[WIP] MinePoS - Self hosted donation system

Discussion in 'Server & Community Management' started by AndrewAubury, Jan 9, 2017.

  1. IMPORTANT I AM NOT USING BUYCRAFT I WAS USING IT AS A EXAMPLE

    Hey im thinking about making a custom SelfHosted Buycraft alternative the features i intend to implement on the 1st revision is as follows

    Minecraft Side
    • /buy - brings up a buy gui
    • /buylookup <user> - do a look up on a user and find all things they have bought
    • polling time from 1 min to 5 min (the time it takes for the server to know u bought something)

    Web Side
    • Multiple admin logins
    • allow to use XenForo as a login back end
    • Create Items
    • Create a theme
    • Self host (i will give you all the files)
    • I might make a site so it can be hosted on a my site if u rather
    • Send a TestBuy that will process as if u bought it

    Please please please give me more ideas and if i like it i will put it here
     
    #1 AndrewAubury, Jan 9, 2017
    Last edited: Jan 9, 2017
    • Like Like x 1
    • Agree Agree x 1
    • Useful Useful x 1
  2. So you are going to implement this with Buycraft? Is this not illegal?
     
  3. Noooo im not implementing buycraft im remaking it a fully new system
     
    • Like Like x 2
  4. Without buycraft?
    This makes 0 sense...
     
    • Like Like x 1
    • Optimistic Optimistic x 1
  5. i see i used it as a example of my aim
     
    • Like Like x 2
  6. So you want to make a new system? Why are you calling it Buycraft? Just call it a MinecraftPoS system.
     
    • Agree Agree x 2
  7. i was not calling it buycraft but i might call it MinecraftPoS (thanks)
     
    • Like Like x 1
  8. Don't call it that, just change your title to 'Custom Self Hosted MinecraftPoS'.
     
    • Agree Agree x 1
  9. I think this would be a great idea for your server or possibly others. It would be a free alternative unstead of paying for companies like buycraft etc. You will also be able to add cool features to it. I would say a "YES" for this idea.

    ~ Rob
     
    • Agree Agree x 1
  10. [​IMG]

    This is the Website so far
     
    • Like Like x 3
  11. electronicboy

    IRC Staff

    cool idea in a concept, however the security considerations/implications of such a system are always going to be your number one hurdle.

    Software which handles payment is never a good idea to be hosted by people who have no idea what they're doing, which shamefully categories a majority of the people who'd see this and try to throw it on their servers, after all; if an application doesn't work because of file permissions, you just chmod 777 the whole directory tree, amirite?
     
    • Agree Agree x 9
    • Like Like x 1
  12. i have done that exact thing before but in the PHP file i do check perms and throw errors if sensitive files can be accessed. also i have set up a .htaccess file to help add more security. i am also thinking of adding in the ability to enforce https (server must have SSL Cert)
     
    • Like Like x 1
  13. electronicboy

    IRC Staff

    Don't rely on .htaccess for security, htaccess is slow and doesn't work on all http servers, such as nginx (which > apache). Security should be at the forefront of your application not your web servers configuration, and there are so many cases where people can screw up permissions on a web server that allows you to break the constraints of any security you add into your application or into the server itself.

    In fact, your logic should be separated from the web interface and should be somewhere that isn't publicly accessible, and anything that occurs in regards to manipulating data should be as far away from your web folder as possible, which brings in even more fun in terms of configuration.

    This isn't a project I'd go for unless you have experience in application security, this also isn't a project that you're hosting on your own and have people entering private information, and nor is a majority of your "customers" going to even have skills beyond the basics of how to copy and paste commands into a shell and pray that it does what they want.
     
    • Agree Agree x 1
  14. I have had 2 years of website backend development and security. Do u know any Java? as it would help if i had someone who could work on that as i do the backend. i can give u a Documentation on how the API will work
     
    #14 AndrewAubury, Jan 11, 2017
    Last edited: Jan 11, 2017
    • Like Like x 1
  15. "Do you have any java"
    1) I'm confused to what the necessity is of creating your own 'MinecraftPOS'
    2) As others have stated, you'll be juggling with security measures, especially when you're project goes live
    3) Htacess wont do anything
    4) May I see the said "Documentation on how the API will work" I'd like to give me two-sense.
    5) Great concept, and I fully support you for trying something out of the ordinary.

    Hope to reply to you on your next post!
     
    • Agree Agree x 1
  16. 1) Im bored as hell and thought i should try something new (and a few of my friends challenged me)
    2) I know i will be rolling out a test phase to 50 servers (whom will request access) and then fix issues and bugs
    3) it may work dependent on the Webserver (works on mine :p)
    4) Can it wait 30 mins and ill work on that for 30 mins so its more clear
    5) thanks man nice after reading some other comments it felt like i had not support
     
    • Like Like x 3
  17. It's always good to try new things. Whatever you attempt, make sure you have control and knowledge of what you're doing. I've been coding for 8+ years, let me know if you need any suggestions or advice, as I'd be happy to help. PM me or add me on discord or skype @:
    Skype: blakejonesweb
    discord: Nova#8893
    (You don't see to much of this on spigot, so why not?)
     
  18. electronicboy

    IRC Staff

    To be honest, I've always wanted to write my own payment system, the time that I'd need to dedicate to doing such a thing and the security requirements is something that always sorta puts me off, we actually had a little talk about this a few days ago and the major concern was people actually using the software on the other end.

    It's nice to see people trying stuff, but this is one of the many things that people try to look towards and throw something together totally disregarding the security required for such a system, and shamefully we're in one of those communities where this type of concept happens all too often.

    Also, htaccess is just bad in general, it only works on certain web servers, and the most recommended web server for performance purposes doesn't support htaccess files because of the fact that it's slow, also; anything you don't want people to be able to access should *not* be in the webroot to begin with.
     
    • Like Like x 1
    • Agree Agree x 1
  19. For payments we will be using PayPal that way we are like 2% more secure
     
    • Like Like x 1
    • Funny Funny x 1
  20. What security are we talking about? I don't know anything about this stuff, but isn't an SSL to encrypt the payment information and a dedicated server of some sort that can take a DoS attack enough?
     

Share This Page