[REL] RevCMS Edit [Habulous Theme]
- Thread starter Logic
- Start date
- Jul 24, 2010
- 5,199
- 3,934
Time to be a cunt. - Heavy edit? Ok my ass.
My stuff.
1) For a starters the 'topstats.php' page (I know that code is mine, why? I have not released it; I written it myself, although it's simple I know anyone can but named the variables stupid names, like '$userInfo1' just as in there).
2) Second I know that the referrals page is mine, why? - That database structure is my own no one else released it it's the exact same content and code.
3) You were a trusted co-owner on Obbo, and had server access.
'Your' stuff.
I'll give you the criticism you need in this part.
1) 'checktheban.php' you could easily minimize that and build that into 'class.core.php' rather than have to include it into every page (bare in mind you missed a lot of pages).
2) 'ipbanned.php' refer to point 1.
3) Use 'class.core.php' for pages users that are not logged in shouldn't be able to visit.
3) What is 'config.php' in 'app/tpl/skins/Habbo' you're using another plugin but connecting to the database twice? What lol?
4) 'profile.php' that isn't even secure? You forgot to filter the post data. Rev has a 'filter' function for this reason.
5) 'tradesettings.php' not secure.. See above..
6) A majority of the housekeeping needs filtering too.. 'delbot2.php', 'delnews2.php', also this housekeeping is VERY messy, you could achieve what is trying be achieved w/ so many less files.
7) ANOTHER DATABASE CONNECTION FOR HOUSEKEEPING? Why? So now we connect 3 times? lol.
And in conclusion this isn't a heavy edit. I suggest those using this do what
Last thing: I am now happy to have no credit
.
My stuff.
1) For a starters the 'topstats.php' page (I know that code is mine, why? I have not released it; I written it myself, although it's simple I know anyone can but named the variables stupid names, like '$userInfo1' just as in there).
2) Second I know that the referrals page is mine, why? - That database structure is my own no one else released it it's the exact same content and code.
3) You were a trusted co-owner on Obbo, and had server access.
'Your' stuff.
I'll give you the criticism you need in this part.
1) 'checktheban.php' you could easily minimize that and build that into 'class.core.php' rather than have to include it into every page (bare in mind you missed a lot of pages).
2) 'ipbanned.php' refer to point 1.
3) Use 'class.core.php' for pages users that are not logged in shouldn't be able to visit.
3) What is 'config.php' in 'app/tpl/skins/Habbo' you're using another plugin but connecting to the database twice? What lol?
4) 'profile.php' that isn't even secure? You forgot to filter the post data. Rev has a 'filter' function for this reason.
5) 'tradesettings.php' not secure.. See above..
6) A majority of the housekeeping needs filtering too.. 'delbot2.php', 'delnews2.php', also this housekeeping is VERY messy, you could achieve what is trying be achieved w/ so many less files.
7) ANOTHER DATABASE CONNECTION FOR HOUSEKEEPING? Why? So now we connect 3 times? lol.
And in conclusion this isn't a heavy edit. I suggest those using this do what
You must be registered for see links
didn't do, before someone takes advantage of your hotel. - I'd suggest not to use this until
You must be registered for see links
or yourself fixes what I have pointed out, bare in mind I have not gone over everything.Last thing: I am now happy to have no credit
.
Ghost
Legacy, it's all anyone leaves behind.
- Jun 8, 2012
- 1,640
- 503
Time to be a cunt. - Heavy edit? Ok my ass.
My stuff.
1) For a starters the 'topstats.php' page (I know that code is mine, why? I have not released it; I written it myself, although it's simple I know anyone can but named the variables stupid names, like '$userInfo1' just as in there).
2) Second I know that the referrals page is mine, why? - That database structure is my own no one else released it it's the exact same content and code.
3) You were a trusted co-owner on Obbo, and had server access.
'Your' stuff.
I'll give you the criticism you need in this part.
1) 'checktheban.php' you could easily minimize that and build that into 'class.core.php' rather than have to include it into every page (bare in mind you missed a lot of pages).
2) 'ipbanned.php' refer to point 1.
3) Use 'class.core.php' for pages users that are not logged in shouldn't be able to visit.
3) What is 'config.php' in 'app/tpl/skins/Habbo' you're using another plugin but connecting to the database twice? What lol?
4) 'profile.php' that isn't even secure? You forgot to filter the post data. Rev has a 'filter' function for this reason.
5) 'tradesettings.php' not secure.. See above..
6) A majority of the housekeeping needs filtering too.. 'delbot2.php', 'delnews2.php', also this housekeeping is VERY messy, you could achieve what is trying be achieved w/ so many less files.
7) ANOTHER DATABASE CONNECTION FOR HOUSEKEEPING? Why? So now we connect 3 times? lol.
And in conclusion this isn't a heavy edit. I suggest those using this do whatYou must be registered for see linksdidn't do, before someone takes advantage of your hotel. - I'd suggest not to use this untilYou must be registered for see linksor yourself fixes what I have pointed out, bare in mind I have not gone over everything.
Last thing: I am now happy to have no credit
I'm okay with this yeah but I also agree with you very many extra pages and connecting to a db :\ but I would still give him credit for trying at least.
Logic
Bobby Billionaire
- Feb 8, 2012
- 748
- 207
- Thread starter
- #29
Time to be a cunt. - Heavy edit? Ok my ass.
My stuff.
1) For a starters the 'topstats.php' page (I know that code is mine, why? I have not released it; I written it myself, although it's simple I know anyone can but named the variables stupid names, like '$userInfo1' just as in there).
2) Second I know that the referrals page is mine, why? - That database structure is my own no one else released it it's the exact same content and code.
3) You were a trusted co-owner on Obbo, and had server access.
'Your' stuff.
I'll give you the criticism you need in this part.
1) 'checktheban.php' you could easily minimize that and build that into 'class.core.php' rather than have to include it into every page (bare in mind you missed a lot of pages).
2) 'ipbanned.php' refer to point 1.
3) Use 'class.core.php' for pages users that are not logged in shouldn't be able to visit.
3) What is 'config.php' in 'app/tpl/skins/Habbo' you're using another plugin but connecting to the database twice? What lol?
4) 'profile.php' that isn't even secure? You forgot to filter the post data. Rev has a 'filter' function for this reason.
5) 'tradesettings.php' not secure.. See above..
6) A majority of the housekeeping needs filtering too.. 'delbot2.php', 'delnews2.php', also this housekeeping is VERY messy, you could achieve what is trying be achieved w/ so many less files.
7) ANOTHER DATABASE CONNECTION FOR HOUSEKEEPING? Why? So now we connect 3 times? lol.
And in conclusion this isn't a heavy edit. I suggest those using this do whatYou must be registered for see linksdidn't do, before someone takes advantage of your hotel. - I'd suggest not to use this untilYou must be registered for see linksor yourself fixes what I have pointed out, bare in mind I have not gone over everything.
Last thing: I am now happy to have no credit
1) Yes, that's yours. Sorry for not crediting where it's due.
2) The referrals page isn't even use. Not using it, never did - never will.
3) lol?
//
1) That's true. It can be implemented differently.
2) Same as 1.
3) config.php was meant to be deleted.
4) Yup.
5) Same as 4.
6) delbot2.php isn't in use. Never has - never will. Also, working on cleaning the one I'm using now.
7) No? The only one is the one that's databaseconfig.php in the HK folder.
8) profile.php isn't even worth using. It's a retarded edit of homes.
I don't plan on releasing another edit. Can't jump on me about things not being secure as there's plenty of other shit that's released unsecure. Thanks for the criticism in a mannerly way though.
Logic
Bobby Billionaire
- Feb 8, 2012
- 748
- 207
- Thread starter
- #31
Thanks to my friend, he helped me secure the delnews2.php. Replace your hk/delnews2.html with the below code:
UPDATE: Here's the entire HK I secured all the "delete" pages.
Download:
Code snippet above.
Code:
<!doctype html>
<html lang="en">
<head>
<meta charset="utf-8">
<title>Adminity - Delete News</title>
<link rel="shortcut icon" href="{url}/app/tpl/skins/{skin}/hk/favicon.gif">
<!---CSS Files-->
<link rel="stylesheet" href="{url}/app/tpl/skins/{skin}/hk/css/master.css">
<!---jQuery Files-->
<script src="{url}/app/tpl/skins/{skin}/hk/js/jquery-1.7.1.min.js"></script>
<script src="{url}/app/tpl/skins/{skin}/hk/js/jquery-ui-1.8.17.min.js"></script>
<script src="{url}/app/tpl/skins/{skin}/hk/js/styler.js"></script>
<script src="{url}/app/tpl/skins/{skin}/hk/js/jquery.tipTip.js"></script>
<script src="{url}/app/tpl/skins/{skin}/hk/js/colorpicker.js"></script>
<script src="{url}/app/tpl/skins/{skin}/hk/js/sticky.full.js"></script>
<script src="{url}/app/tpl/skins/{skin}/hk/js/global.js"></script>
<!---Fonts-->
<link href='http://fonts.googleapis.com/css?family=Open+Sans:300,400,600,700' rel='stylesheet' type='text/css'>
<!--[if lt IE 9]>
<script src="http://html5shiv.googlecode.com/svn/trunk/html5.js"></script>
<![endif]-->
</head>
<body>
<!--- HEADER -->
<?php include_once('inc/header.html'); ?>
<!--- CONTENT AREA -->
<center>
<div id="content_container">
<div id="content">
<!-- insert the page content here -->
<br /> <?php
include_once 'databaseconfig.php';
if ( isset( $_POST['id'] ) )
{
// clean your input
$news_id = mysql_real_escape_string($_POST['id']);
$query = mysql_query("SELECT `id` FROM `cms_news` WHERE `id` = '" . $news_id . "'");
// check if the news id even exists
if ( mysql_num_rows( $query ) > 0 )
{
mysql_query("DELETE FROM `cms_news` WHERE `id` = '" . $news_id . "'");
echo "News article deleted";
}
else
{
echo "News article doesn't exist.";
}
}
else
{
echo "Missing news article ID.";
}
?>
</center>
<?php include_once('inc/footer.html'); ?>UPDATE: Here's the entire HK I secured all the "delete" pages.
Download:
You must be registered for see links
Code snippet above.
- Jul 24, 2010
- 5,199
- 3,934
It doesn't matter if it isn't worth using, the point is it's out there and some kid could be using this without knowing and risk his database for it. Also you do connect to the database more than one time check the housekeeping, it's even in the snippet above, as for the other one I'm not going to download the files again to check. - I can jump on you; it's worth it and it makes you look better for fixing everyone else's dirty work.
Logic
Bobby Billionaire
- Feb 8, 2012
- 748
- 207
- Thread starter
- #36
I'm not worried. I have fixed the unsecure stuff in the Housekeeping, the rest is for whoever else wants to reorganize the files etc. I did apologize about not crediting him, however it's done and over with. I did my part, and we can now hopefully move on.
Thanks for the support.
Ghost
Legacy, it's all anyone leaves behind.
- Jun 8, 2012
- 1,640
- 503
No Probz Sir.
KyleVonnie
Come @ me Bro!
- Oct 26, 2011
- 993
- 176
Is it just me or does the CMS download take 30 minutes to download?
Ghost
Legacy, it's all anyone leaves behind.
- Jun 8, 2012
- 1,640
- 503
took me 5 seconds ... must be your connection.
KyleVonnie
Come @ me Bro!
- Oct 26, 2011
- 993
- 176
Can you re-upload them for me? Or a mirror to another download site? All downloads from that site take forever for me.
