[Release] RevCMS habbo theme edit! & RevCMS Housekeeping

[Data]

Incorrect integer value: 'Ben' for column 'author' at row 1

got a fix?!

Navicat -> Your DB -> cms_news -> Design Table -> change 'author' field type to varchar - 255.

 

[GarettM]

Hello dear habbo users im here to point out a possible exploit here.
In the index.php of Habbo/ [theme]
There is a html tag that sets the sec key to 1234 this is dangerous because in revolutionCMS all you need to reset a password is the sec key. :3 to be more secure please remove the hidden input from your index.php or set the sec key value to

<?php echo( rand(1,9) . rand(1,9) . rand(1, 9) . rand(1, 9) ); ?>

But i advise you to delete it.

 

[GarettM]

Navicat -> Your DB -> cms_news -> Design Table -> change 'author' field type to varchar - 255.

Also another possible fix would be to do something like this rather then altering the database structure use php.

/**
 *    Sorry if it is actually news or news1 or even article i use a custom revCMS.
 */
if(is_int($news2['author']))
{   
    $author = $engine->result('SELECT username FROM users WHERE id = \'' . $news2['author'] . '\' LIMIT 1');
    $template->setParams('newsAuthor',     $author);
} else {
    $template->setParams('newsAuthor',     $news['author']);
}

 

[Data]

Hello dear habbo users im here to point out a possible exploit here.
In the index.php of Habbo/ [theme]
There is a html tag that sets the sec key to 1234 this is dangerous because in revolutionCMS all you need to reset a password is the sec key. :3 to be more secure please remove the hidden input from your index.php or set the sec key value to

<?php echo( rand(1,9) . rand(1,9) . rand(1, 9) . rand(1, 9) ); ?>

But i advise you to delete it.

Or just remove the forgot password system and log the persons IP into database.
Replace forgotten function with

    final public function forgotten()
    {
        global $engine;
        die ('Please do not attempt to \'hack\' our system, your IP has been logged.');
        $engine->query("INSERT INTO wannabe_hackers (ip, time VALUES('{$_SERVER['REMOTE_ADDR']}','". time() ."')");
    }

Run this SQL

DROP TABLE IF EXISTS `wannabe_hackers`;
CREATE TABLE `wannabe_hackers` (
  `id` int(10) unsigned NOT NULL AUTO_INCREMENT,
  `ip` varchar(255) NOT NULL,
  `time` int(11) NOT NULL,
  PRIMARY KEY (`id`)
) ENGINE=InnoDB DEFAULT CHARSET=utf8;

This release does not even use the forgot password system anyway, might aswell just remove it.

PS - Took me 60 seconds, to do this I didn't bother checking it works.

 

[Data]

Also another possible fix would be to do something like this rather then altering the database structure use php.

/**
*    Sorry if it is actually news or news1 or even article i use a custom revCMS.
*/
if(is_int($news2['author']))
{  
    $author = $engine->result('SELECT username FROM users WHERE id = \'' . $news2['author'] . '\' LIMIT 1');
    $template->setParams('newsAuthor',     $author);
} else {
    $template->setParams('newsAuthor',     $news['author']);
}

Easier to modify structure of table.

 

[GarettM]

Or just remove the forgot password system and log the persons IP into database.
Replace forgotten function with

    final public function forgotten()
    {
        global $engine;
        die ('Please do not attempt to \'hack\' our system, your IP has been logged.');
        $engine->query("INSERT INTO wannabe_hackers (ip, time VALUES('{$_SERVER['REMOTE_ADDR']}','". time() ."')");
    }

Run this SQL

DROP TABLE IF EXISTS `wannabe_hackers`;
CREATE TABLE `wannabe_hackers` (
  `id` int(10) unsigned NOT NULL AUTO_INCREMENT,
  `ip` varchar(255) NOT NULL,
  `time` int(11) NOT NULL,
  PRIMARY KEY (`id`)
) ENGINE=InnoDB DEFAULT CHARSET=utf8;

This release does not even use the forgot password system anyway, might aswell just remove it.

PS - Took me 60 seconds, to do this I didn't bother checking it works.

Why remove a part of RevolutionCMS just to be lazzy?

Easier to modify structure of table.

Lollz but my way makes it so if you move from one cms to another you can keep your database and hopefully have it still work

 

[Data]

Why remove a part of RevolutionCMS just to be lazzy?


Lollz but my way makes it so if you move from one cms to another you can keep your database and hopefully have it still work

Just modify db structure.
Easy.

 

[W1ll1am]

Unknown column 'shortstory' in 'field list'

When posting news!?

 

[Data]

Unknown column 'shortstory' in 'field list'

When posting news!?

It tells you the error, add the column into the table cms_news.
Navicat -> Your DB -> cms_news -> Design Table -> Add Column

 

[x5Abrahamx5]

Couldn't find habbos news finder anywhere, I could but you had to manually add all the images and links in the me.php.
Been working on it for half a hour or so and I done this:

Update!
Now when your not logged in and you visit the staff page it says 'Register Today!' instead of {username}, it doesn't let you see the quick links if you don't have a running session, fixed it from repeating the 'Did you know?' on the staff page.

Also when you go to pages such as client, community & shop it will redirect you straight back to the index page.

Removed the 'housekeeping' tab, and put it next to the 'Enter Habbo Hotel'.
Added a /includes/header.php, considering weather or not to remove includes/dyk.php and put its content in the header.php.

Going to start work on the housekeeping tomorrow, what features are required?

I will put a download link up later, tell me what I should add and I will try to get it done.

how did you make the news slider work?

 

[Wickd]

So i fixed the 'Read the full article ' button,it's pretty easy i'm sure anyone can do it.

<div id="promo-box">

    <div id="promo-bullets"></div>

<?php
$to5 = mysql_query("SELECT * FROM site_news ORDER BY ID DESC LIMIT 5") or die(mysql_error());
?>

<?php $i = 0; while($newsobject = mysql_fetch_assoc($to5)){ $i++; ?>

        <div class="promo-container" style="background-image: url(<?php echo $newsobject['topstory_image']; ?>)<?php if($i != '1'){ ?>; display: none<?php } ?>">
            <div class="promo-content-container">
                <div class="promo-content">
                    <div class="title"><?php echo $newsobject['title']; ?></div>
                    <div class="body"><?php echo $newsobject['snippet']; ?></div>
                </div>
            </div>
            <div class="promo-link-container">
<div class="enter-hotel-btn"              // I found this release on another forum, I just fixed it up abit.>
<div class="open enter-btn">
             <a href="{url}/news/<?php echo $newsobject['id']; ?>">Read More<i></i></a>
                    <b></b>

    </div>
</div>
<div style="color:#FFF;margin-top:25px;margin-left:10px;">Posted on: <b><?php echo $newsobject['datestr']; ?></b></div>
            </div>
        </div>

        <?php }?>

</div>
    <div class = "right"></div>
                <script type="text/javascript">
                    document.observe("dom:loaded", function() { PromoSlideShow.init(); });
                </script>

 

[Colbat]

I'am having troubles with posting news articles in hk like I can't type anything in the news box because it won't let me.

 

[Richie_Tien]

Re-Upload The Build 3 Version. Its not work

 

[deano]

I rate this 7.5/10

 

[Tomtom]

Help Please... What happen :v

 

[Quality]

Build 3 has been removed from mediafire, could you reupload plz?

 

[Ghost]

Any of the URL's posted are all down due to Sulakes Termination.

 

[alex194568]

Any mirrors for build 3?

 

[FastHabbo]

Mirrors peaseeee be nice to get my hands on this

 

[Nicholas]

Old Style