Peace Hotel CMS (BoltCMS v1)

**positivewire** · 09-06-16

Hey,

This was just sitting on my PC, so I decided to release it to everyone, since I had many people requesting it :b

Features;

Multiple Languages (Screenshot by Lightshot) - Just make MY.lang.php in the /application/langs/ for the diff languages. I'm unsure what langs exist, but i have a turkish lang if you want it
Avatar Editor (Screenshot by Lightshot)
Working Email Activation (Just setup a mailgun account, the mailgun API is all there).
Node.JS Login alerts (Unfortunately i lost the node application, but it would be easy as shit to recode)
Homes & Home settings with snog (Screenshot by Lightshot, Screenshot by Lightshot)
Login, Trade, and chatlogs (Screenshot by Lightshot)
Nice stats page (http://prntscr.com/be1tya)
Nice shop (http://prntscr.com/be1u3w)

And much more, I won't be releasing the PayPal IPN, as it could have some vulnerability that I haven't seen, and i don't trust the community anymore.

Regardless, enjoy the cms, it's fast and secure! If large amounts of people need help/support for this, I'll make a support thread, otherwise juse PM me

(Can't remember which tables are used in this CMS, so here's a whole bunch. PM if I missed one.) SQL;

Code:

/*
Navicat MariaDB Data Transfer


Source Server         : localhost_3306
Source Server Version : 100114
Source Host           : localhost:3306
Source Database       : peace


Target Server Type    : MariaDB
Target Server Version : 100114
File Encoding         : 65001


Date: 2016-06-08 22:50:38
*/


SET FOREIGN_KEY_CHECKS=0;


-- ----------------------------
-- Table structure for cms_clicks
-- ----------------------------
DROP TABLE IF EXISTS `cms_clicks`;
CREATE TABLE `cms_clicks` (
  `id` int(15) NOT NULL AUTO_INCREMENT,
  `timestamp` varchar(100) NOT NULL,
  `ip_addr` varchar(100) NOT NULL,
  `where_from` varchar(100) NOT NULL,
  PRIMARY KEY (`id`)
) ENGINE=InnoDB AUTO_INCREMENT=1705 DEFAULT CHARSET=utf8;


-- ----------------------------
-- Table structure for cms_hk_logs
-- ----------------------------
DROP TABLE IF EXISTS `cms_hk_logs`;
CREATE TABLE `cms_hk_logs` (
  `id` int(11) NOT NULL AUTO_INCREMENT,
  `ip` varchar(255) NOT NULL,
  `data` text NOT NULL,
  `username` varchar(255) NOT NULL,
  PRIMARY KEY (`id`)
) ENGINE=InnoDB AUTO_INCREMENT=4538 DEFAULT CHARSET=latin1;


-- ----------------------------
-- Table structure for cms_logins
-- ----------------------------
DROP TABLE IF EXISTS `cms_logins`;
CREATE TABLE `cms_logins` (
  `id` int(20) NOT NULL AUTO_INCREMENT,
  `username` varchar(255) NOT NULL,
  `password` varchar(255) NOT NULL,
  `time` varchar(255) NOT NULL,
  `result` varchar(100) NOT NULL,
  `ip` varchar(100) NOT NULL,
  PRIMARY KEY (`id`)
) ENGINE=InnoDB AUTO_INCREMENT=16518 DEFAULT CHARSET=utf8;


-- ----------------------------
-- Table structure for cms_news
-- ----------------------------
DROP TABLE IF EXISTS `cms_news`;
CREATE TABLE `cms_news` (
  `id` int(11) NOT NULL AUTO_INCREMENT,
  `title` varchar(255) COLLATE latin1_general_ci DEFAULT NULL,
  `shortstory` text COLLATE latin1_general_ci,
  `longstory` text COLLATE latin1_general_ci,
  `published` int(10) NOT NULL DEFAULT '0',
  `image` varchar(255) COLLATE latin1_general_ci DEFAULT '/Public/Images/news/TS_Web60.png',
  `campaign` int(1) NOT NULL DEFAULT '0',
  `campaignimg` varchar(255) COLLATE latin1_general_ci NOT NULL DEFAULT '',
  `author` varchar(255) COLLATE latin1_general_ci NOT NULL DEFAULT '1',
  PRIMARY KEY (`id`)
) ENGINE=MyISAM AUTO_INCREMENT=40 DEFAULT CHARSET=latin1 COLLATE=latin1_general_ci;


-- ----------------------------
-- Table structure for cms_profile_snogs
-- ----------------------------
DROP TABLE IF EXISTS `cms_profile_snogs`;
CREATE TABLE `cms_profile_snogs` (
  `id` int(11) NOT NULL AUTO_INCREMENT,
  `to_id` int(11) NOT NULL DEFAULT '0',
  `from_id` int(11) NOT NULL DEFAULT '0',
  `type` varchar(20) NOT NULL DEFAULT 'snog',
  `message` varchar(250) NOT NULL DEFAULT '',
  `time` varchar(100) NOT NULL DEFAULT '',
  `seen` varchar(1) NOT NULL DEFAULT '0',
  PRIMARY KEY (`id`)
) ENGINE=MyISAM AUTO_INCREMENT=236 DEFAULT CHARSET=latin1;


-- ----------------------------
-- Table structure for cms_queries
-- ----------------------------
DROP TABLE IF EXISTS `cms_queries`;
CREATE TABLE `cms_queries` (
  `id` int(15) NOT NULL AUTO_INCREMENT,
  `data` varchar(500) NOT NULL,
  `time` varchar(100) NOT NULL,
  PRIMARY KEY (`id`)
) ENGINE=InnoDB AUTO_INCREMENT=1478 DEFAULT CHARSET=utf8;


-- ----------------------------
-- Table structure for cms_referrals
-- ----------------------------
DROP TABLE IF EXISTS `cms_referrals`;
CREATE TABLE `cms_referrals` (
  `id` int(15) NOT NULL AUTO_INCREMENT,
  `user` varchar(255) NOT NULL,
  `ip` varchar(255) NOT NULL,
  PRIMARY KEY (`id`)
) ENGINE=InnoDB AUTO_INCREMENT=49 DEFAULT CHARSET=latin1;


-- ----------------------------
-- Table structure for cms_settings
-- ----------------------------
DROP TABLE IF EXISTS `cms_settings`;
CREATE TABLE `cms_settings` (
  `id` int(11) NOT NULL AUTO_INCREMENT,
  `id_key` varchar(255) DEFAULT NULL,
  `value` varchar(255) DEFAULT NULL,
  PRIMARY KEY (`id`)
) ENGINE=MyISAM AUTO_INCREMENT=7 DEFAULT CHARSET=latin1;


-- ----------------------------
-- Table structure for cms_shop_packs
-- ----------------------------
DROP TABLE IF EXISTS `cms_shop_packs`;
CREATE TABLE `cms_shop_packs` (
  `id` int(11) NOT NULL AUTO_INCREMENT,
  `name` varchar(255) NOT NULL DEFAULT 'Null',
  `description` text NOT NULL,
  `img` varchar(355) NOT NULL DEFAULT 'null',
  `price` varchar(255) NOT NULL DEFAULT '0',
  `currency` varchar(5) NOT NULL DEFAULT 'USD',
  PRIMARY KEY (`id`)
) ENGINE=MyISAM AUTO_INCREMENT=19 DEFAULT CHARSET=latin1;


-- ----------------------------
-- Table structure for cms_shop_purchases
-- ----------------------------
DROP TABLE IF EXISTS `cms_shop_purchases`;
CREATE TABLE `cms_shop_purchases` (
  `id` int(11) NOT NULL AUTO_INCREMENT,
  `name` varchar(255) NOT NULL,
  `img` varchar(255) NOT NULL,
  `price` varchar(255) NOT NULL,
  `currency` varchar(255) NOT NULL DEFAULT 'USD',
  `date_given` varchar(255) NOT NULL,
  `delivered` varchar(1) NOT NULL DEFAULT '0',
  `user_id` varchar(11) NOT NULL,
  `donation` varchar(1) NOT NULL DEFAULT '0',
  PRIMARY KEY (`id`)
) ENGINE=MyISAM AUTO_INCREMENT=166 DEFAULT CHARSET=latin1;


-- ----------------------------
-- Table structure for cms_stats
-- ----------------------------
DROP TABLE IF EXISTS `cms_stats`;
CREATE TABLE `cms_stats` (
  `user_peak` int(4) NOT NULL DEFAULT '0',
  `rooms_peak` int(4) NOT NULL DEFAULT '0'
) ENGINE=InnoDB DEFAULT CHARSET=latin1;


-- ----------------------------
-- Table structure for cms_values
-- ----------------------------
DROP TABLE IF EXISTS `cms_values`;
CREATE TABLE `cms_values` (
  `id` int(11) NOT NULL AUTO_INCREMENT,
  `points` int(11) DEFAULT NULL,
  `name` varchar(255) DEFAULT NULL,
  `thrones` varchar(11) DEFAULT NULL,
  `dinos` varchar(11) DEFAULT NULL,
  `img` varchar(500) DEFAULT NULL,
  `last_edited` varchar(400) DEFAULT NULL,
  `last_points` int(11) DEFAULT NULL,
  `last_thrones` varchar(11) DEFAULT NULL,
  `last_dinos` varchar(11) DEFAULT NULL,
  PRIMARY KEY (`id`)
) ENGINE=MyISAM AUTO_INCREMENT=31 DEFAULT CHARSET=latin1;


-- ----------------------------
-- Table structure for cms_votes
-- ----------------------------
DROP TABLE IF EXISTS `cms_votes`;
CREATE TABLE `cms_votes` (
  `id` int(20) NOT NULL AUTO_INCREMENT,
  `username` varchar(150) NOT NULL,
  `timestamp` varchar(150) NOT NULL,
  `ip_addr` varchar(150) NOT NULL,
  PRIMARY KEY (`id`)
) ENGINE=InnoDB AUTO_INCREMENT=367 DEFAULT CHARSET=utf8;

Credits;
- @positivewire (Josh)
- @iExit
Download;

Download HERE

Let it be known; THERE IS NO HK FOR THIS.
Just setup BoostCMS/RevCMS on hk.domain.com and be done with it. I might release my HK too
http://prntscr.com/be20d9
http://prntscr.com/be20g4
http://prntscr.com/be20lr

**MentaL**

**Alozi** · 09-06-16

I love the cms layout & and all the functions, I see that you have worked hard on it too, nice work man, and thank you for the release

**Noisecontroller** · 09-06-16

I was hoping you relased Paypal IPN but else, awesome release!

**Brought** · 09-06-16

Keep up the good work with these releases. It seems people are very fond of them. The section needs a change from RevCMS anyway. I assume by default this CMS is compatible with Plus Emulator, correct?

**ovflowd** · 10-06-16

The design of the CMS is normal, what i really liked was the features. Nice features, specifically i liked the Home and Logs.
I remember that the CMS with biggest amount of Addons and Plugins was HoloCMS. Was a good time with HoloCMS.
I remember the Rare Items Page, Habbo Club Page, Limited Rares Page, and so many addons, like Minimail. Really good times.

Ah, and i don't liked the design of your HK, except the Login page. The colors doesn't combine and match.

**positivewire** · 10-06-16

Originally Posted by ovflowd

The design of the CMS is normal, what i really liked was the features. Nice features, specifically i liked the Home and Logs.
I remember that the CMS with biggest amount of Addons and Plugins was HoloCMS. Was a good time with HoloCMS.
I remember the Rare Items Page, Habbo Club Page, Limited Rares Page, and so many addons, like Minimail. Really good times.

Ah, and i don't liked the design of your HK, except the Login page. The colors doesn't combine and match.

Yeah, HoloCMS / PHPRetro xD I used them on my first hotels
I personally like that avatar editor on their register

**Jonteh** · 11-06-16

Originally Posted by Cankiee

Every CMS is compatible with every emulator in this fucking world.

Not unless you know how to edit queries, returns, and usages. Arcturus, Comet have totally different DB structures.

**NoBrain** · 11-06-16

Let's run through the list shall we?

No MVC? Check.
All core classes in one file? Check.
Calling static files from a "CDN" that's actually just a folder called "CDN" on the SAME server? Check.
Trash code? Check.
Node.JS mixed with PhP? Check. (why?)

I'd honestly recommend RevCMS over this, hell even UberCMS. I was showing this to Marit (maritnmine) and we were in tears. By the way, use public hosting rather than your own (for numerous reasons).

**Gaby** · 11-06-16

Was this intentional?

Damn people please don't use this until you escaped everything I put a square around. Not only did he not escape the username, he also forgot to escape the fucking machineid and even the REMOTE_ADDR. Dude these values can be manipulated into sql injections by 10 year olds. If you are running this CMS or are planning on, please go to appplication/application.php and escape everything I put a square around.

- - - Updated - - -

Also please change

PHP Code:


public static function getVips(){
    global $db;    
    $q = $db->runQuery("SELECT * FROM users WHERE rank_vip != 0 AND rank = 1 ORDER BY RAND() LIMIT 5");
    $vips = null;
    while($d = mysqli_fetch_array($q)){
        $subs = array();
        $subs[1] = '{$lang->shop_pack_one_name}';
        $subs[2] = '{$lang->shop_pack_two_name}';
        $subs[3] = '{$lang->shop_pack_three_name}';
        $vips .= '<tr><td width="65px" valign="top"><div style="height: 65px; width: 50px; float: left; overflow: hidden;"><img src="%imgr%?figure='.$d['look'].'"></div></td><td width="400px" valign="top"><strong>{$lang->application_username} <a href="%http%/home?user='.$d['username'].'">'.$d['username'].'</a></strong><br /><b>{$lang->application_registered}</b> '.date('M j, g a, Y', $d['account_created']).'<br /><b>{$lang->application_subscription}</b> '.$subs[$d['rank_vip']].'<br /><b>{$lang->application_diamonds}</b> '.number_format($d['vip_points']).'</td></tr>';
    }
    return $vips;
}
public static function getDonors(){
    global $db;
    $q = $db->runQuery("SELECT * FROM users ORDER BY donated_amount DESC LIMIT 5");
    $donors = null;
    while($d = mysqli_fetch_array($q)){
        $donors .= '<tr><td width="90px" valign="top"><div style="height: 80px; width: 50px; float: left; overflow: hidden;"><img src="%imgr%?figure='.$d['look'].'"></div></td><td width="427px" valign="top"><strong>{$lang->application_username} <a href="%http%/home?user='.$d['username'].'">'.$d['username'].'</a></strong><br />{$lang->application_total_donations} <b>$'.$d['donated_amount'].'</b><br /><br />{$lang->application_times_donated} '.$d['donated_times'].'</td></tr>';
    }
    return $donors;
}
public static function getRichestByRespect(){
    global $db;
    $getCredits = $db->runQuery("SELECT `id`,`Respect` FROM `user_stats` ORDER BY `Respect` DESC LIMIT 50");
    $amount = 0;
    $mostRespect = null;
    while($creditsStats = mysqli_fetch_array($getCredits)) {
        $user = $db->fetchArray("SELECT id,username,rank,look FROM users WHERE id = '".$db->secureData($creditsStats['id'])."' LIMIT 1");
        if($user['rank'] == 1 && $amount <= 10){
            $mostRespect .= '
                    <tr>
                        <td width="25%"><img src="%imgr%?figure=' . $user['look'] . '&size=m&headonly=1&direction32&head_direction=3&gesture=sml" align="left"></td> 
                        <td width="75%"><a href="/home?user='.$user['username'].'"><b>'.$user['username'].' (#'.$user['id'].')</b></a><br />'.number_format($creditsStats['Respect']).' {$lang->application_respects}.</td>
                    </tr>
                ';
            $amount++;
        }
    }
    return $mostRespect;
}
public static function getRichestByOnlineTime(){
    global $db;
    $getCredits = $db->runQuery("SELECT `id`,`OnlineTime` FROM `user_stats` ORDER BY `OnlineTime` DESC LIMIT 50");
    $amount = 0;
    $onlineTime = null;
    while($creditsStats = mysqli_fetch_array($getCredits)) {
        $user = $db->fetchArray("SELECT id,username,rank,look FROM users WHERE id = '".$db->secureData($creditsStats['id'])."' LIMIT 1");
        if($user['rank'] == 1 && $amount <= 10){
            $onlineTime .= '
                    <tr>
                        <td width="25%"><img src="%imgr%?figure=' . $user['look'] . '&size=m&headonly=1&direction32&head_direction=3&gesture=sml" align="left"></td> 
                        <td width="75%"><a href="/home?user='.$user['username'].'"><b>'.$user['username'].' (#'.$user['id'].')</b></a><br />'.boltCore::secondsToTime($creditsStats['OnlineTime']).' {$lang->application_online}.</td>
                    </tr>
                ';
            $amount++;
        }
    }
    return $onlineTime;
}
public static function getRichestByDiamonds(){
    global $db;
    $user2 = $db->runQuery("SELECT id,username,rank,vip_points,look FROM users WHERE username != 'Oxygen' ORDER BY vip_points DESC LIMIT 50");
    $amount = 0;
    $mostDiamonds = null;
    while($user = mysqli_fetch_array($user2)) {
        if($user['rank'] == '1' && $amount <= 10){
            $mostDiamonds .= '
                    <tr>
                        <td width="25%"><img src="%imgr%?figure=' . $user['look'] . '&size=m&headonly=1&direction32&head_direction=3&gesture=sml" align="left"></td> 
                        <td width="75%"><a href="/home?user='.$user['username'].'"><b>'.$user['username'].' (#'.$user['id'].')</b></a><br />'.number_format($user['vip_points']).' {$lang->application_diamonds}.</td>
                    </tr>
                ';
            $amount++;
        }
    }
    return $mostDiamonds;
}

To

PHP Code:


<?php
public static function getVips(){
    global $db;    
    $q = $db->runQuery("SELECT * FROM users WHERE rank_vip != 0 AND rank = 1 ORDER BY RAND() LIMIT 5");
    $vips = null;
    while($d = mysqli_fetch_array($q)){
        $subs = array();
        $subs[1] = '{$lang->shop_pack_one_name}';
        $subs[2] = '{$lang->shop_pack_two_name}';
        $subs[3] = '{$lang->shop_pack_three_name}';
        $vips .= '<tr><td width="65px" valign="top"><div style="height: 65px; width: 50px; float: left; overflow: hidden;"><img src="%imgr%?figure='.htmlspecialchars($d['look']).'"></div></td><td width="400px" valign="top"><strong>{$lang->application_username} <a href="%http%/home?user='.htmlspecialchars($d['username']).'">'.htmlspecialchars($d['username']).'</a></strong><br /><b>{$lang->application_registered}</b> '.date('M j, g a, Y', $d['account_created']).'<br /><b>{$lang->application_subscription}</b> '.$subs[$d['rank_vip']].'<br /><b>{$lang->application_diamonds}</b> '.number_format($d['vip_points']).'</td></tr>';
    }
    return $vips;
}
public static function getDonors(){
    global $db;
    $q = $db->runQuery("SELECT * FROM users ORDER BY donated_amount DESC LIMIT 5");
    $donors = null;
    while($d = mysqli_fetch_array($q)){
        $donors .= '<tr><td width="90px" valign="top"><div style="height: 80px; width: 50px; float: left; overflow: hidden;"><img src="%imgr%?figure='.htmlspecialchars($d['look']).'"></div></td><td width="427px" valign="top"><strong>{$lang->application_username} <a href="%http%/home?user='.htmlspecialchars($d['username']).'">'.htmlspecialchars($d['username']).'</a></strong><br />{$lang->application_total_donations} <b>$'.$d['donated_amount'].'</b><br /><br />{$lang->application_times_donated} '.$d['donated_times'].'</td></tr>';
    }
    return $donors;
}
public static function getRichestByRespect(){
    global $db;
    $getCredits = $db->runQuery("SELECT `id`,`Respect` FROM `user_stats` ORDER BY `Respect` DESC LIMIT 50");
    $amount = 0;
    $mostRespect = null;
    while($creditsStats = mysqli_fetch_array($getCredits)) {
        $user = $db->fetchArray("SELECT id,username,rank,look FROM users WHERE id = '".$db->secureData($creditsStats['id'])."' LIMIT 1");
        if($user['rank'] == 1 && $amount <= 10){
            $mostRespect .= '
                    <tr>
                        <td width="25%"><img src="%imgr%?figure=' . htmlspecialchars($user['look']) . '&size=m&headonly=1&direction32&head_direction=3&gesture=sml" align="left"></td> 
                        <td width="75%"><a href="/home?user='.htmlspecialchars($user['username']).'"><b>'.htmlspecialchars($user['username']).' (#'.$user['id'].')</b></a><br />'.number_format($creditsStats['Respect']).' {$lang->application_respects}.</td>
                    </tr>
                ';
            $amount++;
        }
    }
    return $mostRespect;
}
public static function getRichestByOnlineTime(){
    global $db;
    $getCredits = $db->runQuery("SELECT `id`,`OnlineTime` FROM `user_stats` ORDER BY `OnlineTime` DESC LIMIT 50");
    $amount = 0;
    $onlineTime = null;
    while($creditsStats = mysqli_fetch_array($getCredits)) {
        $user = $db->fetchArray("SELECT id,username,rank,look FROM users WHERE id = '".$db->secureData($creditsStats['id'])."' LIMIT 1");
        if($user['rank'] == 1 && $amount <= 10){
            $onlineTime .= '
                    <tr>
                        <td width="25%"><img src="%imgr%?figure=' . htmlspecialchars($user['look']) . '&size=m&headonly=1&direction32&head_direction=3&gesture=sml" align="left"></td> 
                        <td width="75%"><a href="/home?user='.htmlspecialchars($user['username']).'"><b>'.htmlspecialchars($user['username']).' (#'.$user['id'].')</b></a><br />'.boltCore::secondsToTime($creditsStats['OnlineTime']).' {$lang->application_online}.</td>
                    </tr>
                ';
            $amount++;
        }
    }
    return $onlineTime;
}
public static function getRichestByDiamonds(){
    global $db;
    $user2 = $db->runQuery("SELECT id,username,rank,vip_points,look FROM users WHERE username != 'Oxygen' ORDER BY vip_points DESC LIMIT 50");
    $amount = 0;
    $mostDiamonds = null;
    while($user = mysqli_fetch_array($user2)) {
        if($user['rank'] == '1' && $amount <= 10){
            $mostDiamonds .= '
                    <tr>
                        <td width="25%"><img src="%imgr%?figure=' . htmlspecialchars($user['look']) . '&size=m&headonly=1&direction32&head_direction=3&gesture=sml" align="left"></td> 
                        <td width="75%"><a href="/home?user='.htmlspecialchars($user['username']).'"><b>'.htmlspecialchars($user['username']).' (#'.$user['id'].')</b></a><br />'.number_format($user['vip_points']).' {$lang->application_diamonds}.</td>
                    </tr>
                ';
            $amount++;
        }
    }
    return $mostDiamonds;
}

For fucks sake people please just don't use this, it's not safe, I just looked at half of ONE file.

**Jiq** · 12-06-16

Nice CMS, btw if I am true that you've been combined between Boost and RevCMS ? bcs this what I've seen on Config.

**Geo** · 12-06-16

Originally Posted by Gaby

Was this intentional?

Damn people please don't use this until you escaped everything I put a square around. Not only did he not escape the username, he also forgot to escape the fucking machineid and even the REMOTE_ADDR. Dude these values can be manipulated into sql injections by 10 year olds. If you are running this CMS or are planning on, please go to appplication/application.php and escape everything I put a square around.

- - - Updated - - -

Also please change

PHP Code:


public static function getVips(){
    global $db;    
    $q = $db->runQuery("SELECT * FROM users WHERE rank_vip != 0 AND rank = 1 ORDER BY RAND() LIMIT 5");
    $vips = null;
    while($d = mysqli_fetch_array($q)){
        $subs = array();
        $subs[1] = '{$lang->shop_pack_one_name}';
        $subs[2] = '{$lang->shop_pack_two_name}';
        $subs[3] = '{$lang->shop_pack_three_name}';
        $vips .= '<tr><td width="65px" valign="top"><div style="height: 65px; width: 50px; float: left; overflow: hidden;"><img src="%imgr%?figure='.$d['look'].'"></div></td><td width="400px" valign="top"><strong>{$lang->application_username} <a rel="nofollow" href="%http%/home?user='.$d['username'].'">'.$d['username'].'</a></strong><br /><b>{$lang->application_registered}</b> '.date('M j, g a, Y', $d['account_created']).'<br /><b>{$lang->application_subscription}</b> '.$subs[$d['rank_vip']].'<br /><b>{$lang->application_diamonds}</b> '.number_format($d['vip_points']).'</td></tr>';
    }
    return $vips;
}
public static function getDonors(){
    global $db;
    $q = $db->runQuery("SELECT * FROM users ORDER BY donated_amount DESC LIMIT 5");
    $donors = null;
    while($d = mysqli_fetch_array($q)){
        $donors .= '<tr><td width="90px" valign="top"><div style="height: 80px; width: 50px; float: left; overflow: hidden;"><img src="%imgr%?figure='.$d['look'].'"></div></td><td width="427px" valign="top"><strong>{$lang->application_username} <a rel="nofollow" href="%http%/home?user='.$d['username'].'">'.$d['username'].'</a></strong><br />{$lang->application_total_donations} <b>$'.$d['donated_amount'].'</b><br /><br />{$lang->application_times_donated} '.$d['donated_times'].'</td></tr>';
    }
    return $donors;
}
public static function getRichestByRespect(){
    global $db;
    $getCredits = $db->runQuery("SELECT `id`,`Respect` FROM `user_stats` ORDER BY `Respect` DESC LIMIT 50");
    $amount = 0;
    $mostRespect = null;
    while($creditsStats = mysqli_fetch_array($getCredits)) {
        $user = $db->fetchArray("SELECT id,username,rank,look FROM users WHERE id = '".$db->secureData($creditsStats['id'])."' LIMIT 1");
        if($user['rank'] == 1 && $amount <= 10){
            $mostRespect .= '
                    <tr>
                        <td width="25%"><img src="%imgr%?figure=' . $user['look'] . '&size=m&headonly=1&direction32&head_direction=3&gesture=sml" align="left"></td> 
                        <td width="75%"><a rel="nofollow" href="/home?user='.$user['username'].'"><b>'.$user['username'].' (#'.$user['id'].')</b></a><br />'.number_format($creditsStats['Respect']).' {$lang->application_respects}.</td>
                    </tr>
                ';
            $amount++;
        }
    }
    return $mostRespect;
}
public static function getRichestByOnlineTime(){
    global $db;
    $getCredits = $db->runQuery("SELECT `id`,`OnlineTime` FROM `user_stats` ORDER BY `OnlineTime` DESC LIMIT 50");
    $amount = 0;
    $onlineTime = null;
    while($creditsStats = mysqli_fetch_array($getCredits)) {
        $user = $db->fetchArray("SELECT id,username,rank,look FROM users WHERE id = '".$db->secureData($creditsStats['id'])."' LIMIT 1");
        if($user['rank'] == 1 && $amount <= 10){
            $onlineTime .= '
                    <tr>
                        <td width="25%"><img src="%imgr%?figure=' . $user['look'] . '&size=m&headonly=1&direction32&head_direction=3&gesture=sml" align="left"></td> 
                        <td width="75%"><a rel="nofollow" href="/home?user='.$user['username'].'"><b>'.$user['username'].' (#'.$user['id'].')</b></a><br />'.boltCore::secondsToTime($creditsStats['OnlineTime']).' {$lang->application_online}.</td>
                    </tr>
                ';
            $amount++;
        }
    }
    return $onlineTime;
}
public static function getRichestByDiamonds(){
    global $db;
    $user2 = $db->runQuery("SELECT id,username,rank,vip_points,look FROM users WHERE username != 'Oxygen' ORDER BY vip_points DESC LIMIT 50");
    $amount = 0;
    $mostDiamonds = null;
    while($user = mysqli_fetch_array($user2)) {
        if($user['rank'] == '1' && $amount <= 10){
            $mostDiamonds .= '
                    <tr>
                        <td width="25%"><img src="%imgr%?figure=' . $user['look'] . '&size=m&headonly=1&direction32&head_direction=3&gesture=sml" align="left"></td> 
                        <td width="75%"><a rel="nofollow" href="/home?user='.$user['username'].'"><b>'.$user['username'].' (#'.$user['id'].')</b></a><br />'.number_format($user['vip_points']).' {$lang->application_diamonds}.</td>
                    </tr>
                ';
            $amount++;
        }
    }
    return $mostDiamonds;
}

To

PHP Code:


<?php
public static function getVips(){
    global $db;    
    $q = $db->runQuery("SELECT * FROM users WHERE rank_vip != 0 AND rank = 1 ORDER BY RAND() LIMIT 5");
    $vips = null;
    while($d = mysqli_fetch_array($q)){
        $subs = array();
        $subs[1] = '{$lang->shop_pack_one_name}';
        $subs[2] = '{$lang->shop_pack_two_name}';
        $subs[3] = '{$lang->shop_pack_three_name}';
        $vips .= '<tr><td width="65px" valign="top"><div style="height: 65px; width: 50px; float: left; overflow: hidden;"><img src="%imgr%?figure='.htmlspecialchars($d['look']).'"></div></td><td width="400px" valign="top"><strong>{$lang->application_username} <a rel="nofollow" href="%http%/home?user='.htmlspecialchars($d['username']).'">'.htmlspecialchars($d['username']).'</a></strong><br /><b>{$lang->application_registered}</b> '.date('M j, g a, Y', $d['account_created']).'<br /><b>{$lang->application_subscription}</b> '.$subs[$d['rank_vip']].'<br /><b>{$lang->application_diamonds}</b> '.number_format($d['vip_points']).'</td></tr>';
    }
    return $vips;
}
public static function getDonors(){
    global $db;
    $q = $db->runQuery("SELECT * FROM users ORDER BY donated_amount DESC LIMIT 5");
    $donors = null;
    while($d = mysqli_fetch_array($q)){
        $donors .= '<tr><td width="90px" valign="top"><div style="height: 80px; width: 50px; float: left; overflow: hidden;"><img src="%imgr%?figure='.htmlspecialchars($d['look']).'"></div></td><td width="427px" valign="top"><strong>{$lang->application_username} <a rel="nofollow" href="%http%/home?user='.htmlspecialchars($d['username']).'">'.htmlspecialchars($d['username']).'</a></strong><br />{$lang->application_total_donations} <b>$'.$d['donated_amount'].'</b><br /><br />{$lang->application_times_donated} '.$d['donated_times'].'</td></tr>';
    }
    return $donors;
}
public static function getRichestByRespect(){
    global $db;
    $getCredits = $db->runQuery("SELECT `id`,`Respect` FROM `user_stats` ORDER BY `Respect` DESC LIMIT 50");
    $amount = 0;
    $mostRespect = null;
    while($creditsStats = mysqli_fetch_array($getCredits)) {
        $user = $db->fetchArray("SELECT id,username,rank,look FROM users WHERE id = '".$db->secureData($creditsStats['id'])."' LIMIT 1");
        if($user['rank'] == 1 && $amount <= 10){
            $mostRespect .= '
                    <tr>
                        <td width="25%"><img src="%imgr%?figure=' . htmlspecialchars($user['look']) . '&size=m&headonly=1&direction32&head_direction=3&gesture=sml" align="left"></td> 
                        <td width="75%"><a rel="nofollow" href="/home?user='.htmlspecialchars($user['username']).'"><b>'.htmlspecialchars($user['username']).' (#'.$user['id'].')</b></a><br />'.number_format($creditsStats['Respect']).' {$lang->application_respects}.</td>
                    </tr>
                ';
            $amount++;
        }
    }
    return $mostRespect;
}
public static function getRichestByOnlineTime(){
    global $db;
    $getCredits = $db->runQuery("SELECT `id`,`OnlineTime` FROM `user_stats` ORDER BY `OnlineTime` DESC LIMIT 50");
    $amount = 0;
    $onlineTime = null;
    while($creditsStats = mysqli_fetch_array($getCredits)) {
        $user = $db->fetchArray("SELECT id,username,rank,look FROM users WHERE id = '".$db->secureData($creditsStats['id'])."' LIMIT 1");
        if($user['rank'] == 1 && $amount <= 10){
            $onlineTime .= '
                    <tr>
                        <td width="25%"><img src="%imgr%?figure=' . htmlspecialchars($user['look']) . '&size=m&headonly=1&direction32&head_direction=3&gesture=sml" align="left"></td> 
                        <td width="75%"><a rel="nofollow" href="/home?user='.htmlspecialchars($user['username']).'"><b>'.htmlspecialchars($user['username']).' (#'.$user['id'].')</b></a><br />'.boltCore::secondsToTime($creditsStats['OnlineTime']).' {$lang->application_online}.</td>
                    </tr>
                ';
            $amount++;
        }
    }
    return $onlineTime;
}
public static function getRichestByDiamonds(){
    global $db;
    $user2 = $db->runQuery("SELECT id,username,rank,vip_points,look FROM users WHERE username != 'Oxygen' ORDER BY vip_points DESC LIMIT 50");
    $amount = 0;
    $mostDiamonds = null;
    while($user = mysqli_fetch_array($user2)) {
        if($user['rank'] == '1' && $amount <= 10){
            $mostDiamonds .= '
                    <tr>
                        <td width="25%"><img src="%imgr%?figure=' . htmlspecialchars($user['look']) . '&size=m&headonly=1&direction32&head_direction=3&gesture=sml" align="left"></td> 
                        <td width="75%"><a rel="nofollow" href="/home?user='.htmlspecialchars($user['username']).'"><b>'.htmlspecialchars($user['username']).' (#'.$user['id'].')</b></a><br />'.number_format($user['vip_points']).' {$lang->application_diamonds}.</td>
                    </tr>
                ';
            $amount++;
        }
    }
    return $mostDiamonds;
}

For fucks sake people please just don't use this, it's not safe, I just looked at half of ONE file.

Damn, HTML inside functions is still a thing in 2016?

**positivewire** · 13-06-16

Originally Posted by pea-brain

Let's run through the list shall we?

No MVC? Check.
All core classes in one file? Check.
Calling static files from a "CDN" that's actually just a folder called "CDN" on the SAME server? Check.
Trash code? Check.
Node.JS mixed with PhP? Check. (why?)

I'd honestly recommend RevCMS over this, hell even UberCMS. I was showing this to Marit (maritnmine) and we were in tears. By the way, use public hosting rather than your own (for numerous reasons).

> Meh
> A few developers mentioned that it was faster, so I gave it a shot.
> If you didn't already realise, there is a config for the CDN (I used cdn.peace.tf and hosted the CSS/JS on there)
> The codes fine :b
> Node.JS was used when someone logged in, the node server sent an alert "X has logged in" to the page and a little alert popped up.

The poor download is likely your internet, the server it's on has 900 down 800 up.

Edit;
http://image.prntscr.com/image/fd465...0768568f55.png - I never noticed this.. I'll post a fixed version later on, with the escaped VIP functions.

- - - Updated - - -

Exploits patched, if any more are found, let me know and I'll patch them. https://cdn.peace.tf/peace_fixed.rar

**LeChris** · 13-06-16

Can't remember - but I recall you making remarks towards speed and efficiency in our systems.

Your system avg: 1.6kms (Siege Benchmarking) http://i.imgur.com/7ASgJIW.png
Imagine PHP avg: 181ms (Siege Benchmarking) http://i.imgur.com/SRwL0xq.png
Retaliation 3 avg: 18ms (Siege Benchmarking) http://i.imgur.com/7MTWL9X.png

It doesn't help your inability to code inefficiency also means you probably don't minimize your assets, but than again how much blame can you pin onto asset issue?

Example 2
Your CMS Speed
!-- Page rendered in: 0.14632 seconds. -->
Mine
Total execution time in seconds: 0.03828

Not to mention, Imagine runs extra tasks before making it's initial cache (Renders the template engine code, etc) which helps its load time tremendously. Example of the cache file shown in second screenshot, which is the final result of the template engine

btw, spaghetti code is horrible

Both of my systems run more queries on the page as well, to fetch configuration via database

**positivewire** · 13-06-16

Originally Posted by LeChris

Can't remember - but I recall you making remarks towards speed and efficiency in our systems.

Your system avg: 1.6kms (Siege Benchmarking) http://i.imgur.com/7ASgJIW.png
Imagine PHP avg: 181ms (Siege Benchmarking) http://i.imgur.com/SRwL0xq.png
Retaliation 3 avg: 18ms (Siege Benchmarking) http://i.imgur.com/7MTWL9X.png

It doesn't help your inability to code inefficiency also means you probably don't minimize your assets, but than again how much blame can you pin onto asset issue?

Example 2
Your CMS Speed
!-- Page rendered in: 0.14632 seconds. -->
Mine
Total execution time in seconds: 0.03828

Not to mention, Imagine runs extra tasks before making it's initial cache (Renders the template engine code, etc) which helps its load time tremendously. Example of the cache file shown in second screenshot, which is the final result of the template engine

btw, spaghetti code is horrible

Both of my systems run more queries on the page as well, to fetch configuration via database

You must have set this up rather poorly, because both on my PC and server, it was well under 0.1 -
Me refreshing the index - https://i.gyazo.com/4b8c4e3cc4113f19...00dd90b1cf.gif
Me refreshing the me page - https://i.gyazo.com/556420c70af437cb...5a601e452a.gif
Friendly tip: use 127.0.0.1 for the host, not localhost. MySQLi doesn't like host lookups.

btw, preference of code is down to an individuals opinion.

**LeChris** · 13-06-16

Originally Posted by positivewire

You must have set this up rather poorly, because both on my PC and server, it was well under 0.1 -
Me refreshing the index - https://i.gyazo.com/4b8c4e3cc4113f19...00dd90b1cf.gif
Me refreshing the me page - https://i.gyazo.com/556420c70af437cb...5a601e452a.gif
Friendly tip: use 127.0.0.1 for the host, not localhost. MySQLi doesn't like host lookups.

btw, preference of code is down to an individuals opinion.

Friendly tip,
My setup was the stock setup for all, there is no "poor" setup. Refreshing a page and viewing source does just that -shows you the source without getting the assets, etc. If I was to "view source" of my so called bulky Laravel it would show just as fast. Y
Once more at this thread,
Apologies for showing just how bad this is, when one person's work takes about 10 times as long - that is an issue. Sorry, you're new and like to classify everything you write as being "top of the line" or "fast." It's quite the opposite, when I see your source - I feel as if it's Uber all over again

Peace Hotel CMS (BoltCMS v1)

Thread Tools

Peace Hotel CMS (BoltCMS v1)

Re: Peace Hotel CMS (BoltCMS v1)

Re: Peace Hotel CMS (BoltCMS v1)

Re: Peace Hotel CMS (BoltCMS v1)

Re: Peace Hotel CMS (BoltCMS v1)

Re: Peace Hotel CMS (BoltCMS v1)

Re: Peace Hotel CMS (BoltCMS v1)

Re: Peace Hotel CMS (BoltCMS v1)

Re: Peace Hotel CMS (BoltCMS v1)

Re: Peace Hotel CMS (BoltCMS v1)

Re: Peace Hotel CMS (BoltCMS v1)

Re: Peace Hotel CMS (BoltCMS v1)

Re: Peace Hotel CMS (BoltCMS v1)

Re: Peace Hotel CMS (BoltCMS v1)

Re: Peace Hotel CMS (BoltCMS v1)

Advertisement