ZapCMS [PHP, OOP, From Scratch]

Page 4 of 5 FirstFirst 12345 LastLast
Results 46 to 60 of 68
  1. 23-08-11 #46
    Hejula
    The one and only! Hejula is offline
    MemberRank
    Nov 2008 Join Date
    4,128Posts

    Re: ZapCMS [PHP, OOP, From Scratch]

    Jonty - I just fixed that exploit on Fresh :P

    You was putting mysql_real_escape_string in the wrong place :')

    You put it here:
    PHP Code:
    //$name = $_POST['bean_avatarName'];
                $name mysql_real_escape_string($_POST['bean_avatarName']); 
    It also needs to be here:
    PHP Code:
    else if (isset($_POST['bean_avatarName']))
        {
                $registerErrors = Array();
        
                $name mysql_real_escape_string($_POST['bean_avatarName']);
                $password $_POST['bean_password'];
                $password2 $_POST['bean_retypedPassword'];
                $email $_POST['bean_email'];
                $dob_day $_POST['bean_day'];
                $dob_month $_POST['bean_month'];
                $dob_year $_POST['bean_year'];
                //$lang = $_POST['bean_lang']; 
  2. 24-08-11 #47
    PythoneX12
    Im Back! PythoneX12 is offline
    MemberRank
    Sep 2010 Join Date
    634Posts

    Re: ZapCMS [PHP, OOP, From Scratch]

    Jonty, Could u include all client files for this? Thanks
  3. 24-08-11 #48
    Jonteh
    :joy: Jonteh is offline
    MemberRank
    Apr 2007 Join Date
    New York, USALocation
    3,375Posts

    Re: ZapCMS [PHP, OOP, From Scratch]

    Quote Originally Posted by PythoneX12 View Post
    Jonty, Could u include all client files for this? Thanks
    this is not yet done but when it is it shall be released in full.

    Thank you.
  4. 25-08-11 #49
    Quackster
    Developer Quackster is offline
    DeveloperRank
    Dec 2010 Join Date
    AustraliaLocation
    3,476Posts

    Re: ZapCMS [PHP, OOP, From Scratch]

    Cannot wait! This will support phoenix I assume?
  5. 25-08-11 #50
    Jonteh
    :joy: Jonteh is offline
    MemberRank
    Apr 2007 Join Date
    New York, USALocation
    3,375Posts

    Re: ZapCMS [PHP, OOP, From Scratch]

    Quote Originally Posted by Quackster View Post
    Cannot wait! This will support phoenix I assume?
    It supports both Phoenix and Uber.
  6. 26-08-11 #51
    SiiNz
    Apprentice SiiNz is offline
    MemberRank
    Apr 2011 Join Date
    18Posts

    Re: ZapCMS [PHP, OOP, From Scratch]

    Im still looking to check for any exploits
  7. 26-08-11 #52
    Hejula
    The one and only! Hejula is offline
    MemberRank
    Nov 2008 Join Date
    4,128Posts

    Re: ZapCMS [PHP, OOP, From Scratch]

    Quote Originally Posted by SiiNz View Post
    Im still looking to check for any exploits
    You wouldn't know the first thing about spotting exploits.
  8. 26-08-11 #53
    Makarov
    Ultra Light Beam Makarov is offline
    MemberRank
    Apr 2010 Join Date
    GothamLocation
    3,622Posts

    Re: ZapCMS [PHP, OOP, From Scratch]

    Quote Originally Posted by Hejula View Post
    You wouldn't know the first thing about spotting exploits.
    And how would you know that? Just because he just joined or has less posts then you doesn't mean you have justification on telling him what he can/can't do.
  9. 26-08-11 #54
    Davidaap
    What about no. Davidaap is offline
    MemberRank
    Nov 2009 Join Date
    773Posts

    Re: ZapCMS [PHP, OOP, From Scratch]

    Quote Originally Posted by SiiNz View Post
    Im still looking to check for any exploits
    Messages @ me page :)
  10. 26-08-11 #55
    Jonteh
    :joy: Jonteh is offline
    MemberRank
    Apr 2007 Join Date
    New York, USALocation
    3,375Posts

    Re: ZapCMS [PHP, OOP, From Scratch]

    Quote Originally Posted by Tr0ll.™ View Post
    And how would you know that? Just because he just joined or has less posts then you doesn't mean you have justification on telling him what he can/can't do.
    SiiNz is a guy off of Zap that was permanently banned for harassment of staff when he was fired. I hired him for a while to use him for Microsoft Points. I don't care what you think about me, i'm not here to gain reputation.

    Quote Originally Posted by davidaap View Post
    Messages @ me page :)
    Probably, i've not coded any protection into the me page.
  11. 26-08-11 #56
    Roper
    hi i'm robbie Roper is offline
    MemberRank
    Oct 2008 Join Date
    /home/roperLocation
    2,283Posts

    Re: ZapCMS [PHP, OOP, From Scratch]

    Yes Jonty, loving you're honesty there!

    Seems like some good progress has been made/is being made, keep it up :D
  12. 28-08-11 #57
    Jonteh
    :joy: Jonteh is offline
    MemberRank
    Apr 2007 Join Date
    New York, USALocation
    3,375Posts

    Re: ZapCMS [PHP, OOP, From Scratch]

    Quote Originally Posted by RobTheLobster View Post
    Yes Jonty, loving you're honesty there!

    Seems like some good progress has been made/is being made, keep it up :D
    Progress is slow atm, i'm feeling quite ill and don't feel like I could concentrate on coding right now.
  13. 12-09-11 #58
    401Error
    Apprentice 401Error is offline
    MemberRank
    Sep 2011 Join Date
    16Posts

    Re: ZapCMS [PHP, OOP, From Scratch]

    Keep it up!
  14. 12-09-11 #59
    Pure
    Account Upgraded | Title Enabled! Pure is offline
    MemberRank
    May 2008 Join Date
    809Posts

    Re: ZapCMS [PHP, OOP, From Scratch]

    Quote Originally Posted by Hejula View Post
    Jonty - I just fixed that exploit on Fresh :P

    You was putting mysql_real_escape_string in the wrong place :')

    You put it here:
    PHP Code:
    //$name = $_POST['bean_avatarName'];
                $name mysql_real_escape_string($_POST['bean_avatarName']); 
    It also needs to be here:
    PHP Code:
    else if (isset($_POST['bean_avatarName']))
        {
                $registerErrors = Array();
        
                $name mysql_real_escape_string($_POST['bean_avatarName']);
                $password $_POST['bean_password'];
                $password2 $_POST['bean_retypedPassword'];
                $email $_POST['bean_email'];
                $dob_day $_POST['bean_day'];
                $dob_month $_POST['bean_month'];
                $dob_year $_POST['bean_year'];
                //$lang = $_POST['bean_lang']; 
    This would be extremely easy to fix for every revision and for that matter every page.

    PHP Code:

    $data     = array();

    foreach(     $_POST as $key => $value )
    {

         $datastr_replace('bean_'''$key) ] = mysql_real_escape_string$value );

    }

    extract($data);

    echo     $password2;//lol123445667 
  15. 13-09-11 #60
    Predict
    Account Upgraded | Title Enabled! Predict is offline
    MemberRank
    Aug 2008 Join Date
    760Posts

    Re: ZapCMS [PHP, OOP, From Scratch]

    Quote Originally Posted by Hejula View Post
    Jonty - I just fixed that exploit on Fresh :P

    You was putting mysql_real_escape_string in the wrong place :')

    You put it here:
    PHP Code:
    //$name = $_POST['bean_avatarName'];
                $name mysql_real_escape_string($_POST['bean_avatarName']); 
    It also needs to be here:
    PHP Code:
    else if (isset($_POST['bean_avatarName']))
        {
                $registerErrors = Array();
        
                $name mysql_real_escape_string($_POST['bean_avatarName']);
                $password $_POST['bean_password'];
                $password2 $_POST['bean_retypedPassword'];
                $email $_POST['bean_email'];
                $dob_day $_POST['bean_day'];
                $dob_month $_POST['bean_month'];
                $dob_year $_POST['bean_year'];
                //$lang = $_POST['bean_lang']; 
    Instead of doing this, use..

    Code:
    function Filter($input = '') {
return mysql_real_escape_string($input); }
    Depending if you make new classes. It would be something like this.

    $blabab(blababa is your class)->(or ::)Filter;

    $name = $blabab->Filter($_POST['bean_avatarName']);


Page 4 of 5 FirstFirst 12345 LastLast
« Previous Thread | Next Thread »

Advertisement