RevCMS habbo theme edit & RevCMS Housekeeping release

Page 21 of 25 FirstFirst ... 1113141516171819202122232425 LastLast
Results 301 to 315 of 363
  1. #301
    HostSavor.com Lewislol is offline
    MemberRank
    Jul 2013 Join Date
    498Posts

    Re: RevCMS habbo theme edit & RevCMS Housekeeping release

    Decided to do more work on forgot password system because I was bored.
    Updates since last time.
    Now redone it so it is done via actions.


    - - - Updated - - -

    Anyone have any suggestions on what to improve so far?
    btw the ts $_GET is as I didn't have MySQL access for a few minutes & needed to check db structure.

    Code:
    removed
    Will change some things in abit to make sure it is 100% secure.

    - - - Updated - - -

    Never done email related things before(SMTP), if anyone has any experience just PM me.
    It's annoying me.
    Last edited by Lewislol; 11-04-15 at 11:19 PM.

  2. #302
    HostSavor.com Lewislol is offline
    MemberRank
    Jul 2013 Join Date
    498Posts

    Re: RevCMS habbo theme edit & RevCMS Housekeeping release

    Just checked a friends error logs and he used the bug reporting page I released.
    I noticed people have made a tool spamming it eventually causing his site to go down.(Over 20000 post submits in under 5 minutes).
    I would advise you to remove this page as soon as possible and wait till tomorrow when I have a chance to recode it with security as #1 priority.

  3. #303
    Member Dann Marchelo is offline
    MemberRank
    Jul 2013 Join Date
    50Posts

    Re: RevCMS habbo theme edit & RevCMS Housekeeping release

    Code:
    <?php 
                                            $sql = mysql_query("SELECT username FROM hk_issues WHERE username = '".$_SESSION['user']['username']."'");
                                            if($_POST['add_ban']){
                                                $text = mysql_real_escape_string($_POST['text']);
                                                $type = mysql_real_escape_string($_POST['type']);
                                                $username = mysql_real_escape_string($_POST['username']);
                                                $resolved = mysql_real_escape_string($_POST['resolved']);
                                                
                                                if(empty($text)){
                                                    echo '<div class = "alert">You have not entered a bug/feature request?</div><br>';
                                                }
                                                
                                                else if($_SESSION['user']['username'] == 'Test'){
                                                    echo '<div class = "alert" style = "height:50px;">Please make your own account to submit a feature request.</div>';
                                                }
                                                
                                                else{    
                                                if(mysql_num_rows($sql) < 1){
                                                    $query = "INSERT INTO hk_issues SET type='{$type}', text='{$text}', username='" . $_SESSION['user']['username'] ."'";
                                                    mysql_query($query) or die ("Error in query: {$logtest}. ".mysql_error());
                                                    mysql_query($banlog);
                                                    echo '<div class = "alert">Bug/Feature request added successfully.<meta http-equiv="refresh" content="3;url={url}/bugs"/></div><br>';
                                                }else{
                                                    echo '<div class = "alert">You already have an open/pending issue!</div><br />';
                                               } 
                                              }
                                            }
                                    ?>
    I was bored that should be fine I guess. http://prntscr.com/4ehx54

  4. #304
    hi JackHoll is offline
    MemberRank
    Mar 2013 Join Date
    UKLocation
    469Posts

    Re: RevCMS habbo theme edit & RevCMS Housekeeping release

    Quote Originally Posted by Dann Marchelo View Post
    I was bored that should be fine I guess. http://prntscr.com/4ehx54
    Thanks for the fix.

  5. #305
    Member Damien Jolly is offline
    MemberRank
    Apr 2014 Join Date
    89Posts

    Re: RevCMS habbo theme edit & RevCMS Housekeeping release

    Quote Originally Posted by Dann Marchelo View Post
    Code:
    <?php 
                                            $sql = mysql_query("SELECT username FROM hk_issues WHERE username = '".$_SESSION['user']['username']."'");
                                            if($_POST['add_ban']){
                                                $text = mysql_real_escape_string($_POST['text']);
                                                $type = mysql_real_escape_string($_POST['type']);
                                                $username = mysql_real_escape_string($_POST['username']);
                                                $resolved = mysql_real_escape_string($_POST['resolved']);
                                                
                                                if(empty($text)){
                                                    echo '<div class = "alert">You have not entered a bug/feature request?</div><br>';
                                                }
                                                
                                                else if($_SESSION['user']['username'] == 'Test'){
                                                    echo '<div class = "alert" style = "height:50px;">Please make your own account to submit a feature request.</div>';
                                                }
                                                
                                                else{    
                                                if(mysql_num_rows($sql) < 1){
                                                    $query = "INSERT INTO hk_issues SET type='{$type}', text='{$text}', username='" . $_SESSION['user']['username'] ."'";
                                                    mysql_query($query) or die ("Error in query: {$logtest}. ".mysql_error());
                                                    mysql_query($banlog);
                                                    echo '<div class = "alert">Bug/Feature request added successfully.<meta http-equiv="refresh" content="3;url={url}/bugs"/></div><br>';
                                                }else{
                                                    echo '<div class = "alert">You already have an open/pending issue!</div><br />';
                                               } 
                                              }
                                            }
                                    ?>
    I was bored that should be fine I guess. http://prntscr.com/4ehx54
    Should store user ID rather than username. Would be better for the hotels that have :flagme and the ability to change name.

  6. #306
    Member Dann Marchelo is offline
    MemberRank
    Jul 2013 Join Date
    50Posts

    Re: RevCMS habbo theme edit & RevCMS Housekeeping release

    But who would flagme 20k times just to abuse the system? Added userid anyway.


    Code:
    DROP TABLE IF EXISTS `hk_issues`;
    CREATE TABLE `hk_issues` (
      `id` int(11) unsigned NOT NULL AUTO_INCREMENT,
      `type` enum('bug','request','') NOT NULL,
      `text` varchar(255) NOT NULL,
      `username` varchar(255) NOT NULL,
      `userid` int(11) DEFAULT '0',
      `resolved` text,
      PRIMARY KEY (`id`)
    ) ENGINE=InnoDB DEFAULT CHARSET=utf8;
    Code:
    <?php                                          $sql = mysql_query("SELECT userid,username FROM hk_issues WHERE (userid='".$_SESSION['user']['id']."' OR username='".$_SESSION['user']['username']."')");
                                            if($_POST['add_ban']){
                                                $text = mysql_real_escape_string($_POST['text']);
                                                $type = mysql_real_escape_string($_POST['type']);
                                                $username = mysql_real_escape_string($_POST['username']);
                                                $userid = mysql_real_escape_string($_POST['userid']);
                                                $resolved = mysql_real_escape_string($_POST['resolved']);
                                                
                                                if(empty($text)){
                                                    echo '<div class = "alert">You have not entered a bug/feature request?</div><br>';
                                                }
                                                
                                                else if($_SESSION['user']['id'] == ''){
                                                    echo '<div class = "alert">Please log in to submit a feature request.</div>';
                                                }
                                                
                                                else{    
                                                if(mysql_num_rows($sql) < 1){
                                                    $query = "INSERT INTO hk_issues SET type='{$type}', text='{$text}', username='" . $_SESSION['user']['username'] ."', userid='" . $_SESSION['user']['id'] ."'";
                                                    mysql_query($query) or die ("Error in query: {$logtest}. ".mysql_error());
                                                    mysql_query($banlog);
                                                    echo '<div class = "alert">Bug/Feature request added successfully.<meta http-equiv="refresh" content="3;url={url}/bugs"/></div><br>';
                                                }else{
                                                    echo '<div class = "alert">You already have an open/pending issue!</div><br />';
                                               } 
                                              }
                                            }
                                    ?>
    http://prntscr.com/4ej9js

  7. #307
    HostSavor.com Lewislol is offline
    MemberRank
    Jul 2013 Join Date
    498Posts

    Re: RevCMS habbo theme edit &amp;amp;amp; RevCMS Housekeeping release

    Quote Originally Posted by Dann Marchelo View Post
    But who would flagme 20k times just to abuse the system? Added userid anyway.


    Code:
    DROP TABLE IF EXISTS `hk_issues`;
    CREATE TABLE `hk_issues` (
      `id` int(11) unsigned NOT NULL AUTO_INCREMENT,
      `type` enum('bug','request','') NOT NULL,
      `text` varchar(255) NOT NULL,
      `username` varchar(255) NOT NULL,
      `userid` int(11) DEFAULT '0',
      `resolved` text,
      PRIMARY KEY (`id`)
    ) ENGINE=InnoDB DEFAULT CHARSET=utf8;
    Code:
    <?php                                          $sql = mysql_query("SELECT userid,username FROM hk_issues WHERE (userid='".$_SESSION['user']['id']."' OR username='".$_SESSION['user']['username']."')");
                                            if($_POST['add_ban']){
                                                $text = mysql_real_escape_string($_POST['text']);
                                                $type = mysql_real_escape_string($_POST['type']);
                                                $username = mysql_real_escape_string($_POST['username']);
                                                $userid = mysql_real_escape_string($_POST['userid']);
                                                $resolved = mysql_real_escape_string($_POST['resolved']);
                                                
                                                if(empty($text)){
                                                    echo '<div class = "alert">You have not entered a bug/feature request?</div><br>';
                                                }
                                                
                                                else if($_SESSION['user']['id'] == ''){
                                                    echo '<div class = "alert">Please log in to submit a feature request.</div>';
                                                }
                                                
                                                else{    
                                                if(mysql_num_rows($sql) < 1){
                                                    $query = "INSERT INTO hk_issues SET type='{$type}', text='{$text}', username='" . $_SESSION['user']['username'] ."', userid='" . $_SESSION['user']['id'] ."'";
                                                    mysql_query($query) or die ("Error in query: {$logtest}. ".mysql_error());
                                                    mysql_query($banlog);
                                                    echo '<div class = "alert">Bug/Feature request added successfully.<meta http-equiv="refresh" content="3;url={url}/bugs"/></div><br>';
                                                }else{
                                                    echo '<div class = "alert">You already have an open/pending issue!</div><br />';
                                               } 
                                              }
                                            }
                                    ?>
    http://prntscr.com/4ej9js
    Just to answer your question.
    The owners of Rise Hotel would.

    - - - Updated - - -

    Done it with a check, will make a housekeeping addon for this soon.
    Create Function
    Code:
    								 <?php 
    										if($_POST['add_ban']){
    											$text = mysql_real_escape_string($_POST['text']);
    											$type = mysql_real_escape_string($_POST['type']);
    											$username = mysql_real_escape_string($_POST['username']);
    											$resolved = mysql_real_escape_string($_POST['resolved']);
    											$bugcheck = mysql_query("SELECT id, resolved FROM hk_issues WHERE username = '{$_SESSION['user']['username']}' AND resolvedc = '0'");
    
    
    											if(empty($text)){
    												echo '<div class = "alert">You have not entered a bug/feature request?</div><br>';
    											}
    											
    
    
    											if(mysql_num_rows($bugcheck) >= 2){
    												echo 'You must wait until your current bug reports are resolved.';
    											}
    											
    											else{	
    												$query = "INSERT INTO hk_issues SET type='{$type}', text='{$text}', username='" . $_SESSION['user']['username'] ."'";
    												mysql_query($query) or die ("Error in query: {$logtest}. ".mysql_error());
    												mysql_query($banlog);
    												echo '<div class = "alert">Bug/Feature request added successfully.<meta http-equiv="refresh" content="3;url={url}/bugs"/></div><br>';
    											}
    										}
    								?>
    									<form method = "post">
    										<select name = "type">
    										  <option value="bug">Bug</option>
    										  <option value="request">Feature Request</option>
    										</select><br>
    										<b>Bug/Feature?: </b><br><input type = "text" value = "<?php echo $_POST['text']; ?>" name = "text"><br><br>
    										<input type = "sub
    SQL
    Code:
    DROP TABLE IF EXISTS `hk_issues`;
    CREATE TABLE `hk_issues` (
      `id` int(11) unsigned NOT NULL AUTO_INCREMENT,
      `type` enum('bug','request','') NOT NULL,
      `text` varchar(255) NOT NULL,
      `username` varchar(255) NOT NULL,
      `resolved` text,
      `resolvedc` enum('0','1') NOT NULL,
      PRIMARY KEY (`id`)
    ) ENGINE=InnoDB AUTO_INCREMENT=7 DEFAULT CHARSET=utf8;
    
    
    -- ----------------------------
    -- Records of hk_issues
    -- ----------------------------
    INSERT INTO `hk_issues` VALUES ('1', 'bug', 'l', 'Test', 'Content', '0');
    INSERT INTO `hk_issues` VALUES ('2', 'bug', 'l', 'Test', 'Content', '1');
    INSERT INTO `hk_issues` VALUES ('3', 'bug', 'l', 'Test', 'Content', '1');
    INSERT INTO `hk_issues` VALUES ('4', 'bug', 'te', 'Test', 'Content', '1');
    INSERT INTO `hk_issues` VALUES ('5', 'bug', '.', 'Test', null, '1');
    INSERT INTO `hk_issues` VALUES ('6', 'bug', 'l', 'Test', null, '0');
    Added a column 'resolvedc' that needs to be set for 1 in order for the user to make more than three requests.

    - - - Updated - - -

    Forgot to post add case "bugs": to class.core near cases so it can't be viewed if someone does not have a active session( near case "me": )

    - - - Updated - - -

    This thread can be closed, I can't be assed working on this anymore.
    Might release my DJ panel & Forgot password system in a few weeks but depends on how I feel.

  8. #308
    The one and only! Hejula is offline
    MemberRank
    Nov 2008 Join Date
    4,128Posts

    Re: RevCMS habbo theme edit & RevCMS Housekeeping release

    Quote Originally Posted by Lewislol View Post
    Just checked a friends error logs and he used the bug reporting page I released.
    I noticed people have made a tool spamming it eventually causing his site to go down.(Over 20000 post submits in under 5 minutes).
    I would advise you to remove this page as soon as possible and wait till tomorrow when I have a chance to recode it with security as #1 priority.
    @Joopie had SMTP email in BrickPHP (I think it was this one) and maybe you'll be able to use it as an example? I haven't got a copy of it any more but he might if you ask nicely

  9. #309
    Live Ocottish Sverlord Joopie is online now
    LegendRank
    Jun 2010 Join Date
    The NetherlandsLocation
    2,767Posts

    Re: RevCMS habbo theme edit & RevCMS Housekeeping release

    Quote Originally Posted by Hejula View Post
    @Joopie had SMTP email in BrickPHP (I think it was this one) and maybe you'll be able to use it as an example? I haven't got a copy of it any more but he might if you ask nicely
    Or just use phpmailer, thats the one I'm currently using for my framework. There are enough examples on their github to set it up for your needs.

  10. #310
    Now you can tag me! Detox is offline
    MemberRank
    May 2009 Join Date
    NorwayLocation
    1,822Posts

    Re: RevCMS habbo theme edit & RevCMS Housekeeping release

    Re-opened upon original posters request.

  11. #311
    HostSavor.com Lewislol is offline
    MemberRank
    Jul 2013 Join Date
    498Posts

    Re: RevCMS habbo theme edit & RevCMS Housekeeping release

    Sick of getting PMs with people saying "I am getting hacked using this CMS" so I am going to post a download with a few updates in the next few days.
    Will remove the forgotten password exploit and throw in a few extra features.
    Features planned
    - Two factor authentication(Security Pins)
    - Login on housekeeping
    - Basic forgotten password system
    - Updated habbo index added(credits to another user, cba doing it myself)
    - Redoing some design aspects.
    - MySQLi class added(credits to @wesley66101 but added a few little tweaks myself)
    - Better home page.

    And another few little things.
    I know RevCMS is outdated but most hotels I see uses it so I thought i would do one last version.

  12. #312
    Novice Nexeuz is offline
    MemberRank
    Apr 2015 Join Date
    2Posts

    Re: RevCMS habbo theme edit & RevCMS Housekeeping release

    Very good cms, i don't avatible in spanish?

    genial cms, no esta avatible en español?

  13. #313
    HostSavor.com Lewislol is offline
    MemberRank
    Jul 2013 Join Date
    498Posts

    Re: RevCMS habbo theme edit &amp; RevCMS Housekeeping release

    Quote Originally Posted by Nexeuz View Post
    Very good cms, i don't avatible in spanish?

    genial cms, no esta avatible en español?
    I won't be translating it to other languages, sorry but you can easily do it yourself.

    - - - Updated - - -

    I need some ideas for features, as I will spend a few hours on this.
    So far:
    -> Updated to MySQLi
    -> Latest index
    -> Better user home pages in progress

    Live demo server is getting installed.

    All features planned are above.

    Just list the idea below in this format:
    IDEA:
    How it should work:
    Example(If possible):
    Last edited by Lewislol; 12-04-15 at 04:12 PM.

  14. #314
    Valued Member Andre96 is offline
    MemberRank
    Dec 2011 Join Date
    The NetherlandsLocation
    103Posts

    Re: RevCMS habbo theme edit & RevCMS Housekeeping release

    Could you maybe look if things like {newsTitle} can work when you aren't logged in.

  15. #315
    HostSavor.com Lewislol is offline
    MemberRank
    Jul 2013 Join Date
    498Posts

    Re: RevCMS habbo theme edit & RevCMS Housekeeping release

    Quote Originally Posted by Andre96 View Post
    Could you maybe look if things like {newsTitle} can work when you aren't logged in.
    I can probably make it configurable, in the configuration file so if you want to allow people to roam around your cms without an active session they can see the news, but otherwise it redirects you back to the index page.
    This has been added to the next revision for you :) A demo should be up within the next 24 hours.(Similar to my old demos, every user gets a staff rank)

    Made a few changes to this.
    This feature has been added to the configuration file, you have to set site_roaming to false if you wish to not let
    users access your site without an active session or true and they get access to community, shop, staff and the news page.
    Last edited by Lewislol; 12-04-15 at 06:30 PM.



Advertisement