I like it man. Except for the fact Zap Hotel indeed has a panel and is fully dynamic _WITH_ the API powering it behind the scenes. I like it though. You shouldn't have released it.
Printable View
I like it man. Except for the fact Zap Hotel indeed has a panel and is fully dynamic _WITH_ the API powering it behind the scenes. I like it though. You shouldn't have released it.
LOL?!Quote:
Originally Posted by Jontycat
- Who cares what Zap has, this isn't a show off thread.
- Can you not see the exploits?
- If no, put this on Zap and see people exploit it! :)
Next time you beg to be friends on msn, I won't listen.Quote:
Originally Posted by Putako
Yes because this indeed isn't my work is it:
http://gyazo.com/18623118484e5341bb8f43e217efd134.png
To let you know the only things on my cms thats from uberCMS is the housekeeping and core class. Every, single, other, fucking, thing differs from it.
zCMS is indeed a complete re-write of uberCMS, fixing multiple issues that no one else found (because none of you are that interested anyway, I work as a programmer now so I get a lot of spare time)
The image by the way is part of my PayPal IPN. I'll release it sometime when I close my hotel in a year or so. (earning $$ from it atm)
Also, I have quite a life. Infact, the only reason Zap is still running is because it's earning me a few thousand dollars a month and that just enables me to go to different parties with more booze :cool:
Also, the only reason i'm online on the weekdays is because I left school early to pursue a career and my friends are still at school. But hey, we can still hang when schools out.
FYI i'm not fat, you can see this on my facebook if you know what the url is.
I don't release anything more on RZ because people don't apprecitate it. Maybe i'll release a trial version of zCMS sometime soon. You'll see the fucking code differences.
Putako - you aren't shit. You can design little layouts like a bitch and rip things. rCMS was a rip of uberCMS yes, and it had that little exploit that I (not intentionally, it was built for me no one else) had in there, but zCMS is completely different. No, you wont be seeing code snippets, you can see it when I release the limited functionality version :8:
Please don't critisize, i've learned a lot about PHP in the last few months and I now deem myself satisfactory :)
You can always ask Hejula about how different zCMS is to normal uber :)
PS: In a way I suppose i'm actually quite like Meth0d. He ripped uber when he wasn't good, and I ripped uber. But now i'm decent I can code my own shit :)
---------- Post added at 10:22 PM ---------- Previous post was at 10:15 PM ----------
Sorry, mistake. Meth0d ripped ION and I ripped uber. A little high :(
True story is obviously true, cause it's posted on a forum and all. And yeah, clearly you are high, cause every teenager on the internet is 'high' right?
You:
"LOL xDDD I eurn monay and go get hai". I see the same on youtube, wrote by 13 year olds. Just sayin'
haha good few paragraphs. i'm not like this in real life at all lol, infact, i'm really nice in real life. the only reason im a cunt on the internet is because i'm a competitive person and i feel the need to be better than everyone (sometimes its not reality but i still treat myself better) idk why, but ya. nah, in real life i treat everyone nicely, i just am not looking for friends on the internet cus i dont give a fuck lol!
i dont really want to post snippets. it's the poorest template engine you'll ever see.
eg:
similar to that. i think its nicer for some reason.PHP Code:// initiate community header
include "templates/vital/community.php";
// end
i'm generally just chilling with my friends. partying hard. everything a 17 year old guy should be doing. ya ya.
as for Matthew, from the way he types and the amount of time he spends here i'd say he's about 16 and fat. thx.
Making assumptions over the internet about some one in real life You're obviously intelligent. And yeah, if you are good for you. No need to say it, It's making it sound like you're covering up who you really are. Which is probably a 14 year old who pretends to get high and drink when really you're a social reject, hence you trying to justify you falling out of school to do 'programming'. lolol okay, yeah sounds like you got bullied out of school. Also, just because you can code a few PHP scripts doesn't mean you're a programmer. Just saying :)Quote:
Originally Posted by Jontycat
No doubt you're bull shitting or if you are you're still a little annoying kid. Real men don't boast about drinking, especially on an internet forum.
Prove I'm fat, prove I'm 16. And I'll get back to you. Other wise shut the fuck up. No one likes you. Go pretend to be high and 17 some where else. Talking shit on a MMORPG forum doesn't cut it for me.
Quote:
Originally Posted by Putako
How am I a noob? You are the noob flaming threads. Look at your post count. Flame-Count much. And at least Jonty can code unlike you, you leecher.
Putako, I don't see your problem. You go around this forum abusing users, flaming threads, and saying I release edits of CMS/EMU's, at least I try to get myself involved in the community. Also, I am learning to code, yeah, I am, and the fact is you can't handle it, and you will probably reply something like "uhh, you are not learning to code".
I really don't see why we always have to fight, And don't lie, you admitted on MSN ages ago that you are 11 years old. And FYI I am a 13 yr-old boy who is busy with Highschool not stupid forums and "thinking" I can code like a pro. You are not perfect yourself, you have ripped things multiple of times. And I bet you still do rip, don't talk about me ripping, look at yourself.
And please, just leave this forum, because the more you abuse users, the quicker you are going to get banned. So I suggest you leave RaGEZONE, or you get your childish act together and start contributing to the forum instead of flaming and abusing other users.
if this is exploitable doesn't it mean it can be easily verified and redirected?
Okay, kids. Can we stop arguing who can code?
Make love not war :love:
ON TOPIC:
I can see exploits, you may want to wrap strip_tags($variable) around the variable.
Which would remove those HTML </ < > tags :)
Also mysql_real_escape_string($variables), this would take out
\x00, \n, \r, \, ', " and \x1a.
Fuck i'm tough, I flame bitches on a forum...
I know Jonty and yes he does party as he claims...
You are all fucking useless... Isn't this meant to be about Paypal API...
Yet no its abuse everyone again half of you should be fucking banned for being off topic.
ON TOPIC - Nice release. Habplus has its own IPN system but I wanna try this seems nice :) Also layout should fit into the Habbo theme... Skimmed over about removing and modifying as you said you didn't want it. Does this include the style?
You are the reason no one wants to contribute to this community anymore. Daily Badge? I don't have a daily badge.Quote:
Originally Posted by Putako
Also faggot isn't really offensive because I know my sexuality, So yeah... Cool story bro.
Okay, Change it to 0.1cents. Buy it... Then you get banned.
So love you too babes
ex 0h ex 0h gossip gurl
Welcome to Ragezone.. Flame Central... LAWL...
Good to know that no one here can contribute without having there shit ripped apart. Going to other forums someone release a system that just redirects you to a script after and they got praised for there work but corrected. Here its, YU R SUH FAG0TZ GuyZZ!!! Tough... Real tough.
we all know your gay michael cause we sleep together babes. btw txt me; 027 875 1980
lol@jonty.
This is just a rip from paypal with some shit added. o/
but good try i guess?
I am going to make myself extremely clear here for all the online "tough kids". What I released has absolutely no exploits. I don't know if you are stupid enough to realize or don't know how Paypal API works, or both (which I am guessing it is both).
The $_POST variables are all assigned values within the HTML. Users are not putting in custom values, so unless the server owner is stupid enough to add "TRUNCATE TABLE blah blah" as a variable then it is NOT exploitable.
If you think you are smart and can just go to the paypal.php file and do like ?custom=TRUNCATE TABLE blah blah then you are again highly mistaken. If a connection is not made by Paypal Inc. then it will automatically dump your connection and you'll just get a white page.
For those that think adding like mysql_real_escape_str etc will do anything it won't. All it will do is slow down the code seeing as PHP is an interpreted language.
Crystal clear? :8:
lol kkQuote:
Originally Posted by Sond
Yeah any one who knows a bit of php and html knows this. That's why you can edit the HTML to your liking client side. And then submit to Paypal? Such as you have the field 'custom'. Which you can edit to what ever you want as, Paypal won't check. Hence you can transmit an injection through the API. You can inject through both POST and GET. Again, this is basic stuff and you should know this Jacob.Quote:
The $_POST variables are all assigned values within the HTML.[
Obviously because a GET isn't defined for that and there's no function(s) for it.Quote:
If you think you are smart and can just go to the paypal.php file and do like ?custom=TRUNCATE TABLE blah blah then you are again highly mistaken. If a connection is not made by Paypal Inc. then it will automatically dump your connection and you'll just get a white page.
As said before, which you have ignored. There is no check for currency posted or the amount. If you use this API and your users are savvy enough they can send their payment in yen with the value of like 0.5. They will still get the item, regardless.
Plus, all your script is, is a MySQL query and the standard Paypal PHP IPN.
are you sure most of you are male, cuz you bitch and complain more den an average girl on there period... XD
beside this topic not having any positive results mod should just lock it down.
Putako - zCMS is very unique :P It's source looks nothing like the uberCMS source let's just say that :L
your little brain has not realized that PayPal returns payment data..Quote:
Originally Posted by Matthew
Whilst paying you can change the POST variables to what you want. And pay in what ever currency you want. Has your little brain realised that?Quote:
Originally Posted by capostrike93
Unless you have an secure way to auto accept payments, like having a forum so that the vBulletin API automatically adds VIP to your hotel username, or some secure scripts you make, you are better off just adding a custom text field for the donate button, so the user sends there hotel username with the payment.
you still do not understand, you can obtain payment details from paypal api..Quote:
Originally Posted by Matthew
If you are willing to pay to exploit my server. By all means, be my guest. It's a good thing pizza is only $2.40. You can buy me lunch. Note, if you didn't completely read my thread which it is evident that is the case, I only released a demo code for the success. I do not expect servers to use it word for word.Quote:
Originally Posted by Matthew
kthxbai (as you would probably say or think) :sneaky2:.
How can you rip something that everyone is encouraged to download by the software creators. Interesting terminology, run back home little boy.Quote:
Originally Posted by iPixelHotel