[Development] HybridCMS- Secure, fast, lightweight. [R63+/OOP/PHP]

Status
Not open for further replies.

DaLightz

See ya'll in the afterlife.
May 19, 2012
1,136
262
Register forms stored @ Application>Library>Classes>Class.Users.php
[just a snip of code.]
PHP:
public function RegisterUser($username, $password, $email, $motto, $credits, $pixels, $rank, $figure, $gender)   
    {       
        // Note: I didn't add the Butterfly config yet. I'll change this after..
        global $MySQLi;                                   
            $SSO = 'HybridCMS-'.rand(9,999).'/'.substr(sha1(time()).'/'.rand(9,9999999).'/'.rand(9,9999999).'/'.rand(9,9999999),0,33);
            $MySQLi->query("INSERT INTO users (username, password, mail, motto, credits, activity_points, rank, look, gender, ip_last, ip_reg, account_created, last_online, auth_ticket) VALUES('" . $username . "', '" . $password . "', '" . $email . "', '" . $motto . "', '" . $credits . "', '" . $pixels . "', '" . $rank . "', '" . $figure . "', '" . $gender . "', '" . $_SERVER['REMOTE_ADDR'] . "', '" . $_SERVER['REMOTE_ADDR'] . "', '" . time() . "', '" . time() . "', '" . $SSO . "')");   
        unset($SSO);   
                     
    }
 
Jan 17, 2012
649
166
Register forms stored @ Application>Library>Classes>Class.Users.php
[just a snip of code.]
PHP:
public function RegisterUser($username, $password, $email, $motto, $credits, $pixels, $rank, $figure, $gender)
    {   
        // Note: I didn't add the Butterfly config yet. I'll change this after..
        global $MySQLi;                               
            $SSO = 'HybridCMS-'.rand(9,999).'/'.substr(sha1(time()).'/'.rand(9,9999999).'/'.rand(9,9999999).'/'.rand(9,9999999),0,33);
            $MySQLi->query("INSERT INTO users (username, password, mail, motto, credits, activity_points, rank, look, gender, ip_last, ip_reg, account_created, last_online, auth_ticket) VALUES('" . $username . "', '" . $password . "', '" . $email . "', '" . $motto . "', '" . $credits . "', '" . $pixels . "', '" . $rank . "', '" . $figure . "', '" . $gender . "', '" . $_SERVER['REMOTE_ADDR'] . "', '" . $_SERVER['REMOTE_ADDR'] . "', '" . time() . "', '" . time() . "', '" . $SSO . "')");
        unset($SSO);
                 
    }
That piece of code looks almost exactly like this...
PHP:
final public function addUser($username, $password, $email, $motto, $credits, $pixels, $rank, $figure, $gender, $seckey) 
    {     
        global $engine;                                 
        $sessionKey = 'RevCMS-'.rand(9,999).'/'.substr(sha1(time()).'/'.rand(9,9999999).'/'.rand(9,9999999).'/'.rand(9,9999999),0,33);
        $engine->query("INSERT INTO users (username, password, mail, motto, credits, activity_points, rank, look, gender, seckey, ip_last, ip_reg, account_created, last_online, auth_ticket) VALUES('" . $username . "', '" . $password . "', '" . $email . "', '" . $motto . "', '" . $credits . "', '" . $pixels . "', '" . $rank . "', '" . $figure . "', '" . $gender . "', '" . $seckey . "', '" . $_SERVER['REMOTE_ADDR'] . "', '" . $_SERVER['REMOTE_ADDR'] . "', '" . time() . "', '" . time() . "', '" . $sessionKey . "')"); 
        unset($sessionKey); 
                   
    }
hmm...
 

DaLightz

See ya'll in the afterlife.
May 19, 2012
1,136
262
That piece of code looks almost exactly like this...
PHP:
final public function addUser($username, $password, $email, $motto, $credits, $pixels, $rank, $figure, $gender, $seckey)
    {   
        global $engine;                               
        $sessionKey = 'RevCMS-'.rand(9,999).'/'.substr(sha1(time()).'/'.rand(9,9999999).'/'.rand(9,9999999).'/'.rand(9,9999999),0,33);
        $engine->query("INSERT INTO users (username, password, mail, motto, credits, activity_points, rank, look, gender, seckey, ip_last, ip_reg, account_created, last_online, auth_ticket) VALUES('" . $username . "', '" . $password . "', '" . $email . "', '" . $motto . "', '" . $credits . "', '" . $pixels . "', '" . $rank . "', '" . $figure . "', '" . $gender . "', '" . $seckey . "', '" . $_SERVER['REMOTE_ADDR'] . "', '" . $_SERVER['REMOTE_ADDR'] . "', '" . time() . "', '" . time() . "', '" . $sessionKey . "')");
        unset($sessionKey);
                 
    }
hmm...
:'( Why must he do this to us WHY!
You honestly think this is ripped from rev? Like garett said once.
A php script is like a formula. You will see lot's of similarities.
 

GarettM

Posting Freak
Aug 5, 2010
833
136
PHP:
hash("gost", "IM " . $password . "  BATMAN", FALSE);
We should encrypt Passwords This way ;)
 
Jan 17, 2012
649
166
You honestly think this is ripped from rev? Like garett said once.
A php script is like a formula. You will see lot's of similarities.
LOL, nice excuse. I would believe it, if the code wasn't as similar as it is now.

How come every single rand() is the same?
 

DaLightz

See ya'll in the afterlife.
May 19, 2012
1,136
262
PHP:
hash("gost", "IM " . $password . "  BATMAN", FALSE);
We should encrypt Passwords This way ;)
Lol. I think I'm going to get that github up. Just so noone starts to say this is a rip. Because Weytin is already thinking it is. 
LOL, nice excuse. I would believe it, if the code wasn't as similar as it is now.

How come every single rand() is the same?
I took that rand from uber. Which is really not ripping anything..
 

DaLightz

See ya'll in the afterlife.
May 19, 2012
1,136
262
Just created a git.
Can't upload cms atm, I'm going to my dad's.
 

GarettM

Posting Freak
Aug 5, 2010
833
136
PHP:
public static function SetUser()
{ 
    global $database;
    $sso = 'IM' . $password . 'BATMAN';
    $database->prepare("INSERT INTO users (username, password, mail, credits, rank, look, gender) VALUES (?,?,?,?,?,?);");
   
    $username = (isset($_POST['username'])) ? $_POST['username'] : false;
    $password = (isset($_POST['password'])) ? $_POST['password'] : false;
    $email = (isset($_POST['email'])) ? $_POST['email'] : false;
    $look = (isset($_POST['look'])) ? $_POST['sex'] : '-';
    $gender = (isset($_POST['sex'])) ? $_POST['sex'] : false;
   
   
    if(!($username) || !($username) || !($username) || !($username)) {
        header("Location: register.php?error=blank_feilds");
    }
   
    $database->bind_param('sssiiss', $username, $password, $email, 500, 1, $look, $gender);
    $database->execute();
    $database->close();
   
   
}
Stop ur bitchen he can use this Also sorry i had a $database link to my database class
 
Jan 17, 2012
649
166
PHP:
public static function SetUser()
{
    global $database;
    $sso = 'IM' . $password . 'BATMAN';
    $database->prepare("INSERT INTO users (username, password, mail, credits, rank, look, gender) VALUES (?,?,?,?,?,?);");
 
    $username = (isset($_POST['username'])) ? $_POST['username'] : false;
    $password = (isset($_POST['password'])) ? $_POST['password'] : false;
    $email = (isset($_POST['email'])) ? $_POST['email'] : false;
    $look = (isset($_POST['look'])) ? $_POST['sex'] : '-';
    $gender = (isset($_POST['sex'])) ? $_POST['sex'] : false;
 
 
    if(!($username) || !($username) || !($username) || !($username)) {
        header("Location: register.php?error=blank_feilds");
    }
 
    $database->bind_param('sssiiss', $username, $password, $email, 500, 1, $look, $gender);
    $database->execute();
    $database->close();
 
 
}
Stop ur bitchen he can use this Also sorry i had a $database link to my database class
I think I just spotted about 5 SQL injection exploits in there.
 
Jan 17, 2012
649
166
i codded that in 5 seconds stop ur bitching
I'm not bitching, dude. I'm just telling you that your code is not secure.

images
 

DaLightz

See ya'll in the afterlife.
May 19, 2012
1,136
262
Going to rewrite some things now. 
Development has been restarted from scratch! I figured it's better to start fresh, from scratch rather then using Blowfis Framework.
Here is the current git:  
New stuff done. Scratch.
PHP:
<?php
    /*================================================================+\
    || # HybridCMS- An advanced CMS for Habbo based private servers.  ||
    |+================================================================+|
    || # Copyright (C) 2012 CookieMonsta. All rights reserved.        ||
    || # http://www.devbest.com/user/CookieMonsta                    ||
    || # This was a scratch development. Love to devbest for support! ||
    |+================================================================+|
    || # HybirdCMS is provided "as is" and comes without              ||
    || # warrenty of any kind. HybridCMS is free software!            ||
    || # License: GNU Public License 3.0                              ||
    || # http://opensource.org/licenses/gpl-license.php              ||
    \+================================================================*/
   
        /*
        *
        *  HybridCMS- Index
        *
        */
       
        Define('HybridCMS_ROOT', 'Application/');
        Define('HybridCMS_HAND', 'Handlers/');
        Define('HybridCMS_LBRY', 'Library/');
        Define('HybridCMS_CLSS', 'Classes/');
       
            // Classes.
                Require_once HybridCMS_ROOT . HybridCMS_LBRY . HybridCMS_CLSS . 'Class.Template.php';
       
                // Handlers.
                    Require_once HybridCMS_ROOT . HybridCMS_LBRY . HybridCMS_HAND . 'Handler.Pages.php';
       
       
       
       
       
?>
PHP:
<?php
    /*================================================================+\
    || # HybridCMS- An advanced CMS for Habbo based private servers.  ||
    |+================================================================+|
    || # Copyright (C) 2012 CookieMonsta. All rights reserved.        ||
    || # http://www.devbest.com/user/CookieMonsta                    ||
    || # This was a scratch development. Love to devbest for support! ||
    |+================================================================+|
    || # HybirdCMS is provided "as is" and comes without              ||
    || # warrenty of any kind. HybridCMS is free software!            ||
    || # License: GNU Public License 3.0                              ||
    || # http://opensource.org/licenses/gpl-license.php              ||
    \+================================================================*/
   
        /*
        *
        *  HybridCMS- Template Class
        *
        */
       
        // Template path... (Skin changing is disabled by default, you could add this in a config for skin changing)
            $path = 'Application/Template/';
                // Default page.
                $page['default'] = 'index';
            // Error page.
            $default_404_page = '404';
                // No input= index.
                if(empty($_GET['page'])) {
   
                    $page = $default_page;
   
            }else{
 
                    $page = (preg_match('/[^a-zA-Z0-9\ _-]/', $_GET['page']) || !file_exists($path . $_GET['page'] . '.php') ? $default_404_page : $_GET['page']);
   
            }
                    require_once $path . $page . '.php';
?>
PHP:
<?php
    /*================================================================+\
    || # HybridCMS- An advanced CMS for Habbo based private servers.  ||
    |+================================================================+|
    || # Copyright (C) 2012 CookieMonsta. All rights reserved.        ||
    || # http://www.devbest.com/user/CookieMonsta                    ||
    || # This was a scratch development. Love to devbest for support! ||
    |+================================================================+|
    || # HybirdCMS is provided "as is" and comes without              ||
    || # warrenty of any kind. HybridCMS is free software!            ||
    || # License: GNU Public License 3.0                              ||
    || # http://opensource.org/licenses/gpl-license.php              ||
    \+================================================================*/
   
        /*
        *
        *  HybridCMS- Template Class
        *
        */
       
        class HybridCMS_Template
        {
       
            public $Tpl;
                   
            function GetContent($filepath)
                {
                    $this->template = file_get_contents($filepath);
                }
                    function SetParam($var, $content)
                    {
                        $this->template = str_replace('{'.$var.'}', $content, $this->template);
                    }
                    function Publish()
                    {
                        eval("?>".$this->template."<?");
                    }
        }
                    $Tpl = new HybridCMS_Template;
                // Load template page(s)
                    $Tpl->GetContent("Application/Template/".$_GET['page'].".php");
                    if (isset($_SESSION['user']['id']))
                        {
                            $Tpl->SetParam('credits', 'notdone');
                            $Tpl->SetParam('pixels', 'notdone');
                        }
                            $Tpl->SetParam('hotelname', 'notdone');
                        $Tpl->Publish();
?>
 

Sway

Ruby and Python are married.
Dec 19, 2010
194
76
You bullshitted us when it came to a finished release of all of your previous developments. I honestly can't wait to see how this one turns out. Good luck.
 

DaLightz

See ya'll in the afterlife.
May 19, 2012
1,136
262
You bullshitted us when it came to a finished release of all of your previous developments. I honestly can't wait to see how this one turns out. Good luck.
Oh.
CookieMS -> Released but broken.
WambaPHP -> Released as a developer preview, later on continued by Weytin.

Yeah. I never finished anything.
 
Jan 17, 2012
649
166
So glad you posted that Github repo, you did good. But, you didn't have to start over, the CMS was really starting to look good.

Let me know if you need any code.
 

DaLightz

See ya'll in the afterlife.
May 19, 2012
1,136
262
So glad you posted that Github repo, you did good. But, you didn't have to start over, the CMS was really starting to look good.

Let me know if you need any code.
I started it over because it seemed like things were getting hot. Once again. Atleast this time, people can keep up with what I do. On the Gity.
 

DaLightz

See ya'll in the afterlife.
May 19, 2012
1,136
262
Nice and goodluck? :p
Thanks.
-

HybridCMS Official Beta- 1.0.3
- By CookieMonsta
Well, after friday I decided to stop being such a boob over the Habbo theme, and add in skin changing options.
So, I have to say I am quite satisfied with the template system so far..

New Template Features-
  • Auto- load css and other assets.
Ever wanted to just upload your skin without having to worry about fixing up all the CSS links and such? Well now, with HybridCMS, you can just place your css in your skins css folder, and the php within the template system will auto load all of the css files within that folder. And yet still with fast load time.
  • Widgets.
Now, make all of your pages neater, with filtering out all of the bull shit! With widgets! Now, with HybridCMS, you can have something - for example, like the news plugin. You can store that news plugin in the widgets folder, and on the actual template document, call the news back to it's place by adding in: "{$widget- >news}".

That's about it, folks.
 

HybridCMS Update


Featured updates-
  • @garrettjoey added to the team.
  • Template system. Done.
  • Installer. Finished.
Code snippet-
PHP:
function templateSearch()
    {
        $skinDirectory = scandir('Application/Temaplates/'.$_CONFIG['Hotel']['Skin'].'/');
 
        foreach ($skinDirectory as $file)
@garrettjoey (tag) 
The first official template for HybridCMS.
25b1f570d34f41daa5f0d22.png
 
Status
Not open for further replies.

Users who are viewing this thread

Top