Illumina CMS [PHP, OOP, Phoenix/Butterfly, Updated]

[Magicman]

There is issue with the staff pages, two out of four of them work do you any solutions?

Such as Founders and mods page work but not managers or admin it shows 404 error, which the pages are there so I'm not sure why it says 404 every minute.

 

[Dan822]

any way to fix/remove this?

 

[Jonteh]

any way to fix/remove this?

In client habblet support will be added in 2.0.3 which is the current revision i'm working on.

You can also disable this in the external variables.

 

[Magicman]

When will the exploit be fix?

 

[PRIZM]

When will the exploit be fix?

Which exploit? -.-

 

[Delici0us]

Has anyone actually noticed the un-escaped SQL query or is it just me?

if(isAllowed($_POST["Username"], $_POST["Password"]))

(The function from: admin_required.php)

    function isAllowed($username, $password) {
        global $db;
        if($check = $db->query("SELECT username,password,rank FROM users WHERE username = '" . $username . "'")) {
            while($data = $check->fetch_assoc()) {
                $dbPassword = $data['password'];
                $dbRank = $data['rank'];
            }
        }

 

[Hejula]

Has anyone actually noticed the un-escaped SQL query or is it just me?

if(isAllowed($_POST["Username"], $_POST["Password"]))

(The function from: admin_required.php)

    function isAllowed($username, $password) {
        global $db;
        if($check = $db->query("SELECT username,password,rank FROM users WHERE username = '" . $username . "'")) {
            while($data = $check->fetch_assoc()) {
                $dbPassword = $data['password'];
                $dbRank = $data['rank'];
            }
        }

Hardly shocking is it haha, we all seem to expect security holes like this in Jonty's releases.

 

[Matthew-the-man]

Has anyone actually noticed the un-escaped SQL query or is it just me?

if(isAllowed($_POST["Username"], $_POST["Password"]))

(The function from: admin_required.php)

    function isAllowed($username, $password) {
        global $db;
        if($check = $db->query("SELECT username,password,rank FROM users WHERE username = '" . $username . "'")) {
            while($data = $check->fetch_assoc()) {
                $dbPassword = $data['password'];
                $dbRank = $data['rank'];
            }
        }

Oh wow! So would I have to remove

function isAllowed($username, $password) {

and the exploit will go? or the whole thing

function isAllowed($username, $password) {
global $db;
if($check = $db->query("SELECT username,password,rank FROM users WHERE username = '" . $username . "'")) {
while($data = $check->fetch_assoc()) {
$dbPassword = $data['password'];
$dbRank = $data['rank'];
}
}

 

[Matthew-the-man]

Ehehe fixed days ago in my private copy, I'm not releasing anymore to RZ



Just like we should expect to get fucked over when trusting you

Of Course, you would put a exploit in your cms! lol

 

[Delici0us]

Oh wow! So would I have to remove and the exploit will go? or the whole thing

No of course you don’t remove the entire function, which is vital. Just add the following at the very top of the “isAllowed” function.

$username = $db->real_escape_string($username);

To be quite frank, I don’t know why you are all still swarming this poop. It’s a half arsed attempt at something good. He can’t even make his mind up between prepared statements or normal queries. It’s just complete poop.

Edit:

Just to ensure you can’t call me a faggot or a hater, take a look at this. This just defeats the purpose of a prepared statement.

$db->prepare("INSERT INTO users (username,password,mail,auth_ticket,rank,look,gender,motto,home_room,credits,activity_points,last_online,account_created,ip_last,ip_reg) VALUES ('" . $username . "','" . $passwordHash . "','" . $email . "','','" . $rank . "','" . $figure . "','" . $sex . "', '" . $motto . "', '" . $homeroom . "','15000','1000','','" . date('d-M-Y') . "', '".$_SERVER['REMOTE_ADDR']."', '".$_SERVER['REMOTE_ADDR']."')")) {

 

[Jonteh]

No of course you don’t remove the entire function, which is vital. Just add the following at the very top of the “isAllowed” function.

$username = $db->real_escape_string($username);

To be quite frank, I don’t know why you are all still swarming this poop. It’s a half arsed attempt at something good. He can’t even make his mind up between prepared statements or normal queries. It’s just complete poop.

Edit:

Just to ensure you can’t call me a faggot or a hater, take a look at this. This just defeats the purpose of a prepared statement.

$db->prepare("INSERT INTO users (username,password,mail,auth_ticket,rank,look,gender,motto,home_room,credits,activity_points,last_online,account_created,ip_last,ip_reg) VALUES ('" . $username . "','" . $passwordHash . "','" . $email . "','','" . $rank . "','" . $figure . "','" . $sex . "', '" . $motto . "', '" . $homeroom . "','15000','1000','','" . date('d-M-Y') . "', '".$_SERVER['REMOTE_ADDR']."', '".$_SERVER['REMOTE_ADDR']."')")) {

Feel free to release an entire CMS of your own, then you're allowed to critisize. This is why RaGEZONE is dying, peace.

 

[Delici0us]

Feel free to release an entire CMS of your own, then you're allowed to critisize. This is why RaGEZONE is dying, peace.

RaGEZONE is dying because of cancers like you releasing infected poop so you can destroy others. Don’t expect anyone to cry about your departure.

 

[Matthew-the-man]

If I was e-whoring let me assure you I wouldn’t be posting poop in your thread. The truth of the matter is you always do this when you’re caught. As for me releasing an exploit, I doubt it when I’ve never released anything on to RaGEZONE that could be infected.

But carry on, how’s the downtime going?

Thanks, and did I do it right?

$username = $db->real_escape_string($username);
global $light;
if($light->hashing_method == "Normal") {
return sha1(md5($pass) . strtolower($user));
}
else if($light->hashing_method == "MD5") {
return md5($pass);
}

 

[Delici0us]

Thanks ;D

LOL! It should look like this.

    function isAllowed($username, $password) {
        $username = $db->real_escape_string($username);
        global $db;
        if($check = $db->query("SELECT username,password,rank FROM users WHERE username = '" . $username . "'")) {
            while($data = $check->fetch_assoc()) {
                $dbPassword = $data['password'];
                $dbRank = $data['rank'];
            }
        }
        $enterPassword = hashPass($password, $username);
        if($enterPassword != $dbPassword) {
            return false;
        }
        else if(!hasFuse($username, 'login')) {
            return false;
        }
        return true;
    }

 

[Matthew-the-man]

LOL! It should look like this.

    function isAllowed($username, $password) {
        $username = $db->real_escape_string($username);
        global $db;
        if($check = $db->query("SELECT username,password,rank FROM users WHERE username = '" . $username . "'")) {
            while($data = $check->fetch_assoc()) {
                $dbPassword = $data['password'];
                $dbRank = $data['rank'];
            }
        }
        $enterPassword = hashPass($password, $username);
        if($enterPassword != $dbPassword) {
            return false;
        }
        else if(!hasFuse($username, 'login')) {
            return false;
        }
        return true;
    }

My bad, Thanks Again... !

 

[vLife]

Main post has been removed. So thread is closed now. If anyone wants to re-upload and release feel free to.