Atless Fix As many exploits As you can before Releasing,Quote:
Originally Posted by mmaxwell
4 exploits thats just in the Register not the CMS -.-
Printable View
Atless Fix As many exploits As you can before Releasing,Quote:
Originally Posted by mmaxwell
4 exploits thats just in the Register not the CMS -.-
Some $_GET. Never i'll download it.
He´s starting on CMS creation. Let's take it easy to him... :)
Anyways, good work Droppy, but I know you can do it better.
Because your CMS is just as shitty?Quote:
Originally Posted by At0m
Anywho ; This is very in-secure.. Don't release it unless ready for release.
$_SESSION=array();Quote:
Originally Posted by Emetophobic
session_destroy();
You don't have to unset it double. First you unset all []s and then you unset $_SESSION self? Just only session_destroy() is enough. Not flaming or something, just trying to help you ;)
Sorry, but, what CMS is a "shitty" ?Quote:
Originally Posted by Habbro
Thanks to At0m and some people to help hold the crowd.
I said in this topic is a "FRAMEWORK", so it is only a basis for you to create. If you want to create other to create, I've created CMS safer, in fact, I was editing another cms that I had created 100% safe. Anti-XSS Exploit, Anti-SQL Injection, System login, etc..
As I said when I created I was without internet, so could not look for ADD-Ons for her.
My internet came back yesterday.
So before you call the CMS Shit, or the like, read the topic.
Oh, thanks dude!
Can't register. :mellow:
I have a problem with my client. the client only loads up to 70% and then remains standing and nothing happens remember why one?
sorry for my bad english i'm german
Its problem with the External Vars. Test all links, and test again.Quote:
Originally Posted by GheddoMonsta
I have a new problem the client invites an end but then he crashed a white directly what it is? variable on the left, I checked sorry for my bad english
Using names like this:
Will bite you in the back when you come back to this code. Something like executionTime would be much better. In the snippets above it's not even used at all yet declared on every page. A templating system will save you a lot of headaches too.Code:<script type="text/javascript">
var andSoItBegins = (new Date()).getTime();
</script>
There's a nice shell of a script here - with enough work it'll be a very nice script. Keep coding but be clever about it!
Registrar.php has a error o_0
Code:Parse error: syntax error, unexpected $end in C:\xampp\web\registrar.php on line 185
Well, what's on line 185? :P:Quote:
Originally Posted by Boraida
Posted via Mobile Device
line 185:Quote:
Originally Posted by <Nominal />
registrar.php:Code:?>
Code:<?php
include("mysql.php");
@$page = $_GET['page'];
if(!isset($page)){
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" xmlns:og="http://opengraphprotocol.org/schema/" xmlns:fb="http://www.facebook.com/2008/fbml">
<head>
<meta http-equiv="content-type" content="text/html; charset=utf-8" />
<title>Habbo: </title>
<script type="text/javascript">
var andSoItBegins = (new Date()).getTime();
</script>
<link rel="shortcut icon" href="<? echo $site; ?>web-gallery/v2/favicon.ico" type="image/vnd.microsoft.icon" />
<link rel="alternate" type="application/rss+xml" title="Habbo: RSS" href="http://www.habbo.no/articles/rss.xml" />
<meta name="csrf-token" content="d9de8f482f"/>
<link rel="stylesheet" href="<? echo $site; ?>web-gallery/static/styles/common.css" type="text/css" />
<script src="<? echo $site; ?>web-gallery/static/js/libs2.js" type="text/javascript"></script>
<script src="<? echo $site; ?>web-gallery/static/js/visual.js" type="text/javascript"></script>
<script src="<? echo $site; ?>web-gallery/static/js/libs.js" type="text/javascript"></script>
<script src="<? echo $site; ?>web-gallery/static/js/common.js" type="text/javascript"></script>
<link rel="stylesheet" href="<? echo $site; ?>web-gallery/static/styles/quickregister.css" type="text/css" />
<!--[if IE 8]>
<link rel="stylesheet" href="<? echo $site; ?>web-gallery/static/styles/ie8.css" type="text/css" />
<![endif]-->
<!--[if lt IE 8]>
<link rel="stylesheet" href="<? echo $site; ?>web-gallery/static/styles/ie.css" type="text/css" />
<![endif]-->
<!--[if lt IE 7]>
<link rel="stylesheet" href="<? echo $site; ?>web-gallery/static/styles/ie6.css" type="text/css" />
<script src="<? echo $site; ?>web-gallery/static/js/pngfix.js" type="text/javascript"></script>
<script type="text/javascript">
try { document.execCommand('BackgroundImageCache', false, true); } catch(e) {}
</script>
<style type="text/css">
body { behavior: url(/js/csshover.htc); }
</style>
<![endif]-->
<meta name="build" content="63-BUILD678 - 22.08.2011 23:04 - no" />
</head>
<body id="client" class="background-accountdetails-male">
<div id="overlay"></div>
<img src="<? echo $site; ?>web-gallery/v2/images/page_loader.gif" style="position:absolute; margin: -1500px;" />
<script type="text/javascript">
HabboView.add(function () {
ChangePassword.init();
});
</script>
<div id="main-container">
<div id="error-placeholder"></div>
<div id="title">
Let us meet you!
</div>
<form method="post" action="?page=090j9f0w9jef0q9we09qewqwfqwjroqewifjqwoerinqwe0rqnwerq9werq9we8rhqw9e8rhqw9e8rhqw9er8hqwe98rhqw98ehrq9wehr9eqw8hr" id="quickregister-form">
<div id="inner-container">
<div class="inner-content bottom-border">
<div id="email-notice" class="field-content"><span style="font-size:14px; color: #22b9f1;">You need an account to login</span></div>
<div class="field-content clearfix">
<div class="left">
<div class="field">
<div class="label" class="registration-text">Username</div>
<input type="text" id="username" name="username" maxlength="20" value="" />
</div>
</div>
<div class="right">
<div class="help">Enter the name you wish</div>
</div>
</div>
<div class="field-content clearfix">
<div class="left">
<div class="field">
<div class="label" class="registration-text">Password</div>
<input type="password" name="password" id="register-password" maxlength="32" value="" />
</div>
</div>
<div class="right">
<div class="help">Enter a hard password!</b></div>
</div>
</div>
<div class="field-content clearfix">
<div class="left">
<div class="field">
<div class="label" class="registration-text">E-mail</div>
<input type="text" id="email-address" name="email" value="" />
</div>
</div>
</div>
</div>
</div>
<input type="submit" value="Register" />
</form>
</div>
<script type="text/javascript">
HabboView.run();
</script>
</body>
</html>
<br />
<center><script type="text/javascript" src="http://widgets.amung.us/classic.js"></script><script type="text/javascript">WAU_classic('k8lvxyq45tkd')</script>
<?
}
else
{
@$username = $_POST['username'];
@$password = $_POST['password'];
@$email = $_POST['email'];
$result = mysql_query("SELECT * FROM users WHERE username='$username' ORDER BY id DESC Limit 1");
$numeros = mysql_num_rows($result);
$string = $email;
if (strpos($string, '@') == false || strpos($string, '.') == false)
{
?><script> alert('Please enter a correct email.'); </script>
<head>
<meta http-equiv="refresh" content="0; URL=registrar.php">
</head><?
}
else{
if($numeros < 1){
if(isset($username) && isset($password) && isset($email))
{
$ip = $_SERVER['REMOTE_ADDR'];
mysql_query("INSERT INTO users VALUES (NULL, '$username', '$password', 'ea-1405-62.ch-3030-110.ca-3225-84-93.hd-3095-7.sh-3089-1336.hr-3163-61.lg-275-96', 'M', 'Boraida is koel', '$ip', '50000', '100000', '500', '0', 'USER', '0', '0', '0')");
?>
<head>
<meta http-equiv="refresh" content="2; URL=index.php">
</head>
<?
}
}
else{
?>
<script> alert('This username already exists. Please choose another.'); </script>
<head>
<meta http-equiv="refresh" content="0; URL=registrar.php">
</head> <?
}
}
}
?>