TheNotorious
Im dying slowly.
- Oct 4, 2014
- 228
- 41
Just edited the 1.2.4 and it includes all of those what 1.5 seems include. But goodluck with the Project! Keep it up!
+
Deleted all the exploits
+
Deleted all the exploits
It is in the web.config?can you please groups rule add to web.config?
How do you suggest to get a global variable instead of usingOFT: This code is better than that of the original CMS but you're still using global to get information and this is outdated.
ONT: Great CMS, just needs more OOP and yes also php-fig would help for sure! and cPanel is supported, tested with little edit!
global $eg;
Or just wrong variables in his external texts or blocked ports.Cms is working is your EMU and habbo.swf version
Cms is working is your EMU and habbo.swf version
Or just wrong variables in his external texts or blocked ports.
Sent from my SM-G928F using Tapatalk
It is not the cms... has nothing to do with the connection to your emu
I recommend you to use the latest version of BrainCMS
<?php
if(!defined('BRAIN_CMS'))
{
die('Sorry but you cannot access this file!');
}
/*
Functions list Class Admin.
---------------
error();
gelukt();
CheckRank();
staffpin();
staffCheck();
UpdateUser();
UpdateUserOfTheWeek();
UpdateNews();
searchUser();
searchUserOfTheWeek();
EditUser();
EditUserOfTheWeek();
EditNews();
LookSollie();
DeleteNews();
DeleteSollie();
DeleteBans();
PostNews();
*/
Class Admin
{
public static function error($errorName)
{
echo "<div class=\"alert alert-block alert-danger \"><strong>" . $errorName . "</div>";
}
public static function gelukt($errorName)
{
echo "<div class=\"alert alert-block alert-success \"><strong>" . $errorName . "</div>";
}
public static function CheckRank($rank)
{
global $config;
{
if (User::userData('rank') <= $rank)
{
header('Location: '.$config['hotelUrl'].'/index');
exit();
}
}
}
public static function UpdateUser()
{
if (isset($_POST['update'])) {
if ($updatesql = DB::Query("UPDATE users SET
motto='".filter(DB::Escape($_POST['motto']))."' ,
username='".filter(DB::Escape($_POST['naam']))."',
mail='".filter(DB::Escape($_POST['mail']))."',
credits='".filter(DB::Escape($_POST['credits']))."',
vip_points='".filter(DB::Escape($_POST['vip_points']))."',
activity_points='".filter(DB::Escape($_POST['activity_points']))."',
teamrank='".filter(DB::Escape($_POST['teamrank']))."',
rank='".filter(DB::Escape($_POST['rank']))."'
WHERE username = '".filter(DB::Escape($_POST['naam']))."'")) {
Admin::gelukt("Settings has been saved!");
} else {
Admin::error("That did not work out!");
}
}
}
public static function UpdateUserOfTheWeek()
{
if (isset($_POST['update'])) {
$getUserData = DB::Fetch(DB::Query("SELECT id,username FROM users WHERE username = '" . filter(DB::Escape($_POST['naam']) . "'")));
if ($updatesql = DB::Query("UPDATE uotw SET
userid='".filter(DB::Escape($getUserData['id']))."',
text='".filter(DB::Escape($_POST['uftwtext']))."'
")) {
Admin::gelukt("Settings has been saved!");
} else {
Admin::error("That did not work out!");
}
}
}
public static function UpdateNews()
{
if (isset($_POST['update'])) {
if ($updateNews = DB::Query("UPDATE cms_news SET
id='".filter(DB::Escape($_POST['id']))."',
title='".filter(DB::Escape($_POST['title']))."',
shortstory='".filter(DB::Escape($_POST['shortstory']))."',
longstory='".filter(DB::Escape($_POST['longstory']))."',
image='".filter(DB::Escape($_POST['topstory']))."'
WHERE id = '".filter(DB::Escape($_POST['id']))."'")) {
Admin::gelukt("News report edited!");
} else {
Admin::error("That did not work out!");
}
}
}
public static function searchUser()
{
global $config;
if(isset($_POST['zoek'])) {
$searchUser = DB::NumRows(DB::Query('SELECT * FROM users WHERE username = "'.filter(DB::Escape($_POST['user'])).'"'));
if ($searchUser == 1)
{
Admin::gelukt('User '.$_POST['user'].' Found! Click <a href ="'.$config['hotelUrl'].'/adminpan/gebruiker/'.$_POST['user'].'">here</a> to view account');
}
else
{
Admin::error("User ".$_POST['user']." not found!");
}
}
}
public static function searchUserOfTheWeek()
{
global $config;
if(isset($_POST['zoek'])) {
$searchUser = DB::NumRows(DB::Query('SELECT * FROM users WHERE username = "'.filter(DB::Escape($_POST['user'])).'"'));
if ($searchUser == 1)
{
Admin::gelukt(''.$_POST['user'].' Found! Click <a href ="'.$config['hotelUrl'].'/adminpan/giveuseroftheweek/'.$_POST['user'].'">here</a> in order to give User of the Week!');
}
else
{
Admin::error("User ".$_POST['user']." not found!");
}
}
}
public static function EditUser($variable)
{
if (isset($_GET['user'])) {
if ($getUser = DB::Query("SELECT * FROM users WHERE username='".filter(DB::Escape($_GET['user']))."' LIMIT 1")) {
if (DB::NumRows($getUser) == 1) {
$user = DB::Fetch($getUser);
return $user[$variable];
} else {
Admin::error("User not found!"); exit;
}
}
}
}
public static function EditUserOfTheWeek($variable)
{
if (isset($_GET['user'])) {
if ($getUser = DB::Query("SELECT * FROM users WHERE username='".filter(DB::Escape($_GET['user']))."' LIMIT 1")) {
if (DB::NumRows($getUser) == 1) {
$user = DB::Fetch($getUser);
return $user[$variable];
} else {
Admin::error("User not found!"); exit;
}
}
}
}
public static function EditNews($variable)
{
if (isset($_GET['news'])) {
if ($getNews = DB::Query("SELECT * FROM cms_news WHERE id='".filter(DB::Escape($_GET['news']))."' LIMIT 1")) {
if (DB::NumRows($getNews) == 1) {
$news = DB::Fetch($getNews);
return $news[$variable];
} else {
Admin::error("Couldn't find article!"); exit;
}
}
}
}
public static function LookSollie($variable)
{
Global $db,$config;
if (isset($_GET['look'])) {
$user = DB::Escape($_GET['look']);
if ($sql1 = $sql1 = DB::Query("SELECT * FROM staffApplication WHERE id='".filter(DB::Escape($_GET['look']))."' LIMIT 1")) {
if ($sql1->num_rows == 1) {
$user = $sql1->FETCH_ASSOC();
$datenow = date('d-m-Y', $user['date']);
return $user[$variable];
} else {
echo "<script language='javascript' type='text/javascript'>window.location.href='".$config['hotelUrl']."/adminpan/sollie'</script>"; exit;
}
}
}
}
public static function DeleteNews()
{
Global $db;
if(isset($_GET['delete'])) {
$id = DB::Escape($_GET['delete']);
if ($deletesql = $sql1 = DB::Query("DELETE FROM cms_news WHERE id='".filter(DB::Escape($id))."'")) {
Admin::gelukt('The article was deleted ');
} else {
error();
}
}
}
public static function DeleteSollie()
{
Global $db;
if(isset($_POST['DeleteSollieNow'])) {
$id = DB::Escape($_POST['DeleteSollieNow']);
if ($deletesql = $sql1 = DB::Query("DELETE FROM staffApplication WHERE id='".filter(DB::Escape($id))."'")) {
Admin::gelukt('Application Removed '.$id.'');
} else {
error();
}
}
}
public static function DeleteBans()
bruh plus emu is free...Of Course you do but i didn't want to pay for the EMU..
I don't know OOP? The query is fixed in the next updateYour coding is pretty weird, some of it are OOP, and some of it are not? Instead of making a quoted list about which functions are in it, create an interface for the class.PHP:<?php if(!defined('BRAIN_CMS')) { die('Sorry but you cannot access this file!'); } /* Functions list Class Admin. --------------- error(); gelukt(); CheckRank(); staffpin(); staffCheck(); UpdateUser(); UpdateUserOfTheWeek(); UpdateNews(); searchUser(); searchUserOfTheWeek(); EditUser(); EditUserOfTheWeek(); EditNews(); LookSollie(); DeleteNews(); DeleteSollie(); DeleteBans(); PostNews(); */ Class Admin { public static function error($errorName) { echo "<div class=\"alert alert-block alert-danger \"><strong>" . $errorName . "</div>"; } public static function gelukt($errorName) { echo "<div class=\"alert alert-block alert-success \"><strong>" . $errorName . "</div>"; } public static function CheckRank($rank) { global $config; { if (User::userData('rank') <= $rank) { header('Location: '.$config['hotelUrl'].'/index'); exit(); } } } public static function UpdateUser() { if (isset($_POST['update'])) { if ($updatesql = DB::Query("UPDATE users SET motto='".filter(DB::Escape($_POST['motto']))."' , username='".filter(DB::Escape($_POST['naam']))."', mail='".filter(DB::Escape($_POST['mail']))."', credits='".filter(DB::Escape($_POST['credits']))."', vip_points='".filter(DB::Escape($_POST['vip_points']))."', activity_points='".filter(DB::Escape($_POST['activity_points']))."', teamrank='".filter(DB::Escape($_POST['teamrank']))."', rank='".filter(DB::Escape($_POST['rank']))."' WHERE username = '".filter(DB::Escape($_POST['naam']))."'")) { Admin::gelukt("Settings has been saved!"); } else { Admin::error("That did not work out!"); } } } public static function UpdateUserOfTheWeek() { if (isset($_POST['update'])) { $getUserData = DB::Fetch(DB::Query("SELECT id,username FROM users WHERE username = '" . filter(DB::Escape($_POST['naam']) . "'"))); if ($updatesql = DB::Query("UPDATE uotw SET userid='".filter(DB::Escape($getUserData['id']))."', text='".filter(DB::Escape($_POST['uftwtext']))."' ")) { Admin::gelukt("Settings has been saved!"); } else { Admin::error("That did not work out!"); } } } public static function UpdateNews() { if (isset($_POST['update'])) { if ($updateNews = DB::Query("UPDATE cms_news SET id='".filter(DB::Escape($_POST['id']))."', title='".filter(DB::Escape($_POST['title']))."', shortstory='".filter(DB::Escape($_POST['shortstory']))."', longstory='".filter(DB::Escape($_POST['longstory']))."', image='".filter(DB::Escape($_POST['topstory']))."' WHERE id = '".filter(DB::Escape($_POST['id']))."'")) { Admin::gelukt("News report edited!"); } else { Admin::error("That did not work out!"); } } } public static function searchUser() { global $config; if(isset($_POST['zoek'])) { $searchUser = DB::NumRows(DB::Query('SELECT * FROM users WHERE username = "'.filter(DB::Escape($_POST['user'])).'"')); if ($searchUser == 1) { Admin::gelukt('User '.$_POST['user'].' Found! Click <a href ="'.$config['hotelUrl'].'/adminpan/gebruiker/'.$_POST['user'].'">here</a> to view account'); } else { Admin::error("User ".$_POST['user']." not found!"); } } } public static function searchUserOfTheWeek() { global $config; if(isset($_POST['zoek'])) { $searchUser = DB::NumRows(DB::Query('SELECT * FROM users WHERE username = "'.filter(DB::Escape($_POST['user'])).'"')); if ($searchUser == 1) { Admin::gelukt(''.$_POST['user'].' Found! Click <a href ="'.$config['hotelUrl'].'/adminpan/giveuseroftheweek/'.$_POST['user'].'">here</a> in order to give User of the Week!'); } else { Admin::error("User ".$_POST['user']." not found!"); } } } public static function EditUser($variable) { if (isset($_GET['user'])) { if ($getUser = DB::Query("SELECT * FROM users WHERE username='".filter(DB::Escape($_GET['user']))."' LIMIT 1")) { if (DB::NumRows($getUser) == 1) { $user = DB::Fetch($getUser); return $user[$variable]; } else { Admin::error("User not found!"); exit; } } } } public static function EditUserOfTheWeek($variable) { if (isset($_GET['user'])) { if ($getUser = DB::Query("SELECT * FROM users WHERE username='".filter(DB::Escape($_GET['user']))."' LIMIT 1")) { if (DB::NumRows($getUser) == 1) { $user = DB::Fetch($getUser); return $user[$variable]; } else { Admin::error("User not found!"); exit; } } } } public static function EditNews($variable) { if (isset($_GET['news'])) { if ($getNews = DB::Query("SELECT * FROM cms_news WHERE id='".filter(DB::Escape($_GET['news']))."' LIMIT 1")) { if (DB::NumRows($getNews) == 1) { $news = DB::Fetch($getNews); return $news[$variable]; } else { Admin::error("Couldn't find article!"); exit; } } } } public static function LookSollie($variable) { Global $db,$config; if (isset($_GET['look'])) { $user = DB::Escape($_GET['look']); if ($sql1 = $sql1 = DB::Query("SELECT * FROM staffApplication WHERE id='".filter(DB::Escape($_GET['look']))."' LIMIT 1")) { if ($sql1->num_rows == 1) { $user = $sql1->FETCH_ASSOC(); $datenow = date('d-m-Y', $user['date']); return $user[$variable]; } else { echo "<script language='javascript' type='text/javascript'>window.location.href='".$config['hotelUrl']."/adminpan/sollie'</script>"; exit; } } } } public static function DeleteNews() { Global $db; if(isset($_GET['delete'])) { $id = DB::Escape($_GET['delete']); if ($deletesql = $sql1 = DB::Query("DELETE FROM cms_news WHERE id='".filter(DB::Escape($id))."'")) { Admin::gelukt('The article was deleted '); } else { error(); } } } public static function DeleteSollie() { Global $db; if(isset($_POST['DeleteSollieNow'])) { $id = DB::Escape($_POST['DeleteSollieNow']); if ($deletesql = $sql1 = DB::Query("DELETE FROM staffApplication WHERE id='".filter(DB::Escape($id))."'")) { Admin::gelukt('Application Removed '.$id.''); } else { error(); } } } public static function DeleteBans()
Another thing, there's no need of selecting "*" ALL columns in your table, if you're only going to fetch 1 or 2 anyway, that just makes the query slower.
bruh plus emu is free...
OOP stands for Object Oriented Programming.. PDO is OOP...I don't know OOP? The query is fixed in the next update
Never gonna use the newest, because why the hell cms is checking is thoses tables in db?I recommend you to use the latest version of BrainCMS
bruh plus emu is free...