Something I am sad to bring to your attention...

First my apologies for neglecting my other post this afternoon there was a reason.

This is not something that I feel good about bringing to your attention but I feel obligated to do so. I am having some work done on AD today by a well respected coder here an0n.

You should understand that we were not looking for this, but an0n was in this particular file to work on something else. He has brought the following to my attention which was found in the following file (phpld script). admin/dir_links_edit.php

There was the following code.

if($data['TITLE'] == 'All4Seo Web Service')
$data['LINK_TYPE'] = 6;

Which tells the directory to set a link with that particular title to type 6 that happens to be a featured + five deep links. As I understand this it is an automatic upgrade to the link.

I have had mod work done on AD by the owner of this site and most here know who that person is without me mentioning a name. I was fairly disappointed with this discovery and a little sad because I would have given a featured link to him following the work he did for me.

But just the same Dargre owns that site.

I only post this so that anyone here who has a directory that had work done by this individual may just want to ckeck their files. I do not post this to get into a pissing match with anyone and will not do so. The proof is in the files which we have a screen print of and the witness who found the code.

 

This practice is really unethical,

This is why it's important to really know the person you hired.

Let's wait for the other side of the story if there is any!!!

Thanks for sharing.

 

What it will do is if you try to change the link to a regular or featured or [insert whatever] other than a featured+, it will automatically revert back to a featured+

This wasn't something that was looked for, but stuck out like a sore thumb (to me, since I know this script inside and out)

Now if stuff like this is done non-encrypted and plainly visible, I can only imagine the things that are and will be done with script like phpStynx, especially with their shady tactics and personnel.

This only strengthens my opinion on encrypted scripts. (especially depending on who is behind it.) If it is someone with standings then I'd have absolutely no problems, but this just is never the case anymore.

 

Grow up child, wasn't long before you went back to name-calling, sad really as your supposed to be a "Professional coder".

As you might have noticed, the phpLynx script has gone OPEN showing we have nothing whatsoever to hide so you might be better advised to watch that big mouth of yours, it might just land you in trouble.

At the OP, could this have possibly been an oversight? Or was this a deliberate action?

 

I am all grown up.

Where do you see name calling at? I call that 'Product Marketing'

I've never said I was a 'Professional coder', it is those who hire me for my services that do. Are you telling me that half this forum has no idea what they are talking about? Hahaha yea JamieG, dig your hole deeper by insulting your peers. You lynx people never learn.

You have more encrypted crap in there than the other and better scripts do that is unencrypted.

Can't even design the login page. You are using a combination of html and php for the admin. There is no efficiency in that admin.

Yea, stick to the Topic.

The code enforcing deliberate adjustment. Why it was left there will remain to be heard.

 

Having no experience working with that script, I wonder if there would be any reason for a coder to insert such a code to test something? I could honestly see that a coder might insert something like that to test a modification. Seems though, that such an argument would only hold true if the coder wasn't given access to the admin panel.

Regardless of why it was initially put there, it clearly shows either a lack of professionalism or sloppiness - neither or which is a ringing endorsement for a coder.

 

There is the obvious reason but who really knows if that is the actual reason for that bit of code being there.

The placement of it had to have been deliberate. If the purpose of it being there is not the obvious one then really what could it be?

If there was an actual purpose it does seem that it really should have been removed when the purpose had been served.

On the surface it just feels a little sneaky to me when I would have given the listing because of the work he did at the time.

So for me it is not so much what that bit of code did as what the bit of code represented. It was not a good feeling. If that makes any sense at all.

 

Listen an0n, before you drag yet another thread down to the levels of the sewers. You made an allegation that php and to use your pathetic words 'Stynx' had something to hide, or at least you inferred it. Which by the way your wrong on. I know for a FACT your not a professional coder, not a professional anything for that matter so let's not get into that debate.

Your like a chameleon at times an0n, no wonder people tell me not to trust you your not as super popular as you think. I have my own mind though and will make my own choices. As for your petty name calling 'phpstynx' was the term, that was inescapably a bit childish and uncalled for as was the inference we had something to hide, which I can assure you we don't.

As for the red at least you signed it although you sounded like a wounded cat, not sure why the turnaround? Guess you won't want to be one of the few we set up a dev area for?

As for encryption, I'm just on the phone to Microsoft, Google, Symantec, and every other software company telling them of super an0n's distate at that, they all owe it to you to reveal their code huh. Get real.

phpLynx opened largely on people's like YOURS recommendations yet you still rattle off your big mouth, if you don't want to get involved then don't, shut up about it though, it makes you sound like a jealous little kid who hasn't been picked for the school team. (Strange really when I did ask you many a time but your ego seems to get in the way all the time).

Right that's the bitch slapping out of the way, you've had your little dummy spit, I've thrown it back at you, for the sake of the forum lets leave it at that and if you don't want to get involved with phpLynx then don't but please shut up those stupid jibes and veiled comments, we have nothing to hide, you should know that by now.

Now back on topic and thanks to the decent posters who did just that.

@Swedal; Did this dargre write this code for you or did he hire someone to do the code and claim it as his, I know for a fact some on here do. Ask him outright and tell him your concerns, see what he comes up with.

This is the one thing about going open that is WORSE that encryption, these amateur coders if we're going to take the professional status out of it, can and in your case clearly can play naughty. At least when you hire a team of professionals and encode the script you protect yourself from episodes like this.

I never like to see under-handed things go on so am hoping all is good for you on this, be warned that regardless of who they say they are on here they rarely are who they say are and do what they say they can do.

In all fairness to an0n, whether you can trust him or not (the jury is out on that one for me) he is at least who he says he is and lives where says he lives which I can attest to so if your going to use someone use him.

 

I am pleased this has been brought out into the open for discussion and ask is there any possible way this might have been simple mistake or is it really blatant?

 

Having had work done on many of my projects I must say that I’m more than happy to work with Rob, the main downfall is Rob always has lots to do and I can never wait. (My fault not Robs)
I have also worked with Dargre and I have still an outstanding problem with his news mod that I’m waiting for him to correct and I have waited since April, Having said that I still find it hard to believe that the code was added to deceive, if however I’m wrong then surely more claims will come to light.

Respect to the OP for informing people but it would be nice if we could have some directory threads without all the name calling.

Thanks Brian

 

I couldn't agree more, sadly some people just can't help themselves.

It might have been a good idea for the OP to have asked this Dargre person regarding this claim perhaps? As much as it can be a good idea to expose people for bad workmanship someone threw up the idea that it could have been an0n who simply said he'd found that snippet there just to make a rival coder look bad? Is there bad blood between these two? Who knows, who cares. Things people say huh.

Best bet is for the OP to confront Dargre and ask him about it privately.

 

You know Brian that would truely be nice. It would also be nice to know that there was no deception intended with that code like you said and it was a mistake for some reason. I know that I would feel better about it.

Jamie to my knowledge he has not been active here for some time and to my knowledge he did code the work he did for me.

I was chatting with Rob when he found this. He was completely shocked by it.

Plus the real point of the thread was just to inform people and allow them to check their own sites because dargre has not been active here for some time. As I said in the original post I did not feel good about making the post and as much as I hate all the bickering that goes on here there are good people here and I felt obligated to inform what was found.

The point of the thread was not to give yet one more opportunity to politic about scripts, if encrypting them is good or try to cast a shadow on the person that found the code.

 

I agree 100%, and if an0n hadn't made a totally uncalled for comment I would not have said anything myself as I had no need to.

As long as everything is alright for you then I'm happy and yes, it would not hurt others to check their installs if they've had the same type of work done by this individual the file has been named here so it shouldn't be difficult for people to check themselves.

 

Rob and others, is there any other file where something similar could be achieved?

Perhaps it would be useful to the folks who use this script to look those over too. So many here have custom templates, it would seem that would be an even more likely place for shenanigans to occur.

 

It can occur in any number of files. I just so happen to need to edit that particular one and saw it.

That is the specific reasoning why I noted on the encryption of phpStynx. Based on the forum dealings and their attitudes, I wouldn't put it past them to do things of this nature. If there in FACT was nothing to hide, then encryption isn't needed at all. Not unless it was something extremely new and not anywhere, which of course is not the case, since it's just a rip of what every other script has it in already. I mean, who the hell encrypts default smarty modifiers that are freely distributed and leaves their classes unencrypted. /me shakes head

I suggested that Bruce give notice to peers with the location and specific file, so that it may be rectified if need be.

I do not know the reasoning behind why it is there, but I do know for a fact it does NOT need to be there and only one person can provide an answer for us.

Last time I spoke with the MOD'er was on June 7th, and I know he's been really busy with two new websites. And for the record, the conversation was pleasant as always, so people like JamieG making false accusations can now go and touch themselves in their naughty places and cry. (you will never be trusted JamieG. sucks to be you!!!)

note*
@JamieG, they were referring to YOU, with regards to 'name calling', but you wouldn't understand of course, being blind and all. duh!

 

Sheesh! a lot of ppl bought the mods from dargre. I wonder if this is the only hidden vuln

Well, if the poopoo will come up&float, we will all know about it, since there are ppl here that are members on all the major webmaster related forums. Since now, no complains.

I remember that every time I needed help with something related to those mods dargre developed, he always helped me and I will like to give him 10/10 for support.

This thread will be interesting to follow...

 

That sinks to the bottom of the gutter, it's cream that rises to the top.

 

First off, it goes without saying, thanks to Swedal for bringing this to everybody's attention - as both a phpLynx and phpLD user, this affects me too.

With regards to Rob's comment - seems hilarious that you attempt to swing your nuts around like king of the jungle, claiming to be the be all and end all of phpLD - except, there's one MAJOR problem.

Explains a lot, doesn't it?

 

The reason why encryption on a few files is needed an0n is to stop or rather try and make it as difficult as possible to null the script which as you know has happened to other scripts far too often. I really would be careful of that big mouth you keep opening it really could land you in trouble you know and nobody wants that.

On the note of encryption It just shows how little php you must know if you never saw the random approach to encryption, we encoded a minimal amount of files your never going to want to touch but are intrinsic to the running of the script, as a learner you can be forgiven for not knowing though.

I wouldn't comment on attitude if I was you, yours isn't too good at the best of times either and that's coming from your peers who just haven't got the balls to tell you like I have. Thinking your God isn't that endearing and doesn't pay the bills and not one person at phpLynx could ever live up to your ego so don't go that route. Ego doesn't pay the bills and its cool being me, I'm not desperate to top up any unemployment benefits like some on here seem to be.

Oh, and for the record an0n, I NEVER make false allegations, I say it as it is and if you read my post you would have seen I said, someone threw up the idea that it could have been an0n who simply said he'd found that snippet there just to make a rival coder look bad? Is there bad blood between these two? Who knows, who cares.

Thankfully and regardless of whoever caused the problem that led to this thread its been resolved, although YMC did pose a question most people want answered.

Having spoken to a few people on here now including the OP I'm going to work harder at ignoring the jealous people and I'll also pay attention to what DownUnder said and let the cream rise to the top.