:( gesior/znote AAC

imback1 · Apr 6, 2015

Hello guys, There is something gonna make me crazy! I asked so many players about znote and gesior AAC and they told me that znote is perfect and gesior AAC isn't secure and when i tried to check ots' websites i found it gesior/modern AAC and i didn't see any server using znote AAC!! And gesior has more features than znote! may you tell me why please?! and what is the problem with gesior?
@Gesior.pl
@Znote

imback1 · Apr 6, 2015

In the first I would like to thank all those who contributed to his opinion But on the other I see a lot of opinions and there are people who have extensive experience in these things Such as
@Mark (Administrator) and i think he knows so many about everything
@Chris (Web Developer)
@WibbenZ (Active member with huge knowledge)
@half Away (Same As others).
To be honest I could not understand what you say because I did not get into this area before, I know that most of you will call me stupid or something like this.
But I still want an answer to my question, Which is better in protection? And I can relied upon Znote AAC Or Gesior AAC.
And certainly the best in its contents and its advantages.
Again Thanks

WibbenZ · Apr 6, 2015

Mark said:
I'm just saying you shouldn't claim that certain AAC's are more secure than others when neither have had any security audit of their most recent version. FWIW, I just used grep with certain patterns where I suspected there would be security issues, but grep just helps you narrow it down and you still need to know what to look for and follow the code paths through all possible branches (which is incredibly hard with Znote AAC) to know if it's actually vulnerable and of which severity it is.

In my opinion, of the AAC's I've looked at, DevAAC is the best option you have right now. The back-end is built as an API, so the front-end is easily replaceable if you're not fond of its layout or Angular. It's a shame that it doesn't have a lot of users.

The reason I said that the old gesior version is more secure then the new one(if that is what you ment) is because the new version hasen't had any security issues reported, while the old one has.
The real thing could be that the new version has HUGE security issues, but as long as they aren't reported / found no one will really know about them.
But as you said, its hard to know without testing it.

Haven't really given DevAAC a try, mainly since I feel like it won't go anywhere, users would rather use gesior / znote etc since they already have integrated shop systems.
And that is a must since you no longer can host a server without donations on your own computer, since most of the servers today need ddos protection.

imback1 said:
In the first I would like to thank all those who contributed to his opinion But on the other I see a lot of opinions and there are people who have extensive experience in these things Such as
@Mark (Administrator) and i think he knows so many about everything
@Chris (Web Developer)
@WibbenZ (Active member with huge knowledge)
@half Away (Same As others).
To be honest I could not understand what you say because I did not get into this area before, I know that most of you will call me stupid or something like this.
But I still want an answer to my question, Which is better in protection? And I can relied upon Znote AAC Or Gesior AAC.
And certainly the best in its contents and its advantages.
Again Thanks

I only call someone stupid if they really are haha, asking a question is not stupid. As I said earlier, we should learn from each other, that is the reason why I always look what Ex. @Mark updated on TFS insted of just reading "added X".

Well its really hard to say, but go with either znote or gesior, if you want the tibia.com layout I would say go for gesior since znote does not really have the correct layout(tables etc).

ATT3 · Apr 6, 2015

imback1 said:
In the first I would like to thank all those who contributed to his opinion But on the other I see a lot of opinions and there are people who have extensive experience in these things Such as
@Mark (Administrator) and i think he knows so many about everything
@Chris (Web Developer)
@WibbenZ (Active member with huge knowledge)
@half Away (Same As others).
To be honest I could not understand what you say because I did not get into this area before, I know that most of you will call me stupid or something like this.
But I still want an answer to my question, Which is better in protection? And I can relied upon Znote AAC Or Gesior AAC.
And certainly the best in its contents and its advantages.
Again Thanks

Whats so good about ZnoteAAC is that it's written in a way that is easy to learn and understand.
Unlike gesior, for someone who doesn't have much php experience will have difficult time, also the code looks messy and even doing minor changes can seem very complicated.

IMO both are good.
If you're using TFS 1.0 znoteAcc is definitely the choice to go with it.
If not, there are some great layouts and features for gesior AAC, can't deny that.

So if you're not that interested in learning php / begin able to "easily" edit files yourself, go with gesior.
tibia.com layout though.. It should be banned, its ugly as fuck and way overused.

TL;DR: ZnoteAAC if you want to learn, be able to do stuff yourself - Gesior if you don't care about that, just want the website to work and look OK.
If you have php experience, it doesn't really matter whichever AAC you decide to go with.

imback1 · Apr 6, 2015

ATT3 said:
Whats so good about ZnoteAAC is that it's written in a way that is easy to learn and understand.
Unlike gesior, for someone who doesn't have much php experience will have difficult time, also the code looks messy and even doing minor changes can seem very complicated.

IMO both are good.
If you're using TFS 1.0 znoteAcc is definitely the choice to go with it.
If not, there are some great layouts and features for gesior AAC, can't deny that.

So if you're not that interested in learning php / begin able to "easily" edit files yourself, go with gesior.
tibia.com layout though.. It should be banned, its ugly as fuck and way overused.

TL;DR: ZnoteAAC if you want to learn, be able to do stuff yourself - Gesior if you don't care about that, just want the website to work and look OK.
If you have php experience, it doesn't really matter whichever AAC you decide to go with.

Gesior is the choice then btw i'm using tfs 0.3.6

Gesior.pl · Apr 6, 2015

Gesior 2012, all github versions are few times verified by me [that's why I released 2012 version, to stop all people that use custom version from forum user Xyz and say that every 'Gesior' is insecure].

short story said:
Code looks messy, because when I made it in 2008 I made it only 'for me' (as ALL acc. makers on forum had security issues and after few weeks of trying/updating them I still get hack in 2-3 hours after server start). I did not plan to release it, because Talaturen said that there will be 'otland acc. maker' in few weeks/months. I gave it to few friends and after few weeks realized that it's secure and much better then all codes available on forum. Talaturen (and all others who announced their acc. makers) did not release 'otland acc. maker' (maybe he did in 2013?! 5 years too late!), so I decided to share my code with forum users.

About Gesior 2012 security (I spent around 20 hours only on checking all pages code and making sure it's secure):
SQL injection - all pages are 100% secure
XSS - all pages are 100% secure
CSRF - shop transaction requires acceptation on site, important actions requires account password

end of short story said:
There was new version of gesior acc. maker with clean code, ORM, all generated by classes etc., but one of big OTSes hoster bought it from me for 500 euro and I can't release it
It's version of new acc. maker 3 months before final version:
http://ots.me/aac/

StreamSide · Apr 6, 2015

Gesior.pl said:
There was new version of gesior acc. maker with clean code, ORM, all generated by classes etc., but one of big OTSes hoster bought it from me for 500 euro and I can't release it
It's version of new acc. maker 3 months before final version:
http://ots.me/aac/

much sad, such money
maybe rewriting it?

WibbenZ · Apr 7, 2015

Gesior.pl said:
Gesior 2012, all github versions are few times verified by me [that's why I released 2012 version, to stop all people that use custom version from forum user Xyz and say that every 'Gesior' is insecure].

About Gesior 2012 security (I spent around 20 hours only on checking all pages code and making sure it's secure):
SQL injection - all pages are 100% secure
XSS - all pages are 100% secure
CSRF - shop transaction requires acceptation on site, important actions requires account password

http://ots.me/aac/files/config/donation_paypal.php
https://otland.net/threads/sweden-xanteria-v3-come-back-8-6-custom-evo-map.226266/
Xanteria is no longer online, maybe its time for Gesior 2015?

Gesior.pl · Apr 7, 2015

WibbenZ said:
http://ots.me/aac/files/config/donation_paypal.php
https://otland.net/threads/sweden-xanteria-v3-come-back-8-6-custom-evo-map.226266/
Xanteria is no longer online, maybe its time for Gesior 2015?

'Big OTSes hoster', I mean someone who had OTSes with 500-1000 online for many years. Now he is doing some RL business sites [I met him once at studies in Warsaw], but maybe some day he will come back to OTSes. I can't share/use any part of code that he bought.
Nowdays I focus on some other scripts. Like:
https://otland.net/threads/unpack-items-outfits-from-any-client-to-png-with-otclient.231045/
Minimap generation, client map generation, live stream of all players on server on www etc.

WibbenZ · Apr 7, 2015

Gesior.pl said:
'Big OTSes hoster', I mean someone who had OTSes with 500-1000 online for many years. Now he is doing some RL business sites [I met him once at studies in Warsaw], but maybe some day he will come back to OTSes. I can't share/use any part of code that he bought.
Nowdays I focus on some other scripts. Like:
https://otland.net/threads/unpack-items-outfits-from-any-client-to-png-with-otclient.231045/
Minimap generation, client map generation, live stream of all players on server on www etc.

Well I must be honest and say that I preferd the way that looks.
Remember that you and I talked about this a while ago on skype, its really sad that he wanted sole rights for it.
Would not have minded starting to work on something like that. :/

Evil Puncker · Apr 8, 2015

time to gesior 2016?

Perwers · Jan 16, 2017

Time to gesior 2017?

@Gesior.pl

Gesior.pl · Jan 16, 2017

DevACC FTW! .. but there is no community nor updates (last real update 2 years ago). Maybe, because it requires pretty good programming skills in JS?
To 'create community' someone has to create some 'features' which are good examples 'how to modify it'.

There are a lot of people that host OTSes on older engines then TFS 1.x. 'Angular frontend' and 'PHP Backend' should be 2 projects.

I host 'otserv' with 'multi world' feature from TFS 0.4, casts, cams, guild war from 0.4 with some modifications, how long will it take to make DevACC work with it all?
There should be some unified 'OTS API' (layer between backend logic and database schema), so Angular frontend could communicate with any OTS backend. Like it is in OTClient, there are 'features' enabled/disabled by X 'tibia version'. Admin could configure some list of modules his server has and their versions. Then frontend and backend would adjust to it.

Znote · Jan 17, 2017

Gesior.pl said:
DevACC FTW! .. but there is no community nor updates (last real update 2 years ago). Maybe, because it requires pretty good programming skills in JS?
To 'create community' someone has to create some 'features' which are good examples 'how to modify it'.

There are a lot of people that host OTSes on older engines then TFS 1.x. 'Angular frontend' and 'PHP Backend' should be 2 projects.

I host 'otserv' with 'multi world' feature from TFS 0.4, casts, cams, guild war from 0.4 with some modifications, how long will it take to make DevACC work with it all?
There should be some unified 'OTS API' (layer between backend logic and database schema), so Angular frontend could communicate with any OTS backend. Like it is in OTClient, there are 'features' enabled/disabled by X 'tibia version'. Admin could configure some list of modules his server has and their versions. Then frontend and backend would adjust to it.

While I still think unified ots API is a long stretch, this looks interesting:
https://github.com/otland/forgottenserver/pull/2010

Gesior.pl · Jan 17, 2017

@Znote
But it's again.. TFS 1.x only.
As I understand that API is to get information about things 'live' from server (like current player position), not data from database, so we still need some second API to get account/player data.

Tampek · Jan 17, 2017

For me the Two account makers (gesior and znote) is good but gesior we need update tfs 1.x with multiserver version with all pages

:( gesior/znote AAC

imback1

Unknown member

imback1

Unknown member

WibbenZ

Global Moderator

ATT3

Intermediate OT User

imback1

Unknown member

Gesior.pl

Mega Noob&LOL 2012

StreamSide

Joseluis Gonzalez

WibbenZ

Global Moderator

Gesior.pl

Mega Noob&LOL 2012

WibbenZ

Global Moderator

Evil Puncker

Guest

Perwers

DBSU Dev.

Gesior.pl

Mega Noob&LOL 2012

Znote

<?php echo $title; ?>

Gesior.pl

Mega Noob&LOL 2012

Tampek

ECHO 'Zarkonia.online';

Similar threads