Happy Atheist Forum

This site could use a godawful easter egg, imho.  With that in mind, and in the spirit of the Invisible Pink Unicorn, I offer up this. (http://paulirish.com/2009/cornify-easter-egg-with-jquery/)

For a quick preview, just use the konami code on that page and press whatever keys you want, so: up up down down left right left right b a blah blah blah blah blah blah blah.

lol

I could write a godawful HAF easter egg if people are interested in wasting their time in this way. I know I am. I'm a professional programmer you know! =) I would need help with the godawful graphics. What do you think Whitney? How about a key combination that turns all the smilies on a page into some alternative (and hilariously amusing) animated gif? It would only be visible to the person who did it and only until they go to another page.

That. Is. Amazing.

Thanks Pipebox!

My whole office is now trying to find other sites with that easter egg. I'll let you know if we find any others.

SO COOL!  I love those types of things!  Hubby, also a professional programmer, is shaking his head.  LOL!  

Heh, ESPN had it the other day until the internets caught on.  The webmaster said he didn't put it in there (he obviously did), but that he had to take it down because it was being blogged so widely.  

Here's a pic from before they "fixed" it.
http://imgur.com/Efy.jpg

Quote from: "AlP"I could write a godawful HAF easter egg if people are interested in wasting their time in this way. I know I am. I'm a professional programmer you know! =) I would need help with the godawful graphics. What do you think Whitney? How about a key combination that turns all the smilies on a page into some alternative (and hilariously amusing) animated gif? It would only be visible to the person who did it and only until they go to another page.

That would be funny...but would doing something like that create security holes for the hackers?

Only if they had already compromised it.  It's just a javascript running on your end and the compiled java code server side doing all the fun stuff in the case of cornify.  The code that calls the JS is Jquery, but again, that's only functions on the client end.  There's really no way to abuse this, but I'll run it by my brother who's an admin on three different boards does this stuff for money (been meaning to learn, myself, as it's a nice supplemental income).

I suspect AlP will say the same.  

Kiros, former admin from virtualteen.org, coder and modmaker on the vbulletin boards, administrator at milsurps.com and thesocialrev.com informs me it's totally safe for your server, Whitney.  He also recommends you buy a $5 flash chat, or call for donations and get the $180 Vbulletin so he can assist you, but that's just because he wants another recommendation under his belt for when he moves into the the commercial sector.   :P

*edit to fix bad website name*

Mhmm. I've looked at the code, and I cannot find anything harmful or exploitable within it. It's client-side JavaScript that loads a remote JavaScript package whenever the correct keys are pressed. So after your server gives the code (serves the web page) to the user, there is no more interaction between the server and client. There's no exploitable tunnel or anything.

Also, please consider jumping to vBulletin. I know that it cost money, but if you open donations, you may be able to buy an owned license fairly easily. If 20 people donate about $10 each, that would give you enough to get vBulletin and FlashChat (an integrated chat room). The only reason that I'm suggesting it is because I'm a vBulletin coder and I could assist you free-of-charge if you ever need board tech support.

But I digress. My brother is correct. There's no room for exploits here; not in the code that PipeBox is suggesting. phpBB has more exploitable code than this bit of JavaScript. However, I'm not sure about AlP's code since there isn't any code yet

I don't see why I should pay for vbulletin when things like  phpbb and smf are free.  Not to mention that making the switch would be a pain in the ass that I don't have time for.

Right, right. It's just a suggestion. In my opinion, it's worth the money. Some basic features are compared here: http://www.forummatrix.org/compare/phpBB+vBulletin (http://www.forummatrix.org/compare/phpBB+vBulletin)

However, the best part about vBulletin is the logic of the software. The way that it uses the templates and plugins makes it very easy to work with and modify. Anyway, it's just an off-topic suggestion.

The fact of the matter is, the Easter Egg JavaScript that PipeBox found looks pretty good and shouldn't be exploitable.

It lives!

An example of my proposed HAF easter egg is here (http://alpeasteregg.hoxt.me). Apologies for the text ads at the bottom. I used a free web host. It's just a functional demo that demonstrates what it does. You type "happysmilies" and it turns the smilies into a different image (in this case of the flying spaghetti monster). I don't believe there are any security issues. No code runs on the server. It's completely client side. The code does not access cookies. It does not execute any third party JavaScript code. It doesn't allow users to inject JavaScript code. It modifies the DOM but not by changing the HTML (it doesn't change the innerHTML property, which is dangerous). I see no means of exploiting it for an XSS or XSRF attack. If anyone wants to review the code, it's here (http://alpeasteregg.hoxt.me/easteregg.js).

I'm running in Solaris at the moment so I can only test in Firefox. Can someone check to see if it works in Internet Explorer, Chrome and Safari?

Now who's got a hilariously amusing animated gif to replace the smilies with?

 

Quote from: "AlP"Now who's got a hilariously amusing animated gif to replace the smilies with?

 :D

Quote from: "curiosityandthecat"

I think this must be the first time you've replied to a post without an amusing animated GIF!

I've got this working in Internet Explorer, Chrome and Firefox now. I've also added a "chase the mouse cursor" feature. Click the flying spaghetti monster and he'll follow you around.

Any suggestions?

Mission acoomplished. Flying spaghetti monster overruns HAF board! Smilies turn into monsters when you type the sequence "happysmilies":
[attachment=1:3vmk9g2o]smilies_to_fsm.JPG[/attachment:3vmk9g2o]

Monsters detach from post and follow the mouse when you click them:
[attachment=0:3vmk9g2o]fsm_follows_mouse.JPG[/attachment:3vmk9g2o]

You can't see the mouse though because it wasn't taken as part of the screenshot.

I did it with this Greasemonkey script (http://alpeasteregg.hoxt.me/haf_easter_egg.user.js).

If you don't know how to work Greasemonkey, there's a simpler demo here (http://alpeasteregg.hoxt.me/index.html).

Hmm.  I was able to get your easter egg to work in Chrome on your test page, but not here.  Maybe I'm doing something wrong.

Quote from: "Recusant"Hmm. I was able to get your easter egg to work in Chrome on your test page, but not here. Maybe I'm doing something wrong.

It uses Greasemonkey so you would need to use Firefox. Then install the Greasemonkey addon (https://addons.mozilla.org/en-US/firefox/addon/748). Then install this Greasemonkey script (http://alpeasteregg.hoxt.me/haf_easter_egg.user.js). Then it should work. Hopefully Chrome will support Greasemonkey soon. I prefer Chrome as a browser.

Here's your post with a flying spaghetti monster .

[attachment=0:1kiqbboh]recusant_with_fsm.JPG[/attachment:1kiqbboh]

Quote from: "Recusant"Hmm.  I was able to get your easter egg to work in Chrome on your test page, but not here.  Maybe I'm doing something wrong.

Here meaning the forum?  That's because I haven't included the code yet.

I think it's important that the easter egg doesn't get in the way of funcionality of the forum. If it did, I would get annoyed reeeaaally quickly.
...don't hurt me.  

It won't get in the way, because you're not likely to type "happysmilies" in going about your business.  Besides, it's not an easter egg if it's blatant and always in your face.