FailPHP

[Predict]

FailPHP
Habbo content management system.

I've had cravings to work on a new CMS and every time I look at what's the Habbo Section has to offer I can't help but feel it's not as good as everybody says. I've learnt a lot while I've been developing none-habbo related projects and I feel its time to create something fresh.

Feedback would be great, also.

FAQs

What Habbo Emulator will this work with?
It will work with Phoenix Emulator (@otkau).

Will this be open source?
Yes.

When will you release FailPHP?
When I finish version 1.

Screen shots

Spoiler:

Config.php - Pastebin

http://talan.x10.bz/ - Demo

[MentaL]

[NoBrain]

Why do i love this design ;3

Goodluck!!! Finish it aswell.
Posted via Mobile Device

[Quackster]

Okay I have three things to say

- Another CMS development?!
- I don't like the name
- Good luck :D

[Matthew]

Isn't this your 4th CMS ? I'm sure we have enough now. Especially phoenix ones. I personally dislike your layout. It's boring and not easy on the eye. Your design is based around what you want/like and not what a bunch of young/mid teens would like (on a hotel). You should use bright colours, take habbo.com's colour scheme for example. It's bright and light because that appeals to most people and especially teens. Your layout makes me feel like im reading a blog and not entering a website for teenagers.

As for the PHP side of things, please.. use some kind of framework. Zend, Code igniter, smarty... There's loads. I can see you're not that advanced in PHP (not saying this is bad).. so take advantage of a framework. It will save you less time and will allow you to do much more.

Other than that best of look, let's see if you complete this..

[Predict]

FailPHP is my third CMS project. It supports mysqli and mysql. It's not PhoenixPHP or related to any project on this habbo section.

Here's an example of my coding. (user-functions).

Code:

<?php

defined('PAGE') or die('Unallowed access');

function usernameExists($username)
{
	global $db;

 	if(returns_result("SELECT * FROM users WHERE username = '".$db->sql_escape(sanitize($username))."' LIMIT 1") > 0)
		return true;
	else
		return false;
}

function emailExists($email)
{
	global $db;

	if(returns_result("SELECT * FROM users WHERE email = '".$db->sql_escape(sanitize($email))."' LIMIT 1") > 0)
		return true;
	else
		return false;	
}

function fetchUserDetails($username=NULL,$token=NULL)
{
	global $db; 
	
	if($username!=NULL)  $sql = "SELECT * FROM users WHERE username = '".$db->sql_escape(sanitize($username))."' LIMIT 1";	
	$result = $db->sql_query($sql);
	$row = $db->sql_fetchrow($result);
	$db->sql_freeresult($result);

	return ($row);
}

function emailUsernameLinked($email,$username)
{
	global $db;
	
	if(returns_result("SELECT username,email FROM users WHERE username = '".$db->sql_escape(sanitize($username))."' AND email = '".$db->sql_escape(sanitize($email))."'") > 0)
		return true;
	else
		return false;
}


function isUserLoggedIn()
{
	global $loggedInUser,$db;
	
	if($loggedInUser == NULL)
		return false;
	else
	{
	if(returns_result("SELECT id, password FROM users WHERE id = '".(int)$db->sql_escape($loggedInUser->user_id)."' AND password = '".$db->sql_escape($loggedInUser->hash_pw)."' LIMIT 1") > 0)
			return true;
		else
		{
			$loggedInUser->userLogOut();
		
			return false;
		}
	}
}

function returns_result($sql)
{
	global $db;
	
	$count = 0;
 	$result = $db->sql_query($sql);
	
  	while ($row = $db->sql_fetchrow($result))
    {
      $count += 1;
    }
	$db->sql_freeresult($result);
	return ($count);
}


?>

Spoiler:

Spoiler:

Code:

function generateHash($plainText, $salt = null)
{
    if ($salt === null)
    {
        $salt = substr(md5(uniqid(rand(), true)), 0, 25);
    }
    else
    {
        $salt = substr($salt, 0, 25);
    }

    return $salt . sha1($salt . $plainText);
}

This is what protects your passwords and so forth. Try decrypting this bad boy.

[Matthew]

I think for the benifit of the community I'll post the PM you sent me here so everyone can see.

PM sent to me from Predict:

Have a peek on my FailPHP thread, again. There are over 30+ colours to choose from. And I bet that my PHP is far better than what you can code, buddy. I'm improved, a lot. So next time think before you post.

You could have said about the colours. The design is still very basic, though. And now here comes the sad part. I actually thought you was mature and could handle criticism. Now my respect for you has just.. dropped.. I stopped taking you serious after "my PHP is far better than what you can code". I didn't even come off as aggressive towards you. I was giving you some kind advice which would benefit you and your CMS. Nothing is special about your PHP either. You've done a couple of functions, woop-de-do. Any one with a few weeks PHP knowledge can do them. Also, where's the cache? Where's the proper OOP? I see you're querying for everything. And your queries are also bad...

PHP Code:

SELECT * FROM users WHERE username = '".$db->sql_escape(sanitize($username))."' LIMIT 1") 


That's selecting all the columns for the username you're checking. Why do that when you can do..

PHP Code:

SELECT username FROM users WHERE username = ... LIMIT 1 


PHP Code:

$db->sql_escape(sanitize)) 


Seems awfully long and tedious to keep re-typing out. Like I said.. framework.. Or.. just do it the PROPER way and creating a self function. filter() or santize() would just do..

That's it for now. Cba to answer the rest.

[Predict]

I think for the benifit of the community I'll post the PM you sent me here so everyone can see.

PM sent to me from Predict:



You could have said about the colours. The design is still very basic, though. And now here comes the sad part. I actually thought you was mature and could handle criticism. Now my respect for you has just.. dropped.. I stopped taking you serious after "my PHP is far better than what you can code". I didn't even come off as aggressive towards you. I was giving you some kind advice which would benefit you and your CMS. Nothing is special about your PHP either. You've done a couple of functions, woop-de-do. Any one with a few weeks PHP knowledge can do them. Also, where's the cache? Where's the proper OOP? I see you're querying for everything. And your queries are also bad...

PHP Code:

SELECT * FROM users WHERE username = '".$db->sql_escape(sanitize($username))."' LIMIT 1") 


That's selecting all the columns for the username you're checking. Why do that when you can do..

PHP Code:

SELECT username FROM users WHERE username = ... LIMIT 1 


PHP Code:

$db->sql_escape(sanitize)) 


Seems awfully long and tedious to keep re-typing out. Like I said.. framework.. Or.. just do it the PROPER way and creating a self function. filter() or santize() would just do..

That's it for now. Cba to answer the rest.

The reason why I'm selecting more than one thing is because I've been testing out a few things and $db is connecting to the database (mysqli or mysql). Depending what you pick on config.

[azaidi]

The name fails..

[Hejula]

Hehe, love the name and theme :D Hope this turns out better then the other one you did... forgot the name :')

[Joopie]

PHP Code:

function returns_result($sql)
{
    global $db;
    
    $count = 0;
     $result = $db->sql_query($sql);
    
      while ($row = $db->sql_fetchrow($result))
    {
      $count += 1;
    }
    $db->sql_freeresult($result);
    return ($count);
} 


You know there is a mysql_num_rows/mysqli_num_rows/mysqli_stmt_num_rows for that job?!

Oke, Now we take this part:

PHP Code:

if(returns_result("SELECT id, password FROM users WHERE id = '".(int)$db->sql_escape($loggedInUser->user_id)."' AND password = '".$db->sql_escape($loggedInUser->hash_pw)."' LIMIT 1") > 0) 


And then we look at this:

PHP Code:

(int)$db->sql_escape($loggedInUser->user_id) 


Why are you doing `(int)` and then put it into a `string`?!
Kind of useless =3

Also make a user class and save the user data in a session or whatever, It's less querying.

Also, If you saying you using MySQLi then you don't put everything out it.
Think about params, stmt etc

Of what you using now you could just use MySQL...

Oyhee, It's not a flame :4

Lol,

[Predict]

Right!

Spoiler:

Basically when you login you will have your "account settings" and the latest news. The news will be LIMIT 5 and show the latest accordingly. If you want to see previous news. Go to the archive.

My Preferences will show you what you can do to make the webpage your own. This will include changing the design to your personal preference. And in-game settings.

Change password and email are pretty easy to figure out what they're used for.

Want anything changed on me.php? Suggest it now. ;)

[blink182sp44]

its verry nice :D

[Makarov]

I only belive you're good at CSS(looked at your snips and config) gd luck.
Posted via Mobile Device

[Kryptos]

I agree with Matthew, I think you should 'learn more PHP' before making a project like this.

[Predict]

Spoiler:

Changing password is complete. Basically it'll validate everything before we editing anything located in the database. Then it confirms hash's match before updating the password. It'll error if you put in the same password, doesn't match the one in the database, it'll update the hash_pw property and it won't sign you out once updated the password.

Spoiler:

Updating your email address works a little differently on how your password gets updated. Basically you're required to include an email address. A function checks if your using "@". Oh and I've made it that only one person can use one email address at a time. E.G: I'm using talan@inbox.com (therefore its telling me to fuck off, because I'm already using it, although its just a message saying that its already being used). It won't update if you put the same email address in, but the first error will appear (using the email address you're already using). Everything all clear - It will update.

I'm probably going to fast, but I'll probably re-think on how to organise things.