MOFHY Lite is a free web hosting management system to manage MOFH hosting accounts and SSL certificates.

Overview

MOFHY Lite

MOFHY Lite is a free of cost MOFH clientarea for account management and support services with free ssl service. It have easy to use features and a much like WHMCS Digit UI interface.

AppVeyor AppVeyor AppVeyor AppVeyor AppVeyor

Table of Content

Features

MOFHY Lite features are listed below:

  • Sign up / Login.
  • Password Reset Functionality
  • Validation / Verification.
  • Account Management.
  • Account Settings.
  • GoGetSSL Api Integration.
  • MOFH Api Integration.
  • Enchanted Security.
  • Support System.
  • Custom Template System.
  • Knowledgebase System.
  • Admin Settings.
  • Day/Night Mode.
  • Standalone Setup.
  • SMTP Support.

Requirements

Your server need to met minimal requirements to run MOFHY Lite:

  • php 7.0 or above
  • mysql 5.7 or above
  • openssl 1.2 or above

Installation

Installation of MOFHY Lite is much then you think

  • Download the MOFHY-Lite-dev.zip file.
  • Extract it to your root folder of your domain.
  • Open your browser and type http://yourdomain.com/src/ an installation page will be appear.
  • After clicking install you have to fill up your database details and click on validate.
  • Fill up the clientarea name, clientarea URL:http://example.com/src/, clientarea email and click on next step.
  • Register an admin account for free.
  • Rename or remove installation directory form src directory.
  • You can access admin panel http://example.com/src/admin/.
  • All done.

Dependencies

The following libraries are required to run MOFHY Lite:

  • phpmailer
  • mofh-client
  • guzzle
  • composer
  • user info
  • gogetssl

Contributer

The build is created and modified by Mahtab Hassan

Copyright

Code Copyright 2021 MOFHY Lite. Code released under the MIT license.

Comments
  • Any Button Navigates to srcadmin/filename.php

    Any Button Navigates to srcadmin/filename.php

    When I click an navigation button, it sends me to the page but without a / between src and admin. Only provides a 404 error (as expected) Any help would be appreciated.

    opened by finley541 27
  • My mail sending is not working

    My mail sending is not working

    I use this script in Https://account.easyteach.tk/ Every thing is fine but mail sending system is not working I tried Gmail ,own server , mail gun SMTP Please solve

    opened by Gouravyadavyt 16
  • [Critical] Logic Bomb leading to Unauthorized Account Access

    [Critical] Logic Bomb leading to Unauthorized Account Access

    This issue has been disclosed privately to the author (on Jan 8th) but it's taking too long to be fixed.

    The following text are mostly copied and pasted from the email: I noticed the use of LEFSESS cookie to remember a user login. This can easily be manipulated and can be used to take over someone else's account just by knowing their email address. If you know someone's email address, you can base64 encode it and set it as the cookie. unnamed This screenshot shows that the vulnerability works. On the left-hand side is the Client Area accessed by manually logging in. On the right-hand side is the Client Area accessed by just editing the cookie for LEFSESS using this website https://www.base64encode.org/ and appending "%3D%3D" at the end of the encoded result to the cookie. This is a very critical problem and must be prioritized.

    Affected files:

    • src/function/Login.php (set cookie part).
    • src/handler/CookieHandler.php (entire logic).
    • And other files that handle the ADMIN cookies.
    opened by PlanetTheCloud 11
  • Something Went Wrong

    Something Went Wrong

    Describe the bug Ummm,Cant Create Account,Getting Somethin Went Wrong Error. IP Already Set Callback too

    Desktop (please complete the following information):

    • OS: MacOS
    • Browse : Safari
    • Version: 12.0.1

    Smartphone (please complete the following information):

    • Device: Realme XT
    • OS: Android,Realme UI
    • Browser : Chrome
    • Version Android 10
    截圖 2021-11-23 下午7 39 49

    Account Created But CA Didnt Show.

    opened by ImLoadingUuU 10
  • email

    email

    This is just a doubt. So during signup/reset password, has the verification system changed to direct link verification or still the same old token system? I have not yet updated to v1.0.5.

    opened by jaikt 9
  • qwetyuiop idk title

    qwetyuiop idk title

    Fatal error: Uncaught GuzzleHttp\Exception\ConnectException: Error while connecting to the host in /owo/owo/owo/owo/public/owo/modules/guzzlehttp/guzzle/src/Handler/CurlFactory.php:210 Stack trace: #0

    opened by ImLoadingUuU 8
  • [Critical] Logic Bomb: Change admin settings without login

    [Critical] Logic Bomb: Change admin settings without login

    The check to ensure a user is logged in is performed but not enforced. The user may seem to be redirected away but the underlying code is still executed. This caused requests to still be processed. I've tested it on the Admin Change Area Settings but this will work on any other functions that modify the database state and accept POST or GET requests.

    BEFORE: image

    AFTER: image

    The request: image

    Reference and how to solve: https://www.php.net/manual/en/function.header.php

    This might be the last report I'll make in this repository. I stumbled upon this flaw when checking the admin's session handler.

    opened by PlanetTheCloud 8
  • Wrong tld

    Wrong tld

    Hello, sorry but I have created a new hosting account with a test user, I have chosen a domain extension that I have added to my panel (.fuxy.ml) but for some reason, I create the account with a domain name with characters random apparently and also with the main extension. And it's not what I want.

    Would you dare to access my website and try it out for yourself?

    I had already installed Santi's version and the exact same thing happened to me.

    https://img.aoli.ml/mcDUehO.png

    opened by Aleperix 8
  • [Critical] XSS Vulnerability

    [Critical] XSS Vulnerability

    This issue has been disclosed privately to the author (on Jan 8th) but it's taking too long to be fixed.

    The following text is mostly copied and pasted from the email: On src/template/ViewKnowledgebase.php line 4, you are using $_GET without any sanitation such as htmlspecialchars (https://www.php.net/manual/en/function.htmlspecialchars.php) which caused an XSS vulnerability. I only spot this one area, but there might be more. unnamed (XSS can be used to send requests on behalf of the user, so don't take this lightly)

    opened by PlanetTheCloud 7
  • Add Google ReCapcha Functionality

    Add Google ReCapcha Functionality

    It's here! Added Google ReCaptcha functionality on login and signup pages. Because I'm lazy, you're going to have to add the keys manually (It's only 4 files, not bad at all). I also updated the install instructions to make them easier to follow, and to guide new users in Google ReCaptcha setup.

    opened by greenreader9 7
  • Missing /admin/settings.php

    Missing /admin/settings.php

    I downloaded the source, then installed it on my reseller hosting site, then I tried to edit client account and that settings.php is missing on admin/settings.php

    opened by rexluciano 6
  • Account futures has got error

    Account futures has got error

    Parse error: syntax error, unexpected '?' in /home/vol14_5/boomhost.ml/www/area.boomhost.ml/htdocs/admin/template/MySSL.php on line 30

    and mail dont work php version 5.6 then i change to 7.4 but dont help

    opened by pythoniaweb 5
  • mysqli_real_escape_string Cant fully prevent SQL Injection

    mysqli_real_escape_string Cant fully prevent SQL Injection

    mysqli_real_escape_string CAN PREVENT SQL Injection BUT it cant FULLY PREVENT SQL Injection. So,Its Safe But Unsafe? xD https://stackoverflow.com/questions/5741187/sql-injection-that-gets-around-mysql-real-escape-string

    opened by ImLoadingUuU 32
  • XSS: Do not echo unencoded GET values

    XSS: Do not echo unencoded GET values

    Describe the bug The application echos un-encoded GET values

    Expected behavior The application does not echo un-encoded GET values

    Screenshots Example: Screenshot 2022-03-18 9 58 25 AM

    Additional context The following pages have the error: src/admin/template/AccountSettings.php:5 src/admin/template/AccountSettings.php:5 src/template/ViewAccount.php:4 src/template/AccountSettings.php:6 src/template/ViewSSL.php:4 src/template/cPLogin.php:5 src/template/ViewKnowledgebase.php:4 src/template/ViewKnowledgebase.php:4 src/template/ViewTicket.php:117 src/admin/template/ViewAccount.php:4

    opened by greenreader9 3
  • Please check this

    Please check this

    In admin panel mofhy When I entered and update api key . It send me do this page https://account.easyteachhost.tk/admin/function/BuilderSettings.php But in mofhy it is not available . Please add this

    opened by Gouravyadavyt 16
Releases(v1.0.6)
  • v1.0.6(Jan 31, 2022)

    What's Changed

    • Update readme.md by @jaikt in https://github.com/NXTS-Developers/MOFHY-Lite/pull/12
    • new pull by @jaikt in https://github.com/NXTS-Developers/MOFHY-Lite/pull/13
    • Update README.md by @jaikt in https://github.com/NXTS-Developers/MOFHY-Lite/pull/14
    • Update Signup.php by @jaikt in https://github.com/NXTS-Developers/MOFHY-Lite/pull/15
    • Update README.md by @jaikt in https://github.com/NXTS-Developers/MOFHY-Lite/pull/17
    • Updated Install Directions in README.md by @greenreader9 in https://github.com/NXTS-Developers/MOFHY-Lite/pull/21
    • Update README.md by @jaikt in https://github.com/NXTS-Developers/MOFHY-Lite/pull/26
    • Title False For SSL View by @jaikt in https://github.com/NXTS-Developers/MOFHY-Lite/pull/27
    • NewAccount.php Password by @jaikt in https://github.com/NXTS-Developers/MOFHY-Lite/pull/31
    • Update NewAccount.php by @jaikt in https://github.com/NXTS-Developers/MOFHY-Lite/pull/39
    • Update some links and wordings by @rexllc in https://github.com/NXTS-Developers/MOFHY-Lite/pull/41
    • Update some links and wordings by @rexllc in https://github.com/NXTS-Developers/MOFHY-Lite/pull/42
    • Added real_escape_string by @rexllc in https://github.com/NXTS-Developers/MOFHY-Lite/pull/44
    • Added real_escape_string by @rexllc in https://github.com/NXTS-Developers/MOFHY-Lite/pull/43
    • Added real_escape_string by @rexllc in https://github.com/NXTS-Developers/MOFHY-Lite/pull/45
    • Update README.md by @greenreader9 in https://github.com/NXTS-Developers/MOFHY-Lite/pull/47
    • show user input domain by @jaikt in https://github.com/NXTS-Developers/MOFHY-Lite/pull/46
    • Please fix that by @santydesignscr in https://github.com/NXTS-Developers/MOFHY-Lite/pull/56

    New Contributors

    • @jaikt made their first contribution in https://github.com/NXTS-Developers/MOFHY-Lite/pull/12
    • @rexllc made their first contribution in https://github.com/NXTS-Developers/MOFHY-Lite/pull/41
    • @santydesignscr made their first contribution in https://github.com/NXTS-Developers/MOFHY-Lite/pull/56

    Full Changelog: https://github.com/NXTS-Developers/MOFHY-Lite/compare/v1.0.5...v1.0.6

    Source code(tar.gz)
    Source code(zip)
  • v1.0.5(Nov 2, 2021)

    This is a prerelease of MOFHY Lite which had limited features like create, update and delete accounts.

    What's Changed

    • Update Wording by @greenreader9 in https://github.com/mahtab2003/MOFHY-Lite/pull/4
    • Update wording - ForgotPassword.php by @greenreader9 in https://github.com/mahtab2003/MOFHY-Lite/pull/5
    • Update README.md by @greenreader9 in https://github.com/mahtab2003/MOFHY-Lite/pull/9

    New Contributors

    • @greenreader9 made their first contribution in https://github.com/mahtab2003/MOFHY-Lite/pull/4

    Full Changelog: https://github.com/mahtab2003/MOFHY-Lite/commits/v1.0.5

    Source code(tar.gz)
    Source code(zip)
Owner
Mahtab Hassan
I'm a web Developer and I like to create web applications and websites.
Mahtab Hassan
Mofhy is a secure, fast and responsive client area for managing MyOwnFreeHost accounts and ssl certificates.

Mofhy is an open-source MyOwnFreeHost client area for managing accounts and ssl certificates. It has easy to use features much like the WHMCS Digit UI interface

Mofhy 12 Dec 15, 2022
Now Introducing a new and easy way to manage your clients and MyOwnFreeHost hosting accounts.

Warning This is a beta version of Xera. Use it for testing purpose only. You are be responsible for any loss or damages that may occor from using this

Mahtab Hassan 23 Dec 15, 2022
Vigil is a free client and hosting account management system designed especially for MyOwnFreeHost resellers.

Vigil is a free client and hosting account management system designed especially for MyOwnFreeHost resellers. It comes out of the box with a ticket support system, free SSL generator and elegant design.

JAI KRISHNA 1 Nov 21, 2021
Linkfyle is a system that allows you to collect your social media accounts in one place and be reachable.

Linkfyle About Linkfyle is a system that allows you to collect your social media accounts in one place and be reachable. Features Login and Registrati

null 6 Dec 15, 2022
Open Source Voucher Management System is a web application for manage voucher. used PHP with Laravel Framework and use MySQL for Database.

Voucher Management System is a web application for manage voucher. You can create and manage your voucher. Voucher Management System is used PHP with Laravel Framework and use MySQL for Database.

Artha Nugraha Jonar 34 Sep 17, 2022
Simple Dynamic DNS Web management self-hosting. Run over dnsmasq.

MyDDNS [BETA] Simple Dynamic DNS Web management self-hosting. It use dnsmasq. It was inspired on duckdns.org. Preparation You need root access to a se

Iván Eixarch 4 Jul 6, 2022
Laravel-Library-Management-system is nice to management library system...

About Laravel Laravel is a web application framework with expressive, elegant syntax. We believe development must be an enjoyable and creative experie

Eng Hasan Hajjar 2 Sep 30, 2022
PHP Lite Framework

plite PHP Lite Framework Adds some basic libraries for working with console-viewed logging, PHP as a CLI tool, handling basic server-side web API requ

Version2 0 Oct 26, 2021
A great looking and easy-to-use photo-management-system you can run on your server, to manage and share photos.

Lychee A great looking and easy-to-use photo-management-system. Since the 1st of April 2018 this project has moved to it's own Organisation (https://g

Tobias Reich 6.2k Jan 5, 2023
Admidio is a free open source user management system for websites of organizations and groups

Admidio is a free open source user management system for websites of organizations and groups. The system has a flexible role model so that it’s possible to reflect the structure and permissions of your organization.

Admidio 214 Jan 1, 2023
Simple blog concept with features such authentication (creating accounts, logging in) and commenting.

Simple blog concept with features such authentication (creating accounts, logging in) and commenting. Styling done with tailwindcss and inline javascript is provided by alpineJS.

null 1 Oct 26, 2021
Snipe-IT - A free open source IT asset/license management system

Snipe-IT - A free open source IT asset/license management system

snipe 7.2k Jan 4, 2023
MenuCard - Employees can login with already made admin accounts

MenuCard Symfony 5.4.2 application Employees can login with already made admin accounts. Employees can manages create new accounts for new employees.

Lajili Med Dhia 1 Jan 20, 2022
ViMbAdmin project provides a web based virtual mailbox administration system to allow mail administrators to easily manage domains, mailboxes and aliases.

ViMbAdmin project (vim-be-admin) provides a web based virtual mailbox administration system to allow mail administrators to easily manage domains, mailboxes and aliases.

Open Solutions 464 Jan 1, 2023
DooTask is a lightweight open source online project task management tool that provides various document collaboration tools, online mind mapping, online flowcharting, project management, task distribution, instant IM, file management and other tools.

DooTask is a lightweight open source online project task management tool that provides various document collaboration tools, online mind mapping, online flowcharting, project management, task distribution, instant IM, file management and other tools.

kuaifan 3k Jan 5, 2023
:panda_face: Jitamin is a free software written in PHP, intended to handle the project management over the web. QQ群: 656868

Jitamin Jitamin (pronounced /ˈdʒɪtəmɪn/) is a free software written in PHP, intended to handle the project management over the web. Jitamin is inspire

jitamin 916 Dec 14, 2022
mini Project in Laravel and vue js. Real World Laravel 8x + vue js Dashboard.Task management and project management system

mini Project in Laravel and vue js. Real World Laravel 8x + vue js Dashboard.Task management and project management system. Dashboard features such as: Complete Dashboard, Custom Authentication, Email Verification, custom-login-register-forgot password (without jetstream).

Hasmukh Dharajiya 2 Sep 20, 2022
A free and open-source accounting and production system for businesses and non-profits with support for multiple users and varied integrations

A free and open-source accounting and production system for businesses and non-profits with support for multiple users and varied integrations.

null 3 Sep 22, 2022
Ressource Management and Manufacturing execution system Web for industry (sheet metal, machining, mold ...)

WEB ERP MES Ressource and Manufacturing execution system Web WEM is a business management web application using Laravel 8 and bootstrap 4.6. Why WEM ?

null 28 Dec 30, 2022