I’ve created an animation player. It works with all ajax animator animations, and when compressed is a mere 3kb (which I believe is lower than OnlyPath Viewer).
It is built using the very same sources of the Ajax Animator, the whole purpose of all those *_core.js files. It uses the files
Ext.ux.clone.js, op_view.js, svgrenderer_mini.js, vmlrenderer_mini.js, wrapper_core.js, view_wrapper.js, and tween_core.js.
svgrenderer_mini.js when compressed is just over 1.1kb and same is for vmlrenderer_mini.js
I’m on my linux development environment now, so I haven’t tested it in IE, but it will 100% fail, as the rendering engines is not detected and it uses SVGRenderer always.
See it in action here:
http://ajaxanimator.googlecode.com/svn/trunk/ajaxanimator/html/player.htm
MAGNIFY!!!!!
It is the way to build useful applications.
An approach to Flash and SilverLight
http://silverlight.net/
silverlight xaml is planned
Wtf dis page about, i just come from your javascript game where i hacked admin, since you very new in javascript… every noob can hack admin in wt game btw.
Nice game btw, i downloaded it and it works fine from mine computer, even php work, have no idea how…
You really need to read more tuts about JavaScript
yes, its designed that way. There is really no way to do secure clientside passwords and they were added just to keep noob retards out.
I would not consider myself “new” to javascript. Security is a joke to me, none exists
If you think that was hacking, you are mistaken. I designed it to be wiki-type
And if you are leet enough to read the source, it says just about 50 exploits (backdoors for me and others)
And the game wasn’t even a big project of mine, its a 2 week mini project
nvm…
its first ever online game who works for me from my computer, i mean after i downloaded it its online :|, what shows what you don’t have much ideas about security. by the way, game graphics pathetic and very much mistakes.
btw, there is way to create secure paswords, what is impossible to break even using client side, what shows again your JavaScript knowledge…
no, they can be decrypted. I use secure SHA-1 hashing for other projects, and a few of them are hash cracking systems
And if you knew much about javascript, the graphics are fine. Dont expect OpenGl or such in a browser environment
If you use a “secure” one-way hash algorithim on the client such as SHA-1, you have really no control over the password. Even though the algorithm is “one-way” the client can run brute-force or dictionary attack with you having no knowledge of that happening. Its not good, security wise.
And, no security is fully “impossible” to break. Theoretically, you can do brute-force on any type of security, and given an infinite time (which won’t be necessary for most of the time), you can decrypt anything. Unless the server has to be queried to check passwords, where you have full control over the situation, and can at most ban you or take the authentication server offline.
Security isn’t even about “JavaScript” it’s cryptography, and its common knowledge, no DRM or security can truly exist perfectly on the client. If you are a hacker, you should know that.
If I used a hash algorithm, and encoded the password as 5baa61e4c9b93f3f0682250b6cf8331b7ee68fd8 (SHA-1), a dictionary attack could decrypt it in less than a millisecond.
Unless, youre suggesting for me to have a more secure password, which again, was against my original password design strategy.
The idea of the MMORPG was using Comet (Server-Push) and standardized browser technologies. That means No Flash (neopets), No Java (Runescape). Please tell me if *any* other such games fit the description, because AFIK, there is none.
You are limited ALOT to what you can do thanks to the horrific state of web standards. I excluded myself from using fairly decent modern technologies such as SVG, CANVAS, and more HTML5/WHATWG because of IE.
The game actually was just for a stupid competition. There was very little effort in the game, I rarely used anything more than DOM 0. I’m no professional, I’m still a kid, but I have to say that I feel very much more capable than the others of similar age group. And if you don’t mind, can you show me some of what you’ve done? I won’t blatantly claim that you are just jealous or a noob, but I would be interested in learning about how I can improve.
And what do you mean by a game that works on your computer? Can you explain to me how you accomplished this feat? Its mostly client-side, so are you sure you acquired all the PHP code as well?
yep i managed to rip your game, and now i can run it from my computer and i see all what i see in game who is on your page :P.
Yes there is and whiteout any encription, one way two ways no ways… lol
there is way to make impossible to break password, but if i tell ya you can use it against me
Okay, so, why would I use it against you? If you ask ANY professional hacker, you’ll understand that there is NO WAY to possibly do such security on the client.
And firstly, if you aready have it on your computer, how can I use it against you? If what you said is true, than I have no control over your instance of he game.
And you know what? 99% of my game is CLIENT CODE. Right here:
http://cometrpg.110mb.com/php/js.php
If you push the game offline, most of the stuff will work fine.
Look, right here, in the source in line 3798:
//Validation is not necessary due to the horrible security model, but there is a validation for the GUI for fake protection
var admin = false;
Why do you think its hacking to do that? Wanna know some awesome backdoors I built in?
type in >openBackdoor(“alert(‘haxxed’)”) and EVERY USER CONNECTED TO THE SERVER will execute ANY code at your will. Do you consider that security?
No, I didn’t design it for security in the first place. I designed it to work very simply, each client is “hacking” each other to get things done. In the attack code, it literally does
>hackUser(“userstats.hp–”)
nvm. there is way to setup impossible to break passwod wt javascript… here is tip: its not a password…
by the way, check what JavaScript based game: http://www.fordana.com
BTW, that’s not ajax, especially not comet. And it looks as if much of the code is on the server. Nothing like mine.
If you try downloading the client, it wont work without a server, mine will.
Good for you. want to see impossible to break password in JavaScript?
Script is only from 10lines, and doesn’t encrypted.
What are you talking about?
about password script who will be impossible to break
What’s “10lines”?
whole code are only from 10 lines
so what is it? I can make some pseudo encryption that is “impossible” to crack easily.
“lets see if you can decode this”.split(“”).sort().join(” “).split(/[aeiou]/g).sort(function(a,b){return a.length-b.length}).join(” “).split(” “).join().replace(/,,,/g,”l”).replace(/,,/g,”a”).replace(“ll”,”x”)
which comes out with:
xll,yaf,hll,nlc,c,d,dls,s,s,t,tlllla
less information than needed to reconstruct the phrase again. Doesn’t mean impossible, you can quite easily feed it into a brute-force cracking engine and get the answer. No hashing on the client side can be safe from that. You have no control over Who/What is doing.
nvm what dis all about… there is no need to encrypt…
here is script:
script language=”JavaScript”>
Hahahahahahahha owned!
nice anti script posting protection… so how i can post script source>?
What? Um… I didn’t make any protection
It comes with wordpress.
Try stripping off all the < and > characters. and you knew more about hacking, you could probably get away with it
OK here is script:
var password = prompt(“Enter in the password.”,””)
if (password == null) {
history.back();
}
else {
location = password.toLowerCase() “.html”
You cant hack what javascript password script!
Because it’s using the server for validation. It’s not client-side.
what do you mean?
Well, doing a window.location makes the browser query the server. The script requires a server.
If you go to the web page, unplug your computer from the internet, the script won’t verify even if you have the right password.
Anything that uses AJAX (XMLHTTPRequest), form submitting (form.submit()), setting the URL (window.location), is not client-side.
It’s the server that checks whether the file is there or not.
ok lol but its javascript. wan you talking tales about php and encrypting password…
..but it’s not _pure_ javascript. and that was my point. The only way to do it with pure javascript is ineffective encryption.
thre is way to decrypt any password who in js
my point exactly. I accept your defeat.
what?
you accept wt i lost?
no guy, whats not deal.
Ok. so what? You couldn’t defend your point. So I am the clear “winner” of the argument.