Is this exploitable?

Kristopher

Kristopher

Photographer
Dec 25, 2010
802
66
PHP: 
<!DOCTYPE html>
<html lang="en">
    <head>
        <meta http-equiv="content-type" content="text/html; charset=utf-8">
        <title>{hotelName} - News</title>
        <div id="fb-root"></div>
<script>(function(d, s, id) {
var js, fjs = d.getElementsByTagName(s)[0];
if (d.getElementById(id)) return;
js = d.createElement(s); js.id = id;
js.src = "//connect.facebook.net/en_US/all.js#xfbml=1&appId=138881106159184";
fjs.parentNode.insertBefore(js, fjs);
}(document, 'script', 'facebook-jssdk'));</script>
        <link rel="stylesheet" href="{url}/app/tpl/skins/Habbo/styles/common.css" type="text/css">
        <script type="text/javascript" src="{url}/app/tpl/skins/Habbo/js/libs2.js"></script>
        <script type="text/javascript" src="{url}/app/tpl/skins/Habbo/js/visual.js"></script>
        <script type="text/javascript" src="{url}/app/tpl/skins/Habbo/js/libs.js"></script>
        <script type="text/javascript" src="{url}/app/tpl/skins/Habbo/js/common.js"></script>
        <script type="text/javascript" src="{url}/app/tpl/skins/Habbo/js/fullcontent.js"></script>
     
        <script type="text/javascript">
            document.habboLoggedIn = true;
            var habboName = "{username}";
            var habboId = "{userid}";
            var habboReqPath = "";
            var habboStaticFilePath = "{url}/app/tpl/skins/Habbo";
            var habboImagerUrl = "http://www.habbo.com/habbo-imaging/";
            var habboPartner = "";
            var habboDefaultClientPopupUrl = "{url}/client";
            window.name = "habboMain";
            if (typeof HabboClient != "undefined") {
                HabboClient.windowName = "eac955c8dbc88172421193892a3e98fc7402021a";
                HabboClient.maximizeWindow = true;
            }
        </script>
     
        <!--[if IE 8]>
            <link rel="stylesheet" href="{url}/app/tpl/skins/Habbo/styles/ie8.css" type="text/css">
        <![endif]-->
        <!--[if lt IE 8]>
            <link rel="stylesheet" href="{url}/app/tpl/skins/Habbo/styles/ie.css" type="text/css" />
        <![endif]-->
        <!--[if lt IE 7]>
            <link rel="stylesheet" href="{url}/app/tpl/skins/Habbo/styles/ie6.css" type="text/css" />
            <script type="text/javascript" src="{url}/app/tpl/skins/Habbo/js/pngfix.js"></script>
            <script type="text/javascript">
                try { document.execCommand('BackgroundImageCache', false, true); } catch(e) {}
            </script>
            <style type="text/css">
                body { behavior: url({url}/app/tpl/skins/Habbo/js/csshover.htc); }
            </style>
        <![endif]-->
    </head>
 
    <body id="news">
 
        <div id="overlay"></div>
        <div id="header-container">
            <div id="header" class="clearfix">
                <h1><a href="{url}/"></a></h1>
                <div id="subnavi">
                    <div id="subnavi-user">
                       
                    </div>
                    <div id="subnavi-search">
                        <div id="subnavi-search-upper">
                            <ul id="subnavi-search-links">
                                <li><a href="{url}/logout" style="color:#000">Sign Out</a></li>
                                <li><a href="{url}/privacy" style="color:#000">Privacy</a></li>
                            </ul>
                        </div>
                    </div>
                    <div id="to-hotel">
                        <a href="{url}/api.php" class="new-button green-button" target="eac955c8dbc88172421193892a3e98fc7402021a" onclick="HabboClient.openOrFocus(this); return false;"><b>Enter Strike Hotel</b><i></i></a>
                    </div>
                </div>
                <ul id="navi">
                    <li class="metab"><a href="{url}/me">{username}</a><span></span></li>
                    <li class="selected"><strong>Community</strong><span></span></li>
                    <li><a href="{url}/vip">VIP</a><span></span></li>
                    <li><a href="{url}/forum">Forum</a><span></span></li>
                </ul>
                <div id="habbos-online"><div class="rounded"><span>{online} members online</span></div></div>
            </div>
        </div>
        <?php
        if( $_GET['id'] ) {
                                       
                                            $query = mysql_query( "SELECT * FROM `cms_news` WHERE id = '{$_GET['id']}'" );
                                            $array = mysql_fetch_assoc( $query );
                                       
                                        }
                                   
                                        if( $_GET['id'] ) {
                                       
                                            $query = mysql_query( "SELECT * FROM `cms_news` WHERE id = '{$_GET['id']}'" );
                                            $array = mysql_fetch_assoc( $query );
                                        }
                                            ?>
        <div id="content-container">
            <div id="navi2-container" class="pngbg">
                <div id="navi2" class="pngbg clearfix">
                    <ul>
                        <li class=""><a href="{url}/community">Community</a></li>
                        <li class="selected">News</li>
                        <li class=""><a href="{url}/staff">Staff</a></li>
                    </ul>
                </div>
            </div>
            <div id="container">
                <div id="content" style="position: relative" class="clearfix">
                    <div id="column1" class="column">
                        <div class="habblet-container ">     
                            <div class="cbb clearfix red ">
                                <h2 class="title">News</h2>
                                <div id="article-archive">
 
                                    <ul>
 
                                        {newsList}
                                    </ul>
                                </div>
                            </div>
                        </div>
                        <script type="text/javascript">if (!$(document.body).hasClassName('process-template')) { Rounder.init(); }</script>
                    </div>
                    <div id="column2" class="column">
                        <div class="habblet-container ">     
                            <div class="cbb clearfix notitle ">
                                <div id="article-wrapper">
                                    <h2>{newsTitle} </h2>
                                    <div class="article-meta">Posted {newsDate}</div>
 
                                    <p class="summary">{newsTitle}</p>
                                    <div class="article-body">
                              {newsContent}
                             
                       
                                        <script type="text/javascript" language="Javascript">
                                            document.observe("dom:loaded", function() {
                                                $$('.article-images a').each(function(a) {
                                                    Event.observe(a, 'click', function(e) {
                                                        Event.stop(e);
                                                        Overlay.lightbox(a.href, "Image is loading");
                                                    });
                                                });
                                             
                                                $$('a.article-2729').each(function(a) {
                                                    a.replace(a.innerHTML);
                                                });
                                            });
                                        </script>
                                    </div>
                                </div>
                            </div>
                        </div>
             
                     
<?php
 
 
if(isset($_POST['post_comment']))
  $posted_on = date("M j, Y g:i A");
 
if (filter(! isset($_POST['comment']))) {
  $_POST['comment'] = '';
  }
 
$comment = strip_tags (filter($_POST['comment']));
if($comment == NULL){
        //define("ERROR", "You have to type in a reply!<br /><br />");
    //$error_message = 'You have to type in a reply!<br /><br />';
  }else{
if (isLogged)
{
    mysql_query("INSERT INTO site_news_comments (article, userid, comment, posted_on, author) VALUES ('".htmlentities($_GET['id'])."', '".$_SESSION['userid']."', '".filter($comment)."', '".$posted_on."', '" . $_SESSION['user']['username']. "');");
    define('SUCCESS', 'You have successfully posted a comment on this news article!');
 
 
    define("ERROR", "<br>Thanks for your reply!<br />");
   
        //$error_message = 'Thanks for your reply!<br /><br />';
  }
}
?>
 
<div class="habblet-container ">
<div class="cbb clearfix notitle ">
<div id="article-wrapper"><h2>Place Comment</h2>
<div class="article-meta"></div>
<div class="article-body">
<?php
if($userPosts >= 1)
{
    define('ERROR', 'Sorry, you are only allowed one comment per article.');
}
if(defined("SUCCESS")){
?>
<div class="rounded rounded-green" width="20%">
                    <?php echo SUCCESS; ?><br />
                </div>
                <div>&nbsp;</div>
<?php
}
if(defined("ERROR")) {
?>
<div class="rounded rounded-red" width="20%">
                    <?php echo ERROR; ?><br />
                </div>
                <div>&nbsp;</div>
<?php
}
else
{
?>
<form action="" method="post">
<textarea name="comment" maxlength="500"></textarea><br /><br />
<input type="submit" name="post_comment" value="Place Comment" />
</form>
<?php
}
?>
</div>
</div>
</div>
</div>
 
<style type="text/css">
input[type="text"], input[type="password"] {
background-color: #F1F1F1;
border: 1px solid #999999;
width: 175px;
padding: 5px;
font-family: verdana;
font-size: 10px;
color: #666666;
}
input[type="submit"] {
background-color: #F1F1F1;
border: 1px solid #999999;
padding: 5px;
font-family: verdana;
font-size: 10px;
color: #666666;
}
textarea {
background-color: #F1F1F1;
border: 1px solid #999999;
padding: 5px;
width: 517px;
height: 70px;
font-family: verdana;
font-size: 10px;
color: #666666;
}
select {
background-color: #F1F1F1;
border: 1px solid #999999;
padding: 5px;
font-family: verdana;
font-size: 10px;
color: #666666;
}
</style>
<?php
$getComments = mysql_query("SELECT * FROM site_news_comments WHERE article = '".htmlentities($_GET['id'])."' ORDER by id DESC");
?>
<div class="habblet-container ">
<div class="cbb clearfix notitle ">
<div id="article-wrapper"><h2>Comments <?php echo mysql_num_rows($getComments); ?></h2>
<div class="article-meta"></div>
<div class="article-body">
<?php
      if(mysql_num_rows($getComments) == 0) {
          echo "No comments for this article!";
      } else {
          echo '<table width="528px">';
          while($Comments = mysql_fetch_array($getComments)){
          $getUserInfo = mysql_query("SELECT * FROM users WHERE username = '".$Comments['author']."'");
          $userInfo = mysql_fetch_array($getUserInfo);
                  echo '
                  <tr>
                    <td width="90px" valign="top"></div>
                    <div style="
height: 65px;
width: 50px;
float: left;
overflow: hidden;
">
                      <div style="float:left"><img position:absolute; src="http://www.habbo.com/habbo-imaging/avatarimage?figure='.$userInfo['look'].'&size=b&direction=2&head_direction=3&gesture=sml&size=2"></div>
                      ';
                        if($userInfo['rank'] >= 5) {
                            echo '<div style="position: absolute; z-index:1"><img src="{url}/r63/c_images/badges/STAFF.gif"></div>';
                        }
                        if($userInfo['rank'] == 3) {
                            echo '<div style="position: absolute; z-index:1"><img src="{url}/r63/c_images/badges/XXX.gif"></div>';
                        }
                        if($userInfo['rank'] == 4) {
                            echo '<div style="position: absolute; z-index:1"><img src="{url}/r63/c_images/badges/XXX.gif"></div>';
                        }
                        if($userInfo['rank'] == 2) {
                            echo '<div style="position: absolute; z-index:1"><img src="{url}/r63/c_images/badges/VIP.gif"></div>';
                        }
                        if($userInfo['rank'] == 1) {
                            echo '<div style="position: absolute; z-index:1"><img src="{url}/lid.png"></div>';
                        }
                   
 
                echo '
 
                </td>
                    <td width="427px" valign="top">
                    <i><a href="/me">'.$userInfo['username'].' </a></i>
                                        <br /><br />'.$Comments['comment'].'
                                       
 
                    </td>
                  </tr>
          <tr>
                    <td width="80px" valign="top">
                   
                    </td>
                                <td width="400px" align="right">
 
                                             
                                             
 
                       
 
</div></div></div></div>
<br>
<div style="width:125%; height:1px; background-color:#ccc; margin-top:-17px;"></div>
 
 
            </td>
          </tr>';
          }
          echo '</table>';
        }
        ?></div> </div> </div> </div>
</div>
</div>
</div>
</div>
 
        <script type="text/javascript">if (!$(document.body).hasClassName('process-template')) { Rounder.init(); }</script>
        <script type="text/javascript">
            HabboView.run();
        </script>
 
        <!--[if lt IE 7]>
            <script type="text/javascript">
                Pngfix.doPngImageFix();
            </script>
        <![endif]-->
     
        <div id="footer" >
 
 
    </body>
</html>


Can someone check this for me?
 
Sort by date Sort by votes
Sledmore

Sledmore

Chaturbate Livestreamer
Staff member
FindRetros Moderator
Jul 24, 2010
5,195
3,906
Yes it is, also you're using Rev, you can use 'filter($_GET['tag'])' on pretty much anything and POST.

Here is yours fixed:

PHP: 
<!DOCTYPE html>
<html lang="en">
    <head>
        <meta http-equiv="content-type" content="text/html; charset=utf-8">
        <title>{hotelName} - News</title>
        <div id="fb-root"></div>
<script>(function(d, s, id) {
var js, fjs = d.getElementsByTagName(s)[0];
if (d.getElementById(id)) return;
js = d.createElement(s); js.id = id;
js.src = "//connect.facebook.net/en_US/all.js#xfbml=1&appId=138881106159184";
fjs.parentNode.insertBefore(js, fjs);
}(document, 'script', 'facebook-jssdk'));</script>
        <link rel="stylesheet" href="{url}/app/tpl/skins/Habbo/styles/common.css" type="text/css">
        <script type="text/javascript" src="{url}/app/tpl/skins/Habbo/js/libs2.js"></script>
        <script type="text/javascript" src="{url}/app/tpl/skins/Habbo/js/visual.js"></script>
        <script type="text/javascript" src="{url}/app/tpl/skins/Habbo/js/libs.js"></script>
        <script type="text/javascript" src="{url}/app/tpl/skins/Habbo/js/common.js"></script>
        <script type="text/javascript" src="{url}/app/tpl/skins/Habbo/js/fullcontent.js"></script>
 
        <script type="text/javascript">
            document.habboLoggedIn = true;
            var habboName = "{username}";
            var habboId = "{userid}";
            var habboReqPath = "";
            var habboStaticFilePath = "{url}/app/tpl/skins/Habbo";
            var habboImagerUrl = "http://www.habbo.com/habbo-imaging/";
            var habboPartner = "";
            var habboDefaultClientPopupUrl = "{url}/client";
            window.name = "habboMain";
            if (typeof HabboClient != "undefined") {
                HabboClient.windowName = "eac955c8dbc88172421193892a3e98fc7402021a";
                HabboClient.maximizeWindow = true;
            }
        </script>
 
        <!--[if IE 8]>
            <link rel="stylesheet" href="{url}/app/tpl/skins/Habbo/styles/ie8.css" type="text/css">
        <![endif]-->
        <!--[if lt IE 8]>
            <link rel="stylesheet" href="{url}/app/tpl/skins/Habbo/styles/ie.css" type="text/css" />
        <![endif]-->
        <!--[if lt IE 7]>
            <link rel="stylesheet" href="{url}/app/tpl/skins/Habbo/styles/ie6.css" type="text/css" />
            <script type="text/javascript" src="{url}/app/tpl/skins/Habbo/js/pngfix.js"></script>
            <script type="text/javascript">
                try { document.execCommand('BackgroundImageCache', false, true); } catch(e) {}
            </script>
            <style type="text/css">
                body { behavior: url({url}/app/tpl/skins/Habbo/js/csshover.htc); }
            </style>
        <![endif]-->
    </head>
 
    <body id="news">
 
        <div id="overlay"></div>
        <div id="header-container">
            <div id="header" class="clearfix">
                <h1><a href="{url}/"></a></h1>
                <div id="subnavi">
                    <div id="subnavi-user">
                   
                    </div>
                    <div id="subnavi-search">
                        <div id="subnavi-search-upper">
                            <ul id="subnavi-search-links">
                                <li><a href="{url}/logout" style="color:#000">Sign Out</a></li>
                                <li><a href="{url}/privacy" style="color:#000">Privacy</a></li>
                            </ul>
                        </div>
                    </div>
                    <div id="to-hotel">
                        <a href="{url}/api.php" class="new-button green-button" target="eac955c8dbc88172421193892a3e98fc7402021a" onclick="HabboClient.openOrFocus(this); return false;"><b>Enter Strike Hotel</b><i></i></a>
                    </div>
                </div>
                <ul id="navi">
                    <li class="metab"><a href="{url}/me">{username}</a><span></span></li>
                    <li class="selected"><strong>Community</strong><span></span></li>
                    <li><a href="{url}/vip">VIP</a><span></span></li>
                    <li><a href="{url}/forum">Forum</a><span></span></li>
                </ul>
                <div id="habbos-online"><div class="rounded"><span>{online} members online</span></div></div>
            </div>
        </div>
        <?php
        if( $_GET['id'] ) {
                                   
                                            $query = mysql_query( "SELECT * FROM `cms_news` WHERE id = '.filter($_GET['id']).'" );
                                            $array = mysql_fetch_assoc( $query );
                                   
                                        }
                               
                                        if( $_GET['id'] ) {
                                   
                                            $query = mysql_query( "SELECT * FROM `cms_news` WHERE id = '.filter($_GET['id']).'" );
                                            $array = mysql_fetch_assoc( $query );
                                        }
                                            ?>
        <div id="content-container">
            <div id="navi2-container" class="pngbg">
                <div id="navi2" class="pngbg clearfix">
                    <ul>
                        <li class=""><a href="{url}/community">Community</a></li>
                        <li class="selected">News</li>
                        <li class=""><a href="{url}/staff">Staff</a></li>
                    </ul>
                </div>
            </div>
            <div id="container">
                <div id="content" style="position: relative" class="clearfix">
                    <div id="column1" class="column">
                        <div class="habblet-container "> 
                            <div class="cbb clearfix red ">
                                <h2 class="title">News</h2>
                                <div id="article-archive">
 
                                    <ul>
 
                                        {newsList}
                                    </ul>
                                </div>
                            </div>
                        </div>
                        <script type="text/javascript">if (!$(document.body).hasClassName('process-template')) { Rounder.init(); }</script>
                    </div>
                    <div id="column2" class="column">
                        <div class="habblet-container "> 
                            <div class="cbb clearfix notitle ">
                                <div id="article-wrapper">
                                    <h2>{newsTitle} </h2>
                                    <div class="article-meta">Posted {newsDate}</div>
 
                                    <p class="summary">{newsTitle}</p>
                                    <div class="article-body">
                              {newsContent}
                         
                   
                                        <script type="text/javascript" language="Javascript">
                                            document.observe("dom:loaded", function() {
                                                $$('.article-images a').each(function(a) {
                                                    Event.observe(a, 'click', function(e) {
                                                        Event.stop(e);
                                                        Overlay.lightbox(a.href, "Image is loading");
                                                    });
                                                });
                                         
                                                $$('a.article-2729').each(function(a) {
                                                    a.replace(a.innerHTML);
                                                });
                                            });
                                        </script>
                                    </div>
                                </div>
                            </div>
                        </div>
         
                 
<?php
 
 
if(isset($_POST['post_comment']))
  $posted_on = date("M j, Y g:i A");
 
if (filter(! isset($_POST['comment']))) {
  $_POST['comment'] = '';
  }
 
$comment = strip_tags (filter($_POST['comment']));
if($comment == NULL){
        //define("ERROR", "You have to type in a reply!<br /><br />");
    //$error_message = 'You have to type in a reply!<br /><br />';
  }else{
if (isLogged)
{
    mysql_query("INSERT INTO site_news_comments (article, userid, comment, posted_on, author) VALUES ('".filter($_GET['id'])."', '".$_SESSION['userid']."', '".filter($comment)."', '".$posted_on."', '" . $_SESSION['user']['username']. "');");
    define('SUCCESS', 'You have successfully posted a comment on this news article!');
 
 
    define("ERROR", "<br>Thanks for your reply!<br />");
 
        //$error_message = 'Thanks for your reply!<br /><br />';
  }
}
?>
 
<div class="habblet-container ">
<div class="cbb clearfix notitle ">
<div id="article-wrapper"><h2>Place Comment</h2>
<div class="article-meta"></div>
<div class="article-body">
<?php
if($userPosts >= 1)
{
    define('ERROR', 'Sorry, you are only allowed one comment per article.');
}
if(defined("SUCCESS")){
?>
<div class="rounded rounded-green" width="20%">
                    <?php echo SUCCESS; ?><br />
                </div>
                <div>&nbsp;</div>
<?php
}
if(defined("ERROR")) {
?>
<div class="rounded rounded-red" width="20%">
                    <?php echo ERROR; ?><br />
                </div>
                <div>&nbsp;</div>
<?php
}
else
{
?>
<form action="" method="post">
<textarea name="comment" maxlength="500"></textarea><br /><br />
<input type="submit" name="post_comment" value="Place Comment" />
</form>
<?php
}
?>
</div>
</div>
</div>
</div>
 
<style type="text/css">
input[type="text"], input[type="password"] {
background-color: #F1F1F1;
border: 1px solid #999999;
width: 175px;
padding: 5px;
font-family: verdana;
font-size: 10px;
color: #666666;
}
input[type="submit"] {
background-color: #F1F1F1;
border: 1px solid #999999;
padding: 5px;
font-family: verdana;
font-size: 10px;
color: #666666;
}
textarea {
background-color: #F1F1F1;
border: 1px solid #999999;
padding: 5px;
width: 517px;
height: 70px;
font-family: verdana;
font-size: 10px;
color: #666666;
}
select {
background-color: #F1F1F1;
border: 1px solid #999999;
padding: 5px;
font-family: verdana;
font-size: 10px;
color: #666666;
}
</style>
<?php
$getComments = mysql_query("SELECT * FROM site_news_comments WHERE article = '".filter($_GET['id'])."' ORDER by id DESC");
?>
<div class="habblet-container ">
<div class="cbb clearfix notitle ">
<div id="article-wrapper"><h2>Comments <?php echo mysql_num_rows($getComments); ?></h2>
<div class="article-meta"></div>
<div class="article-body">
<?php
      if(mysql_num_rows($getComments) == 0) {
          echo "No comments for this article!";
      } else {
          echo '<table width="528px">';
          while($Comments = mysql_fetch_array($getComments)){
          $getUserInfo = mysql_query("SELECT * FROM users WHERE username = '".$Comments['author']."'");
          $userInfo = mysql_fetch_array($getUserInfo);
                  echo '
                  <tr>
                    <td width="90px" valign="top"></div>
                    <div style="
height: 65px;
width: 50px;
float: left;
overflow: hidden;
">
                      <div style="float:left"><img position:absolute; src="http://www.habbo.com/habbo-imaging/avatarimage?figure='.$userInfo['look'].'&size=b&direction=2&head_direction=3&gesture=sml&size=2"></div>
                      ';
                        if($userInfo['rank'] >= 5) {
                            echo '<div style="position: absolute; z-index:1"><img src="{url}/r63/c_images/badges/STAFF.gif"></div>';
                        }
                        if($userInfo['rank'] == 3) {
                            echo '<div style="position: absolute; z-index:1"><img src="{url}/r63/c_images/badges/XXX.gif"></div>';
                        }
                        if($userInfo['rank'] == 4) {
                            echo '<div style="position: absolute; z-index:1"><img src="{url}/r63/c_images/badges/XXX.gif"></div>';
                        }
                        if($userInfo['rank'] == 2) {
                            echo '<div style="position: absolute; z-index:1"><img src="{url}/r63/c_images/badges/VIP.gif"></div>';
                        }
                        if($userInfo['rank'] == 1) {
                            echo '<div style="position: absolute; z-index:1"><img src="{url}/lid.png"></div>';
                        }
               
 
                echo '
 
                </td>
                    <td width="427px" valign="top">
                    <i><a href="/me">'.$userInfo['username'].' </a></i>
                                        <br /><br />'.$Comments['comment'].'
                                   
 
                    </td>
                  </tr>
          <tr>
                    <td width="80px" valign="top">
               
                    </td>
                                <td width="400px" align="right">
 
                                         
                                         
 
                   
 
</div></div></div></div>
<br>
<div style="width:125%; height:1px; background-color:#ccc; margin-top:-17px;"></div>
 
 
            </td>
          </tr>';
          }
          echo '</table>';
        }
        ?></div> </div> </div> </div>
</div>
</div>
</div>
</div>
 
        <script type="text/javascript">if (!$(document.body).hasClassName('process-template')) { Rounder.init(); }</script>
        <script type="text/javascript">
            HabboView.run();
        </script>
 
        <!--[if lt IE 7]>
            <script type="text/javascript">
                Pngfix.doPngImageFix();
            </script>
        <![endif]-->
 
        <div id="footer" >
 
 
    </body>
</html>

Also, unsure where you got this from but that is a horrible script I might release a new one soon ^^
 
Upvote 0 Downvote
Kristopher

Kristopher

Photographer
Dec 25, 2010
802
66
Sledmore said:
Yes it is, also you're using Rev, you can use 'filter($_GET['tag'])' on pretty much anything and POST.

Here is yours fixed:

PHP: 
<!DOCTYPE html>
<html lang="en">
    <head>
        <meta http-equiv="content-type" content="text/html; charset=utf-8">
        <title>{hotelName} - News</title>
        <div id="fb-root"></div>
<script>(function(d, s, id) {
var js, fjs = d.getElementsByTagName(s)[0];
if (d.getElementById(id)) return;
js = d.createElement(s); js.id = id;
js.src = "//connect.facebook.net/en_US/all.js#xfbml=1&appId=138881106159184";
fjs.parentNode.insertBefore(js, fjs);
}(document, 'script', 'facebook-jssdk'));</script>
        <link rel="stylesheet" href="{url}/app/tpl/skins/Habbo/styles/common.css" type="text/css">
        <script type="text/javascript" src="{url}/app/tpl/skins/Habbo/js/libs2.js"></script>
        <script type="text/javascript" src="{url}/app/tpl/skins/Habbo/js/visual.js"></script>
        <script type="text/javascript" src="{url}/app/tpl/skins/Habbo/js/libs.js"></script>
        <script type="text/javascript" src="{url}/app/tpl/skins/Habbo/js/common.js"></script>
        <script type="text/javascript" src="{url}/app/tpl/skins/Habbo/js/fullcontent.js"></script>
 
        <script type="text/javascript">
            document.habboLoggedIn = true;
            var habboName = "{username}";
            var habboId = "{userid}";
            var habboReqPath = "";
            var habboStaticFilePath = "{url}/app/tpl/skins/Habbo";
            var habboImagerUrl = "http://www.habbo.com/habbo-imaging/";
            var habboPartner = "";
            var habboDefaultClientPopupUrl = "{url}/client";
            window.name = "habboMain";
            if (typeof HabboClient != "undefined") {
                HabboClient.windowName = "eac955c8dbc88172421193892a3e98fc7402021a";
                HabboClient.maximizeWindow = true;
            }
        </script>
 
        <!--[if IE 8]>
            <link rel="stylesheet" href="{url}/app/tpl/skins/Habbo/styles/ie8.css" type="text/css">
        <![endif]-->
        <!--[if lt IE 8]>
            <link rel="stylesheet" href="{url}/app/tpl/skins/Habbo/styles/ie.css" type="text/css" />
        <![endif]-->
        <!--[if lt IE 7]>
            <link rel="stylesheet" href="{url}/app/tpl/skins/Habbo/styles/ie6.css" type="text/css" />
            <script type="text/javascript" src="{url}/app/tpl/skins/Habbo/js/pngfix.js"></script>
            <script type="text/javascript">
                try { document.execCommand('BackgroundImageCache', false, true); } catch(e) {}
            </script>
            <style type="text/css">
                body { behavior: url({url}/app/tpl/skins/Habbo/js/csshover.htc); }
            </style>
        <![endif]-->
    </head>
 
    <body id="news">
 
        <div id="overlay"></div>
        <div id="header-container">
            <div id="header" class="clearfix">
                <h1><a href="{url}/"></a></h1>
                <div id="subnavi">
                    <div id="subnavi-user">
               
                    </div>
                    <div id="subnavi-search">
                        <div id="subnavi-search-upper">
                            <ul id="subnavi-search-links">
                                <li><a href="{url}/logout" style="color:#000">Sign Out</a></li>
                                <li><a href="{url}/privacy" style="color:#000">Privacy</a></li>
                            </ul>
                        </div>
                    </div>
                    <div id="to-hotel">
                        <a href="{url}/api.php" class="new-button green-button" target="eac955c8dbc88172421193892a3e98fc7402021a" onclick="HabboClient.openOrFocus(this); return false;"><b>Enter Strike Hotel</b><i></i></a>
                    </div>
                </div>
                <ul id="navi">
                    <li class="metab"><a href="{url}/me">{username}</a><span></span></li>
                    <li class="selected"><strong>Community</strong><span></span></li>
                    <li><a href="{url}/vip">VIP</a><span></span></li>
                    <li><a href="{url}/forum">Forum</a><span></span></li>
                </ul>
                <div id="habbos-online"><div class="rounded"><span>{online} members online</span></div></div>
            </div>
        </div>
        <?php
        if( $_GET['id'] ) {
                               
                                            $query = mysql_query( "SELECT * FROM `cms_news` WHERE id = '.filter($_GET['id']).'" );
                                            $array = mysql_fetch_assoc( $query );
                               
                                        }
                           
                                        if( $_GET['id'] ) {
                               
                                            $query = mysql_query( "SELECT * FROM `cms_news` WHERE id = '.filter($_GET['id']).'" );
                                            $array = mysql_fetch_assoc( $query );
                                        }
                                            ?>
        <div id="content-container">
            <div id="navi2-container" class="pngbg">
                <div id="navi2" class="pngbg clearfix">
                    <ul>
                        <li class=""><a href="{url}/community">Community</a></li>
                        <li class="selected">News</li>
                        <li class=""><a href="{url}/staff">Staff</a></li>
                    </ul>
                </div>
            </div>
            <div id="container">
                <div id="content" style="position: relative" class="clearfix">
                    <div id="column1" class="column">
                        <div class="habblet-container ">
                            <div class="cbb clearfix red ">
                                <h2 class="title">News</h2>
                                <div id="article-archive">
 
                                    <ul>
 
                                        {newsList}
                                    </ul>
                                </div>
                            </div>
                        </div>
                        <script type="text/javascript">if (!$(document.body).hasClassName('process-template')) { Rounder.init(); }</script>
                    </div>
                    <div id="column2" class="column">
                        <div class="habblet-container ">
                            <div class="cbb clearfix notitle ">
                                <div id="article-wrapper">
                                    <h2>{newsTitle} </h2>
                                    <div class="article-meta">Posted {newsDate}</div>
 
                                    <p class="summary">{newsTitle}</p>
                                    <div class="article-body">
                              {newsContent}
                     
               
                                        <script type="text/javascript" language="Javascript">
                                            document.observe("dom:loaded", function() {
                                                $$('.article-images a').each(function(a) {
                                                    Event.observe(a, 'click', function(e) {
                                                        Event.stop(e);
                                                        Overlay.lightbox(a.href, "Image is loading");
                                                    });
                                                });
                                     
                                                $$('a.article-2729').each(function(a) {
                                                    a.replace(a.innerHTML);
                                                });
                                            });
                                        </script>
                                    </div>
                                </div>
                            </div>
                        </div>
     
             
<?php
 
 
if(isset($_POST['post_comment']))
  $posted_on = date("M j, Y g:i A");
 
if (filter(! isset($_POST['comment']))) {
  $_POST['comment'] = '';
  }
 
$comment = strip_tags (filter($_POST['comment']));
if($comment == NULL){
        //define("ERROR", "You have to type in a reply!<br /><br />");
    //$error_message = 'You have to type in a reply!<br /><br />';
  }else{
if (isLogged)
{
    mysql_query("INSERT INTO site_news_comments (article, userid, comment, posted_on, author) VALUES ('".filter($_GET['id'])."', '".$_SESSION['userid']."', '".filter($comment)."', '".$posted_on."', '" . $_SESSION['user']['username']. "');");
    define('SUCCESS', 'You have successfully posted a comment on this news article!');
 
 
    define("ERROR", "<br>Thanks for your reply!<br />");
 
        //$error_message = 'Thanks for your reply!<br /><br />';
  }
}
?>
 
<div class="habblet-container ">
<div class="cbb clearfix notitle ">
<div id="article-wrapper"><h2>Place Comment</h2>
<div class="article-meta"></div>
<div class="article-body">
<?php
if($userPosts >= 1)
{
    define('ERROR', 'Sorry, you are only allowed one comment per article.');
}
if(defined("SUCCESS")){
?>
<div class="rounded rounded-green" width="20%">
                    <?php echo SUCCESS; ?><br />
                </div>
                <div>&nbsp;</div>
<?php
}
if(defined("ERROR")) {
?>
<div class="rounded rounded-red" width="20%">
                    <?php echo ERROR; ?><br />
                </div>
                <div>&nbsp;</div>
<?php
}
else
{
?>
<form action="" method="post">
<textarea name="comment" maxlength="500"></textarea><br /><br />
<input type="submit" name="post_comment" value="Place Comment" />
</form>
<?php
}
?>
</div>
</div>
</div>
</div>
 
<style type="text/css">
input[type="text"], input[type="password"] {
background-color: #F1F1F1;
border: 1px solid #999999;
width: 175px;
padding: 5px;
font-family: verdana;
font-size: 10px;
color: #666666;
}
input[type="submit"] {
background-color: #F1F1F1;
border: 1px solid #999999;
padding: 5px;
font-family: verdana;
font-size: 10px;
color: #666666;
}
textarea {
background-color: #F1F1F1;
border: 1px solid #999999;
padding: 5px;
width: 517px;
height: 70px;
font-family: verdana;
font-size: 10px;
color: #666666;
}
select {
background-color: #F1F1F1;
border: 1px solid #999999;
padding: 5px;
font-family: verdana;
font-size: 10px;
color: #666666;
}
</style>
<?php
$getComments = mysql_query("SELECT * FROM site_news_comments WHERE article = '".filter($_GET['id'])."' ORDER by id DESC");
?>
<div class="habblet-container ">
<div class="cbb clearfix notitle ">
<div id="article-wrapper"><h2>Comments <?php echo mysql_num_rows($getComments); ?></h2>
<div class="article-meta"></div>
<div class="article-body">
<?php
      if(mysql_num_rows($getComments) == 0) {
          echo "No comments for this article!";
      } else {
          echo '<table width="528px">';
          while($Comments = mysql_fetch_array($getComments)){
          $getUserInfo = mysql_query("SELECT * FROM users WHERE username = '".$Comments['author']."'");
          $userInfo = mysql_fetch_array($getUserInfo);
                  echo '
                  <tr>
                    <td width="90px" valign="top"></div>
                    <div style="
height: 65px;
width: 50px;
float: left;
overflow: hidden;
">
                      <div style="float:left"><img position:absolute; src="http://www.habbo.com/habbo-imaging/avatarimage?figure='.$userInfo['look'].'&size=b&direction=2&head_direction=3&gesture=sml&size=2"></div>
                      ';
                        if($userInfo['rank'] >= 5) {
                            echo '<div style="position: absolute; z-index:1"><img src="{url}/r63/c_images/badges/STAFF.gif"></div>';
                        }
                        if($userInfo['rank'] == 3) {
                            echo '<div style="position: absolute; z-index:1"><img src="{url}/r63/c_images/badges/XXX.gif"></div>';
                        }
                        if($userInfo['rank'] == 4) {
                            echo '<div style="position: absolute; z-index:1"><img src="{url}/r63/c_images/badges/XXX.gif"></div>';
                        }
                        if($userInfo['rank'] == 2) {
                            echo '<div style="position: absolute; z-index:1"><img src="{url}/r63/c_images/badges/VIP.gif"></div>';
                        }
                        if($userInfo['rank'] == 1) {
                            echo '<div style="position: absolute; z-index:1"><img src="{url}/lid.png"></div>';
                        }
           
 
                echo '
 
                </td>
                    <td width="427px" valign="top">
                    <i><a href="/me">'.$userInfo['username'].' </a></i>
                                        <br /><br />'.$Comments['comment'].'
                               
 
                    </td>
                  </tr>
          <tr>
                    <td width="80px" valign="top">
           
                    </td>
                                <td width="400px" align="right">
 
                                     
                                     
 
               
 
</div></div></div></div>
<br>
<div style="width:125%; height:1px; background-color:#ccc; margin-top:-17px;"></div>
 
 
            </td>
          </tr>';
          }
          echo '</table>';
        }
        ?></div> </div> </div> </div>
</div>
</div>
</div>
</div>
 
        <script type="text/javascript">if (!$(document.body).hasClassName('process-template')) { Rounder.init(); }</script>
        <script type="text/javascript">
            HabboView.run();
        </script>
 
        <!--[if lt IE 7]>
            <script type="text/javascript">
                Pngfix.doPngImageFix();
            </script>
        <![endif]-->
 
        <div id="footer" >
 
 
    </body>
</html>

Also, unsure where you got this from but that is a horrible script I might release a new one soon ^^
Click to expand...


*****, However this is clean at the moment? Good enough to use?

Also would be nice if you did release it. Yur rev theme is bawwss!
 
Upvote 0 Downvote
Kristopher

Kristopher

Photographer
Dec 25, 2010
802
66
Sledmore said:
It's good enough and fixed, however I'll still release *a better* one later if I have the time.
Click to expand...
I seem to get a error.

Server error

The website encountered an error while retrieving
You must be registered for see links
. It may be down for maintenance or configured incorrectly.
Here are some suggestions:

  • You must be registered for see links
    this webpage later.
HTTP Error 500 (Internal Server Error): An unexpected condition was encountered while the server was attempting to fulfill the request.
 
Upvote 0 Downvote
Sledmore

Sledmore

Chaturbate Livestreamer
Staff member
FindRetros Moderator
Jul 24, 2010
5,195
3,906
Stoner said:
I seem to get a error.

Server error

The website encountered an error while retrieving
You must be registered for see links
. It may be down for maintenance or configured incorrectly.
Here are some suggestions:

  • You must be registered for see links
    this webpage later.
HTTP Error 500 (Internal Server Error): An unexpected condition was encountered while the server was attempting to fulfill the request.
Click to expand...


Oops, use this:

PHP: 
[PHP]<!DOCTYPE html>
<html lang="en">
    <head>
        <meta http-equiv="content-type" content="text/html; charset=utf-8">
        <title>{hotelName} - News</title>
        <div id="fb-root"></div>
<script>(function(d, s, id) {
var js, fjs = d.getElementsByTagName(s)[0];
if (d.getElementById(id)) return;
js = d.createElement(s); js.id = id;
js.src = "//connect.facebook.net/en_US/all.js#xfbml=1&appId=138881106159184";
fjs.parentNode.insertBefore(js, fjs);
}(document, 'script', 'facebook-jssdk'));</script>
        <link rel="stylesheet" href="{url}/app/tpl/skins/Habbo/styles/common.css" type="text/css">
        <script type="text/javascript" src="{url}/app/tpl/skins/Habbo/js/libs2.js"></script>
        <script type="text/javascript" src="{url}/app/tpl/skins/Habbo/js/visual.js"></script>
        <script type="text/javascript" src="{url}/app/tpl/skins/Habbo/js/libs.js"></script>
        <script type="text/javascript" src="{url}/app/tpl/skins/Habbo/js/common.js"></script>
        <script type="text/javascript" src="{url}/app/tpl/skins/Habbo/js/fullcontent.js"></script>
   
        <script type="text/javascript">
            document.habboLoggedIn = true;
            var habboName = "{username}";
            var habboId = "{userid}";
            var habboReqPath = "";
            var habboStaticFilePath = "{url}/app/tpl/skins/Habbo";
            var habboImagerUrl = "http://www.habbo.com/habbo-imaging/";
            var habboPartner = "";
            var habboDefaultClientPopupUrl = "{url}/client";
            window.name = "habboMain";
            if (typeof HabboClient != "undefined") {
                HabboClient.windowName = "eac955c8dbc88172421193892a3e98fc7402021a";
                HabboClient.maximizeWindow = true;
            }
        </script>
   
        <!--[if IE 8]>
            <link rel="stylesheet" href="{url}/app/tpl/skins/Habbo/styles/ie8.css" type="text/css">
        <![endif]-->
        <!--[if lt IE 8]>
            <link rel="stylesheet" href="{url}/app/tpl/skins/Habbo/styles/ie.css" type="text/css" />
        <![endif]-->
        <!--[if lt IE 7]>
            <link rel="stylesheet" href="{url}/app/tpl/skins/Habbo/styles/ie6.css" type="text/css" />
            <script type="text/javascript" src="{url}/app/tpl/skins/Habbo/js/pngfix.js"></script>
            <script type="text/javascript">
                try { document.execCommand('BackgroundImageCache', false, true); } catch(e) {}
            </script>
            <style type="text/css">
                body { behavior: url({url}/app/tpl/skins/Habbo/js/csshover.htc); }
            </style>
        <![endif]-->
    </head>
 
    <body id="news">
 
        <div id="overlay"></div>
        <div id="header-container">
            <div id="header" class="clearfix">
                <h1><a href="{url}/"></a></h1>
                <div id="subnavi">
                    <div id="subnavi-user">
                     
                    </div>
                    <div id="subnavi-search">
                        <div id="subnavi-search-upper">
                            <ul id="subnavi-search-links">
                                <li><a href="{url}/logout" style="color:#000">Sign Out</a></li>
                                <li><a href="{url}/privacy" style="color:#000">Privacy</a></li>
                            </ul>
                        </div>
                    </div>
                    <div id="to-hotel">
                        <a href="{url}/api.php" class="new-button green-button" target="eac955c8dbc88172421193892a3e98fc7402021a" onclick="HabboClient.openOrFocus(this); return false;"><b>Enter Strike Hotel</b><i></i></a>
                    </div>
                </div>
                <ul id="navi">
                    <li class="metab"><a href="{url}/me">{username}</a><span></span></li>
                    <li class="selected"><strong>Community</strong><span></span></li>
                    <li><a href="{url}/vip">VIP</a><span></span></li>
                    <li><a href="{url}/forum">Forum</a><span></span></li>
                </ul>
                <div id="habbos-online"><div class="rounded"><span>{online} members online</span></div></div>
            </div>
        </div>
        <?php
        if( $_GET['id'] ) {
                                     
                                            $query = mysql_query( "SELECT * FROM `cms_news` WHERE id = '".filter($_GET['id'])."'");
                                            $array = mysql_fetch_assoc( $query );
                                     
                                        }
                                 
                                        if( $_GET['id'] ) {
                                     
                                            $query = mysql_query( "SELECT * FROM `cms_news` WHERE id = '".filter($_GET['id'])."'");
                                            $array = mysql_fetch_assoc( $query );
                                        }
                                            ?>
        <div id="content-container">
            <div id="navi2-container" class="pngbg">
                <div id="navi2" class="pngbg clearfix">
                    <ul>
                        <li class=""><a href="{url}/community">Community</a></li>
                        <li class="selected">News</li>
                        <li class=""><a href="{url}/staff">Staff</a></li>
                    </ul>
                </div>
            </div>
            <div id="container">
                <div id="content" style="position: relative" class="clearfix">
                    <div id="column1" class="column">
                        <div class="habblet-container ">   
                            <div class="cbb clearfix red ">
                                <h2 class="title">News</h2>
                                <div id="article-archive">
 
                                    <ul>
 
                                        {newsList}
                                    </ul>
                                </div>
                            </div>
                        </div>
                        <script type="text/javascript">if (!$(document.body).hasClassName('process-template')) { Rounder.init(); }</script>
                    </div>
                    <div id="column2" class="column">
                        <div class="habblet-container ">   
                            <div class="cbb clearfix notitle ">
                                <div id="article-wrapper">
                                    <h2>{newsTitle} </h2>
                                    <div class="article-meta">Posted {newsDate}</div>
 
                                    <p class="summary">{newsTitle}</p>
                                    <div class="article-body">
                              {newsContent}
                           
                     
                                        <script type="text/javascript" language="Javascript">
                                            document.observe("dom:loaded", function() {
                                                $$('.article-images a').each(function(a) {
                                                    Event.observe(a, 'click', function(e) {
                                                        Event.stop(e);
                                                        Overlay.lightbox(a.href, "Image is loading");
                                                    });
                                                });
                                           
                                                $$('a.article-2729').each(function(a) {
                                                    a.replace(a.innerHTML);
                                                });
                                            });
                                        </script>
                                    </div>
                                </div>
                            </div>
                        </div>
           
                   
<?php
 
 
if(isset($_POST['post_comment']))
  $posted_on = date("M j, Y g:i A");
 
if (empty($_POST['comment'])) 
$_POST['comment'] = '';
 
$comment = strip_tags (filter($_POST['comment']));
if($comment == NULL){
        //define("ERROR", "You have to type in a reply!<br /><br />");
    //$error_message = 'You have to type in a reply!<br /><br />';
  }else{
if (isLogged)
{
    mysql_query("INSERT INTO site_news_comments (article, userid, comment, posted_on, author) VALUES ('".filter($_GET['id'])."', '".$_SESSION['userid']."', '".filter($comment)."', '".$posted_on."', '" . $_SESSION['user']['username']. "');");
    define('SUCCESS', 'You have successfully posted a comment on this news article!');
 
 
    define("ERROR", "<br>Thanks for your reply!<br />");
 
        //$error_message = 'Thanks for your reply!<br /><br />';
  }
}
?>
 
<div class="habblet-container ">
<div class="cbb clearfix notitle ">
<div id="article-wrapper"><h2>Place Comment</h2>
<div class="article-meta"></div>
<div class="article-body">
<?php
if($userPosts >= 1)
{
    define('ERROR', 'Sorry, you are only allowed one comment per article.');
}
if(defined("SUCCESS")){
?>
<div class="rounded rounded-green" width="20%">
                    <?php echo SUCCESS; ?><br />
                </div>
                <div>&nbsp;</div>
<?php
}
if(defined("ERROR")) {
?>
<div class="rounded rounded-red" width="20%">
                    <?php echo ERROR; ?><br />
                </div>
                <div>&nbsp;</div>
<?php
}
else
{
?>
<form action="" method="post">
<textarea name="comment" maxlength="500"></textarea><br /><br />
<input type="submit" name="post_comment" value="Place Comment" />
</form>
<?php
}
?>
</div>
</div>
</div>
</div>
 
<style type="text/css">
input[type="text"], input[type="password"] {
background-color: #F1F1F1;
border: 1px solid #999999;
width: 175px;
padding: 5px;
font-family: verdana;
font-size: 10px;
color: #666666;
}
input[type="submit"] {
background-color: #F1F1F1;
border: 1px solid #999999;
padding: 5px;
font-family: verdana;
font-size: 10px;
color: #666666;
}
textarea {
background-color: #F1F1F1;
border: 1px solid #999999;
padding: 5px;
width: 517px;
height: 70px;
font-family: verdana;
font-size: 10px;
color: #666666;
}
select {
background-color: #F1F1F1;
border: 1px solid #999999;
padding: 5px;
font-family: verdana;
font-size: 10px;
color: #666666;
}
</style>
<?php
$getComments = mysql_query("SELECT * FROM site_news_comments WHERE article = '".filter($_GET['id'])."' ORDER by id DESC");
?>
<div class="habblet-container ">
<div class="cbb clearfix notitle ">
<div id="article-wrapper"><h2>Comments <?php echo mysql_num_rows($getComments); ?></h2>
<div class="article-meta"></div>
<div class="article-body">
<?php
      if(mysql_num_rows($getComments) == 0) {
          echo "No comments for this article!";
      } else {
          echo '<table width="528px">';
          while($Comments = mysql_fetch_array($getComments)){
          $getUserInfo = mysql_query("SELECT * FROM users WHERE username = '".$Comments['author']."'");
          $userInfo = mysql_fetch_array($getUserInfo);
                  echo '
                  <tr>
                    <td width="90px" valign="top"></div>
                    <div style="
height: 65px;
width: 50px;
float: left;
overflow: hidden;
">
                      <div style="float:left"><img position:absolute; src="http://www.habbo.com/habbo-imaging/avatarimage?figure='.$userInfo['look'].'&size=b&direction=2&head_direction=3&gesture=sml&size=2"></div>
                      ';
                        if($userInfo['rank'] >= 5) {
                            echo '<div style="position: absolute; z-index:1"><img src="{url}/r63/c_images/badges/STAFF.gif"></div>';
                        }
                        if($userInfo['rank'] == 3) {
                            echo '<div style="position: absolute; z-index:1"><img src="{url}/r63/c_images/badges/XXX.gif"></div>';
                        }
                        if($userInfo['rank'] == 4) {
                            echo '<div style="position: absolute; z-index:1"><img src="{url}/r63/c_images/badges/XXX.gif"></div>';
                        }
                        if($userInfo['rank'] == 2) {
                            echo '<div style="position: absolute; z-index:1"><img src="{url}/r63/c_images/badges/VIP.gif"></div>';
                        }
                        if($userInfo['rank'] == 1) {
                            echo '<div style="position: absolute; z-index:1"><img src="{url}/lid.png"></div>';
                        }
                 
 
                echo '
 
                </td>
                    <td width="427px" valign="top">
                    <i><a href="/me">'.$userInfo['username'].' </a></i>
                                        <br /><br />'.$Comments['comment'].'
                                     
 
                    </td>
                  </tr>
          <tr>
                    <td width="80px" valign="top">
                 
                    </td>
                                <td width="400px" align="right">
 
                                           
                                           
 
                     
 
</div></div></div></div>
<br>
<div style="width:125%; height:1px; background-color:#ccc; margin-top:-17px;"></div>
 
 
            </td>
          </tr>';
          }
          echo '</table>';
        }
        ?></div> </div> </div> </div>
</div>
</div>
</div>
</div>
 
        <script type="text/javascript">if (!$(document.body).hasClassName('process-template')) { Rounder.init(); }</script>
        <script type="text/javascript">
            HabboView.run();
        </script>
 
        <!--[if lt IE 7]>
            <script type="text/javascript">
                Pngfix.doPngImageFix();
            </script>
        <![endif]-->
   
        <div id="footer" >
 
 
    </body>
</html>
[/php]
 
Upvote 0 Downvote
Leon

Leon

Member
Jan 2, 2011
83
42
PHP: 
$id = intval($_GET['id']); // Gets the integer value of it's input (if 0, not an integer).

That's actually more secure than using mysql_real_escape_string or whatever you use. If input is an integer, always use intval!
 
Upvote 0 Downvote
Kristopher

Kristopher

Photographer
Dec 25, 2010
802
66
Sledmore said:
Oops, use this:

PHP: 
[PHP]<!DOCTYPE html>
<html lang="en">
    <head>
        <meta http-equiv="content-type" content="text/html; charset=utf-8">
        <title>{hotelName} - News</title>
        <div id="fb-root"></div>
<script>(function(d, s, id) {
var js, fjs = d.getElementsByTagName(s)[0];
if (d.getElementById(id)) return;
js = d.createElement(s); js.id = id;
js.src = "//connect.facebook.net/en_US/all.js#xfbml=1&appId=138881106159184";
fjs.parentNode.insertBefore(js, fjs);
}(document, 'script', 'facebook-jssdk'));</script>
        <link rel="stylesheet" href="{url}/app/tpl/skins/Habbo/styles/common.css" type="text/css">
        <script type="text/javascript" src="{url}/app/tpl/skins/Habbo/js/libs2.js"></script>
        <script type="text/javascript" src="{url}/app/tpl/skins/Habbo/js/visual.js"></script>
        <script type="text/javascript" src="{url}/app/tpl/skins/Habbo/js/libs.js"></script>
        <script type="text/javascript" src="{url}/app/tpl/skins/Habbo/js/common.js"></script>
        <script type="text/javascript" src="{url}/app/tpl/skins/Habbo/js/fullcontent.js"></script>
 
        <script type="text/javascript">
            document.habboLoggedIn = true;
            var habboName = "{username}";
            var habboId = "{userid}";
            var habboReqPath = "";
            var habboStaticFilePath = "{url}/app/tpl/skins/Habbo";
            var habboImagerUrl = "http://www.habbo.com/habbo-imaging/";
            var habboPartner = "";
            var habboDefaultClientPopupUrl = "{url}/client";
            window.name = "habboMain";
            if (typeof HabboClient != "undefined") {
                HabboClient.windowName = "eac955c8dbc88172421193892a3e98fc7402021a";
                HabboClient.maximizeWindow = true;
            }
        </script>
 
        <!--[if IE 8]>
            <link rel="stylesheet" href="{url}/app/tpl/skins/Habbo/styles/ie8.css" type="text/css">
        <![endif]-->
        <!--[if lt IE 8]>
            <link rel="stylesheet" href="{url}/app/tpl/skins/Habbo/styles/ie.css" type="text/css" />
        <![endif]-->
        <!--[if lt IE 7]>
            <link rel="stylesheet" href="{url}/app/tpl/skins/Habbo/styles/ie6.css" type="text/css" />
            <script type="text/javascript" src="{url}/app/tpl/skins/Habbo/js/pngfix.js"></script>
            <script type="text/javascript">
                try { document.execCommand('BackgroundImageCache', false, true); } catch(e) {}
            </script>
            <style type="text/css">
                body { behavior: url({url}/app/tpl/skins/Habbo/js/csshover.htc); }
            </style>
        <![endif]-->
    </head>
 
    <body id="news">
 
        <div id="overlay"></div>
        <div id="header-container">
            <div id="header" class="clearfix">
                <h1><a href="{url}/"></a></h1>
                <div id="subnavi">
                    <div id="subnavi-user">
                   
                    </div>
                    <div id="subnavi-search">
                        <div id="subnavi-search-upper">
                            <ul id="subnavi-search-links">
                                <li><a href="{url}/logout" style="color:#000">Sign Out</a></li>
                                <li><a href="{url}/privacy" style="color:#000">Privacy</a></li>
                            </ul>
                        </div>
                    </div>
                    <div id="to-hotel">
                        <a href="{url}/api.php" class="new-button green-button" target="eac955c8dbc88172421193892a3e98fc7402021a" onclick="HabboClient.openOrFocus(this); return false;"><b>Enter Strike Hotel</b><i></i></a>
                    </div>
                </div>
                <ul id="navi">
                    <li class="metab"><a href="{url}/me">{username}</a><span></span></li>
                    <li class="selected"><strong>Community</strong><span></span></li>
                    <li><a href="{url}/vip">VIP</a><span></span></li>
                    <li><a href="{url}/forum">Forum</a><span></span></li>
                </ul>
                <div id="habbos-online"><div class="rounded"><span>{online} members online</span></div></div>
            </div>
        </div>
        <?php
        if( $_GET['id'] ) {
                                   
                                            $query = mysql_query( "SELECT * FROM `cms_news` WHERE id = '".filter($_GET['id'])."'");
                                            $array = mysql_fetch_assoc( $query );
                                   
                                        }
                               
                                        if( $_GET['id'] ) {
                                   
                                            $query = mysql_query( "SELECT * FROM `cms_news` WHERE id = '".filter($_GET['id'])."'");
                                            $array = mysql_fetch_assoc( $query );
                                        }
                                            ?>
        <div id="content-container">
            <div id="navi2-container" class="pngbg">
                <div id="navi2" class="pngbg clearfix">
                    <ul>
                        <li class=""><a href="{url}/community">Community</a></li>
                        <li class="selected">News</li>
                        <li class=""><a href="{url}/staff">Staff</a></li>
                    </ul>
                </div>
            </div>
            <div id="container">
                <div id="content" style="position: relative" class="clearfix">
                    <div id="column1" class="column">
                        <div class="habblet-container "> 
                            <div class="cbb clearfix red ">
                                <h2 class="title">News</h2>
                                <div id="article-archive">
 
                                    <ul>
 
                                        {newsList}
                                    </ul>
                                </div>
                            </div>
                        </div>
                        <script type="text/javascript">if (!$(document.body).hasClassName('process-template')) { Rounder.init(); }</script>
                    </div>
                    <div id="column2" class="column">
                        <div class="habblet-container "> 
                            <div class="cbb clearfix notitle ">
                                <div id="article-wrapper">
                                    <h2>{newsTitle} </h2>
                                    <div class="article-meta">Posted {newsDate}</div>
 
                                    <p class="summary">{newsTitle}</p>
                                    <div class="article-body">
                              {newsContent}
                         
                   
                                        <script type="text/javascript" language="Javascript">
                                            document.observe("dom:loaded", function() {
                                                $$('.article-images a').each(function(a) {
                                                    Event.observe(a, 'click', function(e) {
                                                        Event.stop(e);
                                                        Overlay.lightbox(a.href, "Image is loading");
                                                    });
                                                });
                                         
                                                $$('a.article-2729').each(function(a) {
                                                    a.replace(a.innerHTML);
                                                });
                                            });
                                        </script>
                                    </div>
                                </div>
                            </div>
                        </div>
         
                 
<?php
 
 
if(isset($_POST['post_comment']))
  $posted_on = date("M j, Y g:i A");
 
if (empty($_POST['comment']))
$_POST['comment'] = '';
 
$comment = strip_tags (filter($_POST['comment']));
if($comment == NULL){
        //define("ERROR", "You have to type in a reply!<br /><br />");
    //$error_message = 'You have to type in a reply!<br /><br />';
  }else{
if (isLogged)
{
    mysql_query("INSERT INTO site_news_comments (article, userid, comment, posted_on, author) VALUES ('".filter($_GET['id'])."', '".$_SESSION['userid']."', '".filter($comment)."', '".$posted_on."', '" . $_SESSION['user']['username']. "');");
    define('SUCCESS', 'You have successfully posted a comment on this news article!');
 
 
    define("ERROR", "<br>Thanks for your reply!<br />");
 
        //$error_message = 'Thanks for your reply!<br /><br />';
  }
}
?>
 
<div class="habblet-container ">
<div class="cbb clearfix notitle ">
<div id="article-wrapper"><h2>Place Comment</h2>
<div class="article-meta"></div>
<div class="article-body">
<?php
if($userPosts >= 1)
{
    define('ERROR', 'Sorry, you are only allowed one comment per article.');
}
if(defined("SUCCESS")){
?>
<div class="rounded rounded-green" width="20%">
                    <?php echo SUCCESS; ?><br />
                </div>
                <div>&nbsp;</div>
<?php
}
if(defined("ERROR")) {
?>
<div class="rounded rounded-red" width="20%">
                    <?php echo ERROR; ?><br />
                </div>
                <div>&nbsp;</div>
<?php
}
else
{
?>
<form action="" method="post">
<textarea name="comment" maxlength="500"></textarea><br /><br />
<input type="submit" name="post_comment" value="Place Comment" />
</form>
<?php
}
?>
</div>
</div>
</div>
</div>
 
<style type="text/css">
input[type="text"], input[type="password"] {
background-color: #F1F1F1;
border: 1px solid #999999;
width: 175px;
padding: 5px;
font-family: verdana;
font-size: 10px;
color: #666666;
}
input[type="submit"] {
background-color: #F1F1F1;
border: 1px solid #999999;
padding: 5px;
font-family: verdana;
font-size: 10px;
color: #666666;
}
textarea {
background-color: #F1F1F1;
border: 1px solid #999999;
padding: 5px;
width: 517px;
height: 70px;
font-family: verdana;
font-size: 10px;
color: #666666;
}
select {
background-color: #F1F1F1;
border: 1px solid #999999;
padding: 5px;
font-family: verdana;
font-size: 10px;
color: #666666;
}
</style>
<?php
$getComments = mysql_query("SELECT * FROM site_news_comments WHERE article = '".filter($_GET['id'])."' ORDER by id DESC");
?>
<div class="habblet-container ">
<div class="cbb clearfix notitle ">
<div id="article-wrapper"><h2>Comments <?php echo mysql_num_rows($getComments); ?></h2>
<div class="article-meta"></div>
<div class="article-body">
<?php
      if(mysql_num_rows($getComments) == 0) {
          echo "No comments for this article!";
      } else {
          echo '<table width="528px">';
          while($Comments = mysql_fetch_array($getComments)){
          $getUserInfo = mysql_query("SELECT * FROM users WHERE username = '".$Comments['author']."'");
          $userInfo = mysql_fetch_array($getUserInfo);
                  echo '
                  <tr>
                    <td width="90px" valign="top"></div>
                    <div style="
height: 65px;
width: 50px;
float: left;
overflow: hidden;
">
                      <div style="float:left"><img position:absolute; src="http://www.habbo.com/habbo-imaging/avatarimage?figure='.$userInfo['look'].'&size=b&direction=2&head_direction=3&gesture=sml&size=2"></div>
                      ';
                        if($userInfo['rank'] >= 5) {
                            echo '<div style="position: absolute; z-index:1"><img src="{url}/r63/c_images/badges/STAFF.gif"></div>';
                        }
                        if($userInfo['rank'] == 3) {
                            echo '<div style="position: absolute; z-index:1"><img src="{url}/r63/c_images/badges/XXX.gif"></div>';
                        }
                        if($userInfo['rank'] == 4) {
                            echo '<div style="position: absolute; z-index:1"><img src="{url}/r63/c_images/badges/XXX.gif"></div>';
                        }
                        if($userInfo['rank'] == 2) {
                            echo '<div style="position: absolute; z-index:1"><img src="{url}/r63/c_images/badges/VIP.gif"></div>';
                        }
                        if($userInfo['rank'] == 1) {
                            echo '<div style="position: absolute; z-index:1"><img src="{url}/lid.png"></div>';
                        }
               
 
                echo '
 
                </td>
                    <td width="427px" valign="top">
                    <i><a href="/me">'.$userInfo['username'].' </a></i>
                                        <br /><br />'.$Comments['comment'].'
                                   
 
                    </td>
                  </tr>
          <tr>
                    <td width="80px" valign="top">
               
                    </td>
                                <td width="400px" align="right">
 
                                         
                                         
 
                   
 
</div></div></div></div>
<br>
<div style="width:125%; height:1px; background-color:#ccc; margin-top:-17px;"></div>
 
 
            </td>
          </tr>';
          }
          echo '</table>';
        }
        ?></div> </div> </div> </div>
</div>
</div>
</div>
</div>
 
        <script type="text/javascript">if (!$(document.body).hasClassName('process-template')) { Rounder.init(); }</script>
        <script type="text/javascript">
            HabboView.run();
        </script>
 
        <!--[if lt IE 7]>
            <script type="text/javascript">
                Pngfix.doPngImageFix();
            </script>
        <![endif]-->
 
        <div id="footer" >
 
 
    </body>
</html>
[/php]
Click to expand...
When entering from POST data:
iGLMF43jE0i0.png



When enter from database:
832r7rw9C0i0.png


It shows from database so wondering what the error is.
 
Upvote 0 Downvote
Markshall

Markshall

Русский Стандарт
Contributor
Dec 18, 2010
2,637
2,389
Must be a problem with your PHP.

Check your code, if you see a line saying something similar to 'error_reporting(0);', delete it and reupload that file.
 
Upvote 0 Downvote
Kristopher

Kristopher

Photographer
Dec 25, 2010
802
66
m0nsta. said:
Must be a problem with your PHP.

Check your code, if you see a line saying something similar to 'error_reporting(0);', delete it and reupload that file.
Click to expand...
Dont seem to find anything with that in the code. hmm.. I is there something where i can print the errors... I forgot..
 
Upvote 0 Downvote
Weasel

Weasel

👄 I'd intercept me
Nov 25, 2011
4,132
2,456
Search:
PHP: 
mysql_query("INSERT INTO site_news_comments (article, userid, comment, posted_on, author) VALUES ('".filter($_GET['id'])."', '".$_SESSION['userid']."', '".filter($comment)."', '".$posted_on."', '" . $_SESSION['user']['username']. "');");

Replace with:
PHP: 
mysql_query("INSERT INTO site_news_comments (article, userid, comment, posted_on, author) VALUES ('".filter($_GET['id'])."', '".$_SESSION['userid']."', '".filter($comment)."', '".$posted_on."', '" . $_SESSION['user']['username']. "');") or die(mysql_error());

And post the error given.
 
Upvote 0 Downvote
Kristopher

Kristopher

Photographer
Dec 25, 2010
802
66
Holmes said:
Search:
PHP: 
mysql_query("INSERT INTO site_news_comments (article, userid, comment, posted_on, author) VALUES ('".filter($_GET['id'])."', '".$_SESSION['userid']."', '".filter($comment)."', '".$posted_on."', '" . $_SESSION['user']['username']. "');");

Replace with:
PHP: 
mysql_query("INSERT INTO site_news_comments (article, userid, comment, posted_on, author) VALUES ('".filter($_GET['id'])."', '".$_SESSION['userid']."', '".filter($comment)."', '".$posted_on."', '" . $_SESSION['user']['username']. "');") or die(mysql_error());

And post the error given.
Click to expand...
Incorrect integer value: '' for column 'userid' at row 1

This is what came up.
 
Upvote 0 Downvote

Users who are viewing this thread

Total: 2 (members: 0, guests: 2)
☀️  Switch to Light Theme

Latest posts

Top