MoonPHP ~ The most advanced Habbo CMS as of 2015

Status
Not open for further replies.

Mastah

the funny thing is \r\n i did
Oct 25, 2010
739
41
laughign @ learning MySQL+++ ( just fucking with you )

Good luck anyway
 

griimnak

You're a slave to the money then you die
Jul 20, 2013
957
800
You should ditch mysqli and go with pdo, prepared statements are the way to go man it's cleaner and is more secure.
snip from my personal login:

PHP:
<?php
if(isset($_POST['username'], $_POST['password'])){
$user1step = strip_tags($_POST['username']);
$pass2step = strip_tags($_POST['password']);
$secure_user = $user1step;
$secure_pass = md5($pass2step);
$query = Database::dbConnect()->prepare("SELECT username, password FROM gweb_users WHERE username=:username AND password=:password");
$query->bindParam(':username', $secure_user);
$query->bindParam(':password', $secure_pass);
$query->execute();
if($row = $query->fetch()){
$_SESSION['username'] = $row['username'];
header("Location: admin_dash");
}
}
?>
 

Jaden

not so active
Aug 24, 2014
886
263
You should ditch mysqli and go with pdo, prepared statements are the way to go man it's cleaner and is more secure.
snip from my personal login:

PHP:
<?php
if(isset($_POST['username'], $_POST['password'])){
$user1step = strip_tags($_POST['username']);
$pass2step = strip_tags($_POST['password']);
$secure_user = $user1step;
$secure_pass = md5($pass2step);
$query = Database::dbConnect()->prepare("SELECT username, password FROM gweb_users WHERE username=:username AND password=:password");
$query->bindParam(':username', $secure_user);
$query->bindParam(':password', $secure_pass);
$query->execute();
if($row = $query->fetch()){
$_SESSION['username'] = $row['username'];
header("Location: admin_dash");
}
}
?>
The CMS is PDO @Griimnak

class.engine.php (PDO Wrapper Class)
PHP:
<?php

/**
* Class Engine
* Static functions used to help communicate with the database.
*/
class Engine implements iMain, iEngine
{
    /**
     * Storage of the PDO Instance.
     * @var PDO
     */
    private $sql;

    /**
     * Used to prevent duplications/re-initializing the engine class.
     * @var bool
     */
    private $connected = false;

    /**
     * @var int
     */
    public $rowCount = 0;


    public static function Init()
    {
        /**
         * TODO: Usage of more than 1 PDO instance.
         */
    }

    final public function __construct()
    {
        if (!$this->connected)
        {
            try {
                $connectionString = sprintf("mysql:dbname=%s;host=%s", Core::$Config->Database, Core::$Config->Host);

                // I've run into problem where
                // SET NAMES "UTF8" not working on some hosting.
                // Specifying charset in DSN fixes the charset problem perfectly!
                $instance = new PDO($connectionString, Core::$Config->Username, Core::$Config->Password);
                $instance->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);

                $this->sql = $instance;
                $this->connected = true;
            }
            catch(PDOException $e)
            {
                echo $e->getMessage();
                exit;
            }
        }
    }

    /**
     * @deprecated
     * Executes a query to the database.
     * @param string $sql the query to execute
     * @param array $array an array of columns and values
     * @return null
     */
    final public function Query($sql, array $array)
    {
        $stmt = $this->sql->prepare($sql);
        $stmt->closeCursor();

        $stmt->execute($array);
        $this->rowCount = $stmt->rowCount();
        return isset($stmt) ? $stmt : null;
    }

    /**
     * Used for secure select executions to the database.
     * @param $sql the query to execute
     * @param array $array an array of columns and values
     * @param int $fetchMode
     * @param string $class class name
     * @return array
     */
    final public function Select($sql, array $array, $fetchMode = PDO::FETCH_OBJ, $class = '')
    {
        $stmt = $this->sql->prepare($sql);

        foreach ($array as $key => $value) {
            if (is_int($value)) {
                $stmt->bindValue("$key", $value, PDO::PARAM_INT);
            } else {
                $stmt->bindValue("$key", $value);
            }
        }

        $stmt->execute();
        $this->rowCount = $stmt->rowCount();

        if ($fetchMode === PDO::FETCH_CLASS) {
            return $stmt->fetchAll($fetchMode, $class);
        } else {
            return $stmt->fetchAll($fetchMode);
        }
    }

    /**
     * Used for secure insert executions to the database.
     * @param $table table name
     * @param array $data an array of columns and values
     * @return string
     */
    final public function Insert($table, array $data)
    {
        ksort($data);

        $fieldNames = implode(',', array_keys($data));
        $fieldValues = ':' . implode(', :', array_keys($data));

        $stmt = $this->sql->prepare("INSERT INTO $table ($fieldNames) VALUES ($fieldValues)");

        foreach ($data as $key => $value) {
            $stmt->bindValue(":$key", $value);
        }

        $stmt->execute();
        $this->rowCount = $stmt->rowCount();
        return $this->sql->lastInsertId();
    }

    /**
     * Used for secure update executions to the database.
     * @param $table table name
     * @param array $data an array of columns and values
     * @param array $where an array of columns and values
     * @return int
     */
    final public function Update($table, array $data, array $where)
    {
        ksort($data);

        $fieldDetails = null;
        foreach ($data as $key => $value) {
            $fieldDetails .= "$key = :field_$key,";
        }
        $fieldDetails = rtrim($fieldDetails, ',');

        $whereDetails = null;
        $i = 0;
        foreach ($where as $key => $value) {
            if ($i == 0) {
                $whereDetails .= "$key = :where_$key";
            } else {
                $whereDetails .= " AND $key = :where_$key";
            }
            $i++;
        }
        $whereDetails = ltrim($whereDetails, ' AND ');

        $stmt = $this->sql->prepare("UPDATE $table SET $fieldDetails WHERE $whereDetails");

        foreach ($data as $key => $value) {
            $stmt->bindValue(":field_$key", $value);
        }

        foreach ($where as $key => $value) {
            $stmt->bindValue(":where_$key", $value);
        }

        $stmt->execute();
        $this->rowCount = $stmt->rowCount();
        return $stmt->rowCount();
    }

    /**
     * Used for secure delete executions to the database.
     * @param $table table name
     * @param array $where an array of columns and values
     * @param int $limit limit of deletions
     * @return int
     */
    final public function Delete($table, array $where, $limit = 1)
    {
        ksort($where);

        $whereDetails = null;
        $i = 0;
        foreach ($where as $key => $value) {
            if ($i == 0) {
                $whereDetails .= "$key = :$key";
            } else {
                $whereDetails .= " AND $key = :$key";
            }
            $i++;
        }
        $whereDetails = ltrim($whereDetails, ' AND ');

        //if limit is a number use a limit on the query
        if (is_numeric($limit)) {
            $uselimit = "LIMIT $limit";
        }

        $stmt = $this->sql->prepare("DELETE FROM $table WHERE $whereDetails $uselimit");

        foreach ($where as $key => $value) {
            $stmt->bindValue(":$key", $value);
        }

        $stmt->execute();   
        $this->rowCount = $stmt->rowCount();
        return $stmt->rowCount();
    }
}


Prepared & Sanitized Statements (Example)
PHP:
global $MySql;

$MySql->Select('SELECT null FROM users WHERE mail = :mail', [ ':mail' => $mail ]);

if ($MySql->rowCount > 0)
{
    return true;
}
 
Last edited:

griimnak

You're a slave to the money then you die
Jul 20, 2013
957
800
The CMS is PDO @Griimnak

class.engine.php (PDO Wrapper Class)
PHP:
<?php

/**
* Class Engine
* Static functions used to help communicate with the database.
*/
class Engine implements iMain, iEngine
{
    /**
     * Storage of the PDO Instance.
     * @var PDO
     */
    private $sql;

    /**
     * Used to prevent duplications/re-initializing the engine class.
     * @var bool
     */
    private $connected = false;

    /**
     * @var int
     */
    public $rowCount = 0;


    public static function Init()
    {
        /**
         * TODO: Usage of more than 1 PDO instance.
         */
    }

    final public function __construct()
    {
        if (!$this->connected)
        {
            try {
                $connectionString = sprintf("mysql:dbname=%s;host=%s", Core::$Config->Database, Core::$Config->Host);

                // I've run into problem where
                // SET NAMES "UTF8" not working on some hosting.
                // Specifying charset in DSN fixes the charset problem perfectly!
                $instance = new PDO($connectionString, Core::$Config->Username, Core::$Config->Password);
                $instance->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);

                $this->sql = $instance;
                $this->connected = true;
            }
            catch(PDOException $e)
            {
                echo $e->getMessage();
                exit;
            }
        }
    }

    /**
     * @deprecated
     * Executes a query to the database.
     * @param string $sql the query to execute
     * @param array $array an array of columns and values
     * @return null
     */
    final public function Query($sql, array $array)
    {
        $stmt = $this->sql->prepare($sql);
        $stmt->closeCursor();

        $stmt->execute($array);
        $this->rowCount = $stmt->rowCount();
        return isset($stmt) ? $stmt : null;
    }

    /**
     * Used for secure select executions to the database.
     * @param $sql the query to execute
     * @param array $array an array of columns and values
     * @param int $fetchMode
     * @param string $class class name
     * @return array
     */
    final public function Select($sql, array $array, $fetchMode = PDO::FETCH_OBJ, $class = '')
    {
        $stmt = $this->sql->prepare($sql);

        foreach ($array as $key => $value) {
            if (is_int($value)) {
                $stmt->bindValue("$key", $value, PDO::PARAM_INT);
            } else {
                $stmt->bindValue("$key", $value);
            }
        }

        $stmt->execute();
        $this->rowCount = $stmt->rowCount();

        if ($fetchMode === PDO::FETCH_CLASS) {
            return $stmt->fetchAll($fetchMode, $class);
        } else {
            return $stmt->fetchAll($fetchMode);
        }
    }

    /**
     * Used for secure insert executions to the database.
     * @param $table table name
     * @param array $data an array of columns and values
     * @return string
     */
    final public function Insert($table, array $data)
    {
        ksort($data);

        $fieldNames = implode(',', array_keys($data));
        $fieldValues = ':' . implode(', :', array_keys($data));

        $stmt = $this->sql->prepare("INSERT INTO $table ($fieldNames) VALUES ($fieldValues)");

        foreach ($data as $key => $value) {
            $stmt->bindValue(":$key", $value);
        }

        $stmt->execute();
        $this->rowCount = $stmt->rowCount();
        return $this->sql->lastInsertId();
    }

    /**
     * Used for secure update executions to the database.
     * @param $table table name
     * @param array $data an array of columns and values
     * @param array $where an array of columns and values
     * @return int
     */
    final public function Update($table, array $data, array $where)
    {
        ksort($data);

        $fieldDetails = null;
        foreach ($data as $key => $value) {
            $fieldDetails .= "$key = :field_$key,";
        }
        $fieldDetails = rtrim($fieldDetails, ',');

        $whereDetails = null;
        $i = 0;
        foreach ($where as $key => $value) {
            if ($i == 0) {
                $whereDetails .= "$key = :where_$key";
            } else {
                $whereDetails .= " AND $key = :where_$key";
            }
            $i++;
        }
        $whereDetails = ltrim($whereDetails, ' AND ');

        $stmt = $this->sql->prepare("UPDATE $table SET $fieldDetails WHERE $whereDetails");

        foreach ($data as $key => $value) {
            $stmt->bindValue(":field_$key", $value);
        }

        foreach ($where as $key => $value) {
            $stmt->bindValue(":where_$key", $value);
        }

        $stmt->execute();
        $this->rowCount = $stmt->rowCount();
        return $stmt->rowCount();
    }

    /**
     * Used for secure delete executions to the database.
     * @param $table table name
     * @param array $where an array of columns and values
     * @param int $limit limit of deletions
     * @return int
     */
    final public function Delete($table, array $where, $limit = 1)
    {
        ksort($where);

        $whereDetails = null;
        $i = 0;
        foreach ($where as $key => $value) {
            if ($i == 0) {
                $whereDetails .= "$key = :$key";
            } else {
                $whereDetails .= " AND $key = :$key";
            }
            $i++;
        }
        $whereDetails = ltrim($whereDetails, ' AND ');

        //if limit is a number use a limit on the query
        if (is_numeric($limit)) {
            $uselimit = "LIMIT $limit";
        }

        $stmt = $this->sql->prepare("DELETE FROM $table WHERE $whereDetails $uselimit");

        foreach ($where as $key => $value) {
            $stmt->bindValue(":$key", $value);
        }

        $stmt->execute();    
        $this->rowCount = $stmt->rowCount();
        return $stmt->rowCount();
    }
}

Prepared & Sanitized Statements (Example)
PHP:
global $MySql;

$MySql->Select('SELECT null FROM users WHERE mail = :mail', [ ':mail' => $mail ]);

if ($MySql->rowCount > 0)
{
    return true;
}
good shit goodluck
 

LeChris

https://habbo.codes/
Sep 30, 2013
2,786
1,395
Deciding whether or not to code Parent accounts.
I feel like parent accounts only take a second to code and can help provide another layer of security (authorization) when choosing an identity, and it can even help simplify queries if you're multi-database by querying the parent account for some of the information regarding plugins, etc
 

Examed

Я весь высший лидер из вас всех
Aug 7, 2014
352
95
Good Luck . This seems quite nice so far!
 

xcedxlx

New Member
Jun 7, 2015
6
2
Can you do it on github?
I realy wanna use this cms, it is making me happy tot see you are using PDO and prepared Statements.
 

Jaden

not so active
Aug 24, 2014
886
263
Everything has been complete, still writing the ASE though, then I'll release.

Taking some time off the development to focus on school work, yet I'm still doing minor edits from time to time.
 
Updates are fun.
 

griimnak

You're a slave to the money then you die
Jul 20, 2013
957
800
Everything has been complete, still writing the ASE though, then I'll release.

Taking some time off the development to focus on school work, yet I'm still doing minor edits from time to time.
 
Updates are fun.
yo that fucking ase theme looks MINT dude goodshit looking forward to your release
 

Jaden

not so active
Aug 24, 2014
886
263
yo that fucking ase theme looks MINT dude goodshit looking forward to your release
Thanks, Idk, I might change it up though.

Good luck with this, Moonshine :)
Thank you, Luna :)
 
Update:
Added a few profiling tools to the CMS, Global.php Updated
PHP:
<?php
/**
*   &MoonPHP - Simple content management system.
*   Using: MVC Folder Structure.
*
*   Developed and designed strictly for the use of Babbo Hotel.
*   This CMS is under copyright law and is not for release nor for sale.
*   Written by Babbo Hotel (babbo.ws), content edited by Adam (Wicked).
*   Brought to you, an exploit-free, dynamic content management system.
*
*   https://babbo.ws
*
*   @author Jaden (Moonshine), Josh
*   @since July 16, 2015
*   @version 3.0.3
*   @license https://babbo.ws
*/

require ROOT.'/vendor/autoload.php';
require MAIN.'/core.php';

Core::LogStep("Loading Interfaces.");
Core::Load('Interfaces');
Core::LogStep("Finished Loading Interfaces");

Core::SetIpAddress();

Core::LogStep("Loading Extensions & Languages.");
Core::Load('Extensions');
Core::Load('Languages');
Core::LogStep("Finished Loading Extensions & Languages");

Core::LogStep("Loading Configuration File.");
Core::$Config = require MAIN.'/config.php';

Core::LogStep("Starting a persistent PDO Connection.");
Engine::Init();

Core::LogStep("Starting the GEO Location Platform.");
Geo::Init();

Core::$Language = Geo::GetLanguage();

$MySql = new Engine();
$Users = new Users();

Core::LogStep("Starting the Session Storage for PHP.");
session_start();
 

Jaden

not so active
Aug 24, 2014
886
263
Ah yes, I haven't been working on it that much but my mans been giving me pointers so I'll work on it soon.
 
I haven't had access to MoonPHP in a while now, since my main PC is in the shop and I don't have it on GitHub.
Thinking of abandoning it and working on MoonJS which is a Habbo CMS and Web API written in JavaScript using the server-side framework known as NodeJS.
If I'm corrected, it's rumored that HabboWEB's back-end is in NodeJS, probably why it was so easy to get so far in little time.

Screenshot:


Software Design:
No MVC, basic express routing
Sequelize ORM w. multi database engine support
Support for as many languages as Habbo
Morgan configured for logging alongside Express
EJS templating system

The server was written to look and function like HabboWEB down to the smallest of detail.
I want your opinion on whether I should continue this or not, most of everything is already done.
 

LeChris

https://habbo.codes/
Sep 30, 2013
2,786
1,395
Ah yes, I haven't been working on it that much but my mans been giving me pointers so I'll work on it soon.
 
I haven't had access to MoonPHP in a while now, since my main PC is in the shop and I don't have it on GitHub.
Thinking of abandoning it and working on MoonJS which is a Habbo CMS and Web API written in JavaScript using the server-side framework known as NodeJS.
If I'm corrected, it's rumored that HabboWEB's back-end is in NodeJS, probably why it was so easy to get so far in little time.

Screenshot:


Software Design:
No MVC, basic express routing
Sequelize ORM w. multi database engine support
Support for as many languages as Habbo
Morgan configured for logging alongside Express
EJS templating system

The server was written to look and function like HabboWEB down to the smallest of detail.
I want your opinion on whether I should continue this or not, most of everything is already done.
Habbo uses AngularJS
 
Status
Not open for further replies.

Users who are viewing this thread

Top