Menu
Forums
All threads
Latest threads
New posts
Trending threads
New posts
Search forums
Trending
What's new
New posts
New profile posts
Latest activity
Members
Current visitors
New profile posts
Search profile posts
Upgrades
Log in
Register
What's new
Search
Search
Search titles only
By:
All threads
Latest threads
New posts
Trending threads
New posts
Search forums
Menu
Log in
Register
Navigation
Install the app
Install
More options
Contact us
Close Menu
Forums
Server Development
Habbo Retros
Habbo Releases
Revcms important new username fix!
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Reply to thread
Message
<blockquote data-quote="Funsolit" data-source="post: 350507" data-attributes="member: 14086"><p>So, while i was trying out stuff on my hotel, some guy came in with the name "ªnoobª" and he was like "Try a command on me" and i did, and that does not work as most emulators won't recognise those characters.</p><p></p><p>So what is the exploit? Well, if some user comes in your hotel and starts advertising you can't do anything about it until you restart the emulator and manualy add him to the ban list, and no one wants to do that so.</p><p></p><p>+ On some hotels, when you enter the client it offers you the ":flagme" aka change name function, and if some hotels have disabled that because it's exploitable then people can activate it by registereing with an unknown name for the emulator.</p><p></p><p><strong>Screen shots of it in "action"</strong></p><p><img src="https://i.gyazo.com/801b02bbb179d42ef2b48d1ffcd343a2.png" alt="" class="fr-fic fr-dii fr-draggable " style="" /> <img src="https://i.gyazo.com/0121aa0efc01d3b0d72b726e0806ce01.png" alt="" class="fr-fic fr-dii fr-draggable " style="" /></p><p>And here is the fix for it...</p><p>Go in app and open class.users</p><p>and find the validname function which looks like this for most revcms users</p><p><strong>[PHP] final public function validName($username) </strong></p><p><strong> {</strong></p><p><strong> if(strlen($username) <= 25 && ctype_alnum($username)) </strong></p><p><strong> { </strong></p><p><strong> return true; </strong></p><p><strong> } </strong></p><p><strong> </strong></p><p><strong> return false; </strong></p><p><strong> } [/PHP]</strong></p><p><strong></strong></p><p><strong>And you replace that with this.</strong></p><p><strong>[PHP] final public function validName($username) </strong></p><p><strong>{</strong></p><p><strong> if(strlen($username) <= 25 && preg_match("/^[a-zA-Z0-9]+$/", $username)) </strong></p><p><strong> { </strong></p><p><strong> return true; </strong></p><p><strong> } </strong></p><p><strong></strong></p><p><strong> return false; </strong></p><p><strong>} [/PHP]</strong></p><p>This code will only allow letters from a-z and numbers. So if you want people to register with . - and things like that, you will need to change /^[a-zA-Z0-9]+$/ to something else, you can easily learn how to customisze that by googling preg_match allowing different characters.</p><p></p><p>Thx to <em>3M1L</em> for helping me with this <img src="/styles/default/xenforo/smilies/emojione/smile.png" class="smilie" loading="lazy" alt=":)" title="Smile :)" data-shortname=":)" /></p></blockquote><p></p>
[QUOTE="Funsolit, post: 350507, member: 14086"] So, while i was trying out stuff on my hotel, some guy came in with the name "ªnoobª" and he was like "Try a command on me" and i did, and that does not work as most emulators won't recognise those characters. So what is the exploit? Well, if some user comes in your hotel and starts advertising you can't do anything about it until you restart the emulator and manualy add him to the ban list, and no one wants to do that so. + On some hotels, when you enter the client it offers you the ":flagme" aka change name function, and if some hotels have disabled that because it's exploitable then people can activate it by registereing with an unknown name for the emulator. [B]Screen shots of it in "action"[/B] [IMG]https://i.gyazo.com/801b02bbb179d42ef2b48d1ffcd343a2.png[/IMG] [IMG]https://i.gyazo.com/0121aa0efc01d3b0d72b726e0806ce01.png[/IMG] And here is the fix for it... Go in app and open class.users and find the validname function which looks like this for most revcms users [B][PHP] final public function validName($username) { if(strlen($username) <= 25 && ctype_alnum($username)) { return true; } return false; } [/PHP] And you replace that with this. [PHP] final public function validName($username) { if(strlen($username) <= 25 && preg_match("/^[a-zA-Z0-9]+$/", $username)) { return true; } return false; } [/PHP][/B] This code will only allow letters from a-z and numbers. So if you want people to register with . - and things like that, you will need to change /^[a-zA-Z0-9]+$/ to something else, you can easily learn how to customisze that by googling preg_match allowing different characters. Thx to [I]3M1L[/I] for helping me with this :) [/QUOTE]
Insert quotes…
Verification
Post reply
Forums
Server Development
Habbo Retros
Habbo Releases
Revcms important new username fix!
Top