Welcome!

Join our community of MMO enthusiasts and game developers! By registering, you'll gain access to discussions on the latest developments in MMO server files and collaborate with like-minded individuals. Join us today and unlock the potential of MMO server development!

Join Today!

[Arcturus|Chocolatey] SimpleHK for Chocolatey CMS

Junior Spellweaver
Joined
Dec 22, 2007
Messages
160
Reaction score
27
Hi all. This is a simple housekeeping writed in php for Chocolatey CMS and arcturus.This CMS include basic functionality, but would be useful for many users that don't know how to create one or that want to use Chocolatey CMS without spend time.
This Housekeeping is a little standalone(u can edit it for any other emu or cms).

To configure you will need to paste the files in a new folder inside /public folder or root. Then you will need to edit core.php file with correct db,user, pass and upload .sql to your database.

Some basic features:
  • Search by name and edit users, currencies and activity points.
  • Ban users and manage bans(delete).
  • Room list and delete.
  • Add and manage chocolatey news.
  • Badge store - add badge to catalog page. Auto create badge definition on items_base. (You need to configure the badges catalog page and badges images folder on HK_CONFIG table).
  • Add a new badge image - add name and description texts. (For this configure the location of your external_texts.txt in badge upload php files).
  • Search and edit external_texts.
  • Send badge. To online user(with alert and rcon) or send without alert if user is offline.
  • Some rcon commands like refresh cata - Some of rcon commands dont work for now like disconnect when ban or update_items when refresh store.
Images:


Github:


NOTE: This HK is responsive and easy to edit. For now the HK is only in spanish, but u can translate easily. Sorry for poor code.

NOTE II: This HK have some security issues. I updated all mysqli to PDO but still having some issues in other things. Please tell me or help me to fix if you found another vulnerability.

Credits:
me? I made this based on an old housekeeping for uber (HelioCMS or something).
 
Last edited:
Newbie Spellweaver
Joined
Jan 10, 2016
Messages
70
Reaction score
19
Use it at your risk, I opened just one file and I saw multiple SQL Injection.
I could guess how many other vulnerabilites there are! :)

$title = $_POST['title'];
$category = $_POST['category'];
$image_url = $_POST['image_url'];
$stext = $_POST['stext'];
$btext = $_POST['btext'];
$author = $user_q['username'];
$roomid = $_POST['roomid'];
$image_url_thumb = $_POST['image_url_thumb'];
$timestamp = date('Y-m-d H:i:s');
mysqli_query($db,"INSERT INTO chocolatey_articles (title,description,content,categories,imageUrl,thumbnailUrl,author,roomId,created_at) VALUES ('$title','$stext','$btext','$category','$image_url','$image_url_thumb','$author','$roomid','$timestamp')");
 
Junior Spellweaver
Joined
Dec 22, 2007
Messages
160
Reaction score
27
Use it at your risk, I opened just one file and I saw multiple SQL Injection.
I could guess how many other vulnerabilites there are! :)

$title = $_POST['title'];
$category = $_POST['category'];
$image_url = $_POST['image_url'];
$stext = $_POST['stext'];
$btext = $_POST['btext'];
$author = $user_q['username'];
$roomid = $_POST['roomid'];
$image_url_thumb = $_POST['image_url_thumb'];
$timestamp = date('Y-m-d H:i:s');
mysqli_query($db,"INSERT INTO chocolatey_articles (title,description,content,categories,imageUrl,thumbnailUrl,author,roomId,created_at) VALUES ('$title','$stext','$btext','$category','$image_url','$image_url_thumb','$author','$roomid','$timestamp')");

I dont make security fixes. Add them if you want to use this and if you dont have reliable staffs.
Sorry for this. I Will Update to use pdo on Next version.
 
Elite Diviner
Joined
Apr 5, 2014
Messages
464
Reaction score
223
I dont make security fixes. Add them if you want to use this and if you dont have reliable staffs.
Sorry for this. I Will Update to use pdo on Next version.

You can sql inject on the login so it doesn't really matter if your staff is reliable or not as anyone can view that page.

Nice to see some housekeeping releases regardless though :)
 
Junior Spellweaver
Joined
Dec 22, 2007
Messages
160
Reaction score
27
You can sql inject on the login so it doesn't really matter if your staff is reliable or not as anyone can view that page.

Nice to see some housekeeping releases regardless though :)

Ok. Please close this topic.
 
Newbie Spellweaver
Joined
Feb 3, 2018
Messages
47
Reaction score
16
Wauw you stop because of some feedback?
Common man keep it up! some people are very happy with it!
Seeing how this code had several flaws and open XSS injections for any client visitting the login page- I don't think this release should ever be shown to RaGEZONE forums ever again. I'm not saying that he should give up on releasing PHP scripts, but he should surely as hell learn about PHP security.

Here's a doc' that you (@klaudio007) should take your time to read:
 
Newbie Spellweaver
Joined
Apr 29, 2015
Messages
91
Reaction score
6
Seeing how this code had several flaws and open XSS injections for any client visitting the login page- I don't think this release should ever be shown to RaGEZONE forums ever again. I'm not saying that he should give up on releasing PHP scripts, but he should surely as hell learn about PHP security.

Here's a doc' that you (@klaudio007) should take your time to read:

This is What I mean don’t stop But learn
 
Junior Spellweaver
Joined
Dec 22, 2007
Messages
160
Reaction score
27
I dont have Time to spend with this now. I Will fix the security later. For now i removed the link. I make the page based on a old Uber housekeeping, so faster i think. Sorry and thanks all.

I Will Update the first post when i fix that vulnerabilities.
 
Elite Diviner
Joined
Apr 5, 2014
Messages
464
Reaction score
223
No need to take down the link my friend. This is still a nice release as long as people are aware of the issues. Anyone can easily jump in and fix up the secutiry flaws if they want to :)
 
Junior Spellweaver
Joined
Dec 22, 2007
Messages
160
Reaction score
27
No need to take down the link my friend. This is still a nice release as long as people are aware of the issues. Anyone can easily jump in and fix up the secutiry flaws if they want to :)

Ok. I understand. But i prefer to fix and give a good HK. Wait me 2 days when i get home.
 
git bisect -m
Loyal Member
Joined
Sep 2, 2011
Messages
2,171
Reaction score
916
Guys, just calm down. For those doesn't know why this Housekeeping was released, there are some points:

I personally asked to the author release it, since I closed the Official Chocolatey Development for unknown time, due to lack of time for doing it, and lack of developers that want to contribute to it.

Actually Chocolatey it's the onliest CMS available that creates a 100% exact replica from Habbo.com. New CMS's are being developed, but until that we just have Chocolatey.

The main reason of just stopping updating Chocolatey, it's simple (also the main reason was just the lack of time), but the second biggest one, was the poor tech stack. Obviously we can see that the Habbo.com CMS it's made with Angular and at least Node.js or Vue.js, we can actually seer that it's basically impossible editing the front end layer of Chocolatey since all te assets are actually compiled (even the CSS, JS and Images).

The right way was since from the beginning, using Sass or Less for stylizing, some ImagePack Library for generating the image bundles, and NodeJS or VueJS in order to create the Angular modules, and packing it. Also NodeJS would be a better fit for the backend.

I could use Lumen for it, If literally Lumen was only being used for the backend, but I did a bad use of Laravel's Lumen, using a Micro Framework made for API handling also Frontend.

Laravel's also has the Laravel Mix package for Node, that allows packaging modules, but JSPM would be a better fit.

Also for the backend I personally would choose Groovy + Grails or just Java + Spring Boot or just NodeJS.

Chocolatey was an experiment that made success and popular, but I actually knew since from the beginning that maintaining it and adding new features would be practically impossible.

The fact it's that creating a good coded CMS, and well packaged with a decent tech stack really would spend my time more than was actually spent.

I'm really happy that LeChris is doing a decent "replica" of Habbo.com (I can't say it's a replica/clone because he's adding custom stuff).

Yes, this HK has vulnerabilities, if you're just bothered with that, and want to use it, fix yourself.

The OP shared it because I asked, and a lot of people want continue to use Chocolatey because even not being a piece of art in terms of code, it's actually a gem in terms of what we have for Habbo Retro CMS's.

I would love if people just collaborate and help each other improving this HK.

I also probably when getting more time, would ask to LeChris if I can team up with him and help him in his CMS. If he really manage to do a decent job on it, rapidly will surpass chocolatey.

I'm really sorry for not having time to continuing Chocolatey, after seeing LeChris work I was both happy and sad. Happy because someone it's doing a great job, sad because the days of Chocolatey were in their end.

Thanks for all the support of everyone!
 
Junior Spellweaver
Joined
Dec 22, 2007
Messages
160
Reaction score
27
Guys, just calm down. For those doesn't know why this Housekeeping was released, there are some points:

I personally asked to the author release it, since I closed the Official Chocolatey Development for unknown time, due to lack of time for doing it, and lack of developers that want to contribute to it.

Actually Chocolatey it's the onliest CMS available that creates a 100% exact replica from Habbo.com. New CMS's are being developed, but until that we just have Chocolatey.

The main reason of just stopping updating Chocolatey, it's simple (also the main reason was just the lack of time), but the second biggest one, was the poor tech stack. Obviously we can see that the Habbo.com CMS it's made with Angular and at least Node.js or Vue.js, we can actually seer that it's basically impossible editing the front end layer of Chocolatey since all te assets are actually compiled (even the CSS, JS and Images).

The right way was since from the beginning, using Sass or Less for stylizing, some ImagePack Library for generating the image bundles, and NodeJS or VueJS in order to create the Angular modules, and packing it. Also NodeJS would be a better fit for the backend.

I could use Lumen for it, If literally Lumen was only being used for the backend, but I did a bad use of Laravel's Lumen, using a Micro Framework made for API handling also Frontend.

Laravel's also has the Laravel Mix package for Node, that allows packaging modules, but JSPM would be a better fit.

Also for the backend I personally would choose Groovy + Grails or just Java + Spring Boot or just NodeJS.

Chocolatey was an experiment that made success and popular, but I actually knew since from the beginning that maintaining it and adding new features would be practically impossible.

The fact it's that creating a good coded CMS, and well packaged with a decent tech stack really would spend my time more than was actually spent.

I'm really happy that LeChris is doing a decent "replica" of Habbo.com (I can't say it's a replica/clone because he's adding custom stuff).

Yes, this HK has vulnerabilities, if you're just bothered with that, and want to use it, fix yourself.

The OP shared it because I asked, and a lot of people want continue to use Chocolatey because even not being a piece of art in terms of code, it's actually a gem in terms of what we have for Habbo Retro CMS's.

I would love if people just collaborate and help each other improving this HK.

I also probably when getting more time, would ask to LeChris if I can team up with him and help him in his CMS. If he really manage to do a decent job on it, rapidly will surpass chocolatey.

I'm really sorry for not having time to continuing Chocolatey, after seeing LeChris work I was both happy and sad. Happy because someone it's doing a great job, sad because the days of Chocolatey were in their end.

Thanks for all the support of everyone!

I personally prefer chocolatey. As I said. I will continue using chocolatey. for me it is so nice in functionality and style. 100% habbo.com clone!!.
The users of my hotel have no complaints about it. In fact, they love the Chocolatey website.
I prefer all original features, i think all work fine with chocolatey. Dont Care about other CMS. Some Users like me Will continue using chocolatey. Sorry for release this HK so fast. I did not pay attention to security(sorry), just functionality.
Thanks for your hard work saamus.
 
Joined
Sep 10, 2011
Messages
778
Reaction score
138
Guys, just calm down. For those doesn't know why this Housekeeping was released, there are some points:

I personally asked to the author release it, since I closed the Official Chocolatey Development for unknown time, due to lack of time for doing it, and lack of developers that want to contribute to it.

Actually Chocolatey it's the onliest CMS available that creates a 100% exact replica from Habbo.com. New CMS's are being developed, but until that we just have Chocolatey.

The main reason of just stopping updating Chocolatey, it's simple (also the main reason was just the lack of time), but the second biggest one, was the poor tech stack. Obviously we can see that the Habbo.com CMS it's made with Angular and at least Node.js or Vue.js, we can actually seer that it's basically impossible editing the front end layer of Chocolatey since all te assets are actually compiled (even the CSS, JS and Images).

The right way was since from the beginning, using Sass or Less for stylizing, some ImagePack Library for generating the image bundles, and NodeJS or VueJS in order to create the Angular modules, and packing it. Also NodeJS would be a better fit for the backend.

I could use Lumen for it, If literally Lumen was only being used for the backend, but I did a bad use of Laravel's Lumen, using a Micro Framework made for API handling also Frontend.

Laravel's also has the Laravel Mix package for Node, that allows packaging modules, but JSPM would be a better fit.

Also for the backend I personally would choose Groovy + Grails or just Java + Spring Boot or just NodeJS.

Chocolatey was an experiment that made success and popular, but I actually knew since from the beginning that maintaining it and adding new features would be practically impossible.

The fact it's that creating a good coded CMS, and well packaged with a decent tech stack really would spend my time more than was actually spent.

I'm really happy that @LeChris is doing a decent "replica" of Habbo.com (I can't say it's a replica/clone because he's adding custom stuff).

Yes, this HK has vulnerabilities, if you're just bothered with that, and want to use it, fix yourself.

The OP shared it because I asked, and a lot of people want continue to use Chocolatey because even not being a piece of art in terms of code, it's actually a gem in terms of what we have for Habbo Retro CMS's.

I would love if people just collaborate and help each other improving this HK.

I also probably when getting more time, would ask to @LeChris if I can team up with him and help him in his CMS. If he really manage to do a decent job on it, rapidly will surpass chocolatey.

I'm really sorry for not having time to continuing Chocolatey, after seeing @LeChris work I was both happy and sad. Happy because someone it's doing a great job, sad because the days of Chocolatey were in their end.

Thanks for all the support of everyone!
Interestingly enough, I was in the process of completely leaving the scene in the previous weeks since the last push of 1.01 and been encouraged a bit to start on 1.02 from you. Not a lot of people seem to appreciate hard work on retros anymore :/
 
Junior Spellweaver
Joined
Dec 22, 2007
Messages
160
Reaction score
27
Interestingly enough, I was in the process of completely leaving the scene in the previous weeks since the last push of 1.01 and been encouraged a bit to start on 1.02 from you. Not a lot of people seem to appreciate hard work on retros anymore :/
All appreciate yours works. And use yours CMS. But a lot of people dont post anything and dont say thanks. Maybe in other forums or pages. (Copy/paste).

I love habbo hotel and all ur hard works. Thanks!
I want to contibute but im learning.
 
Back
Top