[CMS][Tutorial] How to Fix the post News

[Smooth Hotel]

Hmpf, tried that, stil got the error.

P.S. got a screenie here:

Download the attachment and just replace your news2.php with it.

 

[JeeCee]

Download the attachment and just replace your news2.php with it.

Read the whole topic. The developer of the CMS posted that if you use that, it would be exploitable, so he posted a query which fixed the exploits.

But, because of his query, I still got the \r\n, and with the query that Lucas Reis gave us I don't have that problem anymore, but then you have that goddamn exploit -.-

P.S. if you use 'Shift + Enter' instead of 'Enter' you don't got that problem

 

[Smooth Hotel]

I receive this error when posting a news article

Incorrect integer value: 'Vineen' for column 'author' at row 1

 

[JustElmoo]

Fix this bye : Navicat touch 1 time cms_news edit table then choose author, put the type on varchar an character from 6 to 32.

 

[themaster2012]

how to fix the post news in habbo theme????

 

[FarLock]

The code Kryptos provided does not work although is secured. A working secured patch will be appreciated.

 

[themaster2012]

hi guys...last time my hk was ok but now it appear this error Warning: Invalid argument supplied for foreach() in C:\xampp\htdocs\app\tpl\class.js.php on line 24

<?php
 
namespace Revolution;
if(!defined('IN_INDEX')) { die('Sorry, you cannot access this file.'); }
class js implements iJS
{
 
    private $js;
 
    final public function get()
    {
        global $_CONFIG;
        foreach (glob("app/tpl/skins/".$_CONFIG['template']['style']."/js/*.js") as $filename)
        {
            $this->js = '<script src="'.$filename.'" type="text/javascript"></script>';
 
            $this->setJS();
        } 
    } 
 
    final public function getHK()
    {
        global $_CONFIG;
        foreach (glob("app/tpl/skins/".$_CONFIG['template']['style']."/hk/js/*.js") as $filename)
        {
            $this->js = '<script src="'.$filename.'" type="text/javascript"></script>';
 
            $this->setJS();
        } 
    }
 
    final public function setJS()
    { 
        global $template;
        $template->tpl .= $this->js;
        unset($this->js);
    }
 
 
}
?>

it doesnt go to news2..it went to this page


Warning: Invalid argument supplied for foreach() in C:\xampp\htdocs\app\tpl\class.js.php on line 24

{hotelname} Housekeeping -- Welcome {username}


[

You must be registered for see links

] [

You must be registered for see links

]

Player Management

»

You must be registered for see links

»

You must be registered for see links

Administration

»

You must be registered for see links

»

You must be registered for see links

»

You must be registered for see links

»

You must be registered for see links

»

You must be registered for see links

»

You must be registered for see links

Moderation

»

You must be registered for see links

»

You must be registered for see links

»

You must be registered for see links

»

You must be registered for see links

Badges

»

You must be registered for see links

»

You must be registered for see links

»

You must be registered for see links

Statistics

Server Status: {status}
{online} user(s) online



Warning: Cannot modify header information - headers already sent by (output started at C:\xampp\htdocs\app\tpl\class.js.php:24) in C:\xampp\htdocs\app\tpl\skins\Habbo\hk\news.php on line 86


can u guys help me out??

 

[Gajeel]

  <link rel="stylesheet" href="{url}/app/tpl/skins/{skin}/hk/styles/global.css" type="text/css">
<div id="main">
    <div id="links"></div>
    <div id="header"><img src="{url}/app/tpl/skins/{skin}/images/logo.png" align=right style="margin-right: 480px; margin-top: 5px;">
      <div id="logo">
        <div id="logo_text">
          <!-- class="logo_colour", allows you to change the color of the logo text -->
        <h1>{hotelname} Housekeeping -- Welcome {username}</h1>
        </div>
      </div>
    </div>
    <div id="site_content">
      <div id="sidebar_container">
        <!-- insert your sidebar items here -->
        <div class="sidebar">
          <div class="sidebar_top"></div>
          <div class="sidebar_item">
          <br />
          [ <a href='dash'>Return to Dashboard</a> ] [ <a href='logout'>Log out</a> ]<br /> <br />
            <p>
            <?php if(mysql_result(mysql_query("SELECT rank FROM users WHERE id = '" . $_SESSION['user']['id'] . "'"), 0) >= 5)
            { ?>
            Player Management <br /> <img src='../app/tpl/skins/<?php echo $_CONFIG['template']['style']; ?>/hk/images/line.png'> <br />
           
            &raquo; <a href='vip'>Give a user Regular VIP</a> <br />
            &raquo; <a href='svip'>Give a user Super VIP</a> <br />
            &raquo; <a href='edit'>Edit a users account</a> <br />
            <br />
            Administration <br /> <img src='../app/tpl/skins/<?php echo $_CONFIG['template']['style']; ?>/hk/images/line.png'> <br />
            &raquo; <a href='news'>Post news article</a><br />
            &raquo; <a href='delnews'>Delete a news article (By ID)</a><br />
            &raquo; <a href='cmdlogs'>Command logs</a><br />&raquo; <a href='motd'>Change welcome message</a><br />&raquo; <a href='empty'>Empty a table</a><br />&raquo; <a href='timer'>Change the Credits & Pixels timer</a><br />
            <br />
            <?php } if(mysql_result(mysql_query("SELECT rank FROM users WHERE id = '" . $_SESSION['user']['id'] . "'"), 0) >= 5) { ?>
            Moderation <br /> <img src='../app/tpl/skins/<?php echo $_CONFIG['template']['style']; ?>/hk/images/line.png'> <br />
            &raquo; <a href='banlist'>Ban List</a> <br />
            &raquo; <a href='ip'>IP lookup</a> <br />
            <br />
            Badges <br /> <img src='../app/tpl/skins/<?php echo $_CONFIG['template']['style']; ?>/hk/images/line.png'> <br />
            &raquo; <a href='listbadge'>List badges</a><br />&raquo; <a href='addbadge'>Add a badge</a><br />&raquo; <a href='delbadge'>Delete a badge</a><br />
            <?php } ?>
            <br />
            Statistics<br />
            <img src='../app/tpl/skins/<?php echo $_CONFIG['template']['style']; ?>/hk/images/line.png'> <br />
                    Server Status:
            {status} <br />
            {online} user(s) online <br />
   
            </p>
          </div>
          <div class="sidebar_base"></div>
        </div>
      </div>
      <div id="content_container">
 
        <div id="content">
          <!-- insert the page content here -->
          <br />       
<?php
if(!isset($_SESSION["longstory"]))
{
    header("Location: ".$_CONFIG['hotel']['url']."/ase/news");
    exit;
}
 
if(isset($_POST["proceed"]))
{
$topstory = mysql_real_escape_string($_POST["topstory"]);
    $author = mysql_result(mysql_query("SELECT username FROM users WHERE id = '".$_SESSION['user']['id']."' LIMIT 1"), 0);
    mysql_query("INSERT INTO cms_news (title,shortstory,longstory,published,image,author, campaign, campaignimg) VALUES ('" . $_SESSION["title"] . "', '" . $_SESSION["shortstory"] . "', '" . $_SESSION["longstory"] . "', '" . time() . "', '" . $topstory . "', '" . $author . "', 0, 'default')") or die(mysql_error());
    unset($_SESSION["title"], $_SESSION["shortstory"], $_SESSION["longstory"]);
    header("Location: ".$_CONFIG['hotel']['url']."/ase/");
    exit;
}
    echo '<center><b>You are writing news article <u>'.$_SESSION["title"].'.</u><br />';
    echo 'It\'s time to choose the image for your story. Choose one from the drop down list and click "Check Image"';
    echo '<form method="post">';
    echo '<br />';
    echo '<select name="topstory" id="topstory" style="font-size: 14px;"';
   
    if ($handle = opendir('ts/'))
    {   
        while (false !== ($file = readdir($handle)))
        {
            if ($file == '.' || $file == '..')
            {
                continue;
            }   
   
            echo '<option value="' . $file . '"';
   
            if (isset($_POST['topstory']) && $_POST['topstory'] == $file)
            {
                echo ' selected';
            }
           
            echo '>' . $file . '</option>';
        }
    }
 
    echo '</select>';
   
    if(isset($_POST["check"]))
    {
        echo '<br /> <br /> <input type="submit" value="  Check image  " name="check" /> <br /><br />';
        echo '<font size="3">Topstory image<br /></font><img src="ts/' . $_POST["topstory"] . '" align="right />';
        echo '</center> <align="right"> <br /> <br /> <input type="submit" value="  Proceed (use image)  " name="proceed" /> <br />';
        echo '</form>';
    }
    else
    {
        echo '<br /> <br /> <input type="submit" value="  Check image  " name="check" /> <br />';
        echo "</form>";
    }
 
?>

This is the news2.php for

You must be registered for see links

. The fix was coded by

You must be registered for see links

and this news2.php is for Grapefruit ASE, so you need to edit certain things there. I have copy-pasted the full file as it seems I cannot find where the original 66th line content was. I asked Muffins to make one secured patch for it and if any PHP coder out there, feel free to inspect if this is not vulnerable.

Many thanks,
Vineen

 

[Mitchul]

  <link rel="stylesheet" href="{url}/app/tpl/skins/{skin}/hk/styles/global.css" type="text/css">
<div id="main">
    <div id="links"></div>
    <div id="header"><img src="{url}/app/tpl/skins/{skin}/images/logo.png" align=right style="margin-right: 480px; margin-top: 5px;">
      <div id="logo">
        <div id="logo_text">
          <!-- class="logo_colour", allows you to change the color of the logo text -->
        <h1>{hotelname} Housekeeping -- Welcome {username}</h1>
        </div>
      </div>
    </div>
    <div id="site_content">
      <div id="sidebar_container">
        <!-- insert your sidebar items here -->
        <div class="sidebar">
          <div class="sidebar_top"></div>
          <div class="sidebar_item">
          <br />
          [ <a href='dash'>Return to Dashboard</a> ] [ <a href='logout'>Log out</a> ]<br /> <br />
            <p>
            <?php if(mysql_result(mysql_query("SELECT rank FROM users WHERE id = '" . $_SESSION['user']['id'] . "'"), 0) >= 5)
            { ?>
            Player Management <br /> <img src='../app/tpl/skins/<?php echo $_CONFIG['template']['style']; ?>/hk/images/line.png'> <br />
         
            &raquo; <a href='vip'>Give a user Regular VIP</a> <br />
            &raquo; <a href='svip'>Give a user Super VIP</a> <br />
            &raquo; <a href='edit'>Edit a users account</a> <br />
            <br />
            Administration <br /> <img src='../app/tpl/skins/<?php echo $_CONFIG['template']['style']; ?>/hk/images/line.png'> <br />
            &raquo; <a href='news'>Post news article</a><br />
            &raquo; <a href='delnews'>Delete a news article (By ID)</a><br />
            &raquo; <a href='cmdlogs'>Command logs</a><br />&raquo; <a href='motd'>Change welcome message</a><br />&raquo; <a href='empty'>Empty a table</a><br />&raquo; <a href='timer'>Change the Credits & Pixels timer</a><br />
            <br />
            <?php } if(mysql_result(mysql_query("SELECT rank FROM users WHERE id = '" . $_SESSION['user']['id'] . "'"), 0) >= 5) { ?>
            Moderation <br /> <img src='../app/tpl/skins/<?php echo $_CONFIG['template']['style']; ?>/hk/images/line.png'> <br />
            &raquo; <a href='banlist'>Ban List</a> <br />
            &raquo; <a href='ip'>IP lookup</a> <br />
            <br />
            Badges <br /> <img src='../app/tpl/skins/<?php echo $_CONFIG['template']['style']; ?>/hk/images/line.png'> <br />
            &raquo; <a href='listbadge'>List badges</a><br />&raquo; <a href='addbadge'>Add a badge</a><br />&raquo; <a href='delbadge'>Delete a badge</a><br />
            <?php } ?>
            <br />
            Statistics<br />
            <img src='../app/tpl/skins/<?php echo $_CONFIG['template']['style']; ?>/hk/images/line.png'> <br />
                    Server Status:
            {status} <br />
            {online} user(s) online <br />
 
            </p>
          </div>
          <div class="sidebar_base"></div>
        </div>
      </div>
      <div id="content_container">
 
        <div id="content">
          <!-- insert the page content here -->
          <br />     
<?php
if(!isset($_SESSION["longstory"]))
{
    header("Location: ".$_CONFIG['hotel']['url']."/ase/news");
    exit;
}
 
if(isset($_POST["proceed"]))
{
$topstory = mysql_real_escape_string($_POST["topstory"]);
    $author = mysql_result(mysql_query("SELECT username FROM users WHERE id = '".$_SESSION['user']['id']."' LIMIT 1"), 0);
    mysql_query("INSERT INTO cms_news (title,shortstory,longstory,published,image,author, campaign, campaignimg) VALUES ('" . $_SESSION["title"] . "', '" . $_SESSION["shortstory"] . "', '" . $_SESSION["longstory"] . "', '" . time() . "', '" . $topstory . "', '" . $author . "', 0, 'default')") or die(mysql_error());
    unset($_SESSION["title"], $_SESSION["shortstory"], $_SESSION["longstory"]);
    header("Location: ".$_CONFIG['hotel']['url']."/ase/");
    exit;
}
    echo '<center><b>You are writing news article <u>'.$_SESSION["title"].'.</u><br />';
    echo 'It\'s time to choose the image for your story. Choose one from the drop down list and click "Check Image"';
    echo '<form method="post">';
    echo '<br />';
    echo '<select name="topstory" id="topstory" style="font-size: 14px;"';
 
    if ($handle = opendir('ts/'))
    { 
        while (false !== ($file = readdir($handle)))
        {
            if ($file == '.' || $file == '..')
            {
                continue;
            } 
 
            echo '<option value="' . $file . '"';
 
            if (isset($_POST['topstory']) && $_POST['topstory'] == $file)
            {
                echo ' selected';
            }
         
            echo '>' . $file . '</option>';
        }
    }
 
    echo '</select>';
 
    if(isset($_POST["check"]))
    {
        echo '<br /> <br /> <input type="submit" value="  Check image  " name="check" /> <br /><br />';
        echo '<font size="3">Topstory image<br /></font><img src="ts/' . $_POST["topstory"] . '" align="right />';
        echo '</center> <align="right"> <br /> <br /> <input type="submit" value="  Proceed (use image)  " name="proceed" /> <br />';
        echo '</form>';
    }
    else
    {
        echo '<br /> <br /> <input type="submit" value="  Check image  " name="check" /> <br />';
        echo "</form>";
    }
 
?>

This is the news2.php for

You must be registered for see links

. The fix was coded by

You must be registered for see links

and this news2.php is for Grapefruit ASE, so you need to edit certain things there. I have copy-pasted the full file as it seems I cannot find where the original 66th line content was. I asked Muffins to make one secured patch for it and if any PHP coder out there, feel free to inspect if this is not vulnerable.

Many thanks,
Vineen

It wouldn't be pretty vulnerable anyways, because you have to login to the ase to view the page..

 

[Gajeel]

It wouldn't be pretty vulnerable anyways, because you have to login to the ase to view the page..

Yes. However, why would

You must be registered for see links

say it is vulnerable at first if we all know we need to login on the All Seeing Eye panel to view the page? That's why I wanted someone to double check and if it is okay then feel free to use it either for GrapeASE or ZapASE.