Tuesday, April 20, 2010

TVI Express: even their "member list" is a fake!

If you go on the TVI Express website, you will notice a "scroller" that supposedly lists the members online because it's labeled "Today's Members".

It is a Flash object, called "today.swf". Out of curiosity, I decompiled it using the 15-day trial version Flash Decompiler Gold, and opened up the object. (You can download it off CNet's download.com).

And here's the shocker: it is NOT connected to a database! The only code that refers to an outside file is this line in Today.swf:Scripts:MainMovie:
pxml.load("data.php?c=" + getTimer());
So what DOES getTimer() do in Flash? It returns the number of milliseconds since the flash player loaded and initialized. It has NOTHING to do with a date at all. It's just a number. In fact, it is a random number. It is usually used to seed random number generators.

Why would a database display need to read in a random number?


So I tried entering the following URL, try to get access to the data directly:

http://www.tviexpress.com/data.php?c=1

And I got an XML file back. Okay.

I tried some OTHER number for c, and I got back the exact same file!

I tried it the next day, different numbers, and I still got back the exact same file, no matter when I try, or what number I put in for c!

The file is STATIC! It is NOT DYNAMIC that they want you to believe! IT IS A FAKE!

Oh, I know you'll probably say "it could just be a static file updated nightly!"  Then I ask you, if it's only updated NIGHTLY, why would it need a random number generator? And if it's updated nightly, then it would be YESTERDAY'S MEMBERS, right? But it says TODAY'S MEMBERS. So that is STILL a LIE!

WHY WOULD A LEGITIMATE COMPANY FAKE ITS OWN MEMBER ROLL ON ITS OWN WEBSITE?!?!

Looks like someone got LAZY in writing the PHP routine that is supposed to randomly pull names out of a table, generate a fake XML file, for the member display!

Here's a simple test for TVI Express members: login as yourself. Do you see YOUR name in the list? I seriously doubt it.
Reblog this post [with Zemanta]

9 comments:

Anonymous said...

You seem ill informed, when a new member is signed up I show them on the scroll where they appear, seeing their or tag as we say shows your trying to discredit the company for your own reasons.
Whats your business?

GuyReviews said...

And your proof of this is what?

Maybe you should go login now, and tell me your login ID so I can confirm you're indeed on the scroller. Else you can just shut up. IMHO, until you've proven otherwise, you're just another baseless accuser. I've seen too many of them try that here, when I've provided evidence every step of the way.

It's too bad you don't understand programming, because you're clearly not read anything I wrote.

As for my business, 1) it's none of your business, and 2) I don't need a reason to discredit a scam, 3) You are using secret #9 of "10 secrets of efficient liars": counterattack. Already know your tricks.

GuyReviews said...

hey dude.. i have also gone through all and found that.. data.php itself connects with database and fetch latest member list. and
what "c" variable is doing here?

c is used to fetch live data instead of cache.

hope you got it!

GuyReviews said...

So pulling in a randomly number proves that they're pulling live data?

You are very funny my friend. If it is live data, it would not need a randomly seed number. Your reasoning has no logic behind it.

GuyReviews said...

I want you to keep monitoring following url,

http://www.tviexpress.com/data.php

you will always found new data

GuyReviews said...

1) Even if it changes, it doesn't prove it's a "live list". It could still be random data driving it.

2) It could have been changed in the intervening months. This post was posted in April 2010, and it could have been faked since the very beginning of the website in January 2009. Even if you proved that it is real "now", it was likely fake for well over a year.

GuyReviews said...

may be you are correct but now its seems actual data, to cross check the authenticity of data, i have cross checked usernames with there forgot password section. All seems to actual users

GuyReviews said...

Further analysis shows it's the same 500 lines of data, shuffled into a different order each time the data is accessed.

Data was captured, then imported into spreadsheet for sorting. 20 minutes later, captured again and sorted. EXACT same data, just different order. This is slightly better fake, but still fake.

http://kschang.blogspot.com/2010/09/anoop-claims-tvi-express-member.html

GuyReviews said...

@Anoop -- you're ignoring the other possibility... the "forgot password" list can be a fake also.