xHabbo V

[LeChris]

​

Introduction
xHabbo is an advanced state of the art administration panel, designed to keep your hotel’s staff team working with full efficiency. No more searching through a database trying to find what you want, our system offers it all!

Progress Videos

 

[Berk]

Awesome

 

[LeChris]

Installation System finished

 

[AidenKing]

Can i have a brief description of what xHabbo is and how it benefits retros? Struggling to understand what the whole project is,

Thanks,
Aiden King

 

[LeChris]

Logins have been coded, all logins will create a session managed in the database which has ip validation per each request - meaning if your ip is somehow changed, it'll require you to login once again as a form of extra security.
Authentication is coded from scratch, no more passport.
 
When adding new staff members, you'll be asked for 2 things

1. An username
2. An email

xHabbo will automatically email the new staff member with a randomized password to make their initial login. This system will also be repeated for multiple things such as password resets, mass emails, etc.

 

[BIOS]

xHabbo will automatically email the new staff member with a randomized password

Don't do this. Send them a link where they can choose their own.

 

[LeChris]

Don't do this. Send them a link where they can choose their own.

Might do that too, really it’s all the same thing as when you login the first time it’ll force you to update your password and personalize your account

It’s just whether you type the random string or click it :/

 

[Wickd]

not this shit again

 

[BIOS]

Might do that too, really it’s all the same thing as when you login the first time it’ll force you to update your password and personalize your account

It’s just whether you type the random string or click it :/

No, it's nothing like the same.

1. Your 'random password' probably isn't even random, computers do not generate true secure randomness by default (unless you use a CSPRNG which bases it's output on random H/W noise).
2. E-mail's are transmitted in plaintext.

I'll just leave this here:

You must be registered for see links

 

[LeChris]

No, it's nothing like the same.

1. Your 'random password' probably isn't even random, computers do not generate true secure randomness by default (unless you use a CSPRNG which bases it's output on random H/W noise).
2. E-mail's are transmitted in plaintext.

I'll just leave this here:

You must be registered for see links

Probably not a good idea to send a link then either that gives immediate access to an user password.

 

[BIOS]

Probably not a good idea to send a link then either that gives immediate access to an user password.

Not really. The idea is that it'd generally have expired by the time an attacker attempts to use it, because the user would have already set one.

Of course this may not stop someone who is motivated, which is why nothing beats the user setting their own through standard on-site registration means.

 

[Zombie]

looks good but i can help if needed

 

[LeChris]

looks good but i can help if needed

Do you know the following:

• Basic Javascript
• Node.js Applications of Javascript
• MySQL
• EJS Templating
• Async Querying
• Bookshelf ORM
• Express Web Server
• H4BB0 H0T3L

 

[Ghost]

Good luck upon this. It gets better and better eh?

 

[LeChris]

 

[AidenKing]

Noice

 

[LeChris]

You must be registered for see links

 

[Central]

Looks amazing

 

[LeChris]

Development has been resumed. Please decide whether or not I should support Arcturus or Plus Emulator for initial release.

 

[Pinkman]

Development has been resumed. Please decide whether or not I should support Arcturus or Plus Emulator for initial release.

Both. Prefer Plus since Arcturus is