loshMiS

loshMiS supports this item

Supported

This author's response time can be up to 1 business day.

419 comments found.

dawgol

dawgol Purchased

I’ve bought it. It seems like some mac files are presented within sourcecode e.g. ‘__MACOSX’. Also, the avatar upload doesnt work on Firefox and Chromium browsers on Linux :( Could you tidy up the source and fix the upload please? As to the upload the issue seems to be on the JS script side as no POST request gets generated as a result of a file select action :/ So i guess it’s an issue with croppy js script.

dawgol

dawgol Purchased

Milos, I know what they are (as stated in my message). I’m just saying that these should NOT be present within a PRODUCTION release. Not only makes it messy but these can also leak unnecessary information (e.g. about files present) to attackers. As to croppy, it was a permission issue. Your documentation should also include permission setup for other directories. Currently it only mentions storage. It does not include other directories that also need to be configured.

Hey,

I agree with you that those files should not be within a production release, but only because it is messy. It cannot leak any information to attackers because that folder is in Vanguard’s root folder, which is not accessible via HTTP. If your Vanguard root folder is accessible via HTTP, then you have much bigger problems than taking care of “__MACOSX” folder.

About permissions, have you used the installer that comes with the script? You should not be able to install the script at all. Check Step 3 inside the docs: https://docs.vanguardapp.io/installation.html#installing-vanguard

Regards,

Milos

dawgol

dawgol Purchased

Sorry, but this is not correct. Bear in mind that it was just an example. And you can find other files belonging to your MacOS finder app WITHIN the public directory that should be and is accessible to the public e.g.:

  1. find . -name ’.DS_Store’

./upload/users/.DS_Store ./assets/img/.DS_Store ./assets/.DS_Store

As to the second part of the msg. Yes I used the installer. It installed fine. I dont think it checks all the permissions properly, such as the permissions of the javascript files / libraries etc.

chriserk

chriserk Purchased

Quick question. When you started this, did you use the “php artisan make:auth” or did you build something from scratch? Just curious.

Hey,

I really can’t remember since I’ve released first version about a year ago, but I think I built most of it from scratch.

Regards,

Milos

Hi !

I purchased this vangaurd project, but very much confused on installation. Could you please guide me on this ? I host website on bigrock servers.

Cheers, Darshan

Hey Darshan,

What exactly confuses you? Have you checked the documentation about the installation: https://docs.vanguardapp.io/installation.html ?

Regards,

Milos

dawgol

dawgol Purchased

CRITICAL VULNERABILITY! loshMiS , A bit disappointed. I have identified a critical vulnerability that is likely present in ALL versions of Vanguard and may be pretty TRIVIAL to exploit. It may allow low-privileged users to execute ARBITRARY CODE on the victim’s server and likely allow the malicious user to take over the website / web server.

I’m a security expert/pentester. Please provide your email and I’ll try to contact you directly asap.

Hey,

Would like to hear more about what you found. You can contact me via contact form on my CodeCanyon profile page: https://codecanyon.net/user/loshmis#contact

Regards,

Milos

Hi there, I just tried installing the script an everything went fine untill the last step. I checked the logs in the storage folder and it says: here is no suitable CSPRNG installed on your system. How can I fix this?

Best regards, Alexander

Hey Alexander,

It looks like it is an common issue for PHP 5.6 and password encryption functions. You can easily solve it by adding the following package into require section in your composer.json file, and running composer update:

"paragonie/random_compat": "~1.4"

I’ve already fixed this and it will be inside the version that I’ll upload to codecanyon later tonight or tomorrow.

Regards,

Milos

great job! nice project

Thanks! :)

Thanks! :)

Hi Vanguard Team, We have tried Vanguard and found some issues for which we would like to seek your assistance. We created a Role called Team Owner and gave it to manage permissions. However its is alsow managing admin level permissions. I expect that it can only manage the user it is created by “Team Owner Role” only, not other role like admin. Another issue is that there is not Model level permissions and Tam based permission concept. Would you please let me know, are you planning to incorporate this feature in near future, if yes, when this feature will be live. If no, do you suggest any workaround? I need to have team level permissions or fined grained model and page level controls.

For more clarity, here is the screenshots of what I meant.

http://prnt.sc/eb8tmp

Here the Abc Xyz is of Team Owner Role, however, its can delete or edit admin. I don’t want this. Suggest me the work around

Thanks and Regards, Punit Diwan

ravgrg

ravgrg Purchased

Hi, I want to do upgrade but i have changed a views, Where is write which version i use?

Oscar165

Oscar165 Purchased

downloaded latest version and get Whoops, something went wrong! :( after running install.

Did not create any database tables.

Had no issues with the previous release.

dkwollie

dkwollie Purchased

Hi IoshMiS, I downloaded the new version but I couldn’t installed. The following error was showed: FatalErrorException in OutputFormatter.php line 195: Maximum execution time of 120 seconds exceeded

Oscar165

Oscar165 Purchased

Latest version not installing with fresh install. Please help. How do I get the previous release.

Anyone have same issue.

Please help.

also can’t install a fresh installation of the new update :(

FatalErrorException in Output.php line 92: Maximum execution time of 120 seconds exceeded.

I manually updated all files for the 1.3 upgrade (except test files as I dont use them) and everything works properly now except inside the user management console I can no longer get User sessions or Edit users (editing users is a bit of a huge issue for me as i change permissions quite a lot). Any suggestions where to start? I just get a ‘Whoops something went wrong :(’ message. I have double checked, I did all of them from the new package.

I should clarify the above. Urgently I am wanting to restore functionality of the edit user button, after upgrading by replacing the files (and re-editing for my setup) can you suggest a fix or direct me to what files that is referencing, the button from the interface resolves the website: http://domain.com/user/29/edit which just produces a “Whoops, something went wrong! :( Something went wrong and we could not proceed… Please try again or contact website owner.”

Message and I am unsure how to troubleshoot it.

I have a fairly simple setup and just wanted to stop prying eyes from entering, I only really updated to address what made out to be a fairly significant security flaw, else I probably would have skipped the upgrade and let sleeping dogs lie. Ill be honest, the https://laravel.com/docs/5.4/upgrade guide went over my head when I read through it so I was looking for a simpler upgrade path.

Excellent Work – DCSF

Congrats, good luck with sales – DCSF

jpapan

jpapan Purchased

Hello. I have installed the social login for facebook and google. I filled the callback urls you provide and they are ok. I have made the modification you provided to some comments for the redirection after login to my home page and for normal login procedure (without social networks) works perfectly. How can I make the social login to redirect to my homepage and not to the user dashboard? Thanks in advace

perj

perj Purchased

Dear IoshMis, I just bought this script but I’m having trouble installing it.

Maybe you have any suggestions.

I am trying to install it on a shared hosting “one.com”. The installation progress is working fine until the very last step, both System Requirements as well as Directory Permissions are ok.

Error: “whoops, looks like something went wrong.” FatalErrorExeption in OutputFormatter.php line 153: Maximum execution time of 50 seconds exceeded.

Hello, how can I check if permission is valid using pure PHP like if ($permission == “something) { // execute code } ?

Found it if (Auth::user()->can(‘see_random_list’)) { }

by
by
by
by
by
by