RevCMS Working News Comments!

Page 1 of 2 12 LastLast
Results 1 to 15 of 21
  1. 05-02-13 #1
    Kristopher
    Account Upgraded | Title Enabled! Kristopher is offline
    MemberRank
    Sep 2011 Join Date
    266Posts

    RevCMS Working News Comments!

    PHP Code:
    <!DOCTYPE html>

    <html lang="en">

        <head>

            <meta http-equiv="content-type" content="text/html; charset=utf-8">

            <title>{hotelName} - News</title>

            <div id="fb-root"></div>

    <script>(function(d, s, id) {

    var js, fjs = d.getElementsByTagName(s)[0];

    if (d.getElementById(id)) return;

    js = d.createElement(s); js.id = id;

    js.src = "//connect.facebook.net/en_US/all.js#xfbml=1&appId=138881106159184";

    fjs.parentNode.insertBefore(js, fjs);

    }(document, 'script', 'facebook-jssdk'));</script>

            <link rel="stylesheet" href="{url}/app/tpl/skins/Habbo/styles/common.css" type="text/css">

            <script type="text/javascript" src="{url}/app/tpl/skins/Habbo/js/libs2.js"></script>

            <script type="text/javascript" src="{url}/app/tpl/skins/Habbo/js/visual.js"></script>

            <script type="text/javascript" src="{url}/app/tpl/skins/Habbo/js/libs.js"></script>

            <script type="text/javascript" src="{url}/app/tpl/skins/Habbo/js/common.js"></script>

            <script type="text/javascript" src="{url}/app/tpl/skins/Habbo/js/fullcontent.js"></script>

            <script type="text/javascript">

                document.habboLoggedIn = true;

                var habboName = "{username}";

                var habboId = "{userid}";

                var habboReqPath = "";

                var habboStaticFilePath = "{url}/app/tpl/skins/Habbo";

                var habboImagerUrl = "http://www.habbo.com/habbo-imaging/";

                var habboPartner = "";

                var habboDefaultClientPopupUrl = "{url}/client";

                window.name = "habboMain";

                if (typeof HabboClient != "undefined") {

                    HabboClient.windowName = "eac955c8dbc88172421193892a3e98fc7402021a";

                    HabboClient.maximizeWindow = true;

                }

            </script>

            <!--[if IE 8]>

                <link rel="stylesheet" href="{url}/app/tpl/skins/Habbo/styles/ie8.css" type="text/css">

            <![endif]-->

            <!--[if lt IE 8]>

                <link rel="stylesheet" href="{url}/app/tpl/skins/Habbo/styles/ie.css" type="text/css" />

            <![endif]-->

            <!--[if lt IE 7]>

                <link rel="stylesheet" href="{url}/app/tpl/skins/Habbo/styles/ie6.css" type="text/css" />

                <script type="text/javascript" src="{url}/app/tpl/skins/Habbo/js/pngfix.js"></script>

                <script type="text/javascript">

                    try { document.execCommand('BackgroundImageCache', false, true); } catch(e) {}

                </script>

                <style type="text/css">

                    body { behavior: url({url}/app/tpl/skins/Habbo/js/csshover.htc); }

                </style>

            <![endif]-->

        </head>

        <body id="news">

    <div id="overlay"></div>

            <div id="header-container">

                <div id="header" class="clearfix">

                    <h1><a href="http://shockhotel.com/"></a></h1>

                    <div id="subnavi">

                        <div id="subnavi-user">

                            <ul>

                        <li id="myfriends"><a href="#"><span>My Friends</span></a><span class="r"></span></li>

                        <li id="mygroups"><a href="#"><span>My Groups</span></a><span class="r"></span></li>

                        <li id="myrooms"><a href="#"><span>My Rooms</span></a><span class="r"></span></li>

                    </ul>

                        </div>

                        <div id="subnavi-search">

                            <div id="subnavi-search-upper">

                                <ul id="subnavi-search-links">

                                    <u><li><a href="http://shockhotel.com/logout" style="color:#000">Logout</a></li></u>

                                </ul>

                            </div>

                        </div>

                        <div id="to-hotel">

                            <a href="{url}/api.php" class="new-button green-button" target="eac955c8dbc88172421193892a3e98fc7402021a" onclick="HabboClient.openOrFocus(this); return false;"><b>Enter Strike Hotel</b><i></i></a>

                        </div>

                    </div>

                  <ul id="navi">

                        <li class="metab"><a href="{url}/me">{username}</a><span></span></li>

                        <li class="selected"><strong>Community</strong><span></span></li>

                        <li><a href="{url}/vip">VIP</a><span></span></li>

                        <li><a href="{url}/404">Coming Soon! ({vip_points}p)</a><span></span></li>

                    </ul>

             

                    <div id="habbos-online">

        <div id="content">

            <div class="cbb ">

    <span>{online} members online</span></div>

        </div>

    </div>

                </div>

                </div>

            </div>

            <?php

                if( $_GET['id'] ) {

                                 

                                                    $query mysql_query"SELECT * FROM `cms_news` WHERE id = '".filter($_GET['id'])."'");

                                                    $array mysql_fetch_assoc$query );

                                 

                                            }

                             

                                            if(     $_GET['id'] ) {

                                 

                                                    $query mysql_query"SELECT * FROM `cms_news` WHERE id = '".filter($_GET['id'])."'");

                                                    $array mysql_fetch_assoc$query );

                                            }

                                                    ?>

            <div id="content-container">

                <div id="navi2-container" class="pngbg">

                    <div id="navi2" class="pngbg clearfix">

                        <ul>

                     

                            <li><a href="{url}/community">Community</a></li>

                <li class="selected">☆ News☆</li>

                            <li><a href="{url}/staff">Staff</a></li>

                            <li><a href="{url}/topstats">Top User Stats</a></li>

                            <li class=" last"><a href="{url}/expert">eXperts</a></li>

                        </ul>

                    </div>

                </div>

                <div id="container">

                    <div id="content" style="position: relative" class="clearfix">

                        <div id="column1" class="column">

                            <div class="habblet-container ">

                                <div class="cbb clearfix red ">

                                    <h2 class="title">News</h2>

                                    <div id="article-archive">

                                        <ul>

                                            {newsList}

                                        </ul>

                                    </div>

                                </div>

                            </div>

                            <script type="text/javascript">if (!$(document.body).hasClassName('process-template')) { Rounder.init(); }</script>

                        </div>

                        <div id="column2" class="column">

                            <div class="habblet-container ">

                                <div class="cbb clearfix notitle ">

                                    <div id="article-wrapper">

                                        <h2>{newsTitle} </h2>

                                        <div class="article-meta">Posted {newsDate}</div>

                                        <p class="summary">{newsTitle}</p>

                                        <div class="article-body">

                                  {newsContent}

                       

                 

                                            <script type="text/javascript" language="Javascript">

                                                document.observe("dom:loaded", function() {

                                                    $$('.article-images a').each(function(a) {

                                                        Event.observe(a, 'click', function(e) {

                                                            Event.stop(e);

                                                            Overlay.lightbox(a.href, "Image is loading");

                                                        });

                                                    });

                                       

                                                    $$('a.article-2729').each(function(a) {

                                                        a.replace(a.innerHTML);

                                                    });

                                                });

                                            </script>

                                        </div>

                                    </div>

                                </div>

                            </div>

       

               

    <?php

    if(isset($_POST['post_comment']))

          $posted_on date("M j, Y g:i A");

    if (empty(    $_POST['comment']))

    $_POST['comment'] = '';

    $comment strip_tags (filter($_POST['comment']));

    if(    $comment == NULL){

                //define("ERROR", "You have to type in a reply!<br /><br />");

        //$error_message = 'You have to type in a reply!<br /><br />';

          }else{

    if (    isLogged)

    {

          mysql_query("INSERT INTO cms_comments (article, userid, comment, posted_on, author) VALUES ('".filter($_GET['id'])."', '".$_SESSION['user']['id']."', '".filter($comment)."', '".$posted_on."', '" $_SESSION['user']['username']. "');") or die(mysql_error());

            define('SUCCESS''You have successfully posted a comment on this news article!');

            define("ERROR""<br>Thanks for your reply!<br />");

                //$error_message = 'Thanks for your reply!<br /><br />';

          }

    }

    ?>

    <div class="habblet-container ">

    <div class="cbb clearfix notitle ">

    <div id="article-wrapper"><h2>Place Comment</h2>

    <div class="article-meta"></div>

    <div class="article-body">

    <?php

    if($userPosts >= 1)

    {

            define('ERROR''Sorry, you are only allowed one comment per article.');

    }

    if(    defined("SUCCESS")){

    ?>

    <div class="rounded rounded-green" width="20%">

                        <?php echo SUCCESS?><br />

                    </div>

                    <div>&nbsp;</div>

    <?php

    }

    if(    defined("ERROR")) {

    ?>

    <div class="rounded rounded-red" width="20%">

                        <?php echo ERROR?><br />

                    </div>

                    <div>&nbsp;</div>

    <?php

    }

    else

    {

    ?>

    <form action="" method="post">

    <textarea name="comment" maxlength="500"></textarea><br /><br />

    <input type="submit" name="post_comment" value="Place Comment" />

    </form>

    <?php

    }

    ?>

    </div>

    </div>

    </div>

    </div>

    <style type="text/css">

    input[type="text"], input[type="password"] {

    background-color: #F1F1F1;

    border: 1px solid #999999;

    width: 175px;

    padding: 5px;

    font-family: verdana;

    font-size: 10px;

    color: #666666;

    }

    input[type="submit"] {

    background-color: #F1F1F1;

    border: 1px solid #999999;

    padding: 5px;

    font-family: verdana;

    font-size: 10px;

    color: #666666;

    }

    textarea {

    background-color: #F1F1F1;

    border: 1px solid #999999;

    padding: 5px;

    width: 517px;

    height: 70px;

    font-family: verdana;

    font-size: 10px;

    color: #666666;

    }

    select {

    background-color: #F1F1F1;

    border: 1px solid #999999;

    padding: 5px;

    font-family: verdana;

    font-size: 10px;

    color: #666666;

    }

    </style>

    <?php

    $getComments     mysql_query("SELECT * FROM cms_comments WHERE article = '".filter($_GET['id'])."' ORDER by id DESC");

    ?>

    <div class="habblet-container ">

    <div class="cbb clearfix notitle ">

    <div id="article-wrapper"><h2>Comments <?php echo mysql_num_rows($getComments); ?></h2>

    <div class="article-meta"></div>

    <div class="article-body">

    <?php

              if(mysql_num_rows($getComments) == 0) {

              echo     "No comments for this article!";

          } else {

              echo     '<table width="528px">';

              while(    $Comments mysql_fetch_array($getComments)){

                  $getUserInfo mysql_query("SELECT * FROM users WHERE username = '".$Comments['author']."'");

                  $userInfo mysql_fetch_array($getUserInfo);

                      echo     '

                      <tr>

                        <td width="90px" valign="top"></div>

                        <div style="

    height: 65px;

    width: 50px;

    float: left;

    overflow: hidden;

    ">

                          <div style="float:left"><img position:absolute; src="http://www.habbo.nl/habbo-imaging/avatarimage?figure='    .$userInfo['look'].'&size=b&direction=2&head_direction=3&gesture=sml&size=2"></div>

                          '    ;

                            if(    $userInfo['rank'] >= 5) {

                                echo     '<div style="position: absolute; z-index:1"><img src="{url}/r63/c_images/album1584/ADM.gif"></div>';

                            }

                            if(    $userInfo['rank'] == 3) {

                                echo     '<div style="position: absolute; z-index:1"><img src="{url}/r63/c_images/badges/XXX.gif"></div>';

                            }

                            if(    $userInfo['rank'] == 4) {

                                echo     '<div style="position: absolute; z-index:1"><img src="{url}/r63/c_images/badges/XXX.gif"></div>';

                            }

                            if(    $userInfo['rank'] == 2) {

                                echo     '<div style="position: absolute; z-index:1"><img src="{url}/r63/c_images/badges/VIP.gif"></div>';

                            }

                            if(    $userInfo['rank'] == 1) {

                                echo     '<div style="position: absolute; z-index:1"><img src="{url}/lid.png"></div>';

                            }

             

                    echo     '

                    </td>

                        <td width="427px" valign="top">

                        <i><a href="/me">'    .$userInfo['username'].' </a></i>

                                            <br /><br />'    .$Comments['comment'].'

                                 

                        </td>

                      </tr>

              <tr>

                        <td width="80px" valign="top">

             

                        </td>

                                    <td width="400px" align="right">

                                       

                                       

                 

    </div></div></div></div>

    <br>

    <div style="width:125%; height:1px; background-color:#ccc; margin-top:-17px;"></div>

                </td>

              </tr>'    ;

              }

              echo     '</table>';

            }

                ?></div> </div> </div> </div>

    </div>

    </div>

    </div>

    </div>

            <script type="text/javascript">if (!$(document.body).hasClassName('process-template')) { Rounder.init(); }</script>

            <script type="text/javascript">

                HabboView.run();

            </script>

            <!--[if lt IE 7]>

                <script type="text/javascript">

                    Pngfix.doPngImageFix();

                </script>

            <![endif]-->

     

            <div id="footer" >

                <?php include "app/tpl/skins/Habbo/inc/footer.php"?>

            </div>

        </body>

    </html>
    -- ----------------------------

    -- Table structure for `cms_comments`

    -- ----------------------------

    DROP TABLE IF EXISTS `cms_comments`;

    CREATE TABLE `cms_comments` (

    `id` int(11) NOT NULL AUTO_INCREMENT,

    `article` int(11) NOT NULL,

    `userid` int(11) NOT NULL,

    `comment` varchar(500) NOT NULL,

    `posted_on` varchar(150) NOT NULL DEFAULT '',

    `author` varchar(255) NOT NULL,

    PRIMARY KEY (`id`)

    ) ENGINE=InnoDB AUTO_INCREMENT=6 DEFAULT CHARSET=latin1;



    Screenshots:

    Credits:

    Sledmore: Cleaning up the exploits.

    Holmes: Pin pointing error.

    Me: Putting this all together and making it work for everyone and SQL and fixing html up.

    Pythonx19 or someshit: Making the whole thing.
    Last edited by Kristopher; 05-02-13 at 10:52 PM.
  2. Check out our sponsor
    RevCMS Working News Comments!
  3. 05-02-13 #2
    Mush
    Valued Member Mush is offline
    MemberRank
    Oct 2012 Join Date
    NorwayLocation
    118Posts

    Re: RevCMS Working News Comments!

    Thanks, 10/10!
  4. 05-02-13 #3
    V for Vendetta
    Banned V for Vendetta is offline
    BannedRank
    Feb 2007 Join Date
    1,809Posts

    Re: RevCMS Working News Comments!

    Wow this is hell nice. I'll sure add this to my Habbo theme news page Thanks!

    Wasn't this off sledmore or not? anyway 10/10
  5. 05-02-13 #4
    Kristopher
    Account Upgraded | Title Enabled! Kristopher is offline
    MemberRank
    Sep 2011 Join Date
    266Posts

    Re: RevCMS Working News Comments!

    Sledmore is the one who cleaned exploits and what not. Holmes helped me pin point error and help fix. Meh I put this all together and changed some html things around.
  6. 05-02-13 #5
    Toxic998
    Coder/Programmer Toxic998 is offline
    MemberRank
    Nov 2012 Join Date
    USALocation
    215Posts

    Re: RevCMS Working News Comments!

    Thanks, bro. I've been looking for a good working one. The one i have works, but isn't in the best shape.
    Downloading and uploading as we speak :)

    Toxic998
  7. 05-02-13 #6
    Habp
    Banned Habp is offline
    BannedRank
    Mar 2012 Join Date
    TCPOELocation
    208Posts

    Re: RevCMS Working News Comments!

    Thanks man!
  8. 05-02-13 #7
    Kristopher
    Account Upgraded | Title Enabled! Kristopher is offline
    MemberRank
    Sep 2011 Join Date
    266Posts

    Re: RevCMS Working News Comments!

    Quote Originally Posted by Toxic998 View Post
    Thanks, bro. I've been looking for a good working one. The one i have works, but isn't in the best shape.
    Downloading and uploading as we speak :)

    Toxic998
    Quote Originally Posted by Habp View Post
    Thanks man!
    More then welcome :D!
  9. 06-02-13 #8
    Exonize
    G'nome sayin' Exonize is offline
    MemberRank
    May 2011 Join Date
    Czech RepublicLocation
    517Posts

    Re: RevCMS Working News Comments!

    This is a nice plugin but i don't think Pythonx19's releases was secure, watch out for exploits.
  10. 06-02-13 #9
    Kristopher
    Account Upgraded | Title Enabled! Kristopher is offline
    MemberRank
    Sep 2011 Join Date
    266Posts

    Re: RevCMS Working News Comments!

    Did you not see that i had them fixed..
  11. 06-02-13 #10
    Toxic998
    Coder/Programmer Toxic998 is offline
    MemberRank
    Nov 2012 Join Date
    USALocation
    215Posts

    Re: RevCMS Working News Comments!

    Quote Originally Posted by Kristopher View Post
    Did you not see that i had them fixed..
    Yeah, I believe 99% of them are fixed.. I believe this is secure :)
  12. 06-02-13 #11
    Vrop93
    Planning Stuff Since 2013 Vrop93 is offline
    MemberRank
    Jan 2012 Join Date
    Grocery StoreLocation
    320Posts

    RevCMS Working News Comments!

    Why you repeat this line?
    Code:
            <?php

        if( $_GET['id'] ) {

                             

                                            $query = mysql_query( "SELECT * FROM `cms_news` WHERE id = '".filter($_GET['id'])."'");

                                            $array = mysql_fetch_assoc( $query );

                             

                                        }

                         

                                        if( $_GET['id'] ) {

                             

                                            $query = mysql_query( "SELECT * FROM `cms_news` WHERE id = '".filter($_GET['id'])."'");

                                            $array = mysql_fetch_assoc( $query );

                                        }

                                            ?>
    you make me laugh.


    Sent all the way from my iPod :O
  13. 06-02-13 #12
    PRIZM
    Zephyr Studios PRIZM is offline
    MemberRank
    Feb 2012 Join Date
    DenmarkLocation
    2,291Posts

    Re: RevCMS Working News Comments!

    Thanks for re-releasing the news comments by PythoneX12.
  14. 06-02-13 #13
    The General
    Check http://arcturus.pw The General is offline
    DeveloperRank
    Aug 2011 Join Date
    7,607Posts

    Re: RevCMS Working News Comments!

    Quote Originally Posted by Vrop93 View Post
    Why you repeat this line?
    Code:
            <?php

        if( $_GET['id'] ) {

                             

                                            $query = mysql_query( "SELECT * FROM `cms_news` WHERE id = '".filter($_GET['id'])."'");

                                            $array = mysql_fetch_assoc( $query );

                             

                                        }

                         

                                        if( $_GET['id'] ) {

                             

                                            $query = mysql_query( "SELECT * FROM `cms_news` WHERE id = '".filter($_GET['id'])."'");

                                            $array = mysql_fetch_assoc( $query );

                                        }

                                            ?>
    you make me laugh.


    Sent all the way from my iPod :O
    Yeah this is useless code. Why using if( $_GET['id'] ) . You dont compare the value of $_GET['id']. You should use if(isset($_GET['id'])) { //code }

    If I'm correct I can visit ?id=lol and then comment on that thus spamming your database with shit. Add a check if the news article exists or if it is numeric.
  15. 06-02-13 #14
    Oblique
    Enthusiast Oblique is offline
    MemberRank
    Oct 2012 Join Date
    AustraliaLocation
    48Posts

    Re: RevCMS Working News Comments!

    I fail to see exactly what you did to these comments... Holmes fixed the SQL, Sledmore fixed the exploits and i see no html that has been edited by yourself.

    That aside they still look like shit.
  16. 06-02-13 #15
    iOmvuZ
    Valued Member iOmvuZ is offline
    MemberRank
    May 2012 Join Date
    104Posts

    Re: RevCMS Working News Comments!

    Thanks for re-releasing.


Page 1 of 2 12 LastLast
« Previous Thread | Next Thread »

Advertisement