RevCMS PDO

[Xversion]

RevCMS PDO / RevCMS 3.0

Hello Guys,

Original Post

Spoiler

I've been working on this for a few hours - just wanted to release it... why run on out dated PHP versions? when you can use this edition of RevCMS and run it on PHP 7 with the best security?

Benefits of PDO:

- Faster
- Safer
- More DB Drivers than MySQL and MySQLi
- Just better...

A 100% Complete Transition to PDO, Don't lose all of the work you put into RevCMS just because there is a new CMS in town.

NOTE: This hasn't gone through full testing yet... but use it at your own risk.

ANOTHER NOTE: There is no 'SKIN' that comes with the CMS, please feel free to extract your own and use for the sake of making the download quicker.

I will however be happy to fix any future bugs that you may have!

Virus Scan:

You must be registered to see links

Download URL:

Version 1:

You must be registered to see links

Version 1.1:

You must be registered to see links

- Fixed PDO Error messages which can expose your Database Password
- Disable Error messages on Production to expose server information
- Added an old 'Habbo' Theme for demonstration purposes.

Info - If you wish to see errors (for any purpose) then go to config.php and change $_CONFIG['site']['mode'] to 2 - useful for development purposes or on setting up your hotel.


Credits:

RevCMS - Kryptos - 90%
Me - PDO Edit - 5%
BurakDev - Testing - 5%

Soon to come... RevCMS 3.0

Features include:
- Enhanced Template Engine
- Plugins System
- Locale System
- SEO System (rank your website/hotel higher on Google)!
- Change of Database Engine to PDO
- Security Class (Finally! Deals with 99% of security threats with previous RevCMS issues)
- Complete CloudFlare Integration (Maybe integrate into Housekeeping?)
- Complete CDN Integration to serve your content from CDNs!

and more...

Requirements:
PHP 7 (or above)
MySQL 5 (or above)

Current Progress:

15%

View Code:

Spoiler

config.php

$config = (object) array(
    'name' => ($name = 'Xabbo'),
    'description' => 'The best retro in the world!',

    'web' => array(
      'path' => 'http://localhost',
      'maintenance' => false,
      'environment' => 2,
      'theme' => array(
        'default' => 'Habbo',
        'require' => 'jquery@3.1.1'
      ),
      'locale' => array(
        'en' => 'English',
        'de' => 'Deutsch'
      )
    ),

    'client' => array(
      'swf' => 'http://localhost/game/swf',
      'base' => 'http://localhost/game/swf/100/'
    ),

    'registration' => array(
      'rank' => 1,
      'vip' => 0,
      'motto' => 'I am new to ' . $name,
      'credits' => 2500,
      'duckets' => 5000,
      'crystals' => 50,
      'look' => '-'
    ),

    'mysql' => array(
      'host' => 'localhost',
      'user' => 'root',
      'pass' => '',
      'name' => 'vsl',
      'port' => 3306
    ),

    'email' => array(
      'help' => 'info@xabbo.localhost'
    ),

    'store' => array(
      'paypal' => 'deposit@virjox.com'
    ),

    'social' => array(
      'facebook' => array(
        'enabled' => false,
        'name' => 'Xabbo',
        'id' => '',
        'secret' => ''
      ),
      'twitter' => array(
        'enabled' => false,
        'name' => 'Xabbo'
      ),
      'youtube' => 'XabboHotel2k17'
    )
  );

Thanks!

 

[LeChris]

Haven't dug through the source yet but,

Props on catching Rev up to the latest times man

 

[BurakDev]

1/ Isn't safe to display database PDO error message, can expose database password.
2/ Using global to access to shared objects is bad
3/ You don't use PDO prepared statements
4/ stripslashes + htmlspecialchars isn't a mature secure against SQL injection
5/ Don't use mysql_real_escape_string if you want keep code compatible with recent PHP
6/ This poop allow IP spoofing if you don't use CloudFlare if(isset($_SERVER['HTTP_CF_CONNECTING_IP'])) { $_SERVER['REMOTE_ADDR'] = $_SERVER['HTTP_CF_CONNECTING_IP']; }
7/ On production mode disable all PHP errors to prevent file path (server name ?) expose

And I just watched some files..

 

[ovflowd]

@Xversion, nice release. But like BurakDev pointed, your source has some urgent security issues. Maybe in your next release you fix those errors

Good luck.

 

[Xversion]

1/ Isn't safe to display database PDO error message, can expose database password.
2/ Using global to access to shared objects is bad
3/ You don't use PDO prepared statements
4/ stripslashes + htmlspecialchars isn't a mature secure against SQL injection
5/ Don't use mysql_real_escape_string if you want keep code compatible with recent PHP
6/ This poop allow IP spoofing if you don't use CloudFlare if(isset($_SERVER['HTTP_CF_CONNECTING_IP'])) { $_SERVER['REMOTE_ADDR'] = $_SERVER['HTTP_CF_CONNECTING_IP']; }
7/ On production mode disable all PHP errors to prevent file path (server name ?) expose

And I just watched some files..

Just wanted to say... I just purley converted it to PDO, Only of the eight facts you pointed on are caused by me the rest are existent on a 'Clean' version of RevCMS

I did fix number 1 and 2 of your points, a new version is available here:

You must be registered to see links

Your just pointing out the flaws of RevCMS than what I did, however I will be going through your list and attempt to fix them.

Edit: Feel free to check out a fresh copy of RevCMS 1.9.9.9 you'll see way more issues with that but that doesn't stop many people from using RevCMS because of its simplicity

 

[FRX]

Where is the Database for CMS?

 

[Xversion]

Where is the Database for CMS?

Get it from the emulator... its not different from RevCMS...

 

[Brought]

Get it from the emulator... its not different from RevCMS...

Don't mind him, he spams the forum with nonsense. I've reported several of his posts. Seems he just posts for the count... very pointless questions that I believe, even he, knows the answer to.

 

[ShowStopper]

What would I need to install this? PHP and Mysql? I never dealt with PDO at all and want to take a look around.

 

[Konquer]

What would I need to install this? PHP and Mysql? I never dealt with PDO at all and want to take a look around.

PDO is just another way for php to communicate with your database. You don't need anything other than the usual stuff you would need to get revcms working.

 

[ShowStopper]

So the same version of PHP?

 

[Konquer]

So the same version of PHP?

You can choose whatever php version you want, just don't use a super old one.

 

[lai0n]

Try doing smaller functions, big functions are against PSR-*.
PSR's are the PHP Standards.
See about PSR-0, PSR-1, PSR-2, PSR-4 and PSR-5 here:

You must be registered to see links

Like this

 

[EvilCoder]

No offence, but I don't like RevCMS anyways. A lot of structures are coded badly and most good parts are based from uberCMS and then combined with other codes which together became worse and slower. As BurakDev already stated clearly somebody doesn't know what the difference is between private, public or internal which makes it insecure anyways.

Do note that there are no performance improvements between Mysqli and PDO. What is nice from PDO is that it is a multiple supporting language function but clearly you don't need that because we use MySQL.

Anyhow... Thanks for sharing this with the community =)! Will take a further look into this!

PDO is just another way for php to communicate with your database. You don't need anything other than the usual stuff you would need to get revcms working.

That is incorrect. You need PDO functionallity installed. If you use public shared hosting you might need to request this to be installed. If you have it on your own server for windows you peek here: http://php.net/manual/en/pdo.installation.php

 

[ShowStopper]

No offence, but I don't like RevCMS anyways. A lot of structures are coded badly and most good parts are based from uberCMS and then combined with other codes which together became worse and slower. As @BurakDev already stated clearly somebody doesn't know what the difference is between private, public or internal which makes it insecure anyways.

Do note that there are no performance improvements between Mysqli and PDO. What is nice from PDO is that it is a multiple supporting language function but clearly you don't need that because we use MySQL.

Anyhow... Thanks for sharing this with the community =)! Will take a further look into this!





That is incorrect. You need PDO functionallity installed. If you use public shared hosting you might need to request this to be installed. If you have it on your own server for windows you peek here:

You must be registered to see links

Thanks I tried to use this but I know nothing about PDO or any of that good stuff. I plan to further look into this.

 

[Konquer]

That is incorrect. You need PDO functionallity installed. If you use public shared hosting you might need to request this to be installed. If you have it on your own server for windows you peek here:

You must be registered to see links

Pdo ships with all php versions above 5.0, hence why I said not to use an old version.

 

[ovflowd]

Pdo ships with all php versions above 5.0, hence why I said not to use an old version.

The point of EvilCoder was that some Host Providers disabled it. Or didn't enabled it by default. But this on past. I think most of the hosts already enabled it.

 

[Konquer]

The point of @EvilCoder was that some Host Providers disabled it. Or didn't enabled it by default. But this on past. I think most of the hosts already enabled it.

Yeah I figured, just wanted to clearify as his reply intented that my previous statement was incorrect. Also, if your shared hosting doesn't include pdo by default, you should probably consider changing

 

[Xversion]

Okay guys, based on what has been mentioned in the thread, I have been working on the next version, this fixes every single issue about security and any bugs on the 30th before then if you have found any others let me know so I can release it together (if possible) as well.

And YES, it will be in PDO because the most recent version of PHP (which is 7) does no longer support mySQL but only MySQLi or PDO and RevCMS is not compatible.

saamus Most web hosts do support PDO because alot of applications use it, but in this latest version I am also going to work on a MySQLi Fallback if PDO is not present.

In the next release a Plugin System will be introduced and with this you can install features to your RevCMS such as Security Updates, CDN, etc.


More Information:

Latest PHP 7 functions - All classes and functions will be recoded to the PHP 7 standards and compatibility - STILL keeping any overlaps between PHP 5 and 7 allowing almost, if not all standard Web Hosts to provide you a platform.

All of the CMS (native) pages have been tested and proved to have worked.

100% PSR Standards - As mentioned in this thread the code has been fixed and will be to all PSR standards and with added readability than that was offered by the original RevCMS.

Security - All security concerns have been addressed and after several tests confirmed that it is safe for production.

Thanks!

 

[SoulZ]

Okay guys, based on what has been mentioned in the thread, I have been working on the next version, this fixes every single issue about security and any bugs on the 30th before then if you have found any others let me know so I can release it together (if possible) as well.

And YES, it will be in PDO because the most recent version of PHP (which is 7) does no longer support mySQL but only MySQLi or PDO and RevCMS is not compatible.

@saamus Most web hosts do support PDO because alot of applications use it, but in this latest version I am also going to work on a MySQLi Fallback if PDO is not present.

In the next release a Plugin System will be introduced and with this you can install features to your RevCMS such as Security Updates, CDN, etc.


More Information:

Latest PHP 7 functions - All classes and functions will be recoded to the PHP 7 standards and compatibility - STILL keeping any overlaps between PHP 5 and 7 allowing almost, if not all standard Web Hosts to provide you a platform.

All of the CMS (native) pages have been tested and proved to have worked.

100% PSR Standards - As mentioned in this thread the code has been fixed and will be to all PSR standards and with added readability than that was offered by the original RevCMS.

Security - All security concerns have been addressed and after several tests confirmed that it is safe for production.

Thanks!

Hey, this looks good!. Any idea's when the final version will be completed and released?