MoonPHP ~ The most advanced Habbo CMS as of 2015
- Thread starter Jaden
- Start date
- Status
griimnak
You're a slave to the money then you die
- Jul 20, 2013
- 956
- 797
You should ditch mysqli and go with pdo, prepared statements are the way to go man it's cleaner and is more secure.
snip from my personal login:
snip from my personal login:
PHP:
<?php
if(isset($_POST['username'], $_POST['password'])){
$user1step = strip_tags($_POST['username']);
$pass2step = strip_tags($_POST['password']);
$secure_user = $user1step;
$secure_pass = md5($pass2step);
$query = Database::dbConnect()->prepare("SELECT username, password FROM gweb_users WHERE username=:username AND password=:password");
$query->bindParam(':username', $secure_user);
$query->bindParam(':password', $secure_pass);
$query->execute();
if($row = $query->fetch()){
$_SESSION['username'] = $row['username'];
header("Location: admin_dash");
}
}
?>
Jaden
not so active
- Aug 24, 2014
- 886
- 263
- Thread starter
- #23
The CMS is PDO @Griimnak
class.engine.php (PDO Wrapper Class)
PHP:
<?php
/**
* Class Engine
* Static functions used to help communicate with the database.
*/
class Engine implements iMain, iEngine
{
/**
* Storage of the PDO Instance.
* @var PDO
*/
private $sql;
/**
* Used to prevent duplications/re-initializing the engine class.
* @var bool
*/
private $connected = false;
/**
* @var int
*/
public $rowCount = 0;
public static function Init()
{
/**
* TODO: Usage of more than 1 PDO instance.
*/
}
final public function __construct()
{
if (!$this->connected)
{
try {
$connectionString = sprintf("mysql:dbname=%s;host=%s", Core::$Config->Database, Core::$Config->Host);
// I've run into problem where
// SET NAMES "UTF8" not working on some hosting.
// Specifying charset in DSN fixes the charset problem perfectly!
$instance = new PDO($connectionString, Core::$Config->Username, Core::$Config->Password);
$instance->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
$this->sql = $instance;
$this->connected = true;
}
catch(PDOException $e)
{
echo $e->getMessage();
exit;
}
}
}
/**
* @deprecated
* Executes a query to the database.
* @param string $sql the query to execute
* @param array $array an array of columns and values
* @return null
*/
final public function Query($sql, array $array)
{
$stmt = $this->sql->prepare($sql);
$stmt->closeCursor();
$stmt->execute($array);
$this->rowCount = $stmt->rowCount();
return isset($stmt) ? $stmt : null;
}
/**
* Used for secure select executions to the database.
* @param $sql the query to execute
* @param array $array an array of columns and values
* @param int $fetchMode
* @param string $class class name
* @return array
*/
final public function Select($sql, array $array, $fetchMode = PDO::FETCH_OBJ, $class = '')
{
$stmt = $this->sql->prepare($sql);
foreach ($array as $key => $value) {
if (is_int($value)) {
$stmt->bindValue("$key", $value, PDO::PARAM_INT);
} else {
$stmt->bindValue("$key", $value);
}
}
$stmt->execute();
$this->rowCount = $stmt->rowCount();
if ($fetchMode === PDO::FETCH_CLASS) {
return $stmt->fetchAll($fetchMode, $class);
} else {
return $stmt->fetchAll($fetchMode);
}
}
/**
* Used for secure insert executions to the database.
* @param $table table name
* @param array $data an array of columns and values
* @return string
*/
final public function Insert($table, array $data)
{
ksort($data);
$fieldNames = implode(',', array_keys($data));
$fieldValues = ':' . implode(', :', array_keys($data));
$stmt = $this->sql->prepare("INSERT INTO $table ($fieldNames) VALUES ($fieldValues)");
foreach ($data as $key => $value) {
$stmt->bindValue(":$key", $value);
}
$stmt->execute();
$this->rowCount = $stmt->rowCount();
return $this->sql->lastInsertId();
}
/**
* Used for secure update executions to the database.
* @param $table table name
* @param array $data an array of columns and values
* @param array $where an array of columns and values
* @return int
*/
final public function Update($table, array $data, array $where)
{
ksort($data);
$fieldDetails = null;
foreach ($data as $key => $value) {
$fieldDetails .= "$key = :field_$key,";
}
$fieldDetails = rtrim($fieldDetails, ',');
$whereDetails = null;
$i = 0;
foreach ($where as $key => $value) {
if ($i == 0) {
$whereDetails .= "$key = :where_$key";
} else {
$whereDetails .= " AND $key = :where_$key";
}
$i++;
}
$whereDetails = ltrim($whereDetails, ' AND ');
$stmt = $this->sql->prepare("UPDATE $table SET $fieldDetails WHERE $whereDetails");
foreach ($data as $key => $value) {
$stmt->bindValue(":field_$key", $value);
}
foreach ($where as $key => $value) {
$stmt->bindValue(":where_$key", $value);
}
$stmt->execute();
$this->rowCount = $stmt->rowCount();
return $stmt->rowCount();
}
/**
* Used for secure delete executions to the database.
* @param $table table name
* @param array $where an array of columns and values
* @param int $limit limit of deletions
* @return int
*/
final public function Delete($table, array $where, $limit = 1)
{
ksort($where);
$whereDetails = null;
$i = 0;
foreach ($where as $key => $value) {
if ($i == 0) {
$whereDetails .= "$key = :$key";
} else {
$whereDetails .= " AND $key = :$key";
}
$i++;
}
$whereDetails = ltrim($whereDetails, ' AND ');
//if limit is a number use a limit on the query
if (is_numeric($limit)) {
$uselimit = "LIMIT $limit";
}
$stmt = $this->sql->prepare("DELETE FROM $table WHERE $whereDetails $uselimit");
foreach ($where as $key => $value) {
$stmt->bindValue(":$key", $value);
}
$stmt->execute();
$this->rowCount = $stmt->rowCount();
return $stmt->rowCount();
}
}Prepared & Sanitized Statements (Example)
PHP:
global $MySql;
$MySql->Select('SELECT null FROM users WHERE mail = :mail', [ ':mail' => $mail ]);
if ($MySql->rowCount > 0)
{
return true;
}
Last edited:
griimnak
You're a slave to the money then you die
- Jul 20, 2013
- 956
- 797
good shit goodluck
LeChris
github.com/habbo-hotel
- Sep 30, 2013
- 2,744
- 1,326
I feel like parent accounts only take a second to code and can help provide another layer of security (authorization) when choosing an identity, and it can even help simplify queries if you're multi-database by querying the parent account for some of the information regarding plugins, etc
Jaden
not so active
- Aug 24, 2014
- 886
- 263
- Thread starter
- #32
Everything has been complete, still writing the ASE though, then I'll release.
Taking some time off the development to focus on school work, yet I'm still doing minor edits from time to time.
Taking some time off the development to focus on school work, yet I'm still doing minor edits from time to time.
You must be registered for see links
Updates are fun.
griimnak
You're a slave to the money then you die
- Jul 20, 2013
- 956
- 797
yo that fucking ase theme looks MINT dude goodshit looking forward to your release
Jaden
not so active
- Aug 24, 2014
- 886
- 263
- Thread starter
- #35
Thanks, Idk, I might change it up though.
Thank you, LunaGood luck with this, Moonshine
Update:
Added a few profiling tools to the CMS, Global.php Updated
PHP:
<?php
/**
* &MoonPHP - Simple content management system.
* Using: MVC Folder Structure.
*
* Developed and designed strictly for the use of Babbo Hotel.
* This CMS is under copyright law and is not for release nor for sale.
* Written by Babbo Hotel (babbo.ws), content edited by Adam (Wicked).
* Brought to you, an exploit-free, dynamic content management system.
*
* https://babbo.ws
*
* @author Jaden (Moonshine), Josh
* @since July 16, 2015
* @version 3.0.3
* @license https://babbo.ws
*/
require ROOT.'/vendor/autoload.php';
require MAIN.'/core.php';
Core::LogStep("Loading Interfaces.");
Core::Load('Interfaces');
Core::LogStep("Finished Loading Interfaces");
Core::SetIpAddress();
Core::LogStep("Loading Extensions & Languages.");
Core::Load('Extensions');
Core::Load('Languages');
Core::LogStep("Finished Loading Extensions & Languages");
Core::LogStep("Loading Configuration File.");
Core::$Config = require MAIN.'/config.php';
Core::LogStep("Starting a persistent PDO Connection.");
Engine::Init();
Core::LogStep("Starting the GEO Location Platform.");
Geo::Init();
Core::$Language = Geo::GetLanguage();
$MySql = new Engine();
$Users = new Users();
Core::LogStep("Starting the Session Storage for PHP.");
session_start();
. Goodluck!
Jaden
not so active
- Aug 24, 2014
- 886
- 263
- Thread starter
- #39
Ah yes, I haven't been working on it that much but my mans been giving me pointers so I'll work on it soon.
I haven't had access to MoonPHP in a while now, since my main PC is in the shop and I don't have it on GitHub.
Thinking of abandoning it and working on MoonJS which is a Habbo CMS and Web API written in JavaScript using the server-side framework known as NodeJS.
If I'm corrected, it's rumored that HabboWEB's back-end is in NodeJS, probably why it was so easy to get so far in little time.
Screenshot:
Software Design:
No MVC, basic express routing
Sequelize ORM w. multi database engine support
Support for as many languages as Habbo
Morgan configured for logging alongside Express
EJS templating system
The server was written to look and function like HabboWEB down to the smallest of detail.
I want your opinion on whether I should continue this or not, most of everything is already done.
I haven't had access to MoonPHP in a while now, since my main PC is in the shop and I don't have it on GitHub.
Thinking of abandoning it and working on MoonJS which is a Habbo CMS and Web API written in JavaScript using the server-side framework known as NodeJS.
If I'm corrected, it's rumored that HabboWEB's back-end is in NodeJS, probably why it was so easy to get so far in little time.
Screenshot:
You must be registered for see links
Software Design:
No MVC, basic express routing
Sequelize ORM w. multi database engine support
Support for as many languages as Habbo
Morgan configured for logging alongside Express
EJS templating system
The server was written to look and function like HabboWEB down to the smallest of detail.
I want your opinion on whether I should continue this or not, most of everything is already done.
LeChris
github.com/habbo-hotel
- Sep 30, 2013
- 2,744
- 1,326
Habbo uses AngularJS
- Status
