WorkSimple 1.3.5 control panel and login fix

After playing around with WorkSimple 1.3.5 (and apparently not doing much  testing), login.php doesn't redirect on login and cp.php strips HTML.  Download the attachments below and replace cp.php and login.php with the new versions. Save the new versions as cp.php and login.php respectively and upload them to your WorkSimple install directory.

WorkSimple 2.0 roadmap

I've been making lots of new changes to WorkSimple, paving the way for WorkSimple 2.0. I'll be going over old code and re-implementing some things. I used Twig for templating instead of a custom made method since it seemed easier and more convenient. Templates now are much more customizable and flexible. Check out the screenshot for what it may look like (the colours suck, I know).

How publicly released exploits helped WorkSimple

[Photo by Honza Soukup]

A couple years back when I released WorkSimple, my PHP knowledge was very limited. I went through a couple versions of WorkSimple adding features and such but without thinking of security. Then, about a year and a half ago, I came upon a zero-day exploit site [1][2] site. On the site, it chronicled the current exploits in WorkSimple. Now, of course I acted quickly and fixed the problems. At first, I was offended by this. Then, I realized the helping hand it had lent me. Not only did these sites show how one could use the exploit, but also how to fix it. The user login system used MD5 hashed passowords in a specified [plain text] file in a specified place. After, the hashes were salted and in a .php file as not to display the contents. 


It definitely made me think more about security; not that I did not before just more comprehensively. To this day, I'm surprised that people use WorkSimple. Besides the terrible coding of it, the design is attrocious (which will be updated in 2.0 of WS). So, these zero-day exploits helped me be a better coder. It's difficult to design a perfect application without having something breaking. Apart from the aforementioned notes, I would think that it even created a little bit more publicity for WorkSimple :)

Place of education


Photo by aussiegall

With school finished with the exception of an exam or two and my domain back, I think I'll now have the motivation to get shit done.

Sysode is nearing completion: one of my projects that looks have decent. On the bad side, it uses PTB which would make it hardly scalable if at all. I could recode it so Sysode uses SQLite but I'd rather write it from scratch than transfer it. To make it feel better, a VPS would be ideal but wouldn't solve the problem.

Anyway, with my domain back (woot!) I think I'll go about fixing some stuff on this site.





Photo by gari.baldi

With Ymas coming up, it makes me realize all the blogging I've done in the last year. I'm glad I got as much traffic as I did, surprised even. Anyway, here are some highlights of the last year or so.

Most viewed article: How I got Debian Lenny working on my Eee.
Debian is my favourite distro of all-time, so after getting it working on my Eee (which some people had problems with) I thought I'd write a post on it. And well, I did. Runner up is the Eee wallpapers that I made.

Most dugg post: How to: Turn a wireless router into an access point
This one surprised me. After turning two routers into an access point, I thought I might as well post about it. 36 diggs. I know that's not a lot, but a lot for me! It still continues to be a popular listing on Google.

Most popular project: WorkSimple
I can't believe people use this. Apparently, it's quite popular on Hot Scripts. It has stayed on the first page of the 'PHP blog categorey' for quite some time now, occasionally setting the to the second page. WorkSimple needs lots of work, version 1.3.2 needs releasing. The 1.3.x branch should have followed the 1.3.0 Solar beta (screenshot here), but didn't. 

Despite all my other projects, this stayed on top; which is still odd for me.

This post sounds exactly like this year, which is odd.

I guess that's about it, nothing else exciting really happened. As usual, any comments/thoughts are appreciated :)