ProjectRetro CMS

[Predict]

Style was used back in 2006 on Habbo, he's greatly modified it with the updated version of Habbo's style. Not a big fan on how you've used ISSET and $_GET for each and every page, but meh.

Oh and you can still get this style, unmodified on Ragezone still, but it needs a lot of work been done to it.

"view-source:http://projectretro.co.cc/cms/?page=chat"

No offense, but look at all the shit you've added into the source, like cmon... You have to think about using HTML and CSS too, ya'know. Every single file has to be loaded and from that source, it's gonna make it a slow outcome and eat your bandwidth away like a bitch, not to mention your PHP coding and sessions, etc.

Remember not to filter your $_GET, $_POST and $_REQUEST and only secure your functions and mysql queries, make sure you only SELECT the rows you need and try to always limit everything.

[Caustik]

Why are you selling it? o.o

I'm not free!
This is the ProjectRetro CMS page. Here can you find what we already got. And what not. But this CMS is not free. But if you buy, You get a licence with update's ofcourse!

Posted via Mobile Device

[Hejula]

-cry-

[GertJanA]

-cry-

On what page what that exactly?
And maybe it is possible. Because i thought, that i was working on the cms on that time..

Style was used back in 2006 on Habbo, he's greatly modified it with the updated version of Habbo's style. Not a big fan on how you've used ISSET and $_GET for each and every page, but meh.

Oh and you can still get this style, unmodified on Ragezone still, but it needs a lot of work been done to it.

"view-source:http://projectretro.co.cc/cms/?page=chat"

No offense, but look at all the shit you've added into the source, like cmon... You have to think about using HTML and CSS too, ya'know. Every single file has to be loaded and from that source, it's gonna make it a slow outcome and eat your bandwidth away like a bitch, not to mention your PHP coding and sessions, etc.

Remember not to filter your $_GET, $_POST and $_REQUEST and only secure your functions and mysql queries, make sure you only SELECT the rows you need and try to always limit everything.

So you say its better to use every page on his self.
So: Not with ?page=
But every page with: vip.php - chat.php - home.php
That way?

And why not filter the $_GET, $_POST and $_REQUEST?

Why are you selling it? o.o

Posted via Mobile Device

Well i'm still thinking about it,
But i see that as a way to show you support me and like it.

Greetz,

[Predict]

If the inside of mysql_query(); is filtered, you don't need to worry about filtering $_GET, $_POST, etc because the important information is already protected...

[Joopie]

If the inside of mysql_query(); is filtered, you don't need to worry about filtering $_GET, $_POST, etc because the important information is already protected...

And what if we insert a post value in the query without filtering? O hee, i remembering it. Its called a SQL injection...
Posted via Mobile Device

[Law]

And what if we insert a post value in the query without filtering? O hee, i remembering it. Its called a SQL injection...
Posted via Mobile Device

Omg, I am trying to like about 1000 times!

:( Can only like it once :(

[Predict]

And what if we insert a post value in the query without filtering? O hee, i remembering it. Its called a SQL injection...
Posted via Mobile Device

What? Inserting a post value? What?
If you protect whats inside mysql_query(); you will be fine, if you don't, you wont be protected and then you'll have problems (aka SQL injection).

Edit:

Example.

PHP Code:

    public function Example()
    {
        $sql = "UPDATE table SET row = '".$data."' WHERE id = '".mysql_real_escape_string($id)."' LIMIT 1";
        
        return (mysql_query($sql));
    } 


Notice how I protect the data? Try it while using $_POST, you'll be protected as I said you would.

Also, want to see it in live action? http://www.talan.x10.bz/
Here's a function I'm using upon registering.

PHP Code:

            $sql = "INSERT INTO `users` (`Username`, `Password`, `Email`, `Rank`, `About`, `Background`, `Active`, `SignUp`, `TimeStamp`)
            VALUES ('".$db->sql_escape($this->clean_username)."','".$password."','".$db->sql_escape($this->clean_email)."','2','Profile has not been updated since registering.','1','1','".time()."','0')";
            
            $db->sql_query($sql); 


$db->sql_escape() is what protects my data, basically it's mysql_real_escape_string. None of my $_POSTs or $_GETs are filtered with it, because everything is already protected.

[Joopie]

There Is nothing to protect, data and id Isnt even defined so PHP gives a error..

If data was a post variable then you had a SQL injection...

Also search global variables, you will find out IF thats enabled you can set the data by putting ?data=somesthit at the end of the url.
Posted via Mobile Device

[Predict]

There Is nothing to protect, data and id Isnt even defined so PHP gives a error..

If data was a post variable then you had a SQL injection...

Also search global variables, you will find out IF thats enabled you can set the data by putting ?data=somesthit at the end of the url.
Posted via Mobile Device

Ofcourse the data ain't defined, because you need to define it first, obviously. I just placed a variable there to show you that the data you send is protected without protecting $_POST or $_GET.

[Joopie]

Add some more:

What you sayed does not make any sence...

You assign a post variable to an other variable.
If you filter it before the assignmejt of after it does not matter :s
Posted via Mobile Device

[Predict]

What? Your english sucks, js'

Here's an example how to use it...

First lets create a file to connect your database with, then use that file to require it once, then you create a class which include functions. In that function you will have this.

PHP Code:

    public function Example($data)
    {
        $this->data = $data;
        $sql = "UPDATE table SET row = '".mysql_real_escape_string($data)."' WHERE id = '".mysql_real_escape_string($id)."' LIMIT 1";
        
        return (mysql_query($sql));
    } 


Now, lets say the class is called LOL
$LOL->Example(); would update the variable at hand, however we still need to define $data from the function below, there for we add the varibale in the page we add the arrays, etc.

PHP Code:

<?php
    require_once("config.php");
    
    if(!empty($_POST))
    {
        $errors = array();
        $data = $_POST["data"];
        
        $LOL->Example($data);

    }
?>

Then you would add the form below it or whateva you want, and ta-da?

[Caustik]

Couldn't you just use:

PHP Code:

$db->bind_param('ssi', $foo, $bar, $number); 


[Hejula]

On what page what that exactly?

I'd tell you but half the fun is finding it? :D

What? Your english sucks, js'

Joopie is Dutch. He is making the effort to speak English and reply to you, so make the effort back and do not be so rude? Also, English has a capital E! `js'`.

[Kryptos]

PHP Code:

    public function Example($data)
    {
        $this->data = $data;
        $sql = "UPDATE table SET row = '".mysql_real_escape_string($data)."' WHERE id = '".mysql_real_escape_string($id)."' LIMIT 1";
        
        return (mysql_query($sql));
    } 


Wow su amazing u pro but let me help you with some stuff.

PHP Code:


//global.php

foreach($_POST as $key => $value)
{
    $_POST[$key] = mysql_real_escape_string($value);
}

//Some class or anything

    public function Example()
    {
        return (mysql_query("UPDATE table SET row = {$_POST['row']} WHERE id = {$_POST['id']} LIMIT 1")); // All needs filtering, we use a foreach and filter all before touching anything. So pro.
    } 


Is better than

PHP Code:

    public function Example($data)
    {
        $this->data = $data;   
        return (mysql_query("UPDATE table SET row = $this->data WHERE id = $id LIMIT 1")); // ID is clearly not inputted by the user, nothing to filter unless you assigned the ID session to a variable and you're retarded and should not be reading this.
    } 


Is better than

PHP Code:

    public function Example($data)
    {
        $this->data = $data;   
        return (mysql_query("UPDATE table SET row = '".mysql_real_escape_string($data)."' WHERE id = '".mysql_real_escape_string($id)."' LIMIT 1"));
    } 


Is better than

PHP Code:

    public function Example($data)
    {
        $this->data = $data;
        $sql = "UPDATE table SET row = '".mysql_real_escape_string($data)."' WHERE id = '".mysql_real_escape_string($id)."' LIMIT 1";
        
        return (mysql_query($sql));
    } 


Sorry if there are any errors, writing PHP in an iPod Touch is not easy.
Posted via Mobile Device