A reader posted some comments on my blog this morning, pointing me to a website listing some security vulnerabilities in gCards and also to the fact that this had been exploited on my website! Not good, not good. I’ve fixed these problems and posted gCards 1.46 – you can download it at the regular location.
If you’re using gCards (any version), you must upgrade to this version or you risk someone gaining control of your site and executing arbitrary code.
The challenge with me for gCards is that I wrote it so long ago and it’s such a big mess of spaghetti code, that it’s difficult for me to confidently say how secure it is. I would rewrite it from scratch, but that requires a bunch of time, and there’s so much built into it already to handle the complexities on running in so many different PHP environments. If anyone hears of any other security vulnerabilities or finds any, please let me know…
March 31st, 2006 at 3:02 am
Please can you help me getting music in my site.
It won’t show when i want to send a card..
Thanks
Nicky
April 13th, 2006 at 3:50 am
Awesome script – thanks a lot for all the work
I was wondering if you plan to make this a wordpress plugin. I am facing now the task to actually integrate this into my wordpress layout >_
April 17th, 2006 at 11:45 am
This looks like a great little app! I am looking forward to trying it out.
One question (I apologize for posting here, I would have put it in the forum, but…)
I tried the demo and hoped to send an ecard to myself to see how it worked, but got an error.
The error message was:
There has been a mail error sending to [email address]
eCard could not be sent…
Is this intentional? Will it work correctly once installed?
I tried using Mac OS X / Firefox 1.5 and Safari.
Cheers!
May 17th, 2006 at 1:33 am
i am using this greeting script.But i have some problem
1) despite of being good software ,the foum has been hacked and not working and there is no any support.
2)
i was trying to make some stat things like how many times the greeting has ben viewsed and how many time it has been sent
but there aren’t any such facilities or amy help to do it
3)the interface is not that good…
4)why do we need to store every image and item sent that way huge space is wasted ,aren’t there any better way to do it
any answers
June 13th, 2006 at 8:18 pm
I was looking to put short MPEG images up of local tourist areas. Is there anyway to upload these video files so the viewer sees a short small video file??
Cheers Renton
June 13th, 2006 at 9:41 pm
@Susan – I’ll take a look at it – I moved it around on my site and probably screwed up the demo
@Frank – sorry you’re having problems with the script. Unfortunately I haven’t been able to put up a replacement for the forum. It’s hard to find good free forum software that can easily block spam and require a minimal amount of maintenance. You can change the interface if you like – it’s simple html and php…nothing too fancy. As for storing things – I don’t know exactly what you’re referring to, but not much is stored in the filesystem aside from the actual images.
@Renton Curry – there’s nothing built-in to support MPEG…it might be possible to hack it to do that, but nothing in the plans to do that.
Greg
June 19th, 2006 at 12:48 am
Did you fix the client collision problem in the lates version of gcards?
The situation is caused by the use of the server time (seconds since epoch) as the identification of cards sent. It is quite obvious that two or more users sending a card in within the same second will collide because the second card cannot be created as it would produce a duplicate key – a MySQL error is generated when this happens. The solution is to identify the cards by a different means
June 19th, 2006 at 7:59 am
What about collisions Greg?!! As far as I understand the fix is fairly simple.
July 3rd, 2006 at 2:49 am
So far this looks to be an awesome script. In testing out the multiple email addresses (which is seperated by a comma) so a card will go out to multiple people… I have found a bug that prevents ALL the people from picking up the card.
Here is the rundown of this issue:
1) When creating the card there is a section that allows you to add the email of the person(s) you are sending the card to. I wanted to send out an unlimited amount of cards so there were about 27 email addresses listed.
2) I selected the option box “Notify me when card is picked up”
3) Sent the card out to all the emails listed
And here is where the problem comes in… when a person of the group picks up the card I get a “Person has Picked up your Card” email. This email shows the following:
1) Subject line of the email: This line shows the email address of the person who picked up the card. (This is fine)
2) The body of the confirm email: (this is the problem) This lists all the people and their email addreses that had this card sent to them. Next to the email address of the person who picked up the card says “picked up your eCard”. For example..
person1@yahoo.com,
person2@aol.com, picked up your eCard
person3@yahoo.com,
person4@hotmail.com,
person5@sbcglobal.net,
person6@aol.com,
person7@yahoo.com
person8@yahoo.com
Does that mean that because one person of the many that had this card sent to them closes the card because it shows it was picked up? In other words… if pesron “A” picks up the card will person “B” also be able to pick it up (at a later time) considering it shows the card was all ready picked up?
I would hope that when I place multiple email addresses into the email field that it would create individual cards for each email address. This means that the card would remain until EACH person picked up their card, or until the time limit of picking the card expires.
Please let me know what this program does in regards to multiple email addresses pertaining to the situation above. Before I release this on my site I want to make sure it does in fact create individual cards for each email address that is listed in the email field.
I look forward to your response,
Paul
July 3rd, 2006 at 3:15 am
sorry… I just realized I made an incorect statement on my last submission. The error is in the “Submission Line” of the confirmation email.
I listed it as not being a problem but it is infact a problem as I copied and pasted from the wrong confirmation email.
The subject line actually reads: person1@yahoo.com, person2@aol.com, person3@yahoo.com, person4@hotmail.com, person5@sbcglobal.net, person6@aol.com,….
This is not good considering only one person of the group picked up the card. This makes me think that the other people will NOT be able to pick up their cards because the card now shows picked up and will automatically be removed from the database (or however it is stored). The person who picked up the card should be the ONLY person in the subject line, IMHO.
Sorry for the mix up.
Paul
October 15th, 2006 at 10:46 pm
hi….. I try gcards in my web site… my hosting recently make an DNS upgrade, so I change the smtp ip for the new one in the config_email.php because I use the smtp functions….
but I have a problem……. it can’t send any email
There has been a mail error sending to mc_arquitecta@hotmail.com
eCard could not be sent…
but it’s working well after the dns upgrade…..
it is possible that this it is the reason of the problem? I’m sure to entered the data well then only changes the IP of the mail server…..
sorry my grammar…….
María Claudia
December 17th, 2006 at 6:29 pm
>Tascha says…April 13th, 2006 at 3:50 am
Awesome script – thanks a lot for all the work
I was wondering if you plan to make this a wordpress plugin. I am facing now the task to actually integrate this into my wordpress layout >_
I would like more info about using gcards with wordpress. Is anyone doing it. What about a plugin?
July 12th, 2007 at 7:38 pm
I’ve worked on the client collison problem and think I’ve got it solved… Please see here:
http://www.gregphoto.net/gcards/vanilla/comments.php?DiscussionID=188&page=1#Item_5
Babs
July 12th, 2007 at 7:45 pm
I wanted to comment that a security issue was found with gcards v1.46 which I’m sure you know about by now… I sent you an email, not sure if you got it, and posted a fix on the forum but I wanted to be sure you approved of it…
Babs
November 12th, 2008 at 8:43 pm
I have been hacked – help. What do I do fro here as I love the product and have a few CD’s out there with a link to the hacked website