#programming

there we go i setup stuff now \o/

http://expgatherers.epizy.com/

for example

so now EXPG has website and 100% good news for start

with Radio and main site

other thing is API stable too 😛

and other thing is mobile friendly too

semes good

does anyone know where i can add Radio in ETS2 servers aka like for example TruckersFM did

i heared about contact them but idk where

??

i doubt you will be added tho

it would have to be known

and have a license

not some random dood on a free site maker

🤔

“We gonna be best radio at your service for your help” 🤔

i havent edit it propely about meaning

i have to fix my grammer soon

We bring you here with new music & new Radio.
We gonna be Best Radio at your Service for your help in Gaming!```

fixxed

well @pearl badger Radionomy does all license free for thy hosting just all need do create radio and get enough traffic and bam

have own radio

recap it for ya

thign i didnt like is thy api wasnt stable

but partly fixxed now

Anyway, TruckersFM is a big project, so that's why it was added in the first place

meh true

because back days i used DJ here

that radio died out 2 years later

i do every tuesedays 1 day for that

and now i have no longer access

and radio been down several times

so thats why i made my own for

i missed days i work for them

what horror is that

https://www.youtube.com/watch?v=y4GB_NDU43Q

very secure auth model there

tfw empty username and password satisfies that authenticate method

i prefer

def authenticate():
    return True

I prefer not doing that at all and just making the URL to the app a secret

https://giphy.com/gifs/shia-labeouf-12NUbkX6p4xOO4

👀

well idk how i change password from md5 to hash at all, when i set login to password_verify() wouldnt work at all but register is set hashed

nvm i managed make it

xD

WooxD

@lilac patio if($hashedpw == md5($pw)){
setnewhash();
}
If(password_verify()){
login();
}else{error();}

Or you set a bool if the User already have a hashed password or not

hmm

i tryed everythign but login still kinda broken

what is cant grab Hash out SQL and rehash it

so verify password so right now stuck on md5 till that sorted

mostly structur of thing of this and all premade set but not hash password its md5 passworded

this just template of site

Uh, why's it MD5? 😂

That sounds pretty dangerous

It is dangerous. You should not worry whether people can log in, let them reset their password. Stop using MD5.

Never use MD5 for passwords 😂

md5 passwords?!

Mhmm

You should always worry about people's ability to log in

Yeah but worry about the security first

The first priority is always running the service. Everything else is secondary.

XD

like

why md5

just

WHY

Improper password storing isn't a "stop, shut it all down, fix it, then bring it all back up" issue

Well no, it it's pretty important??

but security?

it's a "plan a migration in the near future and execute it quietly in the background" issue

Except it's a huge security issue using MD5

it's not though

I'm sure it's not very safe

md5 is fine for verifying things but passwords... errrrr

There are 2 attacks that are relevant there.

An insider leaking passwords or misusing them, and someone hacking into the database.

In both cases you have bigger issues already.

if the rest of your stuff is up to snuff, no-one would even know how your passwords are stored (except the engineers writing the password checking)

Although not using md5 means that it's more secure 😉

MD5 has cryptographic weaknesses, and it's very fast meaning an attacker can literally try billions of passwords a second on just a single gpu

like

My point is, you can add a new password column/field in your database for something good, like bcrypt. Then as people log in successfully, you write the bcrypt value. Then when enough people have done it you remove the MD5 part of the system entirely. There will only be a few inactive users who will have to reset their password.

If you're using md5 for passwords, I would not trust the software to be secure.

^

^^

It's weak, yes, but it's not worth breaking the entire system over

So I would disagree and say it is a "take it down" issue.

well it would be

Technically, can you not run a script instead of waiting

i would do anything to shut it down and make it secure

Decrypt the md5, then encrypt it with BCRYPT?

@small ermine if you crack the MD5s yourself, sure

The big point is that you as a user would never know if its using md5

They do it..

😂

but usually that's going to be way more costly than doing a week long migration for example

Writing a little script?

And having a breach would be way more costly than taking it down.

It's still a lot of resources to spend on it

rather take it down than have a breach

XD

Any software with some sort of good pr managment would obvs keep it down that its using md5 while they deploy a decent encryption instead

Converting stuff from one password to another isn't even that much of a big deal. Reset the passwords, change login function.

because it would be worth using resources to protect user info instead of it being leaked out

Think of it this way

It doesn't take too much effort or time to make a simple script that gets each user's password, decrypts the md5, encrypts it with bcrypt then store it again?

@quick glen Your logic is flawed. If a company sells your data, and you don't know about it, that's fine?

Ofc if there is a high chance of said md5 passwords getting out, then yeah. You got bigger problems

@lethal willow How is sellinh data related to a method of password storage?

Say you've been running the service for 2 years. It takes 2 weeks to do the migration in the background. What are the odds the database gets compromised in those 2 weeks, and it hasn't been compromised in the last 2 years?

The odds are pretty darn low.

I'm talking about your logic. You made out that because a consumer doesn't know about it, it's not that big of a deal.

It's why you don't do this for 2 years xD

The argument "you should do it properly from the start" doesn't fly when you have a system that already didn't

It is obviosly a big deal, but why shutting down a service to do a task that simply can be automated and unintrusive

The whole point is that MD5 isn't as secure as other things. Regardless of whether someone can access it or not, it's pretty easy to decrypt, so why not just store them as plain text?

It's all about threat-modelling and your own/company's threat assessment.

If the database is secure then it doesn't matter if it's plain text because nobody will see it?

😂

It matters, but it's still not a "Sorry, customers, we were storing your passwords incorrectly so give us a few days to fix things, then you must reset a new password"

By shutting down a service you are not only giving yourself an explanation issue as to why it was md5 in the first place and its taken this long to do smth about it. It also hurts reputation

And this is the problem when big data breaches happen with weak storage.

Hang on, hang on

no

You won't have to apologise to the inactive people saying "sorry, we stored the passwords incorrectly"??

Yeah sure people who value security and privacy will not see it as a negative thing, but non tech savy users generally wont.

No, you can just shrug it off as a "you've been gone for a long time, you probably forgot" and not address it

The only reason passwords are even valuable in breaches is because people reuse them.

It doesn't really matter how it gets done, that's up to the person doing it

Thats a reputation killer

How it gets done has a lot to say on the general publics view

It's more of a reputation killer if it gets breached and people see how you're storing them.

and yeah, something to remember is that for vast majority of services out there, people who really understand the security implications of things are a tiny minority

And if anyone finds out you were storing passwords with a very easily decryptable thing?

Reputation killer

Ye, and thats why you quietly fix the issue

Normal people in my experience care much less about password storage than they do about personal info

Because you know when a breach is going to occur, right?

If it gets breached during the fix, you can atleast say it was being worked on at the time

That does not make it any better. People won't care if it's in the process of being fixed. It wasn't.

The whole point is that it doesn't matter what other security you've got, MD5 isn't as secure as other encryption methods. That was the whole point of what we were saying 😂

And? By that you are assuming everyone does it perfectly from the start

There are big companies that take security seriously, and some of those have had issues before

How am I even remotely saying people do it perfect from the start? lol

Imagine how many websites you have given your passwords to. Do you know how all of them encrypts your passwords? Have you been told or notified or asked to reset your password because they changed algoritms?

Have you ever been told to reset their password anyway?

I'd rather be told to change my password because of an algorithm change than a breach. 😃

There's always the chance that someone can get in. That's why you have as much security as possible.

Including not using one of the easiest encryptions for passwords

Sure its a rep. Kill to have it public knowledge that passwords were stored insecurely, but either way it needs to be fixed. The question is do you want to risk more rep. Kill going out saying you've been doing it insecurely or just fix the issue silenty

I'd prefer to be honest to the people who are trusting us

Don't know if that's just me

Are you also going to drop all your backups immediately when you switch since they contain MD5'd passwords?

always be honest to users, because users are all the thing we have, otherwise why we should build services for users?

^

if not, why not use that time to migrate?

See, thats a good approach to it. Unfortunately, depending on the service it might just break trust of users knowing that it was done badly in the first place

Which is why you make sure it isn't don't badly?

You ensure that the security of the users comes first?

Yea, but say its a service thats 10 years old

Or even older

Why would they get to 10 years using md5?

Fucking hell this discussion. Some here are reslly out of touch with reality tbh.

Yes, md5 is bad. Overall. No, it's not something you bring the service down for a long time over, you plan a migration and transition away.

Hashing and encryption is not the same.

Most users don't know about hashing, telling them wont make a big difference, only the tech people will know about it. Even fewer of them will actually understand it properly.

If you make a new service, you have no excuse to go for md5, but it might not be that easy when dealing with legacy code and services.

Isn't that the whole point of this debate??

@small ermine because password hashing is not inherently related to service quality or business strategy

^

But it's related to security of user info?

And 99% of people dont know about what the hell it is, and even fewer understand hashing algorithms

@small ermine its one part of it, not a complete picture of it

But if you're trying to keep it secure you'd want it to be as secure as possible to avoid any breaches or anything?

The reaction to a random forced pw reset is more likely to be looking at alternatives than "I'm so happy they have my best interests at heart"

Im not sayong use md5, im saying get a balanced view that is at least remotely in touch with reality

password storage has 0 to do with preventing breaches. It's only relevant after a breach

^

But it's an extra layer of security after the breach?

(unless you're just using plain text and employees can see them)

^

Md5 is so simple to decrypt, you may as well store it as plain text xD

to dehash*

I said it before, I'll say it again. Passwords are only as valuable as they are reused. If none of your users reuse passwords, they're worthless after a breach

Yep sorry

XD

You need to look at this from a pov where legacy code exists

At one md5 was the bcrypt of today

Point*

@small ermine its called cracking. And, md5 migrations is still not something you'd take the service down for a long time for

I never said take it down

I just said be honest about it instead of lying about resetting your password

oof

Or, even better, don't sound at fault but still be honest!

You'd do a gradual planned migration, not requiring a password reset for active users at all

ask for password at next login, i.e.

"We're updating our password security, so please change your password" is a middle ground

brute-forcing a 10-character MD5 password (while knowing it's exactly 10 characters) that does not exist in a rainbow table would take months

@small ermine Thats easy for us to say, the general person wont understand that.

But you might as well be honest

The whole being honest

Honesty equals trust, trust equals users

Without the users, whats the point of the service?

Downtime degrades trust a hell of a lot

@quick glen if you justify it under a "more security for you" I'd bet they understand it

^^

Ye

Ever had online check-in for a flight be down for maintenance for the exact 24h before your flight?

But trust is a lot more than honesty

I'm not saying anything about downtime

@small ermine look at Facebook, they have no trust from anyone but have tons of users, and they still use that service

Getting rid of md5.
Step 1: Store new passwords in bcrypt or argon2i.
Step 2: Rehash and store passwords in bcrypt on login, and other times the user enter their password.
Step 3: Hash the md5 hashes in bcrypt, replacing them when the user next log in.
Step 4: at some point delete the hashes that have not been updated

And, keep in mind, people expect privacy and security, but it has been proven many times that usually people will not make decisions based om security

Security folks and services keep saying "enable 2FA to be secure". Do people do it? Not that much

well, it's their problem

Not to mention "We made you more secure" is generic as all hell, and most don't know what it really means, and can't make a judgement on it at all. Instead they expect you to make the judgement for them

Security folks warn about Google tracking their every move. Do people stop using Google's devices/services? No, because they care about services that work, and services that are convenient to use.

All I was saying is don't use MD5 for passwords, it isn't as good as other things that are available today

And Google is everywhere anyway

ok, but you are not Google :D

YouTube, searches, browsers

Home devices

Phones

@raw notch no, thats your problem as well, running a service.
You have a legal responsibility to prevent unauthorized access, in fact.

actually you can't use Google

Google isn't the point here. The point is most people care less about pre-emptive security than they do about every-day convenience

@north flax I was replying to 3v about the 2fa ;)

But it's your problem to care about

@raw notch and i replied to your reply about 2fa. Its not just their problem

Absolutely. Security is the service provider's worry and an important one. But an even more important worry is keeping the users happy and coming back on a regular basis.

The users don't have to worry about your security, that's for you to look after

but I can't force users to use 2fa

You can, actually

not many do though

You need a good balance between what's secure, and what's useful.

You can't become a Twitch Affiliate without enabling 2FA for example

Let's just say that xD

@raw notch You can, but even better, you can help them make good security decisio s without forcing it down everyones throats

ok, but that's is for use a premium service

Yep, it's a balance.

for a standard service, you can't, because is a barrier in registration

it's not that you can't, it's that services want the smooth registration experience

It's all about making sure that the users can use your service efficiently, but also ensuring that you look after the security, to prevent any embarrassing mishaps

By leading them to make good security decisions, you help them make the security jugmdgement they can't do on their own

@cinder spear and also a smooth login experience

I think nicehash has 2FA enrollment as part of the registration form, but I don't remember if it's mandatory

I had 2fa on steam and every time is a pain

but hey, is for my sec

If you lose the device you're using, or don't have it on you, for mobile authentication...

Steam's 2FA is annoying because it's missing the "remember this device for X days" option most services offer

ok, nicehash is a wallet service, there are money inside it. but we are talking about what? a service for community? a free service? you have to link your security context to what you are building

all about your own threat model

people wrote me a lot of messages "why are you stealing my steam password?" because I have the openid steam auth in the app

Who would be interested in hacking you? What information would they be after?

Anything they can get their hands on?

ban evade accounts

Just to say they hacked you?

To embarrass your service?

a hobbyist forum might attract a script kiddie with some googled POC exploits while a government supplier might attract nation-states with a lot of resources

but I don't steal any password :D

Government has nothing to do with a simple service, or md5 passwords 😂

heh

That's a bit out of reach for most people

you'd be surprised how often government sites have the worst password policies

because the login is on steam account. I tried to explain them, someone don't understand simply and they are sure that i steal passwords

besides, it was an extreme example

XD

Can we please just say "md5 isn't as good as what else is out there right now, but it's somewhat acceptable" and "balance security with ease of use"?

starting from some free forum software running on a rented server somewhere in a foreign country...

all the way to strict measures I can't even talk about

I never imagined a huge debate like this 😂

sure, let's say that so I can get back to real work

😂

like cursing at Go's lack of generics

continuing to use md5

I'll add this tho

most services don't even need to store passwords at all.

Google/Facebook/Twitter are so prevalent you can utilize their auth flows.

to use bcrypt in react native I had to install like 30 npm packages

and pray that it work again

XD

and it worked

Wooo

XD

after some pain yeah but it worked

(🎉)

it's time to publish new trucky update

🤙

Wooop!

You most likely dont need to use bcrypt in the app though. You can handle that server side, as long as you send the login details securely. (So, over TLS, and having validated the certificate)

Not that TLS is perfect, but its pretty good, and well tested in real environments :p

Doing that slso gives you more flexibility to deal with hash algo changes later, and it means that if the hash is leaked in a breach, the perp cant use the email and hash to log in.

actually I don't use bcrypt for login details :)

[15:44] Nathan: It is dangerous. You should not worry whether people can log in, let them reset their password. Stop using MD5.```
well i was going change that template to hashed but i cant partly because i cant get data of SQL to Decript as password.

@lilac patio https://paragonie.com/blog/2017/12/2018-guide-building-secure-php-software#secure-php-passwords

Also, if you can decrypt a password, you are storing it completely wrong.

And verifying it wrong

Secure PHP 👀 😋

PHP is as secure as people writing with it make it

Although admittedly it has some pretty bad gotchas that could cause issues

For more of an explanation:

• You should never store a password itself, or encrypt it. These ways make it possible to retrieve a password, it shouldn't be.
• You should store it as a cryptographic hash, using an algorithm made for passwords. For example bcrypt or argon2i. These algorithms also take care of some other stuff to make good password hygiene easier for you as well.
• When someone logs in, use a comparison function if available, or hash the user input and compare the hashes to see if the password is correct.

That is how to do password hashing, in simple terms. There is much more to it, but frankly, things like salting will be done for you, if you use the password_hash and password_verify functions.

and thats what i tryed do change that from md5 to hash

even all this coded in md5 premade

Oh man

Docker on Windows is a pile of a piles of a poo

I can't share volumes anymore

😂

xD

Docker is broken for Windows, ik how you feeling rn

@raw notch why store passwords in md5

If your passwords arent stored as a hash you mightaswell store it in plain text.

What are you hosting that uses md5 i hope its not truckyapp

e.e

well for me i cant even get hash work on login at all so keeps failing several times

so this login system broken af with md5 to hash

@lilac patio have you the Login file?

I can help you

?

Login With hash

https://hastebin.com/hejapijada.php

one of fuctions

not in as that and

login.php default data all data kept 1 fuction filee aka php

i had to reset it for now till i look in it

but i have register system as hash

With password_verfiy()?

yes thats what faling me

login cant verify passowrd at all from sql

its SQL issue cant find password

works as md5 but not hash

You hash the password with hash() or password_hash()

password_hash($password, PASSWORD_DEFAULT)

for register side

lgoin side strict me in

login*

i tryed do password_verfiy($password) but wasnt ask for 1 arg wants 2 arg and issue is SQL cant get 2nd arg

this 1 i tryed do https://hastebin.com/ebimacupej.php

what keeps failing

I cannot send you a dm

@lilac patio

because i set so dms on friends only

i in like 100 servers and every single discord thy DM spam thy own discord links

Okey

Lel

I want to send you a link with the login.php

login.php?

From the login functuon

Function*

mean want login.php of me?

You have send me your Login function and i Build in this function a Login with hash

And if someone have a md5 pw that converted to hash

there

info local RN thats what i was working on

changing md5 to hash

https://pastebin.com/aZJJjzt5 that is the Login Funktion (sorry if is not in the Struktur because im on mobile)

1 i send ya yes

login() = // call the login() function if register_btn is clicked if (isset($_POST['login_btn'])) { login(); }

login_btn = form button

Yes and you send me before the login function

yeh because thats hall code there

my login system invent as fuction.php file

and login.php and register.php is other thing as callouts to fuction.php

yes replace my login() with your login()

And check if is work. If you got an error please tell

And if the login work with hashed password please check if it works with md5 hashed passwords

Notice: Undefined variable: result in C:\Users\Chisd\Desktop\UniServerZ\www\New folder\functions.php on line 132

Warning: mysqli_fetch_array() expects parameter 1 to be mysqli_result, null given in C:\Users\Chisd\Desktop\UniServerZ\www\New folder\functions.php on line 132

Fatal error: Uncaught Error: Call to undefined function password_verfiy() in C:\Users\Chisd\Desktop\UniServerZ\www\New folder\functions.php:139 Stack trace: #0 C:\Users\Chisd\Desktop\UniServerZ\www\New folder\functions.php(19): login() #1 C:\Users\Chisd\Desktop\UniServerZ\www\New folder\login.php(1): include('C:\\Users\\Chisd\\...') #2 {main} thrown in C:\Users\Chisd\Desktop\UniServerZ\www\New folder\functions.php on line 139```

$user = mysqli_fetch_array($results);

I forgot the s

other line too big 1

if($loginmd5 || password_verfiy($pwun,$user["password"])){```

that what ya set as

password_verify()

That is the problem when I develop on my mobile xD

If I was at home i have an IDE to develop php

well erros stoped but not login hash

Echo password_verify($pwun,$user["password"]);

Is the hash correct saved?

not print out

witch type you have in the database for password

md5 y?

is mostly md5 and hash 1 accoutn has hash and 2 accoutns has md5

On the database you have a structure and a field can have many types

?

@pearl badger wot? never said I store passwords in md5 ;) actually I don't store any password at all

Do you have a webinterface for the database?

webinterface? emm no because only does strict places thy cant go like if register site only be user with user fuctions

How you created the database to store the users?

database :/

and only strict palces is user_type

for example if ???? = user_type admin then thy can be in admin side

if thy below thy cant access it

Yeah I know that because you have a MySQL database and you store the users inside. And i want only what to know witch type the Field password have

Ok that is good. In witch line do you put the echo password_verify()?

i made 2 accounts 1 md5 and 1 hashed just incase theres 1 issue

The 2 accounts failes or only one?

well test22 and test 21 doesnt owrk in login

for now uknown issue i cant find out

error_reporting(E_ALL);
ini_set("display_errors", 1);

Can you put this in front of the functions.php (second line)

where

Under <?php

nothing

Can you check if the login function is working?

is someone using wampserver ( ͡° ͜ʖ ͡°)

i cant check it when woudnt login none accounts

Can you put after login(){ an exit();

when try login no errors at all

ok

still nothing :/

He don’t jump in the login();

kinda does jump in login();

login is fuction what does login shit mostly

just working with md5 and i cant convert to hash thats all

With witch code?

right all files i used login here

https://cdn.discordapp.com/attachments/349171885013205001/479247530681434133/2017-07-29.admin-and-user-login-in-php-and-mysql-database.zip

only added few more ranks thats it

this what from as template

and that does work

but password in md5

passwords shouldnt be in md5

how hard is it to encorporate even sha256

i didnt sid that geez

i sid was form template thats why i trying change to hash

trying = try change from md5 to hash

got system of here thats what i send ya for

https://codewithawa.com/posts/admin-and-user-login-in-php-and-mysql-database

I'm working on a new less broken site 😛

xD

It looks better than the old one too 😉

This might end up being the new application manager thingy 👀

It is the flexbox, tho

You use Bootstrap, I guess, right?

Bootstrap FTW because bootstrap can use many reasons for PC and mobiles

It's not Bootstrap this time!!

I'm going to be doing more work on the VTC pages today, then I'll show that off 😉

Question is what is VTC?

and what pose do?

and for me i could make site for clans/guilds for TruckersMP if cugh cugh Developers make small API for ETS 2 and ATS2 map by search name like ?username1=name1here&username2=name2here then i can make so scans all people in clans/guilds on minimap

and make it shows if thy online or not too

VTC = Virtual Trucking Company
It's basicly a gaming clan dedicated to ETS2/ATS and other trucking games

oh

so thy already making gaming clan like i was Sid ok den. well where's Minimap API for this so i can inbed this to EXPG teams

There is no minimap - API
We do have a so called ets2map, but there is no public API.
You could contact kaw.pw if he got one for you

ok

just i need make so detects my teams on ETS2 on map

Use something to track them yourself?

hmm

@lilac patio use vtlog, they has vtc management, trip logger and the live map

??

so how i get it or use it @raw notch

@lilac patio vtlog is a service, if you have a vtc, that's the right place to register it ;)

Excuse you 😛

but is this going get users on minimap too by go on my community site and search for them?

I am not sure we quite get what you want? @lilac patio

There are no apis to implement any sort of map into ones own site

There are apis to get the players positions in-game

if that way ten where i can find more Data then TruckersMP data then

from API then i could make my own map

I think things to do with ets2map you should contact Krashnz for if I remember correctly

@floral mist there is a public api for ets2map

if there is api ets2map then why i cant find like API doc for it or is it private use

because it has no documentation

well where can i pull out data when no documents for it gessing going be feture then makign this to EXPG

you go on the site

and you look at your network traffic

@lilac patio There are plenty of ways to get telemetry data from an API, even vtlog provides you this information (however we've yet to publish the docs om this).

Getting telemetry is the easy part, its making the maps themselves where the difficulty rises

well i thught is way use someone else but for example like this https://map.vtlog.net/ets2pro?username=Name1&username2=username2 but as calling out names only in URL then i could inbed site doing that but issue is TruckersMP map new and i dint understand that how do my own or someone else but as that way function get i mean

just i need something track by IDS only on map maybe username or TMP id

then i can put on EXPG and always track if thy online or not?

but get i mean

but maybe in feture i try but im garteen not be suseed makign my own map do it

tbh

the request sends so much data

that is useless

if going send so much then gessing i cant do that then

doesnt look pretty accrate

yeh ik

just i was giving example

I could try using tmptracker to let you be able to do this

tho i would only be able to provide users on eu2

no search of tmptracker and needs be in PHP coded

because be on site

?

what

TruckersMP tracker needs be coded in PHP

erm no

ive already made it

i said i could add an endpoint for you to be able to use it

from TMPTracker

:I

but if not PHP be useless use on site

no it will return json

data

yes and json data needs PHP callouts

TMPTracker is a site

You request from the api and it tells you their pos but only on eu2

in json

idk what youre talking about .-.

are you lost :I

i ment that i need something call out only users in map

no other users in it

Yeah

ik

and needs be PHP

Erm

no it doesnt

e.e

im not making you the code

im just making an api for you to use

:I

kinda does because what else goign call out i dont have server for other stuff part web hosting only

You host your thing

and you use my site for their location

so why would my site need to be in php

well i ment data needs be avaible call out PHP on site

wdym call out php on site

ik be json but can put json on php

yes

php can parse json

e.e

because needs call out php use track people on map

What are you saying

you make no sence .-.

right see this

https://map.vtlog.net/ets2pro

yes i can

i need somethign do that but only sergend users only no randoms

yeah ik

and you use my backend to request their locations 🤔

@lilac patio the vtlog map allows you to filter out one speficic vtc btw

if they are registered

well what about calling out TMPId

it doesnt

track users

only people running the client

so you want something like https://ets2map.com

not same as them but as only Users only by TMPID

so i can add in then track EXPG team

Im not quite sure we quite get what you are looking for?

EXPG

Just add them all into a "VTC"

then it will track them all

and sort out your vtc

instead of each tmp id

.-.

idk how get VTc idk tf is and how setup

if get i mean

oh boy

i give up

same here like no way else do it so i give up doing it

im saying there is

e.e

if you dont know how to do it

your problem ¯_(ツ)_/¯

find out

and this why om only dev in eXPG while Owner too

:/

Right

Start over

Explain what EXPG is

Community for Streamers/Youtubers and what EXPG does is helping others in game like Achievements and many more. and because we have EXPGRadio what started like 3 days ago and i got site up and going but what i trying do is track Members of EXPG TMPID or what ever is to see them on map if thy online or not but only shows them users no one else.

and have 10 people has ETS 2 with TruckersMP and im 1 of them and what i trying find out is where i can do all users EXPG and map them on there so if thy visit site then see 1 user online then thy know one of Members online of EXPG

but if more then 1 going map all rest members

You want to show on your website when EXPG members are online on TMP?

yes but as map way

Right. There are plenty of apis out there to get the information about a player by their tmp id. Such as if they are online, their position in game etc.

However you will have to build your own map for this

The only thing I know of that remotely allows you to solve the issue with a simple embed is VTLOG, however it requires using our system and our client to show a player on the map.

There are no services that I know of that just allows you to just give it a few tmp ids and get a map back

With the VTLOG one you'd have to register a VTC, and have all players you want yo track join the VTC

Which is more registration

XD

It's a decent service

It is

But making maps isnt as easy as one thinks

Yeah

yeh but how going make so thy see without login in?

this will require joind login to it

Yeah it will

But that's pretty much the only quick way to get a map

For now, anyway 😏

Vtlog wouldnt require a login to see the map

You know map.vtlog.net?

You can give it a vtc parameter and it will only show members of one vtc

For everyone

Even the public

this gonna be issue doe

when click VTC drivers not login thy cant see teams

thats what i ment

and does look good and simple just issue is that and need somethign that everyone can see who online ETS2 not require login

but as teams thy be in but as user not team can still see them thats what i trying say

Aah

I dont remeber why you get that error

Give me a mo

Ah yes

You see when you want to click that you need to be logged in

yes

but as user not in teams thy can see us too

However our map can be forced to show only one VTC with a url parameter

but that requires login see teams

No

Only the button does

As it needs to know your VTC

so how can i pull out them then without it

However in the URL parameter you already tell it the vtc

I'll show you in 5 mins, lemme get to my desktop

just i make team RN and im only 1 in but i need way so shows team even not login

thats all

as ya see

As I said, there is a way around it. If you use the checkbox you WILL be forced to login. That is because the map needs to know who you are to be able to figure out what is YOUR VTC.

However by specifing the VTC in the URL as a PARAMETER you will get around this and it will only shows members of the VTC specified in the URL.

so what do you need show me?

https://map.vtlog.net/ets2?vtc=2871

Open that link

Even if you are logged out it will ONLY show members of your EXPGatherers VTC.

so how do more then 1?

More than one what?

finding people?

or do i need make as profile thing

You wanted a map that shows all people from your group if they are online right?

yes

All they need to do is JOIN your VTC on VTLOG and they will automaticly be visible on that map if they have LogIt installed while they drive.

https://map.vtlog.net/ets2?vtc=2871 so this going be map all people in EXPG correct?

Yes

righ then sorted

Notice the vtc=2871 in the url?

that tells our map that it should only show members of this vtc

gatcha

well now i can put this in now 😛

and 1 more thing

The downside with this ofc is that your members need to have a vtlog account, be a member of the vtc on vtlog and they need to have logit installed so we get information about them to our system

is there thing that tells them if online or offline too

like in text

so i put on thy profile side

If they're online, it'll come up on the map?

Ye

But he's on about a thing like forum signs and stuff

Ahhh!

😂

that simply says online/offline

but not sure ment as site on that

or TMP

VTLOG does not provide such a service, I cant remember one on the top of my head atm that does

Like you can always query an API to get the information if they are online or not

where abouts?

Well, you can for example use the trucky API

You only need to give it a TMP ID

and it provides you with the information if they are online or not, and other information related to TMP

https://api.truckyapp.com/docs/#api-ETS2Map-GetV3MapOnlinePlayeridPlayerid

We at VTLOG do have an API that allows you to see if they are live on our system, however keep in mind because we receive data from our own client it will show you both in sp and mp

We havent published the documentation for this api endpoint yet though as we are waiting for an update to our client that changes some of the telemetry we offer

Playersid not working

are you using it correctly?

https://api.truckyapp.com/v3/map/online?playerID=612628

Here's an example user of the trucky apis endpoint

oh i see now

i was trying some else see what look like but gatcha

what is my TMP id

gimmi sec

got it

@quick glen http://expgatherers.epizy.com/tmp.php does this look ok? and what im going do is pull out stats if thy online or not?

The trucky api response has a simple online: true or online: false in its JSON response you can use to see if they are online or not

yeh

And you might want to look at doing something with the border of the iframe

Personally I dont find the default border pretty at all

does map look ok

Yeah

There is supposed to be a switch you can put in the url to make the map hide its UI controls, however I cant remember what it is atm

well if you know let me know

works @quick glen

i test it and works

\o/

but now inbed all my teams in

@quick glen there ago all ids set now so im sorted TY for help ❤ https://cdn.discordapp.com/attachments/221269886402297856/480052523265425428/unknown.png https://cdn.discordapp.com/attachments/221269886402297856/480052394273800221/unknown.png

TruckersMP Team

real question is that last avatar

When did Chisdeal own truckers mp

??

oops i spell wrong

😂

Yeah, you can't call it the TMP team...

i forgot put EXPG

XD

there ago

better?

SO NEAT

/r/cableporn

😂

if you live in the uk and have seen a cabinet you know the struggles of bad cable management

Yep

small wires just broken arround it for no reason

yeh UK has bad cable managements

even in my house mess too aka cable because i only have 1 darn plug up here but i pose have 2

https://github.com/zxlooong/jdk16045/blob/master/com/sun/java/swing/plaf/nimbus/InternalFrameInternalFrameTitlePaneInternalFrameTitlePaneMaximizeButtonWindowNotFocusedState.java
I mean, yes, that is certainly a class name

What the...

wooot

It's 92 characters. If you follow PEP's line length limits in Python, that class name is too long because it can't be on one line

but it's Java :D

It's bad class naming in java :p

Dashboard coming along nicely

Finish that off, then create the new database, then make some registration stuff 😛

Look decent but I wouldn’t align stuff to the right. It look weird

Yeah, I thought so, but it looks cool on mobile 😂😂

I'll slide that on over to the left 😛

I might have to look into using this when complete. Will there be discord implementation for the jobs when they’re delivered or not?

That may be something that we (I) look into in the future, but we're going to make sure the web side of things is perfect first, and of course the automatic logger.

Nice to see mate. I’ll be looking into that for sure

We're hoping to have the main parts running in the next couple of weeks, but all of our planned features should be fully ready by October/November. If you're interested in trying out this beta site while we develop it, just let me know 😉

Yh. Can do. Any chance you could drop us a dm?

Sure! Give me a moment to save 😛

Cheers

perfection

Btw are you using a framework callum?

what do you use for your back end

I've decided to use Semantic UI purely because it looks good and is much easier than making everything from scratch, but I am customising it a bit. For the PHP stuff, nothing 😂 just PHP

I know, using a framework for it would be better, but 🤷

Wait ... are you seriously using pure PHP?

I know, it's what I've been using so far 😅

I should really look at a framework

You should. And the best day for it is today! 😛

Tomorrow* 😉

I've been programming in php for years now. Never used a framework 😂

Okay, that's kinda wrong. The past year, I've been working as a web developer. We have this platform, which is kinda like working with a framework :P

codeigniter is pretty easy and nice

Most of them are easy enough if you care to read the docs. I did look at Laravel, it doesn't look all that complicated, just takes a bit of time getting used to it

Semantic UI is a pain in a butt

It looks awesome, but realization is a nightmare

That's why I decided to use Bootstrap in the first place after Foundation

Yeah it's a bit difficult to work with, but it's doing okay so far xD

Besides, I love difficult

😂

UI is difficult enough anyway)))

Good, I like a challenge 😂😂😂

That explains why you use pure PHP

😝

But the site isn't broken yet just under construction 😉

I hope you put some security in place so people can’t injecte anything on the site

Nah

I do try to make things as secure as I can, and I'm always being told off taught by you guys 😛

Just keep you in shape

I try my best xD

You should rewrite the site using Laravel

Laravel is beautiful

More than beautiful!

I agree with nathan

Yeah, it's nice, I get it 😛

From a post about a rewrite 😛

has anyone ever asked that to be fair

Guys, anyone here with experience in Java and making plugins to JetBrains IDE?

I have an idea for WebStorm/PhpStorm plugin, but I didn't want to learn Java just for that thing

heyo

So, open beta of WoT looks interesting

First of all, license plates are now generated by server, not on the client with text in canvas + plate background

https://openbeta.worldoftrucks.com/api/license_plate/eut2/germany/front/HELPER.MP

Aaaaaaaaaaand... that's it

At least they are investing in that now

finally

Yes, they are using bundler for the scripts and styles now, yay

hey

is there any link of whats gonna new on WoT

Best way to learn Python quickly? I have missed like a year and a half of study and I have exams in a few months

learn it

its really not hard to learn python

just try

i have a problem

........

So?

Usually telling people about the problem helps them to help you..

Haha, the Same thing as “i have a question” and then dont say what the question is

I have also a problem with me node.js But i use Google most times because the most questions you can find there 😂

Ur name is purple CJ

My website : http://prntscr.com/kmp2k6

oh boy

.-.

you need to fix your site

looks like something you would make in a site builder

Finally, someone else needs to fix their site @opal arch

That's because you made it

Oi!

My new site is looking better than the current one 😉

I cannot rate it if I do not see any screens

:marvanPride:

i have a problem

...

i see player 8000m buged ....... and game crash

Why are you posting that in here?

@ember canyon Ask in #support where you’ll get assistance with your problem 😉

^^^^

O_O

@fair thunder

Login works, registration works, email verification works, and editing the user settings works

(🎉)

nice ^^

you could of just done something like idk

discord oauth

¯_(ツ)_/¯

Not everyone will use discord or want to connect it up like that 😉

When you spend well over an hour staring at your function, only to find that it's not working because of the lack of info you passed into it..... 😂

Hate when that happens 😂 Xdebug is nice though, when working with PHP

congrats @unkempt hamlet long overdue

Thanks 🤓

Only need to get the applications into the database, then get them back out again and we'll be ready 😉

hey guys, Wondering if anyone has any links to creating a Map that shows the Realtime of VTC members??

@formal cloak vtlog has this

yeah thats the thing we are creating our own dashboard so its completly our own and we are wondering if there is anything out there

Making your own would be very difficult and take a while. It's why I'm not doing it, because I'm on my own and it'll take ages 😂

When I do make one, it'll be good though 😛

Thats good to know

@formal cloak uhm, well, with vtlog api you can create your dashboard but using always logit and vtlog as data platform and include their map

ohh interesting

ill take a look

depends on what you what to show on your dashboard: users from you company (there is an api for this), jobs data (there is a api for this)

you can't do write operations, but read operations are all served from the api, you need a valid API key linked to your company and you can see all your company data like on your vtlog dashboard

^ Some write operations are planned for future updates of the API aswell 😉

Oooh

We got plans that'll expand the API, but it isnt on the top of the todo list.. we're prioritising other tasks atm

This might seem like an extremely stupid question, but my mind's gone blank..
I've got an image in the top-right corner of a box, but when the text gets up to the image, it moves the entire line of text down. The image has a transparent background, but what I want is for the text to just keep going and kinda ignore the image. Is that possible??

send screenshots as example @small ermine

maybe some trick with position relative could work

I was thinking of something like this: https://www.w3schools.com/css/tryit.asp?filename=trycss_zindex

or with relative to the container that contains image and text, it depends on situations

I've messed with z index but I don't understand it and I don't think it was working the way I was doing it 😂

The big red line is my email

It works for smaller emails, but when it reaches the image it won't stay where it is

position:absolute on the image

wrap the title and the image in a row

then below another row with email

(if using bootstrap) or a col-sm-12

Semantic UI

Slightly worse for fiddling around with 😁

you can always override CSS (unless the lib/framework you're using uses !important and very specific matching...)

Yeah, I've tried with stuff like z-index but I don't know which ones need what value and it sent the image right to the back 😂

uuuuuhhh !important 😯 😯 😯 😯

z-index doesn't affect position, just the rendering priority/layer

position:absolute takes it out of the content flow of its parent element, so it doesn't affect its siblings' positioning at all

Right

Let me try it

or float: even if it is... annoying and not the best solution hahaha

I've used position and it's working perfectly!!!

🎉 thanks

I would avoid float at all costs...

I've only used float once in the entire site so far I believe

it's weird and has a lot of weird behavior

😂

flex does it better and is widely supported

Yeah

Is there a bit of the API that shows if a user is online or not (and server maybe?) I've looked at the docs and I can't seem to find it 😅

Could potentially look at https://api.truckyapp.com/docs/

👀

There are some useful endpoints for ETS2Map

Looks good, thanks! 😛

@small ermine https://api.truckyapp.com/v3/map/online?playerID=1502888 with server and locations resolved

😃

Yeah I found it, thanks a lot! 😁

bootstrap is sexy

MDBootstrap or FluentDesignBootstrap :3

FluentDesignBootstrap is 💩

😂

Only heard of MDBootstrap

Out of those two

Fluent... is from the same team as MDBootstrap

But it looks awful

😂 😂

but you get all features MDB Pro has but free

freeeeee

All 0 Pro features?

btw, I am using all the Pro features for free anyway lol

xD

mdbootstrap for react sux

And Vue too

for react it's better reactstrap

The applications bits are working 🎉

Woop

👀 it's alive!!!! 👀

yes

Finally, image uploading that isn't on the database! 😂

Some more stats have been added, and now you can actually see your registered drivers!

@small ermine Why did you leave :(

I should probably trying to write websites until quarter to 6 in the morning

It doesn't end well

😂 😂

You should probably trying to English until quarter to 6 in the morning 😂

Got the API working to find if they're online and/or have any recent bans

are github downloads slow for you guys?

im getting a max download speed of 83KB/s from github

i cri

mine is good

smh

this is what happens when M$ buy github, use cheap rubbish and get money from it

-_-

lel

too soon

seems that amazon aws is being slow

as all downloads from aws are slow

aws just restared and now all of a sudden 4MB/s download

get fiber hahahaha

i have got 55mbps m8

55mbps is slow

It's probably better than mine 😂

I have 3 Mbps

yeah its slow

i have 200 mbps

still slow

K

rip

50kbps

I have a 100Mbps up/download but most times it is around 95Mbps download and 90Mbps upload
For me good enough

Wooo 🎉 I've basically finished!!!

It's just extra fancy features now 😉

cool

(whatever yer was working on)

So....... the devs removed the bans api?.... why may I ask? It was extremely helpful for VTCs trying to find reliable drivers

because of the discussion about some staff hides his bans and that some players with the 4th ban only gets a 4 days ban and not 1 month
That is what i have read everywhere

so they decided to hide everyones bans

I think that’s more of a thing for the feedback system @fair thunder

Mhm. Okay. I’ll use the FB system then. Cheers @unkempt grotto and @brazen hatch for replying

what? they removed the ban API?

yep

and public ban list

it just says response []

oh always an empty array...

yep

why?

{"error":false,"response":[]}

because bans are now hidden to public

it's good but bad

idk

And yeah, we didn't remove ban API

@unkempt hamlet how access that data so?

It exist but respond with empty array

For now, you have no options

So as I

It is a bad decision in my eyes...
Only al for this: Thank you for your report :) Please, remember that evidence must be available for the full duration of the ban PLUS 1 month.
But HOW do we know how long is the ban?
Nobody knows

Yeah...

plus VTCs cant see user's history, which everyone used

they do and then think about it

so unless the user screenshots their profile, they have no hope

so technically i can put my videos offline after a month of accepting because i don't know the lenght, it may also 1 hour ban

a screenschot can you fake

ye

@unkempt hamlet but, why?

https://www.tenor.co/Lhwu.gif

to hide your bans XD

so you "look"a good boy

Honesty idk

because some cool kids wanted it hidden

Why wouldn’t you just keep the video up permanently? Or set it to unlisted?

many people said
Either show staff bans to public again
Or hide everyone's bans to public

bans removed also from player profile?

because tmp has decided that I should do this in this way;)
because i dont know the length

and guess which option someone chose

removed from everywhere

except db

^

it is because the team is shamed of the bans. That is why they "think" for the easiest way to remove for everyone Sgt

@unkempt hamlet why you don't add authenticated API call with API key released only to selected people?

sounds like a good idea dow

But as always the do first and then think about the actions here

how will they decide though who the "selected" people are 🤔

if they're trusted

like community contributors for one

Could be approved by devs

and what coco said

if they do that, than you can also make it public again, the list will anyway leaked to public

exactly don't see the point of having a selected list

well yeah

it would be fine for just hiding on site but the api, idk...

We are working on that

I missed bans API too

if you don't hide the api then there is no reason to hide it from the site to

in my eyes

like helper.mp or truckersmpdb, they have lost features cos people can't see the bans anymore

there is no reason to hide anything in the first place..

why is helper.mp unclickable on everything