RevCMS PDO

[Xversion]

Hello Guys,

Original Post

Spoiler:

I've been working on this for a few hours - just wanted to release it... why run on out dated PHP versions? when you can use this edition of RevCMS and run it on PHP 7 with the best security?

Benefits of PDO:

- Faster
- Safer
- More DB Drivers than MySQL and MySQLi
- Just better...

A 100% Complete Transition to PDO, Don't lose all of the work you put into RevCMS just because there is a new CMS in town.

NOTE: This hasn't gone through full testing yet... but use it at your own risk.

ANOTHER NOTE: There is no 'SKIN' that comes with the CMS, please feel free to extract your own and use for the sake of making the download quicker.

I will however be happy to fix any future bugs that you may have!

Virus Scan: https://www.virustotal.com/en/file/f...is/1473017004/

Download URL:

Version 1: https://gofile.io/?c=keZkHD

Version 1.1: https://gofile.io/?c=VJ2Gjl

- Fixed PDO Error messages which can expose your Database Password
- Disable Error messages on Production to expose server information
- Added an old 'Habbo' Theme for demonstration purposes.

[I] Info - If you wish to see errors (for any purpose) then go to config.php and change $_CONFIG['site']['mode'] to 2 - useful for development purposes or on setting up your hotel.


Credits:

RevCMS - Kryptos - 90%
Me - PDO Edit - 5%
BurakDev - Testing - 5%

Soon to come... RevCMS 3.0

Features include:
- Enhanced Template Engine
- Plugins System
- Locale System
- SEO System (rank your website/hotel higher on Google)!
- Change of Database Engine to PDO
- Security Class (Finally! Deals with 99% of security threats with previous RevCMS issues)
- Complete CloudFlare Integration (Maybe integrate into Housekeeping?)
- Complete CDN Integration to serve your content from CDNs!

and more...

Requirements:
PHP 7 (or above)
MySQL 5 (or above)

Current Progress:

15%

View Code:

Spoiler:

config.php

PHP Code:

$config = (object) array(
    'name' => ($name = 'Xabbo'),
    'description' => 'The best retro in the world!',

    'web' => array(
      'path' => 'http://localhost',
      'maintenance' => false,
      'environment' => 2,
      'theme' => array(
        'default' => 'Habbo',
        'require' => 'jquery@3.1.1'
      ),
      'locale' => array(
        'en' => 'English',
        'de' => 'Deutsch'
      )
    ),

    'client' => array(
      'swf' => 'http://localhost/game/swf',
      'base' => 'http://localhost/game/swf/100/'
    ),

    'registration' => array(
      'rank' => 1,
      'vip' => 0,
      'motto' => 'I am new to ' . $name,
      'credits' => 2500,
      'duckets' => 5000,
      'crystals' => 50,
      'look' => '-'
    ),

    'mysql' => array(
      'host' => 'localhost',
      'user' => 'root',
      'pass' => '',
      'name' => 'vsl',
      'port' => 3306
    ),

    'email' => array(
      'help' => 'info@xabbo.localhost'
    ),

    'store' => array(
      'paypal' => 'deposit@virjox.com'
    ),

    'social' => array(
      'facebook' => array(
        'enabled' => false,
        'name' => 'Xabbo',
        'id' => '',
        'secret' => ''
      ),
      'twitter' => array(
        'enabled' => false,
        'name' => 'Xabbo'
      ),
      'youtube' => 'XabboHotel2k17'
    )
  ); 


Thanks!

[MentaL]

[LeChris]

Haven't dug through the source yet but,

Props on catching Rev up to the latest times man

[BurakDev]

1/ Isn't safe to display database PDO error message, can expose database password.
2/ Using global to access to shared objects is bad
3/ You don't use PDO prepared statements
4/ stripslashes + htmlspecialchars isn't a mature secure against SQL injection
5/ Don't use mysql_real_escape_string if you want keep code compatible with recent PHP
6/ This shit allow IP spoofing if you don't use CloudFlare if(isset($_SERVER['HTTP_CF_CONNECTING_IP'])) { $_SERVER['REMOTE_ADDR'] = $_SERVER['HTTP_CF_CONNECTING_IP']; }
7/ On production mode disable all PHP errors to prevent file path (server name ?) expose

And I just watched some files..

[ovflowd]

@Xversion, nice release. But like @BurakDev pointed, your source has some urgent security issues. Maybe in your next release you fix those errors ;)

Good luck.

[Xversion]

1/ Isn't safe to display database PDO error message, can expose database password.
2/ Using global to access to shared objects is bad
3/ You don't use PDO prepared statements
4/ stripslashes + htmlspecialchars isn't a mature secure against SQL injection
5/ Don't use mysql_real_escape_string if you want keep code compatible with recent PHP
6/ This shit allow IP spoofing if you don't use CloudFlare if(isset($_SERVER['HTTP_CF_CONNECTING_IP'])) { $_SERVER['REMOTE_ADDR'] = $_SERVER['HTTP_CF_CONNECTING_IP']; }
7/ On production mode disable all PHP errors to prevent file path (server name ?) expose

And I just watched some files..

Just wanted to say... I just purley converted it to PDO, Only of the eight facts you pointed on are caused by me the rest are existent on a 'Clean' version of RevCMS

I did fix number 1 and 2 of your points, a new version is available here: https://gofile.io/?c=VJ2Gjl

Your just pointing out the flaws of RevCMS than what I did, however I will be going through your list and attempt to fix them.

Edit: Feel free to check out a fresh copy of RevCMS 1.9.9.9 you'll see way more issues with that but that doesn't stop many people from using RevCMS because of its simplicity :)

[FRX]

Where is the Database for CMS?

[Xversion]

Where is the Database for CMS?

Get it from the emulator... its not different from RevCMS...

[Brought]

Get it from the emulator... its not different from RevCMS...

Don't mind him, he spams the forum with nonsense. I've reported several of his posts. Seems he just posts for the count... very pointless questions that I believe, even he, knows the answer to.

[ShowStopper]

What would I need to install this? PHP and Mysql? I never dealt with PDO at all and want to take a look around.

[Konquer]

What would I need to install this? PHP and Mysql? I never dealt with PDO at all and want to take a look around.

PDO is just another way for php to communicate with your database. You don't need anything other than the usual stuff you would need to get revcms working.

[ShowStopper]

So the same version of PHP?

[Konquer]

So the same version of PHP?

You can choose whatever php version you want, just don't use a super old one.

[lai0n]

Try doing smaller functions, big functions are against PSR-*.
PSR's are the PHP Standards.
See about PSR-0, PSR-1, PSR-2, PSR-4 and PSR-5 here: PHP Standards Recommendations - PHP-FIG

Like this

[EvilCoder]

No offence, but I don't like RevCMS anyways. A lot of structures are coded badly and most good parts are based from uberCMS and then combined with other codes which together became worse and slower. As @BurakDev already stated clearly somebody doesn't know what the difference is between private, public or internal which makes it insecure anyways.

Do note that there are no performance improvements between Mysqli and PDO. What is nice from PDO is that it is a multiple supporting language function but clearly you don't need that because we use MySQL.

Anyhow... Thanks for sharing this with the community =)! Will take a further look into this!

- - - Updated - - -

PDO is just another way for php to communicate with your database. You don't need anything other than the usual stuff you would need to get revcms working.

That is incorrect. You need PDO functionallity installed. If you use public shared hosting you might need to request this to be installed. If you have it on your own server for windows you peek here: http://php.net/manual/en/pdo.installation.php

[ShowStopper]

No offence, but I don't like RevCMS anyways. A lot of structures are coded badly and most good parts are based from uberCMS and then combined with other codes which together became worse and slower. As @BurakDev already stated clearly somebody doesn't know what the difference is between private, public or internal which makes it insecure anyways.

Do note that there are no performance improvements between Mysqli and PDO. What is nice from PDO is that it is a multiple supporting language function but clearly you don't need that because we use MySQL.

Anyhow... Thanks for sharing this with the community =)! Will take a further look into this!

- - - Updated - - -



That is incorrect. You need PDO functionallity installed. If you use public shared hosting you might need to request this to be installed. If you have it on your own server for windows you peek here: PHP: Installation - Manual

Thanks I tried to use this but I know nothing about PDO or any of that good stuff. I plan to further look into this.