From today all rights for CMS H-SCRIPT belongs to web-studio ArtWeb (artweb.cc).
Deal value 20 000 USD. In addition to that, I agreed to lead ArtWeb development
department, and continue work on H-SCRIPT as a part of studio personnel. Now
all licenses/additional works on this script will be done through studio only. How
could it influence product? Now all the workforce: client-manager, two programmers,
designer, webpage designer and promoter will work on this project. I think that it's
a qualitative step forward, that will make our position on market stronger, and could
make us one of the leaders in near future!
Dear admins! Enable security options in Admin account settings (../admin/account/
user/addinfo?id=1): - IP-address change control = Х.Х.Х.Х - Bind session to IP-
address = yes - Forbid parallel sessions = yes - Auto logout after N minutes (0 -
default) = 5 It will eliminate risk of your session stealing.
On popular request we've added extended statistics to admin panel
Multi-level currency indication added. Now you can change user's payment details
from admin panel.
ATTENTION! Cases of cracking PerfectMoney merchant became more frequent by
trial and error method "Alternative code phrase". If it is "simple", then malefactor will
evaluate it and "sign" for it fake transaction. Script will put stated sum on malefactor's
balance. Create code phrases no shorter than 16 SyMBolS/numbers length.
One curious tester (thanks for that) found vulnerability: If you send a message with
special js-script to a user (or admin), then it will be executed on opening this message.
1. Vulnerability worked only when message was opened from Profile. 2. Malefactor
could receive user's cookies, and if user hasn't set IP-binding, then malefactor could
access user's profile(and in admin case - Control panel). To fix vulnerability update
file ..module/message/show.php . If you have disabled "Personal messages" (or
activated "only support" mode), then you are on safe ground.
On popular request: now you can reply to letters from support form from your mail.
Custom variable update in database "Was on site" now not oftener than once in a
minute (deloading database server).