[Packages][MySqli][Templates][Epicness] BoostCMS 1.0 ~ Official Release Thread

Page 4 of 8 FirstFirst 12345678 LastLast
Results 46 to 60 of 110
  1. #46
    Valued Member Monsma is offline
    MemberRank
    Dec 2011 Join Date
    The NetherlandsLocation
    126Posts

    Re: [Packages][MySqli][Templates][Epicness] BoostCMS 1.0 ~ Official Release Thread

    Quote Originally Posted by TR10G33K View Post
    Most Fastest HabboCMS is Project-Resource by Monsma that he never released on this forum because he was scared about bad comments.
    But you can google it
    Ontopic:

    nice, hope it exploitfree.
    But i heard you use Prepared Statements so i wont worry about it too much!
    im not scared but i do not release any more sinds people like to rename it al i think you have to listen what i say the next time

  2. #47

    Re: [Packages][MySqli][Templates][Epicness] BoostCMS 1.0 ~ Official Release Thread

    Live preview not working

  3. #48
    Owner of Habbo.ac iRaged is offline
    MemberRank
    Nov 2011 Join Date
    229Posts

    Re: [Packages][MySqli][Templates][Epicness] BoostCMS 1.0 ~ Official Release Thread

    You should probably secure the configuration files..


  4. #49
    "(still lacks brains)" NoBrain is offline
    MemberRank
    Sep 2011 Join Date
    United KingdomLocation
    2,658Posts

    Re: [Packages][MySqli][Templates][Epicness] BoostCMS 1.0 ~ Official Release Thread

    Quote Originally Posted by iRaged View Post
    You should probably secure the configuration files..

    Can't stop laughing at that XD

  5. #50
    retired Andrew is offline
    MemberRank
    Jun 2008 Join Date
    985Posts

    Re: [Packages][MySqli][Templates][Epicness] BoostCMS 1.0 ~ Official Release Thread

    Quote Originally Posted by iRaged View Post
    You should probably secure the configuration files..

    Yeah, I tested this out yesterday and noticed that.

    You need to create a .htaccess file in the Configuration directory with the following:

    Code:
    deny from all
    nice try though.

  6. #51
    I don't even know azaidi is offline
    MemberRank
    Apr 2010 Join Date
    the NetherlandsLocation
    2,065Posts

    Re: [Packages][MySqli][Templates][Epicness] BoostCMS 1.0 ~ Official Release Thread

    Quote Originally Posted by iRaged View Post
    You should probably secure the configuration files..

    Wow shit totally forgot about that..
    So either put a deny from all htaccess file in there or just delete the .txts after they are parsed

    For IIS:

    Open web.config
    Under
    <rule name="Imported Rule 1">
    <match url="^([^.]*)$" ignoreCase="false" />
    <action type="Rewrite" url="index.php" />
    </rule>
    Add
    <rule name="RequestBlockingRule1" patternSyntax="Wildcard" stopProcessing="true">
    <match url="*" />
    <conditions>
    <add input="{URL}" pattern="/Boost/Configuration/*" />
    </conditions>
    <action type="CustomResponse" statusCode="404" statusReason="File or directory not found." statusDescription="The resource you are looking for might have been removed, had its name changed, or is temporarily unavailable." />
    </rule>

  7. #52
    Live Ocottish Sverlord Joopie is online now
    LegendRank
    Jun 2010 Join Date
    The NetherlandsLocation
    2,773Posts

    Re: [Packages][MySqli][Templates][Epicness] BoostCMS 1.0 ~ Official Release Thread

    or, make it a php file =)

  8. #53
    ☮TAKU???? seanrom is offline
    MemberRank
    Nov 2009 Join Date
    1,004Posts

    Re: [Packages][MySqli][Templates][Epicness] BoostCMS 1.0 ~ Official Release Thread

    Quote Originally Posted by Joopie View Post
    or, make it a php file =)
    Or don't store it in a publicly available folder at all :)
    Store all the CMS files in a sub location under www/htdocs/w.e
    That's the safest thing to do.

  9. #54
    Ultra Light Beam Makarov is offline
    MemberRank
    Apr 2010 Join Date
    GothamLocation
    3,622Posts

    Re: [Packages][MySqli][Templates][Epicness] BoostCMS 1.0 ~ Official Release Thread

    What compelled you to use a text file, of all things?

  10. #55
    No, Just no. Matthew is offline
    MemberRank
    Jul 2008 Join Date
    United KingdomLocation
    1,408Posts

    Re: [Packages][MySqli][Templates][Epicness] BoostCMS 1.0 ~ Official Release Thread

    Quote Originally Posted by iRaged View Post

    I think I just died inside. And I can't even begin to explain....

  11. #56
    ส็็็็็็็ Bloodraven is offline
    MemberRank
    Sep 2009 Join Date
    AntarcticaLocation
    2,414Posts

    Re: [Packages][MySqli][Templates][Epicness] BoostCMS 1.0 ~ Official Release Thread

    I've been on three hotels that haven't protected that..

  12. #57
    I don't even know azaidi is offline
    MemberRank
    Apr 2010 Join Date
    the NetherlandsLocation
    2,065Posts

    Re: [Packages][MySqli][Templates][Epicness] BoostCMS 1.0 ~ Official Release Thread

    I am really sorry about the stupidity where people could see your MySQL Password and fixed it, and uploaded the new version on the main post. But if you didn't portforward port 3306 nobody should've been able to do anything to your hotel
    Last edited by azaidi; 03-09-13 at 05:00 PM.

  13. #58
    No, Just no. Matthew is offline
    MemberRank
    Jul 2008 Join Date
    United KingdomLocation
    1,408Posts

    Re: [Packages][MySqli][Templates][Epicness] BoostCMS 1.0 ~ Official Release Thread

    Quote Originally Posted by azaidi View Post
    I am really sorry about that exploit where people could see your MySQL Password and fixed it, and uploaded the new version on the main post. But if you didn't portforward port 3306 nobody should've been able to do anything to your hotel
    It's not an exploit. It's stupidity. Why on earth are you not putting the configurations in a PHP file which is protected from the public even accessing the file? Did you really think storing database credentials in a .txt file which is on a public webserver is a good idea? If you're stupid enough to do this there must be other flaws in your CMS.

    I recommend people do not use this, unless someone who actually knows/cares about server/PHP security is willing to take the time to thoroughly examine the code and give confirmation that it is safe.

  14. #59
    Valued Member KevinZuiker is offline
    MemberRank
    May 2012 Join Date
    On EarthLocation
    114Posts

    Re: [Packages][MySqli][Templates][Epicness] BoostCMS 1.0 ~ Official Release Thread

    Hi guys, there was something wrong with the web.config. If you would change your clothes you get disconnected. So I fixed up the web.config. Also you need to put this in your wwwroot:

    https://mega.co.nz/#!hVcgxJhA!M66_YD...ohIrYVVG2TR7QE

    And replace your web.config with this:
    PHP Code:
    <?xml version="1.0" encoding="UTF-8"?>
    <configuration>
        <system.webServer>
            <rewrite>
                <rules>
                    <rule name="Imported Rule 1">
                        <match url="^([^.]*)$" ignoreCase="false" />
                        <action type="Rewrite" url="index.php" />
                    </rule>
                    <rule name="RequestBlockingRule1" patternSyntax="Wildcard" stopProcessing="true">
                        <match url="*" />
                        <conditions>
                            <add input="{URL}" pattern="/Boost/Configuration/*" />
                        </conditions>
                        <action type="CustomResponse" statusCode="404" statusReason="File or directory not found." statusDescription="The resource you are looking for might have been removed, had its name changed, or is temporarily unavailable." />
                    </rule>
                    <rule name="Imported Rule 100">
                        <match url="^(([A-Za-z0-9\-_]+/)*[A-Za-z0-9\-_]+)?$" ignoreCase="false" />
                        <conditions logicalGrouping="MatchAll">
                            <add input="{REQUEST_FILENAME}" matchType="IsDirectory" ignoreCase="false" negate="true" />
                            <add input="{REQUEST_FILENAME}" matchType="IsFile" ignoreCase="false" negate="true" />
                        </conditions>
                        <action type="Rewrite" url="{R:1}.php" />
                    </rule>
                    <rule name="Imported Rule 1-1">
                        <match url="^habblet/xml/promo_habbos$" ignoreCase="false" />
                        <action type="Rewrite" url="habblet/xml/promo_habbos.php" />
                    </rule>
                </rules>
            </rewrite>
            <httpErrors>
                <remove statusCode="404" subStatusCode="-1" />
                <remove statusCode="403" subStatusCode="-1" />
                <error statusCode="403" prefixLanguageFilePath="" path="/index.php" responseMode="ExecuteURL" />
                <error statusCode="404" prefixLanguageFilePath="" path="/index.php" responseMode="ExecuteURL" />
            </httpErrors>
        </system.webServer>
    </configuration>
    This is tested on swiftemu.
    Last edited by KevinZuiker; 03-09-13 at 07:55 PM.

  15. #60
    Live Ocottish Sverlord Joopie is online now
    LegendRank
    Jun 2010 Join Date
    The NetherlandsLocation
    2,773Posts

    Re: [Packages][MySqli][Templates][Epicness] BoostCMS 1.0 ~ Official Release Thread

    There are some things I dont understand.. for example: why do you even save your config as a txt file when in your php code you clearly generate a php file from those txt files. Dump that feature and use ONLY the php files..

    Other then that, keep it up. Looks better everytime. You should look up MVC when you have time ;)



Page 4 of 8 FirstFirst 12345678 LastLast

Advertisement