the know-how.
Customer Support
Apply here
or go here
wikider, I've added your username as a beta user. Go ahead and log in, go to "my account" and accept the invitation.
Epic Dude
Mineverse: A New Way to Mine in a Universe of Minecraft!
http://www.mineverse.com/group.php?id=1
OK, what I was promised to see here is code that reads $_POST vars, does some http minecraft.net fiddling with curl or whatnot and then unsets the questionable $_POST[...] vars.
What I actually see is code that unsets $baddy, whatever $baddy is, where it comes from and what it's used for, checks if $logout is set or not, and if so deletes two cookies.
Althought I'm not a hater of your login, I'm interested in how you make people believe that this infact is legit. And this snippet of code proves abso-****ing-lutely nothing.
Please, explain this grievance.
edit: what I also find
idioticunpleasant so to speak is to write:on the login page but not link the contact or provide ANY way on this website EXCEPT LOGGING IN.
This makes me more and more think this is actual hardcore-scam. Please prove me wrong
Well, you could approach this with a little less attitude, but since we're mean to strangers, I'll just go forward. It's true, holylifestar must've copied and pasted from a different thread. That's not the whole script.
http://www.mineverse.com/showlogin.txt
But really, no need to take my word for it, there's a lot of fun loving people already involved, and frankly, you don't sound like one.
Yes, I've been inviting server admins into our marketplace. It's relatively easy to do.
Eh, we just were discussing two different things as if they were the same. Similar in name, but not in definition. :wink.gif:
Epic Dude
Mineverse: A New Way to Mine in a Universe of Minecraft!
http://www.mineverse.com/group.php?id=1
You didn't have to come at us guns blazing like that.
Epic Dude
Mineverse: A New Way to Mine in a Universe of Minecraft!
http://www.mineverse.com/group.php?id=1
There, now there's a link on the login.
What a sense of community. :biggrin.gif:
<3
Epic Dude
Mineverse: A New Way to Mine in a Universe of Minecraft!
http://www.mineverse.com/group.php?id=1
I don't think so, if some website requires me to enter sensible informations, my suspicion level is at max. And if you offer an investigation about the legitimacy of the script then I'd say I can afford having an initial 'attitude'.
this still shows very little transparency regarding the whole storing-the-password tale. You're revealing maybe a bit too much stuff.
Check your PMs.
Well sorry, but you guys pretty much ask every php dev and security engineer for it.
We've made it very clear that we're willing to be transparent. I'm pretty sure Fred's offered to give administrative access to Mods to check it all out and make sure it's on the level. Unfortunately no one wants to do that they just want to hurl accusations and damnations.
Epic Dude
Mineverse: A New Way to Mine in a Universe of Minecraft!
http://www.mineverse.com/group.php?id=1
And, no, you don't have to be an ass to be constructive.
Let's have a Grand Opening Re-Releasing party and invite everyone!
Epic Dude
Mineverse: A New Way to Mine in a Universe of Minecraft!
http://www.mineverse.com/group.php?id=1
Epic Dude
Mineverse: A New Way to Mine in a Universe of Minecraft!
http://www.mineverse.com/group.php?id=1
We're off and running!!!
Epic Dude
Mineverse: A New Way to Mine in a Universe of Minecraft!
http://www.mineverse.com/group.php?id=1