Here is a small chatroom I coded with the Python Language. The method is very simple compared to other chatrooms so feel free to take reference from the code!
You can do /read to read without having to press enter
Link is here:
PS: Pls upvote!
A journey of a thousand lines begin with a single line
- Fixed Bug where people can become mod easily by entering [MOD] in their name
@LoneAce yes, and roughly the same way with my code. My code is hashed, meaning that it is like a 1way password - you can see the "hashed password", but you have to know the real password for it to work.
heyyyy as a fellow chatroom developer i do have to say that there's not really any security on this because everything is done client side. i understand there may be some reason for this, ie not being able to implement serverside functions, but it's really easy to "hack" because of the clientside (and thus changeable) restrictions. just a head's up. p.s. cool chat room :)
You can bypass the mod check by making your name [MOD]name
No matter what I put it always shows the following log
<t> anyone alive?
<> so, you're finally awake. You were trying to cross the border right?
<n> yeah, I guess
<uzay> hi nerd
<uzay> I was
<[MOD] LoneAce > does anybody know how to upload images to repl?
<[MOD] TheDankMemer > fixed my username again
<[MOD] TheDankMemer > I changed it from LoneAce to TheDankMemer
<[MOD] TheDankMemer > ???
<[MOD] TheDankMemer > anyone!?!
repl process died unexpectedly
I learn a lot of things from just looking at other people's Python code. Thanks for teaching me more than a few things today.
Hello, I saw your program and think it is cool. I just want to say a word about your security.
1) I understand you enforce attempts to be mod through your email password, but THIS IS NOT SECURE. If you fork the repl and delete the code that checks this, you can still be mod.
2) You are exposing your jsonstore endpoint in your code! This means anyone can access the database and do whatever they want to it.
The way you can fix this is by making a separate repl that serves as a server and one repl that is a client. On the server, you can create a special file called
.env which no one else can see. A guide on how to do this is here
On the server you can perform all of the database operations and checks for mod, so that no one can just edit the code to take it out. I hope this helps!