[Development] HybridCMS- Secure, fast, lightweight. [R63+/OOP/PHP]

[DaLightz]

Register forms stored @ Application>Library>Classes>Class.Users.php
[just a snip of code.]

public function RegisterUser($username, $password, $email, $motto, $credits, $pixels, $rank, $figure, $gender)   
    {       
        // Note: I didn't add the Butterfly config yet. I'll change this after..
        global $MySQLi;                                   
            $SSO = 'HybridCMS-'.rand(9,999).'/'.substr(sha1(time()).'/'.rand(9,9999999).'/'.rand(9,9999999).'/'.rand(9,9999999),0,33);
            $MySQLi->query("INSERT INTO users (username, password, mail, motto, credits, activity_points, rank, look, gender, ip_last, ip_reg, account_created, last_online, auth_ticket) VALUES('" . $username . "', '" . $password . "', '" . $email . "', '" . $motto . "', '" . $credits . "', '" . $pixels . "', '" . $rank . "', '" . $figure . "', '" . $gender . "', '" . $_SERVER['REMOTE_ADDR'] . "', '" . $_SERVER['REMOTE_ADDR'] . "', '" . time() . "', '" . time() . "', '" . $SSO . "')");   
        unset($SSO);   
                     
    }

 

[Lionches]

Register forms stored @ Application>Library>Classes>Class.Users.php
[just a snip of code.]

public function RegisterUser($username, $password, $email, $motto, $credits, $pixels, $rank, $figure, $gender)
    {   
        // Note: I didn't add the Butterfly config yet. I'll change this after..
        global $MySQLi;                               
            $SSO = 'HybridCMS-'.rand(9,999).'/'.substr(sha1(time()).'/'.rand(9,9999999).'/'.rand(9,9999999).'/'.rand(9,9999999),0,33);
            $MySQLi->query("INSERT INTO users (username, password, mail, motto, credits, activity_points, rank, look, gender, ip_last, ip_reg, account_created, last_online, auth_ticket) VALUES('" . $username . "', '" . $password . "', '" . $email . "', '" . $motto . "', '" . $credits . "', '" . $pixels . "', '" . $rank . "', '" . $figure . "', '" . $gender . "', '" . $_SERVER['REMOTE_ADDR'] . "', '" . $_SERVER['REMOTE_ADDR'] . "', '" . time() . "', '" . time() . "', '" . $SSO . "')");
        unset($SSO);
                 
    }

That piece of code looks almost exactly like this...

final public function addUser($username, $password, $email, $motto, $credits, $pixels, $rank, $figure, $gender, $seckey) 
    {     
        global $engine;                                 
        $sessionKey = 'RevCMS-'.rand(9,999).'/'.substr(sha1(time()).'/'.rand(9,9999999).'/'.rand(9,9999999).'/'.rand(9,9999999),0,33);
        $engine->query("INSERT INTO users (username, password, mail, motto, credits, activity_points, rank, look, gender, seckey, ip_last, ip_reg, account_created, last_online, auth_ticket) VALUES('" . $username . "', '" . $password . "', '" . $email . "', '" . $motto . "', '" . $credits . "', '" . $pixels . "', '" . $rank . "', '" . $figure . "', '" . $gender . "', '" . $seckey . "', '" . $_SERVER['REMOTE_ADDR'] . "', '" . $_SERVER['REMOTE_ADDR'] . "', '" . time() . "', '" . time() . "', '" . $sessionKey . "')"); 
        unset($sessionKey); 
                   
    }

hmm...

 

[GarettM]

:'( Why must he do this to us WHY!

 

[DaLightz]

That piece of code looks almost exactly like this...

final public function addUser($username, $password, $email, $motto, $credits, $pixels, $rank, $figure, $gender, $seckey)
    {   
        global $engine;                               
        $sessionKey = 'RevCMS-'.rand(9,999).'/'.substr(sha1(time()).'/'.rand(9,9999999).'/'.rand(9,9999999).'/'.rand(9,9999999),0,33);
        $engine->query("INSERT INTO users (username, password, mail, motto, credits, activity_points, rank, look, gender, seckey, ip_last, ip_reg, account_created, last_online, auth_ticket) VALUES('" . $username . "', '" . $password . "', '" . $email . "', '" . $motto . "', '" . $credits . "', '" . $pixels . "', '" . $rank . "', '" . $figure . "', '" . $gender . "', '" . $seckey . "', '" . $_SERVER['REMOTE_ADDR'] . "', '" . $_SERVER['REMOTE_ADDR'] . "', '" . time() . "', '" . time() . "', '" . $sessionKey . "')");
        unset($sessionKey);
                 
    }

hmm...

:'( Why must he do this to us WHY!

You honestly think this is ripped from rev? Like garett said once.
A php script is like a formula. You will see lot's of similarities.

 

[GarettM]

hash("gost", "IM " . $password . "  BATMAN", FALSE);

We should encrypt Passwords This way

 

[Lionches]

You honestly think this is ripped from rev? Like garett said once.
A php script is like a formula. You will see lot's of similarities.

LOL, nice excuse. I would believe it, if the code wasn't as similar as it is now.

How come every single rand() is the same?

 

[DaLightz]

hash("gost", "IM " . $password . "  BATMAN", FALSE);

We should encrypt Passwords This way

Lol. I think I'm going to get that github up. Just so noone starts to say this is a rip. Because Weytin is already thinking it is. 

LOL, nice excuse. I would believe it, if the code wasn't as similar as it is now.

How come every single rand() is the same?

I took that rand from uber. Which is really not ripping anything..

 

[Lionches]

Lol. I think I'm going to get that github up. Just so noone starts to say this is a rip. Because Weytin is already thinking it is. 

I took that rand from uber. Which is really not ripping anything..

Just post that Github already, because i'm not believing shit right now.

 

[DaLightz]

Just created a git.
Can't upload cms atm, I'm going to my dad's.

You must be registered for see links

 

[GarettM]

public static function SetUser()
{ 
    global $database;
    $sso = 'IM' . $password . 'BATMAN';
    $database->prepare("INSERT INTO users (username, password, mail, credits, rank, look, gender) VALUES (?,?,?,?,?,?);");
   
    $username = (isset($_POST['username'])) ? $_POST['username'] : false;
    $password = (isset($_POST['password'])) ? $_POST['password'] : false;
    $email = (isset($_POST['email'])) ? $_POST['email'] : false;
    $look = (isset($_POST['look'])) ? $_POST['sex'] : '-';
    $gender = (isset($_POST['sex'])) ? $_POST['sex'] : false;
   
   
    if(!($username) || !($username) || !($username) || !($username)) {
        header("Location: register.php?error=blank_feilds");
    }
   
    $database->bind_param('sssiiss', $username, $password, $email, 500, 1, $look, $gender);
    $database->execute();
    $database->close();
   
   
}

Stop ur bitchen he can use this Also sorry i had a $database link to my database class

 

[Lionches]

public static function SetUser()
{
    global $database;
    $sso = 'IM' . $password . 'BATMAN';
    $database->prepare("INSERT INTO users (username, password, mail, credits, rank, look, gender) VALUES (?,?,?,?,?,?);");
 
    $username = (isset($_POST['username'])) ? $_POST['username'] : false;
    $password = (isset($_POST['password'])) ? $_POST['password'] : false;
    $email = (isset($_POST['email'])) ? $_POST['email'] : false;
    $look = (isset($_POST['look'])) ? $_POST['sex'] : '-';
    $gender = (isset($_POST['sex'])) ? $_POST['sex'] : false;
 
 
    if(!($username) || !($username) || !($username) || !($username)) {
        header("Location: register.php?error=blank_feilds");
    }
 
    $database->bind_param('sssiiss', $username, $password, $email, 500, 1, $look, $gender);
    $database->execute();
    $database->close();
 
 
}

Stop ur bitchen he can use this Also sorry i had a $database link to my database class

I think I just spotted about 5 SQL injection exploits in there.

 

[GarettM]

i codded that in 5 seconds stop ur bitching

 

[Lionches]

i codded that in 5 seconds stop ur bitching

I'm not bitching, dude. I'm just telling you that your code is not secure.

 

[DaLightz]

Going to rewrite some things now. 
Development has been restarted from scratch! I figured it's better to start fresh, from scratch rather then using Blowfis Framework.
Here is the current git:

You must be registered for see links

 
New stuff done. Scratch.

<?php
    /*================================================================+\
    || # HybridCMS- An advanced CMS for Habbo based private servers.  ||
    |+================================================================+|
    || # Copyright (C) 2012 CookieMonsta. All rights reserved.        ||
    || # http://www.devbest.com/user/CookieMonsta                    ||
    || # This was a scratch development. Love to devbest for support! ||
    |+================================================================+|
    || # HybirdCMS is provided "as is" and comes without              ||
    || # warrenty of any kind. HybridCMS is free software!            ||
    || # License: GNU Public License 3.0                              ||
    || # http://opensource.org/licenses/gpl-license.php              ||
    \+================================================================*/
   
        /*
        *
        *  HybridCMS- Index
        *
        */
       
        Define('HybridCMS_ROOT', 'Application/');
        Define('HybridCMS_HAND', 'Handlers/');
        Define('HybridCMS_LBRY', 'Library/');
        Define('HybridCMS_CLSS', 'Classes/');
       
            // Classes.
                Require_once HybridCMS_ROOT . HybridCMS_LBRY . HybridCMS_CLSS . 'Class.Template.php';
       
                // Handlers.
                    Require_once HybridCMS_ROOT . HybridCMS_LBRY . HybridCMS_HAND . 'Handler.Pages.php';
       
       
       
       
       
?>

<?php
    /*================================================================+\
    || # HybridCMS- An advanced CMS for Habbo based private servers.  ||
    |+================================================================+|
    || # Copyright (C) 2012 CookieMonsta. All rights reserved.        ||
    || # http://www.devbest.com/user/CookieMonsta                    ||
    || # This was a scratch development. Love to devbest for support! ||
    |+================================================================+|
    || # HybirdCMS is provided "as is" and comes without              ||
    || # warrenty of any kind. HybridCMS is free software!            ||
    || # License: GNU Public License 3.0                              ||
    || # http://opensource.org/licenses/gpl-license.php              ||
    \+================================================================*/
   
        /*
        *
        *  HybridCMS- Template Class
        *
        */
       
        // Template path... (Skin changing is disabled by default, you could add this in a config for skin changing)
            $path = 'Application/Template/';
                // Default page.
                $page['default'] = 'index';
            // Error page.
            $default_404_page = '404';
                // No input= index.
                if(empty($_GET['page'])) {
   
                    $page = $default_page;
   
            }else{
 
                    $page = (preg_match('/[^a-zA-Z0-9\ _-]/', $_GET['page']) || !file_exists($path . $_GET['page'] . '.php') ? $default_404_page : $_GET['page']);
   
            }
                    require_once $path . $page . '.php';
?>

<?php
    /*================================================================+\
    || # HybridCMS- An advanced CMS for Habbo based private servers.  ||
    |+================================================================+|
    || # Copyright (C) 2012 CookieMonsta. All rights reserved.        ||
    || # http://www.devbest.com/user/CookieMonsta                    ||
    || # This was a scratch development. Love to devbest for support! ||
    |+================================================================+|
    || # HybirdCMS is provided "as is" and comes without              ||
    || # warrenty of any kind. HybridCMS is free software!            ||
    || # License: GNU Public License 3.0                              ||
    || # http://opensource.org/licenses/gpl-license.php              ||
    \+================================================================*/
   
        /*
        *
        *  HybridCMS- Template Class
        *
        */
       
        class HybridCMS_Template
        {
       
            public $Tpl;
                   
            function GetContent($filepath)
                {
                    $this->template = file_get_contents($filepath);
                }
                    function SetParam($var, $content)
                    {
                        $this->template = str_replace('{'.$var.'}', $content, $this->template);
                    }
                    function Publish()
                    {
                        eval("?>".$this->template."<?");
                    }
        }
                    $Tpl = new HybridCMS_Template;
                // Load template page(s)
                    $Tpl->GetContent("Application/Template/".$_GET['page'].".php");
                    if (isset($_SESSION['user']['id']))
                        {
                            $Tpl->SetParam('credits', 'notdone');
                            $Tpl->SetParam('pixels', 'notdone');
                        }
                            $Tpl->SetParam('hotelname', 'notdone');
                        $Tpl->Publish();
?>

 

[Sway]

You bullshitted us when it came to a finished release of all of your previous developments. I honestly can't wait to see how this one turns out. Good luck.

 

[DaLightz]

You bullshitted us when it came to a finished release of all of your previous developments. I honestly can't wait to see how this one turns out. Good luck.

Oh.
CookieMS -> Released but broken.
WambaPHP -> Released as a developer preview, later on continued by Weytin.

Yeah. I never finished anything.

 

[Lionches]

So glad you posted that Github repo, you did good. But, you didn't have to start over, the CMS was really starting to look good.

Let me know if you need any code.

 

[DaLightz]

So glad you posted that Github repo, you did good. But, you didn't have to start over, the CMS was really starting to look good.

Let me know if you need any code.

I started it over because it seemed like things were getting hot. Once again. Atleast this time, people can keep up with what I do. On the Gity.

 

[Adrian]

Nice and goodluck?

 

[DaLightz]

Nice and goodluck?

Thanks.
-

HybridCMS Official Beta- 1.0.3​

- By CookieMonsta​

​

Well, after friday I decided to stop being such a boob over the Habbo theme, and add in skin changing options.
So, I have to say I am quite satisfied with the template system so far..

New Template Features-

• Auto- load css and other assets.

Ever wanted to just upload your skin without having to worry about fixing up all the CSS links and such? Well now, with HybridCMS, you can just place your css in your skins css folder, and the php within the template system will auto load all of the css files within that folder. And yet still with fast load time.

• Widgets.

Now, make all of your pages neater, with filtering out all of the bull shit! With widgets! Now, with HybridCMS, you can have something - for example, like the news plugin. You can store that news plugin in the widgets folder, and on the actual template document, call the news back to it's place by adding in: "{$widget- >news}".

That's about it, folks.
 

HybridCMS Update​

Featured updates-

• @garrettjoey added to the team.
• Template system. Done.
• Installer. Finished.

Code snippet-

function templateSearch()
    {
        $skinDirectory = scandir('Application/Temaplates/'.$_CONFIG['Hotel']['Skin'].'/');
 
        foreach ($skinDirectory as $file)

@garrettjoey (tag) 
The first official template for HybridCMS.