Globe CMS [FOR SNOWLIGHT]

[Perreps1]

Hello Guys,
I started using this development as a joke, only for me to "test" my knowledge in php, but I saw that the project was cool and decided to launch...

Specifications:
- Login / Logout 100%
- Slider / News System 100%
- External Login 100%
- System Maintenance 100%
- Register 80% (But for the register is normal)
- Housekeeping 80%
- Locking in IExplorer 100% (Bug in Design)

Well let the images...

Images:

Snippets:




Index:


Me:


Settings:


External Login:


Browser Page:


Download:
Mediafire

Credits: Souza

You are invited to distribute since put my credits: Souza
Sorry my English, because i'm portuguese.
The CMS is in Portuguese!
Thanks for reading!!

[MentaL]

[azaidi]

I see a lot of double quotes in your coding
And you have a lot of double ifs and elses with no coding in it.

The structure isn't bad, just some small things that can be fatal in a production environment.

PHP Code:

$rows = mysql_num_rows($userq);
if($rows >= 1)
{
    $value = 1;
}
    else
{
    $value = 0;
}
return $value; 


Or just use

PHP Code:

return (mysql_num_rows($userq) == 0); 


____
Reading throught the source some more and I can see a lot of unfinished and exploitable code.
First off all use concentrated strings with single quotes, second don't use require_once but use require (remove all the includes on top of the classes -_-).

$user_data[''.$value.''] WTF? $user_data[$value] would be better.

$username = $_POST["username"];
$query = mysql_query("SELECT account_name FROM users WHERE account_name = '".$username."' LIMIT 1;");

Exploit.

if($GlobeUsers->GetBadges($_SESSION['account_name']) >= "11" && $GlobeUsers->GetBadges($_SESSION['account_name']) <= "13")
{

}
else
{
$GlobeSecurity->Redirect("maintenance.php");
}

can be changed to

if(!($GlobeUsers->GetBadges($_SESSION['account_name']) >= "11" && $GlobeUsers->GetBadges($_SESSION['account_name']) <= "13"))
{
$GlobeSecurity->Redirect("maintenance.php");
}

[Bui]

It's funny how you deny access to users who use Internet Explorer but you yourself use and recommend Google Chrome. I'm going to re-upload this, but remove access restriction from IE users and block Google Chrome users.

Good work, OP.

EDIT: Delivered: http://ompldr.org/vZnlwYw
Perhaps you could learn a thing or two from this, OP.

[Perreps1]

I see a lot of double quotes in your coding
And you have a lot of double ifs and elses with no coding in it.

The structure isn't bad, just some small things that can be fatal in a production environment.

PHP Code:

$rows = mysql_num_rows($userq);
if($rows >= 1)
{
    $value = 1;
}
    else
{
    $value = 0;
}
return $value; 


Or just use

PHP Code:

return (mysql_num_rows($userq) == 0); 


____
Reading throught the source some more and I can see a lot of unfinished and exploitable code.
First off all use concentrated strings with single quotes, second don't use require_once but use require (remove all the includes on top of the classes -_-).

$user_data[''.$value.''] WTF? $user_data[$value] would be better.

$username = $_POST["username"];
$query = mysql_query("SELECT account_name FROM users WHERE account_name = '".$username."' LIMIT 1;");

Exploit.

if($GlobeUsers->GetBadges($_SESSION['account_name']) >= "11" && $GlobeUsers->GetBadges($_SESSION['account_name']) <= "13")
{

}
else
{
$GlobeSecurity->Redirect("maintenance.php");
}

can be changed to

if(!($GlobeUsers->GetBadges($_SESSION['account_name']) >= "11" && $GlobeUsers->GetBadges($_SESSION['account_name']) <= "13"))
{
$GlobeSecurity->Redirect("maintenance.php");
}

Thank you for downloading...
and thanks for the tips is that I am a beginner in php :(

[TheDictator]

It haves many errors in the index...

[The General]

It haves many errors in the index...

And many exploits.

[V for Vendetta]

It haves many errors in the index...

You have obviously done something wrong that it sows errors, because it doesn't show any for me.

Try searching them up and fix them that might work out.