RevCMS Working News Comments!

Kristopher

Photographer
Dec 25, 2010
803
68
Some of the forum members put something together for you RevCMS users.

PHP:
<!DOCTYPE html>
<html lang="en">
    <head>
        <meta http-equiv="content-type" content="text/html; charset=utf-8">
        <title>{hotelName} - News</title>
        <div id="fb-root"></div>
<script>(function(d, s, id) {
var js, fjs = d.getElementsByTagName(s)[0];
if (d.getElementById(id)) return;
js = d.createElement(s); js.id = id;
js.src = "//connect.facebook.net/en_US/all.js#xfbml=1&appId=138881106159184";
fjs.parentNode.insertBefore(js, fjs);
}(document, 'script', 'facebook-jssdk'));</script>
        <link rel="stylesheet" href="{url}/app/tpl/skins/Habbo/styles/common.css" type="text/css">
        <script type="text/javascript" src="{url}/app/tpl/skins/Habbo/js/libs2.js"></script>
        <script type="text/javascript" src="{url}/app/tpl/skins/Habbo/js/visual.js"></script>
        <script type="text/javascript" src="{url}/app/tpl/skins/Habbo/js/libs.js"></script>
        <script type="text/javascript" src="{url}/app/tpl/skins/Habbo/js/common.js"></script>
        <script type="text/javascript" src="{url}/app/tpl/skins/Habbo/js/fullcontent.js"></script>

        <script type="text/javascript">
            document.habboLoggedIn = true;
            var habboName = "{username}";
            var habboId = "{userid}";
            var habboReqPath = "";
            var habboStaticFilePath = "{url}/app/tpl/skins/Habbo";
            var habboImagerUrl = "http://www.habbo.com/habbo-imaging/";
            var habboPartner = "";
            var habboDefaultClientPopupUrl = "{url}/client";
            window.name = "habboMain";
            if (typeof HabboClient != "undefined") {
                HabboClient.windowName = "eac955c8dbc88172421193892a3e98fc7402021a";
                HabboClient.maximizeWindow = true;
            }
        </script>

        <!--[if IE 8]>
            <link rel="stylesheet" href="{url}/app/tpl/skins/Habbo/styles/ie8.css" type="text/css">
        <![endif]-->
        <!--[if lt IE 8]>
            <link rel="stylesheet" href="{url}/app/tpl/skins/Habbo/styles/ie.css" type="text/css" />
        <![endif]-->
        <!--[if lt IE 7]>
            <link rel="stylesheet" href="{url}/app/tpl/skins/Habbo/styles/ie6.css" type="text/css" />
            <script type="text/javascript" src="{url}/app/tpl/skins/Habbo/js/pngfix.js"></script>
            <script type="text/javascript">
                try { document.execCommand('BackgroundImageCache', false, true); } catch(e) {}
            </script>
            <style type="text/css">
                body { behavior: url({url}/app/tpl/skins/Habbo/js/csshover.htc); }
            </style>
        <![endif]-->
    </head>

    <body id="news">
<div id="overlay"></div>
        <div id="header-container">
            <div id="header" class="clearfix">
                <h1><a href="http://shockhotel.com/"></a></h1>
                <div id="subnavi">
                    <div id="subnavi-user">
                        <ul>
                    <li id="myfriends"><a href="#"><span>My Friends</span></a><span class="r"></span></li>
                    <li id="mygroups"><a href="#"><span>My Groups</span></a><span class="r"></span></li>
                    <li id="myrooms"><a href="#"><span>My Rooms</span></a><span class="r"></span></li>
                </ul>
                    </div>
                    <div id="subnavi-search">
                        <div id="subnavi-search-upper">
                            <ul id="subnavi-search-links">

                                <u><li><a href="http://shockhotel.com/logout" style="color:#000">Logout</a></li></u>
                            </ul>
                        </div>
                    </div>
                    <div id="to-hotel">
                        <a href="{url}/api.php" class="new-button green-button" target="eac955c8dbc88172421193892a3e98fc7402021a" onclick="HabboClient.openOrFocus(this); return false;"><b>Enter Strike Hotel</b><i></i></a>
                    </div>
                </div>
              <ul id="navi">
                    <li class="metab"><a href="{url}/me">{username}</a><span></span></li>
                    <li class="selected"><strong>Community</strong><span></span></li>
                    <li><a href="{url}/vip">VIP</a><span></span></li>
                    <li><a href="{url}/404">Coming Soon! ({vip_points}p)</a><span></span></li>
                </ul>
       
                <div id="habbos-online">
    <div id="content">
        <div class="cbb ">
<span>{online} members online</span></div>
    </div>
</div>
            </div>
            </div>
        </div>
        <?php
        if( $_GET['id'] ) {
                           
                                            $query = mysql_query( "SELECT * FROM `cms_news` WHERE id = '".filter($_GET['id'])."'");
                                            $array = mysql_fetch_assoc( $query );
                           
                                        }
                    
                                            ?>
        <div id="content-container">
            <div id="navi2-container" class="pngbg">
                <div id="navi2" class="pngbg clearfix">
                    <ul>
               
                        <li><a href="{url}/community">Community</a></li>
            <li class="selected">&#9734; News&#9734;</li>
                        <li><a href="{url}/staff">Staff</a></li>
                        <li><a href="{url}/topstats">Top User Stats</a></li>
                        <li class=" last"><a href="{url}/expert">eXperts</a></li>
                    </ul>
                </div>
            </div>
            <div id="container">
                <div id="content" style="position: relative" class="clearfix">
                    <div id="column1" class="column">
                        <div class="habblet-container ">
                            <div class="cbb clearfix red ">
                                <h2 class="title">News</h2>
                                <div id="article-archive">

                                    <ul>

                                        {newsList}
                                    </ul>
                                </div>
                            </div>
                        </div>
                        <script type="text/javascript">if (!$(document.body).hasClassName('process-template')) { Rounder.init(); }</script>
                    </div>
                    <div id="column2" class="column">
                        <div class="habblet-container ">
                            <div class="cbb clearfix notitle ">
                                <div id="article-wrapper">
                                    <h2>{newsTitle} </h2>
                                    <div class="article-meta">Posted {newsDate}</div>

                                    <p class="summary">{newsTitle}</p>
                                    <div class="article-body">
                              {newsContent}
                 
           
                                        <script type="text/javascript" language="Javascript">
                                            document.observe("dom:loaded", function() {
                                                $$('.article-images a').each(function(a) {
                                                    Event.observe(a, 'click', function(e) {
                                                        Event.stop(e);
                                                        Overlay.lightbox(a.href, "Image is loading");
                                                    });
                                                });
                                 
                                                $$('a.article-2729').each(function(a) {
                                                    a.replace(a.innerHTML);
                                                });
                                            });
                                        </script>
                                    </div>
                                </div>
                            </div>
                        </div>
 
         
<?php


if(isset($_POST['post_comment']))
  $posted_on = date("M j, Y g:i A");

if (empty($_POST['comment']))
$_POST['comment'] = '';

$comment = strip_tags (filter($_POST['comment']));
if($comment == NULL){
        //define("ERROR", "You have to type in a reply!<br /><br />");
    //$error_message = 'You have to type in a reply!<br /><br />';
  }else{
if (isLogged)
{
  mysql_query("INSERT INTO cms_comments (article, userid, comment, posted_on, author) VALUES ('".filter($_GET['id'])."', '".$_SESSION['user']['id']."', '".filter($comment)."', '".$posted_on."', '" . $_SESSION['user']['username']. "');") or die(mysql_error());
    define('SUCCESS', 'You have successfully posted a comment on this news article!');


    define("ERROR", "<br>Thanks for your reply!<br />");

        //$error_message = 'Thanks for your reply!<br /><br />';
  }
}
?>

<div class="habblet-container ">
<div class="cbb clearfix notitle ">
<div id="article-wrapper"><h2>Place Comment</h2>
<div class="article-meta"></div>
<div class="article-body">
<?php
$userPosts = mysql_query("SELECT * FROM cms_comments WHERE article = '".htmlentities(mysql_real_escape_string($_GET['id']))."' AND userid = '" . $_SESSION['user']['id']. "'");
$postNum = mysql_num_rows($userPosts);
if($postNum >= 1)
{
    define('ERROR', 'Sorry, you are only allowed one comment per article.');
}
if(defined("SUCCESS")){
?>
<div class="rounded rounded-green" width="20%">
                    <?php echo SUCCESS; ?><br />
                </div>
                <div>&nbsp;</div>
<?php
}
if(defined("ERROR")) {
?>
<div class="rounded rounded-red" width="20%">
                    <?php echo ERROR; ?><br />
                </div>
                <div>&nbsp;</div>
<?php
}
else
{
?>
<form action="" method="post">
<textarea name="comment" maxlength="500"></textarea><br /><br />
<input type="submit" name="post_comment" value="Place Comment" />
</form>
<?php
}
?>
</div>
</div>
</div>
</div>

<style type="text/css">
input[type="text"], input[type="password"] {
background-color: #F1F1F1;
border: 1px solid #999999;
width: 175px;
padding: 5px;
font-family: verdana;
font-size: 10px;
color: #666666;
}
input[type="submit"] {
background-color: #F1F1F1;
border: 1px solid #999999;
padding: 5px;
font-family: verdana;
font-size: 10px;
color: #666666;
}
textarea {
background-color: #F1F1F1;
border: 1px solid #999999;
padding: 5px;
width: 517px;
height: 70px;
font-family: verdana;
font-size: 10px;
color: #666666;
}
select {
background-color: #F1F1F1;
border: 1px solid #999999;
padding: 5px;
font-family: verdana;
font-size: 10px;
color: #666666;
}
</style>
<?php
$getComments = mysql_query("SELECT * FROM cms_comments WHERE article = '".filter($_GET['id'])."' ORDER by id DESC");
?>
<div class="habblet-container ">
<div class="cbb clearfix notitle ">
<div id="article-wrapper"><h2>Comments <?php echo mysql_num_rows($getComments); ?></h2>
<div class="article-meta"></div>
<div class="article-body">
<?php
      if(mysql_num_rows($getComments) == 0) {
          echo "No comments for this article!";
      } else {
          echo '<table width="528px">';
          while($Comments = mysql_fetch_array($getComments)){
          $getUserInfo = mysql_query("SELECT * FROM users WHERE username = '".$Comments['author']."'");
          $userInfo = mysql_fetch_array($getUserInfo);
                  echo '
                  <tr>
                    <td width="90px" valign="top"></div>
                    <div style="
height: 65px;
width: 50px;
float: left;
overflow: hidden;
">
                      <div style="float:left"><img position:absolute; src="http://www.habbo.nl/habbo-imaging/avatarimage?figure='.$userInfo['look'].'&size=b&direction=2&head_direction=3&gesture=sml&size=2"></div>
                      ';
                        if($userInfo['rank'] >= 5) {
                            echo '<div style="position: absolute; z-index:1"><img src="{url}/r63/c_images/album1584/ADM.gif"></div>';
                        }
                        if($userInfo['rank'] == 3) {
                            echo '<div style="position: absolute; z-index:1"><img src="{url}/r63/c_images/badges/XXX.gif"></div>';
                        }
                        if($userInfo['rank'] == 4) {
                            echo '<div style="position: absolute; z-index:1"><img src="{url}/r63/c_images/badges/XXX.gif"></div>';
                        }
                        if($userInfo['rank'] == 2) {
                            echo '<div style="position: absolute; z-index:1"><img src="{url}/r63/c_images/badges/VIP.gif"></div>';
                        }
                        if($userInfo['rank'] == 1) {
                            echo '<div style="position: absolute; z-index:1"><img src="{url}/lid.png"></div>';
                        }
       

                echo '

                </td>
                    <td width="427px" valign="top">
                    <i><a href="/me">'.$userInfo['username'].' </a></i>
                                        <br /><br />'.$Comments['comment'].'
                           

                    </td>
                  </tr>
          <tr>
                    <td width="80px" valign="top">
       
                    </td>
                                <td width="400px" align="right">

                                 
                                 

           

</div></div></div></div>
<br>
<div style="width:125%; height:1px; background-color:#ccc; margin-top:-17px;"></div>


            </td>
          </tr>';
          }
          echo '</table>';
        }
        ?></div> </div> </div> </div>
</div>
</div>
</div>
</div>

        <script type="text/javascript">if (!$(document.body).hasClassName('process-template')) { Rounder.init(); }</script>
        <script type="text/javascript">
            HabboView.run();
        </script>

        <!--[if lt IE 7]>
            <script type="text/javascript">
                Pngfix.doPngImageFix();
            </script>
        <![endif]-->


        <div id="footer" >
            <?php include "app/tpl/skins/Habbo/inc/footer.php"; ?>
        </div>

    </body>
</html>

HTML:
-- ----------------------------
-- Table structure for `cms_comments`
-- ----------------------------
DROP TABLE IF EXISTS `cms_comments`;
CREATE TABLE `cms_comments` (
  `id` int(6) NOT NULL AUTO_INCREMENT,
  `story` int(6) DEFAULT NULL,
  `comment` text NOT NULL,
  `date` int(10) DEFAULT NULL,
  `author` varchar(999) NOT NULL,
  `article` int(9) NOT NULL,
  `userid` int(11) NOT NULL,
  `posted_on` varchar(50) NOT NULL,
  PRIMARY KEY (`id`)
) ENGINE=InnoDB AUTO_INCREMENT=94 DEFAULT CHARSET=utf8;




Screenshots:
eEliIzZBj6i0.png


Credits:
Sledmore: Cleaning up the exploits.
Holmes: Pin pointing error.
Me: Putting this all together and making it work for everyone and SQL! Hope this helps!
v1.2 working with sledmores housekeeping.

v2.0
W/ Removed some unused code, fixed to where only one comment per user. (Not tested)
 
Last edited:

Dann

ohi
Jan 26, 2013
234
49
I've looked at the code and it seemed like everyone could post unlimited comments so I've whipped up a fix, find:
PHP:
<?php
if($userPosts >= 1)
{
    define('ERROR', 'Sorry, you are only allowed one comment per article.');
}
if(defined("SUCCESS")){
?>
and replace it with
PHP:
<?php
$userPosts = mysql_query("SELECT * FROM cms_comments WHERE userid = '".$_SESSION['user']['id']."'");
if($userPosts >= 2)
{
    define('ERROR', 'Sorry, you are only allowed two comments per article.');
}
if(defined("SUCCESS")){
?>
(I know I've made it two comments since I think it's a bit more reasonable than one
EDIT: Just realized this only lets you have 2 comments on every article there - I'll try whip up a fix
EDIT 2: Fell asleep on my keyboard whilst trying to find a fix, sorry, I'll have it done some time soon.
 

KyleVonnie

Come @ me Bro!
Oct 26, 2011
993
176
By the looks of the code, only habbo theme however you can edit it and make a ni=on-habbo one.
Yeah, I didn't see screen shot before I posted that. I would think its only Habbo theme for this release. But it probably wouldn't be very hard to incorporate into other skins too.
 

ButtLord420

Please delete my devbest account.
Dec 11, 2010
463
32
Yeah, I didn't see screen shot before I posted that. I would think its only Habbo theme for this release. But it probably wouldn't be very hard to incorporate into other skins too.
Okay.

Also this bit says it's habbo

Code:
[FONT=monospace][COLOR=#000000]  <link rel="stylesheet" href="{url}/app/tpl/skins/Habbo/styles/common.css" type="text/css">[/COLOR][/FONT]
[FONT=monospace][COLOR=#000000]        <script type="text/javascript" src="{url}/app/tpl/skins/Habbo/js/libs2.js"></script>[/COLOR][/FONT]
[FONT=monospace][COLOR=#000000]        <script type="text/javascript" src="{url}/app/tpl/skins/Habbo/js/visual.js"></script>[/COLOR][/FONT]
[FONT=monospace][COLOR=#000000]        <script type="text/javascript" src="{url}/app/tpl/skins/Habbo/js/libs.js"></script>[/COLOR][/FONT]
[FONT=monospace][COLOR=#000000]        <script type="text/javascript" src="{url}/app/tpl/skins/Habbo/js/common.js"></script>[/COLOR][/FONT]
[FONT=monospace][COLOR=#000000]        <script type="text/javascript" src="{url}/app/tpl/skins/Habbo/js/fullcontent.js"></script>[/COLOR][/FONT]
[FONT=monospace][COLOR=#000000]
[/COLOR][/FONT]
 

Expiry

Anarchist
Apr 25, 2013
193
33
A friend told me
Code:
( $_GET['id'] ) {
is exploitable but I don't know what an exploit looks like lol. Is this true or not?
 

GarettM

Posting Freak
Aug 5, 2010
833
136
FWI :
an exploit is when there is loop holes inside a code. :3
PHP:
<?php
# Bad way to write it
if($_GET['id']) {
      require("{$_GET['id']}.php");
      // This is an exploit
}
# Better Way to write it
if(!empty($_GET['id']) && $_GET['id'] != null) {
      if(in_array($_GET['id'], $allowedID)) {
            require("{$_GET['id']}.php");
            // More Secure
      }
}

?>
 

Kristopher

Photographer
Dec 25, 2010
803
68
do i add the code at the bottom of news.php?
FWI :
an exploit is when there is loop holes inside a code. :3
PHP:
<?php
# Bad way to write it
if($_GET['id']) {
      require("{$_GET['id']}.php");
      // This is an exploit
}
# Better Way to write it
if(!empty($_GET['id']) && $_GET['id'] != null) {
      if(in_array($_GET['id'], $allowedID)) {
            require("{$_GET['id']}.php");
            // More Secure
      }
}

?>
:eek: You should clean this code and put when it was commented on. (Date and time) and make sure its a valid news acticle.
 

Users who are viewing this thread

Top