Menu
Forums
All threads
Latest threads
New posts
Trending threads
New posts
Search forums
Trending
What's new
New posts
New profile posts
Latest activity
Members
Current visitors
New profile posts
Search profile posts
Upgrades
Log in
Register
What's new
Search
Search
Search titles only
By:
All threads
Latest threads
New posts
Trending threads
New posts
Search forums
Menu
Log in
Register
Navigation
Install the app
Install
More options
Contact us
Close Menu
Forums
Server Development
Habbo Retros
Habbo Releases
CMS Releases
[CMS][Tutorial] How to Fix the post News
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Reply to thread
Message
<blockquote data-quote="Gajeel" data-source="post: 93544" data-attributes="member: 7688"><p>[CODE] <link rel="stylesheet" href="{url}/app/tpl/skins/{skin}/hk/styles/global.css" type="text/css"></p><p><div id="main"></p><p> <div id="links"></div></p><p> <div id="header"><img src="{url}/app/tpl/skins/{skin}/images/logo.png" align=right style="margin-right: 480px; margin-top: 5px;"></p><p> <div id="logo"></p><p> <div id="logo_text"></p><p> <!-- class="logo_colour", allows you to change the color of the logo text --></p><p> <h1>{hotelname} Housekeeping -- Welcome {username}</h1></p><p> </div></p><p> </div></p><p> </div></p><p> <div id="site_content"></p><p> <div id="sidebar_container"></p><p> <!-- insert your sidebar items here --></p><p> <div class="sidebar"></p><p> <div class="sidebar_top"></div></p><p> <div class="sidebar_item"></p><p> <br /></p><p> [ <a href='dash'>Return to Dashboard</a> ] [ <a href='logout'>Log out</a> ]<br /> <br /></p><p> <p></p><p> <?php if(mysql_result(mysql_query("SELECT rank FROM users WHERE id = '" . $_SESSION['user']['id'] . "'"), 0) >= 5)</p><p> { ?></p><p> Player Management <br /> <img src='../app/tpl/skins/<?php echo $_CONFIG['template']['style']; ?>/hk/images/line.png'> <br /></p><p> </p><p> &raquo; <a href='vip'>Give a user Regular VIP</a> <br /></p><p> &raquo; <a href='svip'>Give a user Super VIP</a> <br /></p><p> &raquo; <a href='edit'>Edit a users account</a> <br /></p><p> <br /></p><p> Administration <br /> <img src='../app/tpl/skins/<?php echo $_CONFIG['template']['style']; ?>/hk/images/line.png'> <br /></p><p> &raquo; <a href='news'>Post news article</a><br /></p><p> &raquo; <a href='delnews'>Delete a news article (By ID)</a><br /></p><p> &raquo; <a href='cmdlogs'>Command logs</a><br />&raquo; <a href='motd'>Change welcome message</a><br />&raquo; <a href='empty'>Empty a table</a><br />&raquo; <a href='timer'>Change the Credits & Pixels timer</a><br /></p><p> <br /></p><p> <?php } if(mysql_result(mysql_query("SELECT rank FROM users WHERE id = '" . $_SESSION['user']['id'] . "'"), 0) >= 5) { ?></p><p> Moderation <br /> <img src='../app/tpl/skins/<?php echo $_CONFIG['template']['style']; ?>/hk/images/line.png'> <br /></p><p> &raquo; <a href='banlist'>Ban List</a> <br /></p><p> &raquo; <a href='ip'>IP lookup</a> <br /></p><p> <br /></p><p> Badges <br /> <img src='../app/tpl/skins/<?php echo $_CONFIG['template']['style']; ?>/hk/images/line.png'> <br /></p><p> &raquo; <a href='listbadge'>List badges</a><br />&raquo; <a href='addbadge'>Add a badge</a><br />&raquo; <a href='delbadge'>Delete a badge</a><br /></p><p> <?php } ?></p><p> <br /></p><p> Statistics<br /></p><p> <img src='../app/tpl/skins/<?php echo $_CONFIG['template']['style']; ?>/hk/images/line.png'> <br /></p><p> Server Status:</p><p> {status} <br /></p><p> {online} user(s) online <br /></p><p> </p><p> </p></p><p> </div></p><p> <div class="sidebar_base"></div></p><p> </div></p><p> </div></p><p> <div id="content_container"></p><p> </p><p> <div id="content"></p><p> <!-- insert the page content here --></p><p> <br /> </p><p><?php</p><p>if(!isset($_SESSION["longstory"]))</p><p>{</p><p> header("Location: ".$_CONFIG['hotel']['url']."/ase/news");</p><p> exit;</p><p>}</p><p> </p><p>if(isset($_POST["proceed"]))</p><p>{</p><p>$topstory = mysql_real_escape_string($_POST["topstory"]);</p><p> $author = mysql_result(mysql_query("SELECT username FROM users WHERE id = '".$_SESSION['user']['id']."' LIMIT 1"), 0);</p><p> mysql_query("INSERT INTO cms_news (title,shortstory,longstory,published,image,author, campaign, campaignimg) VALUES ('" . $_SESSION["title"] . "', '" . $_SESSION["shortstory"] . "', '" . $_SESSION["longstory"] . "', '" . time() . "', '" . $topstory . "', '" . $author . "', 0, 'default')") or die(mysql_error());</p><p> unset($_SESSION["title"], $_SESSION["shortstory"], $_SESSION["longstory"]);</p><p> header("Location: ".$_CONFIG['hotel']['url']."/ase/");</p><p> exit;</p><p>}</p><p> echo '<center><b>You are writing news article <u>'.$_SESSION["title"].'.</u><br />';</p><p> echo 'It\'s time to choose the image for your story. Choose one from the drop down list and click "Check Image"';</p><p> echo '<form method="post">';</p><p> echo '<br />';</p><p> echo '<select name="topstory" id="topstory" style="font-size: 14px;"';</p><p> </p><p> if ($handle = opendir('ts/'))</p><p> { </p><p> while (false !== ($file = readdir($handle)))</p><p> {</p><p> if ($file == '.' || $file == '..')</p><p> {</p><p> continue;</p><p> } </p><p> </p><p> echo '<option value="' . $file . '"';</p><p> </p><p> if (isset($_POST['topstory']) && $_POST['topstory'] == $file)</p><p> {</p><p> echo ' selected';</p><p> }</p><p> </p><p> echo '>' . $file . '</option>';</p><p> }</p><p> }</p><p> </p><p> echo '</select>';</p><p> </p><p> if(isset($_POST["check"]))</p><p> {</p><p> echo '<br /> <br /> <input type="submit" value=" Check image " name="check" /> <br /><br />';</p><p> echo '<font size="3">Topstory image<br /></font><img src="ts/' . $_POST["topstory"] . '" align="right />';</p><p> echo '</center> <align="right"> <br /> <br /> <input type="submit" value=" Proceed (use image) " name="proceed" /> <br />';</p><p> echo '</form>';</p><p> }</p><p> else</p><p> {</p><p> echo '<br /> <br /> <input type="submit" value=" Check image " name="check" /> <br />';</p><p> echo "</form>";</p><p> }</p><p> </p><p>?>[/CODE]</p><p> </p><p>This is the <strong>news2.php</strong> for <a href="http://habprohotel.co.uk" target="_blank">http://habprohotel.co.uk</a>. The fix was coded by <a href="http://devbest.com/members/muffins.14117/" target="_blank">Muffins</a> and this news2.php is for Grapefruit ASE, so you need to edit certain things there. I have copy-pasted the full file as it seems I cannot find where the original 66th line content was. I asked Muffins to make one secured patch for it and if any <strong>PHP coder</strong> out there, feel free to inspect if this is not vulnerable.</p><p> </p><p>Many thanks,</p><p>Vineen</p></blockquote><p></p>
[QUOTE="Gajeel, post: 93544, member: 7688"] [CODE] <link rel="stylesheet" href="{url}/app/tpl/skins/{skin}/hk/styles/global.css" type="text/css"> <div id="main"> <div id="links"></div> <div id="header"><img src="{url}/app/tpl/skins/{skin}/images/logo.png" align=right style="margin-right: 480px; margin-top: 5px;"> <div id="logo"> <div id="logo_text"> <!-- class="logo_colour", allows you to change the color of the logo text --> <h1>{hotelname} Housekeeping -- Welcome {username}</h1> </div> </div> </div> <div id="site_content"> <div id="sidebar_container"> <!-- insert your sidebar items here --> <div class="sidebar"> <div class="sidebar_top"></div> <div class="sidebar_item"> <br /> [ <a href='dash'>Return to Dashboard</a> ] [ <a href='logout'>Log out</a> ]<br /> <br /> <p> <?php if(mysql_result(mysql_query("SELECT rank FROM users WHERE id = '" . $_SESSION['user']['id'] . "'"), 0) >= 5) { ?> Player Management <br /> <img src='../app/tpl/skins/<?php echo $_CONFIG['template']['style']; ?>/hk/images/line.png'> <br /> » <a href='vip'>Give a user Regular VIP</a> <br /> » <a href='svip'>Give a user Super VIP</a> <br /> » <a href='edit'>Edit a users account</a> <br /> <br /> Administration <br /> <img src='../app/tpl/skins/<?php echo $_CONFIG['template']['style']; ?>/hk/images/line.png'> <br /> » <a href='news'>Post news article</a><br /> » <a href='delnews'>Delete a news article (By ID)</a><br /> » <a href='cmdlogs'>Command logs</a><br />» <a href='motd'>Change welcome message</a><br />» <a href='empty'>Empty a table</a><br />» <a href='timer'>Change the Credits & Pixels timer</a><br /> <br /> <?php } if(mysql_result(mysql_query("SELECT rank FROM users WHERE id = '" . $_SESSION['user']['id'] . "'"), 0) >= 5) { ?> Moderation <br /> <img src='../app/tpl/skins/<?php echo $_CONFIG['template']['style']; ?>/hk/images/line.png'> <br /> » <a href='banlist'>Ban List</a> <br /> » <a href='ip'>IP lookup</a> <br /> <br /> Badges <br /> <img src='../app/tpl/skins/<?php echo $_CONFIG['template']['style']; ?>/hk/images/line.png'> <br /> » <a href='listbadge'>List badges</a><br />» <a href='addbadge'>Add a badge</a><br />» <a href='delbadge'>Delete a badge</a><br /> <?php } ?> <br /> Statistics<br /> <img src='../app/tpl/skins/<?php echo $_CONFIG['template']['style']; ?>/hk/images/line.png'> <br /> Server Status: {status} <br /> {online} user(s) online <br /> </p> </div> <div class="sidebar_base"></div> </div> </div> <div id="content_container"> <div id="content"> <!-- insert the page content here --> <br /> <?php if(!isset($_SESSION["longstory"])) { header("Location: ".$_CONFIG['hotel']['url']."/ase/news"); exit; } if(isset($_POST["proceed"])) { $topstory = mysql_real_escape_string($_POST["topstory"]); $author = mysql_result(mysql_query("SELECT username FROM users WHERE id = '".$_SESSION['user']['id']."' LIMIT 1"), 0); mysql_query("INSERT INTO cms_news (title,shortstory,longstory,published,image,author, campaign, campaignimg) VALUES ('" . $_SESSION["title"] . "', '" . $_SESSION["shortstory"] . "', '" . $_SESSION["longstory"] . "', '" . time() . "', '" . $topstory . "', '" . $author . "', 0, 'default')") or die(mysql_error()); unset($_SESSION["title"], $_SESSION["shortstory"], $_SESSION["longstory"]); header("Location: ".$_CONFIG['hotel']['url']."/ase/"); exit; } echo '<center><b>You are writing news article <u>'.$_SESSION["title"].'.</u><br />'; echo 'It\'s time to choose the image for your story. Choose one from the drop down list and click "Check Image"'; echo '<form method="post">'; echo '<br />'; echo '<select name="topstory" id="topstory" style="font-size: 14px;"'; if ($handle = opendir('ts/')) { while (false !== ($file = readdir($handle))) { if ($file == '.' || $file == '..') { continue; } echo '<option value="' . $file . '"'; if (isset($_POST['topstory']) && $_POST['topstory'] == $file) { echo ' selected'; } echo '>' . $file . '</option>'; } } echo '</select>'; if(isset($_POST["check"])) { echo '<br /> <br /> <input type="submit" value=" Check image " name="check" /> <br /><br />'; echo '<font size="3">Topstory image<br /></font><img src="ts/' . $_POST["topstory"] . '" align="right />'; echo '</center> <align="right"> <br /> <br /> <input type="submit" value=" Proceed (use image) " name="proceed" /> <br />'; echo '</form>'; } else { echo '<br /> <br /> <input type="submit" value=" Check image " name="check" /> <br />'; echo "</form>"; } ?>[/CODE] This is the [B]news2.php[/B] for [url]http://habprohotel.co.uk[/url]. The fix was coded by [URL='http://devbest.com/members/muffins.14117/']Muffins[/URL] and this news2.php is for Grapefruit ASE, so you need to edit certain things there. I have copy-pasted the full file as it seems I cannot find where the original 66th line content was. I asked Muffins to make one secured patch for it and if any [B]PHP coder[/B] out there, feel free to inspect if this is not vulnerable. Many thanks, Vineen [/QUOTE]
Insert quotes…
Verification
Post reply
Forums
Server Development
Habbo Retros
Habbo Releases
CMS Releases
[CMS][Tutorial] How to Fix the post News
Top