Currently in the development stages, CosmoVPS 1.0 is based on the Kronik base, it will be fully secured, all bugs fixed, and a few additional features. CosmoVPS will also have an install script. CosmoVPS will be available soon for the low price of $9.99.

http://cosmopets.net

Why buy CosmoVPS?
With many new pet sites popping up recently the need for a secured, petsite base has rose. This is CosmoVPS's goal, to create and obtain a secure petsite base.

Andrew

Your the owner of these orginal "kronik" scripts? Or are you just using them and trying to sell off someone elses work?

Actually, I'm not coding this. Just merely posting about this project... Revopets owner is working on this project. Basically if i understand this right, everything will basically be recoded.... But i may be wrong.

Your the owner of these orginal "kronik" scripts? Or are you just using them and trying to sell off someone elses work?

The Kronic scripts are under the GNU/GPL License, which allows for redistribution, modification, and resale of the code.

As for recoding - Most things will stay the same, expect for security, and a few additional features. The main goal is to create easy to install, bug free, secure pet site scripts that are easy to modify, and can support a small to medium sized virtual pet site.

So what changes, if any, have you made then? What kind of new features are there? What were the original features? And why not just make your own scripts, arn't you a half-decent programmer?

So what changes, if any, have you made then? What kind of new features are there? What were the original features? And why not just make your own scripts, arn't you a half-decent programmer?

I'm a great programmer, thanks. And there are many reasons they're going to be based off kronic. Here's a few.

1.) I want it to be under a GPL, it saves me some work basing them off Kronic.
2.) I am busy programming RevoPets, as well as coding scripts for SobaPets to replace the kronic-based, so I don't have time to code more scripts from scratch.
3.) People have become accustomed to the kronic scripts, so it'd be much easier to modify them for newer programmers than scripts I've made from scratch.

There will be plenty of changes, including being able to have more than 1 pet, being able to feed your pet, play with your pet, etc. As well as, of course, the very easy to use installation system, bug fixes, and security fixes.

Here's part of the new global.php file:


@include("config.php");
if(INSTALL_INFO!="SUCCESS")
{
header("location:install.php");
}
$conn=@mysql_connect(MYSQL_SERVER, MYSQL_USERNAME, MYSQL_PASSWORD);
@mysql_select_db(MYSQL_DATABASE, $conn);

ok i will look forward to the release :)

ok i will look forward to the release :)

Thanks :)

Haha. Owl made Kitto for the very purpose of giving people a new, highly customisable/extensible, and all-round better alternative to Kronik. I'm going to rain on your poor attempt at making money and plug Kitto in your thread: KITTO KITTO KITTO (http://kittokittokitto.yasashiisyndicate.org/wiki/Main_Page)

Haha. Owl made Kitto for the very purpose of giving people a new, highly customisable/extensible, and all-round better alternative to Kronik. I'm going to rain on your poor attempt at making money and plug Kitto in your thread: KittoKittoKitto! (http://kittokittokitto.yasashiisyndicate.org/wiki/Main_Page)

I've seen KittoKitto, and it does not include all of the basics, and it is not very secure. KittoKitto is also for more advanced users than my target audience.

If it's so insecure, prove it and break the demo site.

Kitto comes with an install script, and it's fairly easy to customise things. A reasonable knowledge of PHP is all it takes to customise Kitto. Adding extensions is a different story, but if you take ten minutes to read up on documentation and learn how to use ActiveTable, etc then it really isn't so hard. Now if you're designing your script so that a monkey could figure out how to use it, that's a different story, but I question whether or not someone that incompetent should even be attempting to run a website.

Oh wait. Yes he can. Nevermind.

It's not very secure?

I disagree. There have been no instances of anybody finding or reporting a security vulnerability in Kitto.

However, if you have found a flaw, I would appreciate it if you would provide details instead of making a sweeping "it isn't secure" statement. That does not improve anything.

I've seen KittoKitto, and it does not include all of the basics, and it is not very secure. KittoKitto is also for more advanced users than my target audience.

Also, it's true that it doesn't include all of the basics. That is intentional - Owl doesn't want people using Kitto as-is with no originality or customization. Kitto is a template, not a complete site - it's to save people time from reinventing the wheel. Extensions for things like shops and so on will be released in the future, either by Owl or by other developers who feel like contributing. Obviously people can also write their own extensions to make their site unique.

It's not very secure?

I disagree. There have been no instances of anybody finding or reporting a security vulnerability in Kitto.

However, if you have found a flaw, I would appreciate it if you would provide details instead of making a sweeping "it isn't secure" statement. That does not improve anything.

Well, I personally don't like how you escape strings in it, and how you don't check register_globals in the install. I didn't really do a full security "run-through" though. And don't ask me to give examples, because I already deleted the scripts, and don't feel like re-downloading them.

Also, it's true that it doesn't include all of the basics. That is intentional - Owl doesn't want people using Kitto as-is with no originality or customization. Kitto is a template, not a complete site - it's to save people time from reinventing the wheel. Extensions for things like shops and so on will be released in the future, either by Owl or by other developers who feel like contributing. Obviously people can also write their own extensions to make their site unique.

Yes, as I said, it's not the same target. CosmoVPS is a complete package.

The source is hosted and documented here... (http://kittokittokitto.yasashiisyndicate.org/docs/)

CosmoVPS may be a complete package, but what are you offering with the package to make it worth the money? Customization? Or at least customisability that could compare with Kitto's? Thorough documentation? Kitto is a young project, but in the future, with extensions, it would be possible to build a fairly complete site with the base plus extensions.

Edit: Not that I misunderstand your point about intended targets. For someone who really is clueless, having an entire site put in place for them with no effort on their part is probably what they want. But personally, I see very little originality or success coming from such a site. I guess that doesn't matter in the end though if you're just trying to make money.

The source is hosted and documented here... (http://kittokittokitto.yasashiisyndicate.org/docs/)

CosmoVPS may be a complete package, but what are you offering with the package to make it worth the money? Customization? Or at least customisability that could compare with Kitto's? Thorough documentation? Kitto is a young project, but in the future, with extensions, it would be possible to build a fairly complete site with the base plus extensions.

CosmoVPS comes with everything. The art, the scripts, etc. It also includes all the basic pet site features. It's not just a codebase like Kitto.

You not liking how it escapes strings and it escaping strings correctly are two completely different matters. PEAR::DB's prepare/execute have been in use by years by legions of developers and proven to be completely effective for every RDBMS PEAR::DB supports.

I do not know what you mean by 'it not checking register globals' during the install. No register_globals are used anywhere in the codebase, so it is not an issue. If you are trying to say that I should warn people against using register_globals or do an explicit ini_set to turn them off, then you have a valid point. I will make a specific note in the 'Resources for New Developers' article (which I haven't written yet...bah) about avoiding the use of register globals.

I appreciate criticism and encourage people to report any flaws they find - I will fix them and issue a new release immediately. However, if you did not do a full security-run through and have no specific examples, then you cannot support your position.

Please do not spread misinformation. It does not serve anybody.

You not liking how it escapes strings and it escaping strings correctly are two completely different matters. PEAR::DB's prepare/execute have been in use by years by legions of developers and proven to be completely effective for every RDBMS PEAR::DB supports.

I do not know what you mean by 'it not checking register globals' during the install. No register_globals are used anywhere in the codebase, so it is not an issue. If you are trying to say that I should warn people against using register_globals or do an explicit ini_set to turn them off, then you have a valid point. I will make a specific note in the 'Resources for New Developers' article (which I haven't written yet...bah) about avoiding the use of register globals.

I appreciate criticism and encourage people to report any flaws they find - I will fix them and issue a new release immediately. However, if you did not do a full security-run through and have no specific examples, then you cannot support your position.

Please do not spread misinformation. It does not serve anybody.

Yeah, I would have it where it doesn't even install unless register_globals is off.

As for the string escapes, I think I remember whatever you used being supported only in certain versions of PHP, and was concerned that people may have versions of PHP installed that do not support it, resulting in their sites being exploitable.

I'm not trying to spread misinformation, please don't take it that way.

Yeah, I would have it where it doesn't even install unless register_globals is off.There is really no reason to do so. If somebody is dead-set on using register globals, they will disable any protection I try to add.

Where I work, we have a saying for that - failing to install if it is enabled is attempting to solve a training issue with technical means. It's not usually a good use of resources.

As for the string escapes, I think I remember whatever you used being supported only in certain versions of PHP, and was concerned that people may have versions of PHP installed that do not support it, resulting in their sites being exploitable.I do not know where you got that impression. PEAR::DB is a 3rd party library shipped in the external_libs/ folder. It handles escaping in PHP4 and PHP5 properly (I do not know if PEAR supports PHP 3, but as that is deprecated, I am not concerned at all with supporting it).

I hope I have been able to adequately address your security concerns regarding Kitto.

There is really no reason to do so. If somebody is dead-set on using register globals, they will disable any protection I try to add.

Where I work, we have a saying for that - failing to install if it is enabled is attempting to solve a training issue with technical means. It's not usually a good use of resources.

I do not know where you got that impression. PEAR::DB is a 3rd party library shipped in the external_libs/ folder. It handles escaping in PHP4 and PHP5 properly (I do not know if PEAR supports PHP 3, but as that is deprecated, I am not concerned at all with supporting it).

I hope I have been able to adequately address your security concerns regarding Kitto.

Hmm, I always remembered having problems with PEAR in PHP 4, but I'll take your word it.

Your the owner of these orginal "kronik" scripts? Or are you just using them and trying to sell off someone elses work?Reptileman, OwlmanAtt, and PhreakShow are the original coders I believe.

PhreakShow, not Gamer.

I have used Kitto, and other than some issues with my server not allowing somethings to work right, the code was followable for a complete novice like me. I am looking forward to this release as well, the more I can look at and examine, the better I can learn the coding process and make the changes and add-ons that I would like to fit my ideals. I do not see either as better or worst, and feel that this argument is futile, at this point I would love to see the kronik scripts just to see what the noise about them is all about, Revo and Owl I look forward to see futher progress on both projects.

I have used Kitto, and other than some issues with my server not allowing somethings to work right, the code was followable for a complete novice like me. I am looking forward to this release as well, the more I can look at and examine, the better I can learn the coding process and make the changes and add-ons that I would like to fit my ideals. I do not see either as better or worst, and feel that this argument is futile, at this point I would love to see the kronik scripts just to see what the noise about them is all about, Revo and Owl I look forward to see futher progress on both projects.

Thanks. Owl is actually a part of both projects, as he is also coder/owner of the Kronic scripts that mine will be based off of.

But personally, I see very little originality or success coming from such a site. I guess that doesn't matter in the end though if you're just trying to make money.

As though the goal of earning money is bad?

Where did I say it was bad?

All I'm saying is that giving someone a complete codebase (whether making money or not) will not encourage them to do anything original to their codebase. How much originality in terms of features did you see coming from OPG, etc, from the hundreds of sites that were made?

My point was that in the end, if you're just looking to make some money, it doesn't really matter what people do with the codebase you're selling them. It's not as if there's any major negative impact on the world from people not being original. I'd have a real problem if this resulted in starving children with AIDS in Africa or something, but obviously that isn't happening here.

I see - I read it with a different voice - funny how the same words read two ways have different meanings.