Share your repls and programming experiences

← Back to all posts
Python Public Chatroom
LoneAce (125)

Hello there!

Here is a small chatroom I coded with the Python Language. The method is very simple compared to other chatrooms so feel free to take reference from the code!

You can do /read to read without having to press enter

Link is here:
https://repl.it/@LoneAce/Python-Chatroom

PS: Pls upvote!


A journey of a thousand lines begin with a single line


Updates:

  • Fixed Bug where people can become mod easily by entering [MOD] in their name
Commentshotnewtop
oRedemption (2)

@TheBlacksmith I got the same error. Can't use the chat at all.

LoneAce (125)

@oRedemption Please use Sanjay's in the meantime. The link is https://repl.it/@sanjaykdragon/Python-Chatroom. I am trying my best to make the chatroom more secure as soon as possible but it doesn't have much effect due to the fact that all the code is revealed in repl.it

chillgamer (0)

@LoneAce Umm the chat doesn't work. You can only login as a Mod.

PYer (2516)

cool! I like the press enter to update log.

wobbly (2)

heyyyy as a fellow chatroom developer i do have to say that there's not really any security on this because everything is done client side. i understand there may be some reason for this, ie not being able to implement serverside functions, but it's really easy to "hack" because of the clientside (and thus changeable) restrictions. just a head's up. p.s. cool chat room :)

LoneAce (125)

@wobbly Yeah I noticed another dev telling me that I should separate the client and server using Flask. Still figuring out how

LoneAce (125)

@sanjaykdragon Cool thanks! Saw the code and I gotta admit it's really neat

LoneAce (125)

@sanjaykdragon However my main purpose for the password is to access the Mod status using my email, great job on encrypted password though

sanjaykdragon (11)

@LoneAce What do you mean? Like the email has a specific message saying "mod" or something? IMO my way is safer and better because now we wont spam smtp servers

LoneAce (125)

@sanjaykdragon Right my bad for not explaining correctly. I mean that the password I use to enter the Mod account is not anywhere in the code nor there is any way to obtain it using repl.it code as it is the password to my email address.

sanjaykdragon (11)

@LoneAce yes, and roughly the same way with my code. My code is hashed, meaning that it is like a 1way password - you can see the "hashed password", but you have to know the real password for it to work.

LoneAce (125)

@sanjaykdragon I understand but just asking, if someone else were to read the code and use the same method of "unhashing", would they be able to get the password?

sanjaykdragon (11)

@LoneAce once a password is hashed, there is no way to unhash it (except for bruteforce, but since I used bcrypt, that will take years). Read up on hashing

sanjaykdragon (11)

hello someone is stealing my name in here to use moderator powers and using vulgar language, someone take this down

TaylorLiang (54)

@sanjaykdragon I agree, as part of the timmy i chen cult (JOIN NOW)

TaylorLiang (54)

somebody posing as @sanjaydragon said the N word on this.

sanjaykdragon (11)

@TaylorLiang not me, I was offline for a bit and i come back and someone is being racist in my name

sanjaykdragon (11)

@TaylorLiang yeah see my comment below, i figured out a moderator bypass thing, and someone used my name to do stupid stuff

PowerCoder (6)

You need to import os

SkyyCivil (42)

Hey there Buster!

ThePhoenixfish (1)

@LoneAce Ok when will you enable

LoneAce (125)

@ThePhoenixfish Meanwhile please use the one made by Sanjay. The link is https://repl.it/@sanjaykdragon/Python-Chatroom

ThePhoenixfish (1)

It does not work for me
._.

LoneAce (125)

@ThePhoenixfish It is currently disabled for maintenance purposes

The_God_GuyGod (1)

No matter what I put it always shows the following log
<gendblob> nerd
<t> anyone alive?
<jl> yo
<> hello
<> so, you're finally awake. You were trying to cross the border right?
<n> yeah, I guess
<n> yeah
<n> yes
<uzay> hi
<uzay> nerd
<uzay> hi nerd
<uzay> I was
<[MOD] LoneAce > does anybody know how to upload images to repl?
<[MOD] TheDankMemer > fixed my username again
<[MOD] TheDankMemer > I changed it from LoneAce to TheDankMemer
<[MOD] TheDankMemer > ???
<[MOD] TheDankMemer > anyone!?!

followed by:

kick
repl process died unexpectedly

LoneAce (125)

@The_God_GuyGod I will be disabling the chat for a few weeks for a little bit of change so please understand

davidben1234 (2)

Whatsup boys who else is in class?

Hdjensofjfnen (0)

I learn a lot of things from just looking at other people's Python code. Thanks for teaching me more than a few things today.

LoneAce (125)

@Hdjensofjfnen Sure mate. Just a heads up please do not use this code as an example of a good security. The method of safeguarding messages in the code are not secure at all as this is a quick made project

Scoder12 (343)

Hello, I saw your program and think it is cool. I just want to say a word about your security.
1) I understand you enforce attempts to be mod through your email password, but THIS IS NOT SECURE. If you fork the repl and delete the code that checks this, you can still be mod.
2) You are exposing your jsonstore endpoint in your code! This means anyone can access the database and do whatever they want to it.
The way you can fix this is by making a separate repl that serves as a server and one repl that is a client. On the server, you can create a special file called .env which no one else can see. A guide on how to do this is here
On the server you can perform all of the database operations and checks for mod, so that no one can just edit the code to take it out. I hope this helps!

LoneAce (125)

@Scoder12 Thanks for the kind help! I didn't think that .env files can be used like that

LoneAce (125)

@Scoder12 Also could you tell me how to link one repl to another using the links? I have seen it in action but I am quite in the dark as to how it works

Scoder12 (343)

@LoneAce Whenever you want to send a chat message you can use requests to get the url of your server. You can use flask on the server to make different urls do different things, and have your client request them.

LoneAce (125)

@Scoder12 Then if someone were to copy my code would they be able to get the key from the server?

laytonwen (2)

wow this is actually cool

rediar (120)

when name is Kyoto name shows up as <>? possible bug

LoneAce (125)

@rediar Oh ya its because I didn't want one of my classmates to use it but I forgot to remove it haha

JordanDixon1 (20)

how do I input my own Jsonstore.io api key?

JordanDixon1 (20)

@LoneAce I figured it out. I just needed something added to the chat before I started it up because if there is no data then it returns NULL which is why I need to add something, otherwise the program will return that the NULL is not a valid string.

maazzubair99 (9)

this is really cool

could you maybe add timestamps to messages?

LoneAce (125)

@maazzubair99 It will be hard as the time shown is your local time and a timestamp will be different in every region

maazzubair99 (9)

@LoneAce is there a way you could convert it to Greenwich mean time and display that?

CoolJames1610 (70)

LOOVE IT!!! upvoted!

CoolJames1610 (70)

hey, wanna check out my new game?

sanjaykdragon (11)

You can bypass the mod check by making your name [MOD]name

LoneAce (125)

@sanjaykdragon Yup I noticed but it's fixed. Thanks for the info!

sanjaykdragon (11)

@LoneAce not gonna lie, this entire project is coded pretty badly. can you open it up or whatever so I can recode it?

LoneAce (125)

@sanjaykdragon Of course the repl can be forked just by editing anywhere in the code. I coded this pretty fast in order for me to communicate with my classmates during class so please understand the mess :)

sanjaykdragon (11)

@LoneAce alright, cleaned up some stuff, still some stuff left to fix though
https://repl.it/@sanjaykdragon/Python-Chatroom