Peace Hotel CMS (BoltCMS v1)

[positivewire]

Hey,


This was just sitting on my PC, so I decided to release it to everyone, since I had many people requesting it :b


Features;

• Multiple Languages (
  You must be registered to see links
  ) - Just make MY.lang.php in the /application/langs/ for the diff languages. I'm unsure what langs exist, but i have a turkish lang if you want it
• Avatar Editor (
  You must be registered to see links
  )
• Working Email Activation (Just setup a mailgun account, the mailgun API is all there).
• Node.JS Login alerts (Unfortunately i lost the node application, but it would be easy as poop to recode)
• Homes & Home settings with snog (
  You must be registered to see links
  ,
  You must be registered to see links
  )
• Login, Trade, and chatlogs (
  You must be registered to see links
  )
• Nice stats page (
  You must be registered to see links
  )
• Nice shop (
  You must be registered to see links
  )

And much more, I won't be releasing the PayPal IPN, as it could have some vulnerability that I haven't seen, and i don't trust the community anymore.


Regardless, enjoy the cms, it's fast and secure! If large amounts of people need help/support for this, I'll make a support thread, otherwise juse PM me

(Can't remember which tables are used in this CMS, so here's a whole bunch. PM if I missed one.) SQL;

/*
Navicat MariaDB Data Transfer


Source Server         : localhost_3306
Source Server Version : 100114
Source Host           : localhost:3306
Source Database       : peace


Target Server Type    : MariaDB
Target Server Version : 100114
File Encoding         : 65001


Date: 2016-06-08 22:50:38
*/


SET FOREIGN_KEY_CHECKS=0;


-- ----------------------------
-- Table structure for cms_clicks
-- ----------------------------
DROP TABLE IF EXISTS `cms_clicks`;
CREATE TABLE `cms_clicks` (
  `id` int(15) NOT NULL AUTO_INCREMENT,
  `timestamp` varchar(100) NOT NULL,
  `ip_addr` varchar(100) NOT NULL,
  `where_from` varchar(100) NOT NULL,
  PRIMARY KEY (`id`)
) ENGINE=InnoDB AUTO_INCREMENT=1705 DEFAULT CHARSET=utf8;


-- ----------------------------
-- Table structure for cms_hk_logs
-- ----------------------------
DROP TABLE IF EXISTS `cms_hk_logs`;
CREATE TABLE `cms_hk_logs` (
  `id` int(11) NOT NULL AUTO_INCREMENT,
  `ip` varchar(255) NOT NULL,
  `data` text NOT NULL,
  `username` varchar(255) NOT NULL,
  PRIMARY KEY (`id`)
) ENGINE=InnoDB AUTO_INCREMENT=4538 DEFAULT CHARSET=latin1;


-- ----------------------------
-- Table structure for cms_logins
-- ----------------------------
DROP TABLE IF EXISTS `cms_logins`;
CREATE TABLE `cms_logins` (
  `id` int(20) NOT NULL AUTO_INCREMENT,
  `username` varchar(255) NOT NULL,
  `password` varchar(255) NOT NULL,
  `time` varchar(255) NOT NULL,
  `result` varchar(100) NOT NULL,
  `ip` varchar(100) NOT NULL,
  PRIMARY KEY (`id`)
) ENGINE=InnoDB AUTO_INCREMENT=16518 DEFAULT CHARSET=utf8;


-- ----------------------------
-- Table structure for cms_news
-- ----------------------------
DROP TABLE IF EXISTS `cms_news`;
CREATE TABLE `cms_news` (
  `id` int(11) NOT NULL AUTO_INCREMENT,
  `title` varchar(255) COLLATE latin1_general_ci DEFAULT NULL,
  `shortstory` text COLLATE latin1_general_ci,
  `longstory` text COLLATE latin1_general_ci,
  `published` int(10) NOT NULL DEFAULT '0',
  `image` varchar(255) COLLATE latin1_general_ci DEFAULT '/Public/Images/news/TS_Web60.png',
  `campaign` int(1) NOT NULL DEFAULT '0',
  `campaignimg` varchar(255) COLLATE latin1_general_ci NOT NULL DEFAULT '',
  `author` varchar(255) COLLATE latin1_general_ci NOT NULL DEFAULT '1',
  PRIMARY KEY (`id`)
) ENGINE=MyISAM AUTO_INCREMENT=40 DEFAULT CHARSET=latin1 COLLATE=latin1_general_ci;


-- ----------------------------
-- Table structure for cms_profile_snogs
-- ----------------------------
DROP TABLE IF EXISTS `cms_profile_snogs`;
CREATE TABLE `cms_profile_snogs` (
  `id` int(11) NOT NULL AUTO_INCREMENT,
  `to_id` int(11) NOT NULL DEFAULT '0',
  `from_id` int(11) NOT NULL DEFAULT '0',
  `type` varchar(20) NOT NULL DEFAULT 'snog',
  `message` varchar(250) NOT NULL DEFAULT '',
  `time` varchar(100) NOT NULL DEFAULT '',
  `seen` varchar(1) NOT NULL DEFAULT '0',
  PRIMARY KEY (`id`)
) ENGINE=MyISAM AUTO_INCREMENT=236 DEFAULT CHARSET=latin1;


-- ----------------------------
-- Table structure for cms_queries
-- ----------------------------
DROP TABLE IF EXISTS `cms_queries`;
CREATE TABLE `cms_queries` (
  `id` int(15) NOT NULL AUTO_INCREMENT,
  `data` varchar(500) NOT NULL,
  `time` varchar(100) NOT NULL,
  PRIMARY KEY (`id`)
) ENGINE=InnoDB AUTO_INCREMENT=1478 DEFAULT CHARSET=utf8;


-- ----------------------------
-- Table structure for cms_referrals
-- ----------------------------
DROP TABLE IF EXISTS `cms_referrals`;
CREATE TABLE `cms_referrals` (
  `id` int(15) NOT NULL AUTO_INCREMENT,
  `user` varchar(255) NOT NULL,
  `ip` varchar(255) NOT NULL,
  PRIMARY KEY (`id`)
) ENGINE=InnoDB AUTO_INCREMENT=49 DEFAULT CHARSET=latin1;


-- ----------------------------
-- Table structure for cms_settings
-- ----------------------------
DROP TABLE IF EXISTS `cms_settings`;
CREATE TABLE `cms_settings` (
  `id` int(11) NOT NULL AUTO_INCREMENT,
  `id_key` varchar(255) DEFAULT NULL,
  `value` varchar(255) DEFAULT NULL,
  PRIMARY KEY (`id`)
) ENGINE=MyISAM AUTO_INCREMENT=7 DEFAULT CHARSET=latin1;


-- ----------------------------
-- Table structure for cms_shop_packs
-- ----------------------------
DROP TABLE IF EXISTS `cms_shop_packs`;
CREATE TABLE `cms_shop_packs` (
  `id` int(11) NOT NULL AUTO_INCREMENT,
  `name` varchar(255) NOT NULL DEFAULT 'Null',
  `description` text NOT NULL,
  `img` varchar(355) NOT NULL DEFAULT 'null',
  `price` varchar(255) NOT NULL DEFAULT '0',
  `currency` varchar(5) NOT NULL DEFAULT 'USD',
  PRIMARY KEY (`id`)
) ENGINE=MyISAM AUTO_INCREMENT=19 DEFAULT CHARSET=latin1;


-- ----------------------------
-- Table structure for cms_shop_purchases
-- ----------------------------
DROP TABLE IF EXISTS `cms_shop_purchases`;
CREATE TABLE `cms_shop_purchases` (
  `id` int(11) NOT NULL AUTO_INCREMENT,
  `name` varchar(255) NOT NULL,
  `img` varchar(255) NOT NULL,
  `price` varchar(255) NOT NULL,
  `currency` varchar(255) NOT NULL DEFAULT 'USD',
  `date_given` varchar(255) NOT NULL,
  `delivered` varchar(1) NOT NULL DEFAULT '0',
  `user_id` varchar(11) NOT NULL,
  `donation` varchar(1) NOT NULL DEFAULT '0',
  PRIMARY KEY (`id`)
) ENGINE=MyISAM AUTO_INCREMENT=166 DEFAULT CHARSET=latin1;


-- ----------------------------
-- Table structure for cms_stats
-- ----------------------------
DROP TABLE IF EXISTS `cms_stats`;
CREATE TABLE `cms_stats` (
  `user_peak` int(4) NOT NULL DEFAULT '0',
  `rooms_peak` int(4) NOT NULL DEFAULT '0'
) ENGINE=InnoDB DEFAULT CHARSET=latin1;


-- ----------------------------
-- Table structure for cms_values
-- ----------------------------
DROP TABLE IF EXISTS `cms_values`;
CREATE TABLE `cms_values` (
  `id` int(11) NOT NULL AUTO_INCREMENT,
  `points` int(11) DEFAULT NULL,
  `name` varchar(255) DEFAULT NULL,
  `thrones` varchar(11) DEFAULT NULL,
  `dinos` varchar(11) DEFAULT NULL,
  `img` varchar(500) DEFAULT NULL,
  `last_edited` varchar(400) DEFAULT NULL,
  `last_points` int(11) DEFAULT NULL,
  `last_thrones` varchar(11) DEFAULT NULL,
  `last_dinos` varchar(11) DEFAULT NULL,
  PRIMARY KEY (`id`)
) ENGINE=MyISAM AUTO_INCREMENT=31 DEFAULT CHARSET=latin1;


-- ----------------------------
-- Table structure for cms_votes
-- ----------------------------
DROP TABLE IF EXISTS `cms_votes`;
CREATE TABLE `cms_votes` (
  `id` int(20) NOT NULL AUTO_INCREMENT,
  `username` varchar(150) NOT NULL,
  `timestamp` varchar(150) NOT NULL,
  `ip_addr` varchar(150) NOT NULL,
  PRIMARY KEY (`id`)
) ENGINE=InnoDB AUTO_INCREMENT=367 DEFAULT CHARSET=utf8;

Credits;
- positivewire (Josh)
- iExit
Download;

You must be registered to see links

Let it be known; THERE IS NO HK FOR THIS.
Just setup BoostCMS/RevCMS on hk.domain.com and be done with it. I might release my HK too

You must be registered to see links

You must be registered to see links

You must be registered to see links

​

 

[Alozi]

I love the cms layout & and all the functions, I see that you have worked hard on it too, nice work man, and thank you for the release :w00t:

 

[Noisecontroller]

I was hoping you relased Paypal IPN but else, awesome release!

 

[Brought]

Keep up the good work with these releases. It seems people are very fond of them. The section needs a change from RevCMS anyway. I assume by default this CMS is compatible with Plus Emulator, correct?

 

[ovflowd]

The design of the CMS is normal, what i really liked was the features. Nice features, specifically i liked the Home and Logs.
I remember that the CMS with biggest amount of Addons and Plugins was HoloCMS. Was a good time with HoloCMS.
I remember the Rare Items Page, Habbo Club Page, Limited Rares Page, and so many addons, like Minimail. Really good times.

Ah, and i don't liked the design of your HK, except the Login page. The colors doesn't combine and match.

 

[positivewire]

The design of the CMS is normal, what i really liked was the features. Nice features, specifically i liked the Home and Logs.
I remember that the CMS with biggest amount of Addons and Plugins was HoloCMS. Was a good time with HoloCMS.
I remember the Rare Items Page, Habbo Club Page, Limited Rares Page, and so many addons, like Minimail. Really good times.

Ah, and i don't liked the design of your HK, except the Login page. The colors doesn't combine and match.

Yeah, HoloCMS / PHPRetro xD I used them on my first hotels
I personally like that avatar editor on their register

 

[Jonteh]

Every CMS is compatible with every emulator in this Ducking world.

Not unless you know how to edit queries, returns, and usages. Arcturus, Comet have totally different DB structures.

 

[NoBrain]

Let's run through the list shall we?

• No MVC? Check.
• All core classes in one file? Check.
• Calling static files from a "CDN" that's actually just a folder called "CDN" on the SAME server? Check.
• Trash code? Check.
• Node.JS mixed with PhP? Check. (why?)

I'd honestly recommend RevCMS over this, hell even UberCMS. I was showing this to Marit (maritnmine) and we were in tears. By the way, use public hosting rather than your own (for numerous reasons).

 

[Gaby]

Was this intentional?

Damn people please don't use this until you escaped everything I put a square around. Not only did he not escape the username, he also forgot to escape the Ducking machineid and even the REMOTE_ADDR. Dude these values can be manipulated into sql injections by 10 year olds. If you are running this CMS or are planning on, please go to appplication/application.php and escape everything I put a square around.



Also please change

public static function getVips(){
    global $db;    
    $q = $db->runQuery("SELECT * FROM users WHERE rank_vip != 0 AND rank = 1 ORDER BY RAND() LIMIT 5");
    $vips = null;
    while($d = mysqli_fetch_array($q)){
        $subs = array();
        $subs[1] = '{$lang->shop_pack_one_name}';
        $subs[2] = '{$lang->shop_pack_two_name}';
        $subs[3] = '{$lang->shop_pack_three_name}';
        $vips .= '<tr><td width="65px" valign="top"><div style="height: 65px; width: 50px; float: left; overflow: hidden;"><img src="%imgr%?figure='.$d['look'].'"></div></td><td width="400px" valign="top"><strong>{$lang->application_username} <a href="%http%/home?user='.$d['username'].'">'.$d['username'].'</a></strong><br /><b>{$lang->application_registered}</b> '.date('M j, g a, Y', $d['account_created']).'<br /><b>{$lang->application_subscription}</b> '.$subs[$d['rank_vip']].'<br /><b>{$lang->application_diamonds}</b> '.number_format($d['vip_points']).'</td></tr>';
    }
    return $vips;
}
public static function getDonors(){
    global $db;
    $q = $db->runQuery("SELECT * FROM users ORDER BY donated_amount DESC LIMIT 5");
    $donors = null;
    while($d = mysqli_fetch_array($q)){
        $donors .= '<tr><td width="90px" valign="top"><div style="height: 80px; width: 50px; float: left; overflow: hidden;"><img src="%imgr%?figure='.$d['look'].'"></div></td><td width="427px" valign="top"><strong>{$lang->application_username} <a href="%http%/home?user='.$d['username'].'">'.$d['username'].'</a></strong><br />{$lang->application_total_donations} <b>$'.$d['donated_amount'].'</b><br /><br />{$lang->application_times_donated} '.$d['donated_times'].'</td></tr>';
    }
    return $donors;
}
public static function getRichestByRespect(){
    global $db;
    $getCredits = $db->runQuery("SELECT `id`,`Respect` FROM `user_stats` ORDER BY `Respect` DESC LIMIT 50");
    $amount = 0;
    $mostRespect = null;
    while($creditsStats = mysqli_fetch_array($getCredits)) {
        $user = $db->fetchArray("SELECT id,username,rank,look FROM users WHERE id = '".$db->secureData($creditsStats['id'])."' LIMIT 1");
        if($user['rank'] == 1 && $amount <= 10){
            $mostRespect .= '
                    <tr>
                        <td width="25%"><img src="%imgr%?figure=' . $user['look'] . '&size=m&headonly=1&direction32&head_direction=3&gesture=sml" align="left"></td> 
                        <td width="75%"><a href="/home?user='.$user['username'].'"><b>'.$user['username'].' (#'.$user['id'].')</b></a><br />'.number_format($creditsStats['Respect']).' {$lang->application_respects}.</td>
                    </tr>
                ';
            $amount++;
        }
    }
    return $mostRespect;
}
public static function getRichestByOnlineTime(){
    global $db;
    $getCredits = $db->runQuery("SELECT `id`,`OnlineTime` FROM `user_stats` ORDER BY `OnlineTime` DESC LIMIT 50");
    $amount = 0;
    $onlineTime = null;
    while($creditsStats = mysqli_fetch_array($getCredits)) {
        $user = $db->fetchArray("SELECT id,username,rank,look FROM users WHERE id = '".$db->secureData($creditsStats['id'])."' LIMIT 1");
        if($user['rank'] == 1 && $amount <= 10){
            $onlineTime .= '
                    <tr>
                        <td width="25%"><img src="%imgr%?figure=' . $user['look'] . '&size=m&headonly=1&direction32&head_direction=3&gesture=sml" align="left"></td> 
                        <td width="75%"><a href="/home?user='.$user['username'].'"><b>'.$user['username'].' (#'.$user['id'].')</b></a><br />'.boltCore::secondsToTime($creditsStats['OnlineTime']).' {$lang->application_online}.</td>
                    </tr>
                ';
            $amount++;
        }
    }
    return $onlineTime;
}
public static function getRichestByDiamonds(){
    global $db;
    $user2 = $db->runQuery("SELECT id,username,rank,vip_points,look FROM users WHERE username != 'Oxygen' ORDER BY vip_points DESC LIMIT 50");
    $amount = 0;
    $mostDiamonds = null;
    while($user = mysqli_fetch_array($user2)) {
        if($user['rank'] == '1' && $amount <= 10){
            $mostDiamonds .= '
                    <tr>
                        <td width="25%"><img src="%imgr%?figure=' . $user['look'] . '&size=m&headonly=1&direction32&head_direction=3&gesture=sml" align="left"></td> 
                        <td width="75%"><a href="/home?user='.$user['username'].'"><b>'.$user['username'].' (#'.$user['id'].')</b></a><br />'.number_format($user['vip_points']).' {$lang->application_diamonds}.</td>
                    </tr>
                ';
            $amount++;
        }
    }
    return $mostDiamonds;
}

To

<?php
public static function getVips(){
    global $db;    
    $q = $db->runQuery("SELECT * FROM users WHERE rank_vip != 0 AND rank = 1 ORDER BY RAND() LIMIT 5");
    $vips = null;
    while($d = mysqli_fetch_array($q)){
        $subs = array();
        $subs[1] = '{$lang->shop_pack_one_name}';
        $subs[2] = '{$lang->shop_pack_two_name}';
        $subs[3] = '{$lang->shop_pack_three_name}';
        $vips .= '<tr><td width="65px" valign="top"><div style="height: 65px; width: 50px; float: left; overflow: hidden;"><img src="%imgr%?figure='.htmlspecialchars($d['look']).'"></div></td><td width="400px" valign="top"><strong>{$lang->application_username} <a href="%http%/home?user='.htmlspecialchars($d['username']).'">'.htmlspecialchars($d['username']).'</a></strong><br /><b>{$lang->application_registered}</b> '.date('M j, g a, Y', $d['account_created']).'<br /><b>{$lang->application_subscription}</b> '.$subs[$d['rank_vip']].'<br /><b>{$lang->application_diamonds}</b> '.number_format($d['vip_points']).'</td></tr>';
    }
    return $vips;
}
public static function getDonors(){
    global $db;
    $q = $db->runQuery("SELECT * FROM users ORDER BY donated_amount DESC LIMIT 5");
    $donors = null;
    while($d = mysqli_fetch_array($q)){
        $donors .= '<tr><td width="90px" valign="top"><div style="height: 80px; width: 50px; float: left; overflow: hidden;"><img src="%imgr%?figure='.htmlspecialchars($d['look']).'"></div></td><td width="427px" valign="top"><strong>{$lang->application_username} <a href="%http%/home?user='.htmlspecialchars($d['username']).'">'.htmlspecialchars($d['username']).'</a></strong><br />{$lang->application_total_donations} <b>$'.$d['donated_amount'].'</b><br /><br />{$lang->application_times_donated} '.$d['donated_times'].'</td></tr>';
    }
    return $donors;
}
public static function getRichestByRespect(){
    global $db;
    $getCredits = $db->runQuery("SELECT `id`,`Respect` FROM `user_stats` ORDER BY `Respect` DESC LIMIT 50");
    $amount = 0;
    $mostRespect = null;
    while($creditsStats = mysqli_fetch_array($getCredits)) {
        $user = $db->fetchArray("SELECT id,username,rank,look FROM users WHERE id = '".$db->secureData($creditsStats['id'])."' LIMIT 1");
        if($user['rank'] == 1 && $amount <= 10){
            $mostRespect .= '
                    <tr>
                        <td width="25%"><img src="%imgr%?figure=' . htmlspecialchars($user['look']) . '&size=m&headonly=1&direction32&head_direction=3&gesture=sml" align="left"></td> 
                        <td width="75%"><a href="/home?user='.htmlspecialchars($user['username']).'"><b>'.htmlspecialchars($user['username']).' (#'.$user['id'].')</b></a><br />'.number_format($creditsStats['Respect']).' {$lang->application_respects}.</td>
                    </tr>
                ';
            $amount++;
        }
    }
    return $mostRespect;
}
public static function getRichestByOnlineTime(){
    global $db;
    $getCredits = $db->runQuery("SELECT `id`,`OnlineTime` FROM `user_stats` ORDER BY `OnlineTime` DESC LIMIT 50");
    $amount = 0;
    $onlineTime = null;
    while($creditsStats = mysqli_fetch_array($getCredits)) {
        $user = $db->fetchArray("SELECT id,username,rank,look FROM users WHERE id = '".$db->secureData($creditsStats['id'])."' LIMIT 1");
        if($user['rank'] == 1 && $amount <= 10){
            $onlineTime .= '
                    <tr>
                        <td width="25%"><img src="%imgr%?figure=' . htmlspecialchars($user['look']) . '&size=m&headonly=1&direction32&head_direction=3&gesture=sml" align="left"></td> 
                        <td width="75%"><a href="/home?user='.htmlspecialchars($user['username']).'"><b>'.htmlspecialchars($user['username']).' (#'.$user['id'].')</b></a><br />'.boltCore::secondsToTime($creditsStats['OnlineTime']).' {$lang->application_online}.</td>
                    </tr>
                ';
            $amount++;
        }
    }
    return $onlineTime;
}
public static function getRichestByDiamonds(){
    global $db;
    $user2 = $db->runQuery("SELECT id,username,rank,vip_points,look FROM users WHERE username != 'Oxygen' ORDER BY vip_points DESC LIMIT 50");
    $amount = 0;
    $mostDiamonds = null;
    while($user = mysqli_fetch_array($user2)) {
        if($user['rank'] == '1' && $amount <= 10){
            $mostDiamonds .= '
                    <tr>
                        <td width="25%"><img src="%imgr%?figure=' . htmlspecialchars($user['look']) . '&size=m&headonly=1&direction32&head_direction=3&gesture=sml" align="left"></td> 
                        <td width="75%"><a href="/home?user='.htmlspecialchars($user['username']).'"><b>'.htmlspecialchars($user['username']).' (#'.$user['id'].')</b></a><br />'.number_format($user['vip_points']).' {$lang->application_diamonds}.</td>
                    </tr>
                ';
            $amount++;
        }
    }
    return $mostDiamonds;
}

For fucks sake people please just don't use this, it's not safe, I just looked at half of ONE file.

 

[Jiq]

Nice CMS, btw if I am true that you've been combined between Boost and RevCMS ? bcs this what I've seen on Config.

 

[Geo]

Was this intentional?

Damn people please don't use this until you escaped everything I put a square around. Not only did he not escape the username, he also forgot to escape the Ducking machineid and even the REMOTE_ADDR. Dude these values can be manipulated into sql injections by 10 year olds. If you are running this CMS or are planning on, please go to appplication/application.php and escape everything I put a square around.



Also please change

public static function getVips(){
    global $db;    
    $q = $db->runQuery("SELECT * FROM users WHERE rank_vip != 0 AND rank = 1 ORDER BY RAND() LIMIT 5");
    $vips = null;
    while($d = mysqli_fetch_array($q)){
        $subs = array();
        $subs[1] = '{$lang->shop_pack_one_name}';
        $subs[2] = '{$lang->shop_pack_two_name}';
        $subs[3] = '{$lang->shop_pack_three_name}';
        $vips .= '<tr><td width="65px" valign="top"><div style="height: 65px; width: 50px; float: left; overflow: hidden;"><img src="%imgr%?figure='.$d['look'].'"></div></td><td width="400px" valign="top"><strong>{$lang->application_username} <a rel="nofollow" href="%http%/home?user='.$d['username'].'">'.$d['username'].'</a></strong><br /><b>{$lang->application_registered}</b> '.date('M j, g a, Y', $d['account_created']).'<br /><b>{$lang->application_subscription}</b> '.$subs[$d['rank_vip']].'<br /><b>{$lang->application_diamonds}</b> '.number_format($d['vip_points']).'</td></tr>';
    }
    return $vips;
}
public static function getDonors(){
    global $db;
    $q = $db->runQuery("SELECT * FROM users ORDER BY donated_amount DESC LIMIT 5");
    $donors = null;
    while($d = mysqli_fetch_array($q)){
        $donors .= '<tr><td width="90px" valign="top"><div style="height: 80px; width: 50px; float: left; overflow: hidden;"><img src="%imgr%?figure='.$d['look'].'"></div></td><td width="427px" valign="top"><strong>{$lang->application_username} <a rel="nofollow" href="%http%/home?user='.$d['username'].'">'.$d['username'].'</a></strong><br />{$lang->application_total_donations} <b>$'.$d['donated_amount'].'</b><br /><br />{$lang->application_times_donated} '.$d['donated_times'].'</td></tr>';
    }
    return $donors;
}
public static function getRichestByRespect(){
    global $db;
    $getCredits = $db->runQuery("SELECT `id`,`Respect` FROM `user_stats` ORDER BY `Respect` DESC LIMIT 50");
    $amount = 0;
    $mostRespect = null;
    while($creditsStats = mysqli_fetch_array($getCredits)) {
        $user = $db->fetchArray("SELECT id,username,rank,look FROM users WHERE id = '".$db->secureData($creditsStats['id'])."' LIMIT 1");
        if($user['rank'] == 1 && $amount <= 10){
            $mostRespect .= '
                    <tr>
                        <td width="25%"><img src="%imgr%?figure=' . $user['look'] . '&size=m&headonly=1&direction32&head_direction=3&gesture=sml" align="left"></td> 
                        <td width="75%"><a rel="nofollow" href="/home?user='.$user['username'].'"><b>'.$user['username'].' (#'.$user['id'].')</b></a><br />'.number_format($creditsStats['Respect']).' {$lang->application_respects}.</td>
                    </tr>
                ';
            $amount++;
        }
    }
    return $mostRespect;
}
public static function getRichestByOnlineTime(){
    global $db;
    $getCredits = $db->runQuery("SELECT `id`,`OnlineTime` FROM `user_stats` ORDER BY `OnlineTime` DESC LIMIT 50");
    $amount = 0;
    $onlineTime = null;
    while($creditsStats = mysqli_fetch_array($getCredits)) {
        $user = $db->fetchArray("SELECT id,username,rank,look FROM users WHERE id = '".$db->secureData($creditsStats['id'])."' LIMIT 1");
        if($user['rank'] == 1 && $amount <= 10){
            $onlineTime .= '
                    <tr>
                        <td width="25%"><img src="%imgr%?figure=' . $user['look'] . '&size=m&headonly=1&direction32&head_direction=3&gesture=sml" align="left"></td> 
                        <td width="75%"><a rel="nofollow" href="/home?user='.$user['username'].'"><b>'.$user['username'].' (#'.$user['id'].')</b></a><br />'.boltCore::secondsToTime($creditsStats['OnlineTime']).' {$lang->application_online}.</td>
                    </tr>
                ';
            $amount++;
        }
    }
    return $onlineTime;
}
public static function getRichestByDiamonds(){
    global $db;
    $user2 = $db->runQuery("SELECT id,username,rank,vip_points,look FROM users WHERE username != 'Oxygen' ORDER BY vip_points DESC LIMIT 50");
    $amount = 0;
    $mostDiamonds = null;
    while($user = mysqli_fetch_array($user2)) {
        if($user['rank'] == '1' && $amount <= 10){
            $mostDiamonds .= '
                    <tr>
                        <td width="25%"><img src="%imgr%?figure=' . $user['look'] . '&size=m&headonly=1&direction32&head_direction=3&gesture=sml" align="left"></td> 
                        <td width="75%"><a rel="nofollow" href="/home?user='.$user['username'].'"><b>'.$user['username'].' (#'.$user['id'].')</b></a><br />'.number_format($user['vip_points']).' {$lang->application_diamonds}.</td>
                    </tr>
                ';
            $amount++;
        }
    }
    return $mostDiamonds;
}

To

<?php
public static function getVips(){
    global $db;    
    $q = $db->runQuery("SELECT * FROM users WHERE rank_vip != 0 AND rank = 1 ORDER BY RAND() LIMIT 5");
    $vips = null;
    while($d = mysqli_fetch_array($q)){
        $subs = array();
        $subs[1] = '{$lang->shop_pack_one_name}';
        $subs[2] = '{$lang->shop_pack_two_name}';
        $subs[3] = '{$lang->shop_pack_three_name}';
        $vips .= '<tr><td width="65px" valign="top"><div style="height: 65px; width: 50px; float: left; overflow: hidden;"><img src="%imgr%?figure='.htmlspecialchars($d['look']).'"></div></td><td width="400px" valign="top"><strong>{$lang->application_username} <a rel="nofollow" href="%http%/home?user='.htmlspecialchars($d['username']).'">'.htmlspecialchars($d['username']).'</a></strong><br /><b>{$lang->application_registered}</b> '.date('M j, g a, Y', $d['account_created']).'<br /><b>{$lang->application_subscription}</b> '.$subs[$d['rank_vip']].'<br /><b>{$lang->application_diamonds}</b> '.number_format($d['vip_points']).'</td></tr>';
    }
    return $vips;
}
public static function getDonors(){
    global $db;
    $q = $db->runQuery("SELECT * FROM users ORDER BY donated_amount DESC LIMIT 5");
    $donors = null;
    while($d = mysqli_fetch_array($q)){
        $donors .= '<tr><td width="90px" valign="top"><div style="height: 80px; width: 50px; float: left; overflow: hidden;"><img src="%imgr%?figure='.htmlspecialchars($d['look']).'"></div></td><td width="427px" valign="top"><strong>{$lang->application_username} <a rel="nofollow" href="%http%/home?user='.htmlspecialchars($d['username']).'">'.htmlspecialchars($d['username']).'</a></strong><br />{$lang->application_total_donations} <b>$'.$d['donated_amount'].'</b><br /><br />{$lang->application_times_donated} '.$d['donated_times'].'</td></tr>';
    }
    return $donors;
}
public static function getRichestByRespect(){
    global $db;
    $getCredits = $db->runQuery("SELECT `id`,`Respect` FROM `user_stats` ORDER BY `Respect` DESC LIMIT 50");
    $amount = 0;
    $mostRespect = null;
    while($creditsStats = mysqli_fetch_array($getCredits)) {
        $user = $db->fetchArray("SELECT id,username,rank,look FROM users WHERE id = '".$db->secureData($creditsStats['id'])."' LIMIT 1");
        if($user['rank'] == 1 && $amount <= 10){
            $mostRespect .= '
                    <tr>
                        <td width="25%"><img src="%imgr%?figure=' . htmlspecialchars($user['look']) . '&size=m&headonly=1&direction32&head_direction=3&gesture=sml" align="left"></td> 
                        <td width="75%"><a rel="nofollow" href="/home?user='.htmlspecialchars($user['username']).'"><b>'.htmlspecialchars($user['username']).' (#'.$user['id'].')</b></a><br />'.number_format($creditsStats['Respect']).' {$lang->application_respects}.</td>
                    </tr>
                ';
            $amount++;
        }
    }
    return $mostRespect;
}
public static function getRichestByOnlineTime(){
    global $db;
    $getCredits = $db->runQuery("SELECT `id`,`OnlineTime` FROM `user_stats` ORDER BY `OnlineTime` DESC LIMIT 50");
    $amount = 0;
    $onlineTime = null;
    while($creditsStats = mysqli_fetch_array($getCredits)) {
        $user = $db->fetchArray("SELECT id,username,rank,look FROM users WHERE id = '".$db->secureData($creditsStats['id'])."' LIMIT 1");
        if($user['rank'] == 1 && $amount <= 10){
            $onlineTime .= '
                    <tr>
                        <td width="25%"><img src="%imgr%?figure=' . htmlspecialchars($user['look']) . '&size=m&headonly=1&direction32&head_direction=3&gesture=sml" align="left"></td> 
                        <td width="75%"><a rel="nofollow" href="/home?user='.htmlspecialchars($user['username']).'"><b>'.htmlspecialchars($user['username']).' (#'.$user['id'].')</b></a><br />'.boltCore::secondsToTime($creditsStats['OnlineTime']).' {$lang->application_online}.</td>
                    </tr>
                ';
            $amount++;
        }
    }
    return $onlineTime;
}
public static function getRichestByDiamonds(){
    global $db;
    $user2 = $db->runQuery("SELECT id,username,rank,vip_points,look FROM users WHERE username != 'Oxygen' ORDER BY vip_points DESC LIMIT 50");
    $amount = 0;
    $mostDiamonds = null;
    while($user = mysqli_fetch_array($user2)) {
        if($user['rank'] == '1' && $amount <= 10){
            $mostDiamonds .= '
                    <tr>
                        <td width="25%"><img src="%imgr%?figure=' . htmlspecialchars($user['look']) . '&size=m&headonly=1&direction32&head_direction=3&gesture=sml" align="left"></td> 
                        <td width="75%"><a rel="nofollow" href="/home?user='.htmlspecialchars($user['username']).'"><b>'.htmlspecialchars($user['username']).' (#'.$user['id'].')</b></a><br />'.number_format($user['vip_points']).' {$lang->application_diamonds}.</td>
                    </tr>
                ';
            $amount++;
        }
    }
    return $mostDiamonds;
}

For fucks sake people please just don't use this, it's not safe, I just looked at half of ONE file.

Damn, HTML inside functions is still a thing in 2016?

 

[positivewire]

Let's run through the list shall we?

• No MVC? Check.
• All core classes in one file? Check.
• Calling static files from a "CDN" that's actually just a folder called "CDN" on the SAME server? Check.
• Trash code? Check.
• Node.JS mixed with PhP? Check. (why?)

I'd honestly recommend RevCMS over this, hell even UberCMS. I was showing this to Marit (maritnmine) and we were in tears. By the way, use public hosting rather than your own (for numerous reasons).

> Meh
> A few developers mentioned that it was faster, so I gave it a shot.
> If you didn't already realise, there is a config for the CDN (I used cdn.peace.tf and hosted the CSS/JS on there)
> The codes fine :b
> Node.JS was used when someone logged in, the node server sent an alert "X has logged in" to the page and a little alert popped up.

The poor download is likely your internet, the server it's on has 900 down 800 up.

Edit;

You must be registered to see links

- I never noticed this.. I'll post a fixed version later on, with the escaped VIP functions.



Exploits patched, if any more are found, let me know and I'll patch them.

You must be registered to see links

 

[LeChris]

Can't remember - but I recall you making remarks towards speed and efficiency in our systems.

Your system avg: 1.6kms (Siege Benchmarking)

You must be registered to see links

Imagine PHP avg: 181ms (Siege Benchmarking)

You must be registered to see links

Retaliation 3 avg: 18ms (Siege Benchmarking)

You must be registered to see links

It doesn't help your inability to code inefficiency also means you probably don't minimize your assets, but than again how much blame can you pin onto asset issue?

Example 2
Your CMS Speed
!-- Page rendered in: 0.14632 seconds. -->
Mine
Total execution time in seconds: 0.03828

Not to mention, Imagine runs extra tasks before making it's initial cache (Renders the template engine code, etc) which helps its load time tremendously. Example of the cache file shown in second screenshot, which is the final result of the template engine

btw, spaghetti code is horrible




Both of my systems run more queries on the page as well, to fetch configuration via database

 

[positivewire]

Can't remember - but I recall you making remarks towards speed and efficiency in our systems.

Your system avg: 1.6kms (Siege Benchmarking)

You must be registered to see links

Imagine PHP avg: 181ms (Siege Benchmarking)

You must be registered to see links

Retaliation 3 avg: 18ms (Siege Benchmarking)

You must be registered to see links

It doesn't help your inability to code inefficiency also means you probably don't minimize your assets, but than again how much blame can you pin onto asset issue?

Example 2
Your CMS Speed
!-- Page rendered in: 0.14632 seconds. -->
Mine
Total execution time in seconds: 0.03828

Not to mention, Imagine runs extra tasks before making it's initial cache (Renders the template engine code, etc) which helps its load time tremendously. Example of the cache file shown in second screenshot, which is the final result of the template engine

btw, spaghetti code is horrible




Both of my systems run more queries on the page as well, to fetch configuration via database

You must have set this up rather poorly, because both on my PC and server, it was well under 0.1 -
Me refreshing the index -

You must be registered to see links

Me refreshing the me page -

You must be registered to see links

Friendly tip: use 127.0.0.1 for the host, not localhost. MySQLi doesn't like host lookups.

btw, preference of code is down to an individuals opinion.

 

[LeChris]

You must have set this up rather poorly, because both on my PC and server, it was well under 0.1 -
Me refreshing the index -

You must be registered to see links

Me refreshing the me page -

You must be registered to see links

Friendly tip: use 127.0.0.1 for the host, not localhost. MySQLi doesn't like host lookups.

btw, preference of code is down to an individuals opinion.

Friendly tip,
My setup was the stock setup for all, there is no "poor" setup. Refreshing a page and viewing source does just that -shows you the source without getting the assets, etc. If I was to "view source" of my so called bulky Laravel it would show just as fast. Y
Once more at this thread,
Apologies for showing just how bad this is, when one person's work takes about 10 times as long - that is an issue. Sorry, you're new and like to classify everything you write as being "top of the line" or "fast." It's quite the opposite, when I see your source - I feel as if it's Uber all over again

 

[NoBrain]

> Meh
> A few developers mentioned that it was faster, so I gave it a shot.
> If you didn't already realise, there is a config for the CDN (I used cdn.peace.tf and hosted the CSS/JS on there)
> The codes fine :b
> Node.JS was used when someone logged in, the node server sent an alert "X has logged in" to the page and a little alert popped up.

The poor download is likely your internet, the server it's on has 900 down 800 up.

> They aren't developers if they recommend you do that.
> Didn't know that part since I browsed 3 files and cringed, couldn't withstand to look more through it.
> No it's not.
> You can do that through PHP.

I did it on my work internet and my home internet, both are incredibly slow.

btw, preference of code is down to an individuals opinion.

If you're not working in a team, at first yes. If it performs terribly, you will be forced to change it. However if you're working in a team then the code syntax and how you go about with the database structure is all discussed and organised beforehand so it's a group decision not your own. I'm unsure if you worked on a team on this, I'd be surprised if you did.

 

[papagaios]

> Meh
> A few developers mentioned that it was faster, so I gave it a shot.
> If you didn't already realise, there is a config for the CDN (I used cdn.peace.tf and hosted the CSS/JS on there)
> The codes fine :b
> Node.JS was used when someone logged in, the node server sent an alert "X has logged in" to the page and a little alert popped up.

The poor download is likely your internet, the server it's on has 900 down 800 up.

Edit;

You must be registered to see links

- I never noticed this.. I'll post a fixed version later on, with the escaped VIP functions.



Exploits patched, if any more are found, let me know and I'll patch them.

You must be registered to see links

with this patch resolves?

 

[positivewire]

Friendly tip,
My setup was the stock setup for all, there is no "poor" setup. Refreshing a page and viewing source does just that -shows you the source without getting the assets, etc. If I was to "view source" of my so called bulky Laravel it would show just as fast. You are truly retarded if you go by that, and your coding style is horrendous if other developers cannot read it without cringing. Follow a MVC approach or shut the duck up
@Brought quit being a faggot and disliking posts, go get a hobby and learn to code than suck up to Zodiak for an extra bite of reputation you pathetic sap

Once more at this thread,
Apologies for showing just how bad this is, when one person's work takes about 10 times as long - that is an issue. Sorry, you're new and like to classify everything you write as being "top of the line" or "fast." It's quite the opposite, when I see your source - I feel as if it's Uber all over again

Chris, the PHP / CMS itself is fine. if you're talk about 'assets', this is default habbo layout.. It will always be slow to load the HTML etc on the first load, thus why I hosted the Images/CSS/JS on a CDN. Peace's new CMS (BoltCMS v2) is built using bootsrtrap, and is a decent amount faster.

> They aren't developers if they recommend you do that.
> Didn't know that part since I browsed 3 files and cringed, couldn't withstand to look more through it.
> No it's not.
> You can do that through PHP.

I did it on my work internet and my home internet, both are incredibly slow.




If you're not working in a team, at first yes. If it performs terribly, you will be forced to change it. However if you're working in a team then the code syntax and how you go about with the database structure is all discussed and organised beforehand so it's a group decision not your own. I'm unsure if you worked on a team on this, I'd be surprised if you did.

> They are university lecturers.
> Look before posting
> Can you tell me what I did wrong, so I can improve? Telling me it's poop without any recommendations is not constructive whatsoever.
> Yes, but Node.JS is realtime. Doing that in PHP would also use more Resource.

When hosted on a live environment, many commented on the speed. I hosted it here for any who wish to click around. It's faster than Rev any day.

You must be registered to see links

- Seems perfectly fine for me.

I coded this alone.

with this patch resolves?

One possible SQL exploit, and two possible XSS exploits.

 

[LeChris]

Chris, the PHP / CMS itself is fine. if you're talk about 'assets', this is default habbo layout.. It will always be slow to load the HTML etc on the first load, thus why I hosted the Images/CSS/JS on a CDN. Peace's new CMS (BoltCMS v2) is built using bootsratp, as is a decent amount faster.

Stop attacking me, you've said your piece, now go back to your pathetic life and stop making up for what you don't have.




> They are university lecturers.
> Look before posting
> Can you tell me what I did wrong, so I can improve? Telling me it's poop without any recommendations is not constructive whatsoever.
> Yes, but Node.JS is realtime. Doing that in PHP would also use more Resource.

When hosted on a live environment, many commented on the speed. I hosted it here for any who wish to click around. It's faster than Rev any day.

You must be registered to see links

- Seems perfectly fine for me.

I coded this alone.



One possible SQL exploit, and two possible XSS exploits.

if it was only slow on the first load, why are the other thousand requests even slower.

This is slower than Rev and Uber. It's coded worse than both of them, and none of it was planned out. I'm not attacking you, this is what happens when you make remarks to others you can't back up.

My imagine framework which provides (Database connection, templating -> vars, foreach, including, etc much like blade syntax) and more outdoes this.

 

[pel]

Missing credits for the avatargenerator.
But nice to see that someone is using it. +1