RevCMS Guest Login

[Dlyner]

Hello Ragezone!
I release today the guest login system nobody release this on ragezone (i think so)
But i do it today!

Screens
Guest:

You must be registered to see links

User:

You must be registered to see links

How to set up
1. Go tho you Community / Staff / News etc header
2. Place the script in the header screen:

You must be registered to see links

3. And its done!

Script

 <?php
// Guest Login System Made By Dlyner aka .Atakan don't remove the Credits Please :')

if (!isset($_SESSION['user']['id']))
echo '
<div id="subnavi-login">
        <form action="index" method="post">
           
            <ul>
                <li>
                    <label for="login-username" class="login-text"><b>{hotelname}naam</b></label>
                    <input tabindex="1" type="text" class="login-field" name="log_username" id="login-username" />
                    <input id="login-form-submit" type="submit" value="Login" name="login"><i></i></a>
                    <input type="submit" id="login-submit-button" value="Log in" class="submit"/>
                </li>
                <li><br>
                    <label style="margin-top: -9px;" for="login-password" class="login-text"><b>Wachtwoord</b></label>
                    <input style="margin-top: -9px;""tabindex="2" type="password" class="login-field" name="log_password" id="login-password" />
                    <input style="margin-top: -9px;"style="margin-top: -2px;"tabindex="3" type="checkbox" name="_login_remember_me" value="true" id="login-remember-me" />
                    <label style="margin-top: -9px;"for="login-remember-me" class="left">Onthoud dit account</label>
                </li>
            </ul>
        </form>
        <div id="subnavi-login-help" class="clearfix">
            <ul>
                <li class="register"><a href="https://www.habbo.nl/account/password/forgot" id="forgot-password"><span>Wachtwoord vergeten?</span></a></li>
                <li><a href="/quickregister/start"><span>Meld je gratis aan</span></a></li>
            </ul>
        </div>
<div id="remember-me-notification" class="bottom-bubble" style="display:none;">
    <div class="bottom-bubble-t"><div></div></div>
    <div class="bottom-bubble-c">
            Door dit te selecteren blijf je ingelogd in {hotelname} Hotel totdat je op Log uit klikt.
    </div>
    <div class="bottom-bubble-b"><div></div></div>
</div>
    </div>


<script type="text/javascript">
    LoginFormUI.init();
    RememberMeUI.init("right");
</script>


';


?>

Credits
Atakan aka Dlyner (me)
Habbo

 

[The General]

Don't you have to put a ';' (semicolon) after echo? echo "something";

 

[Dlyner]

Don't you have to put a ';' (semicolon) after echo? echo "something";

Yes but this works to ;p

 

[AskethZ]

Why would you echo such a long amount of text.
Just end the php after '{' with '?>', add your HTML login thingy, and then end it with '<?php } ?>'

Much easier, and ofcourse, it would be nicer indeed to release something in proper PHP, therefore use a semicolon if you echo it anyways.
EDIT: When using an 'if' statement, you should use curly braces.

But the idea is nice! I like it, users can easily check the site out before joining. Good job!

 

[RetroPiggy]

This is ok but I have seen this in CMS's I have used in the past.

 

[Dlyner]

This is ok but I have seen this in CMS's I have used in the past.

I know its not my cms but i make the system on that cms

 

[Moogly]

Don't you have to put a ';' (semicolon) after echo? echo "something";

Another PHP oddity, since it's the only line of code, I guess it's considered valid PHP.

 

[The General]

Another PHP oddity, since it's the only line of code, I guess it's considered valid PHP.

Guess PHP is a poop language cos it isn't really strict in its syntax...

 

[Moogly]

Guess PHP is a poop language cos it isn't really strict in its syntax...

I wasn't saying that, but I was pointing out the last possibility. This is really bad practice though if anything...

 

[maartenvn]

This looks good.
But you should make a system that guest could enter the hotel with a name like guest-4598.

 

[Jamal7]

This looks good.
But you should make a system that guest could enter the hotel with a name like guest-4598.

This means that users can advertise easily. I bet nobody want this.

 

[maartenvn]

This means that users can advertise easily. I bet nodoby want this.

It was just an idea.
You can still ban the IP.

 

[Vimsoration]

With this script you can do SQL injections. Bad coding at all, not secure.

 

[Dlyner]

With this script you can do SQL injections. Bad coding at all, not secure.

How you can Injection this ?
I dont use the sql that's in the cms not in my login system its 100% safe revcms have a forgot and xss exploit

 

[Vimsoration]

How you can Injection this ?
I dont use the sql that's in the cms not in my login system its 100% safe revcms have a forgot and xss exploit

This is unsecure:

if (!isset($_SESSION['user']['id']))

Use this (more secure):

if ( isset($_SESSION['user']) && $_SESSION['id'] == true ) {

 

[Dlyner]

This is unsecure:


Use this (more secure):

Dont Works for me.

Update
The script is now mutch better

 

[asesinato]

With this script you can do SQL injections. Bad coding at all, not secure.

All I have seen from you is hate on other peoples work, yet you release nothing. Also, how the hell can

if(isset($_SESSION['user']['id']))

be vulnerable to SQL injections? You're giving bad advice & have no idea what the hell you're talking about.

PS, your 'better' practice example code doesn't even work, so I have this to say to you

Spoiler

Bad coding

 

[RetroPiggy]

I know its not my cms but i make the system on that cms

Maybe on some of the newer CMS's but some that I have used and had this function were released 1-2 maybe even 3 years ago.

 

[The General]

This is unsecure:


Use this (more secure):

Do you even know what associative arrays are?

Also if id is a boolean you could just do $_SESSION as the == true is redundant.

Besides that I highly doubt that the key 'id' exists and that it is a boolean. Check for $_SESSION['user']['id'] is more than enough and certainly has no security flaws.

Get your poop togheter when you post and make sure your code is valid and doesn't make you look like a script kiddie.

 

[Dlyner]

Maybe on some of the newer CMS's but some that I have used and had this function were released 1-2 maybe even 3 years ago.

This function is never released?