zCMS [PHP, OOP, Phoenix, Secure]

i get this
Notice: Undefined index: HTTP_CF_CONNECTING_IP in C:\xampp\htdocs\habbo\global.php on line 21
Title: Could not execute cron job 'credits.php': could not locate script file.
Text: Could not execute cron job 'credits.php': could not locate script file.

zCMS is only for IIS! The .htaccess doesn't exist and in the web.config (Config of IIS) There are Rewrite

Excuse me for my shitter english

Quote:

---

Originally Posted by Cyb3

i get this
Notice: Undefined index: HTTP_CF_CONNECTING_IP in C:\xampp\htdocs\habbo\global.php on line 21
Title: Could not execute cron job 'credits.php': could not locate script file.
Text: Could not execute cron job 'credits.php': could not locate script file.

---

Go into global.php and remove HTTP_CF_CONNECTING_IP

Getting Forumname error after registration, Even though I have forumname in the users columns?

This CMS bugs like hell, don't download! Download BrickPHP for a good CMS.

Quote:

---

Originally Posted by azaidi

This CMS bugs like hell, don't download! Download BrickPHP for a good CMS.

---

Make it compatible with uberemu then :)

Hmm, you powned me:/:

Anyone got a working SQL to add for forumname table, I added the one Jonty posted it didn't work.

Quote:

---

Originally Posted by Seano2o6

Anyone got a working SQL to add for forumname table, I added the one Jonty posted it didn't work.

---

Just user another one, I tried to use this and it just didn't work. Different people have different out comes.

I'll be trying it out. Ty.
Posted via Mobile Device

zCMS isn't as great as everyone says you know ;)
Use VisualCCMS, I think it's better.

I can't see to delete the navs 'Buy VIP' and 'Forum' they're not in site_navi, so some help would be nice? ;3

inc/tpl/generic-top.tpl ^

I agree with Azaidi, zCMS ISNT as good as its cracked up to be. There are soooo many exploits still unpatched, had this on my hotel when I used VPS and it got hacked in the first 10minutes of opening.
We had to go patch each exploit ourselves, even the simple ones that shouldn't of been left open by it's "coder"

"exoh"

Quote:

---

Originally Posted by PoyzenCookie

I agree with Azaidi, zCMS ISNT as good as its cracked up to be. There are soooo many exploits still unpatched, had this on my hotel when I used VPS and it got hacked in the first 10minutes of opening.
We had to go patch each exploit ourselves, even the simple ones that shouldn't of been left open by it's "coder"

"exoh"

---

Yeah, no, shutup. You have no idea what you are talking about.

The "exploit" that I supposedly left in there is an unfiltered $_GET param that is actually left unfiltered in the stock copy of uber. So where's your theory now.

Exploit is in article.php btw. Enjoy. This is why Supa will stay private for a while before release - idiots like you.

Quote:

---

Originally Posted by Jonteh

Yeah, no, shutup. You have no idea what you are talking about.

The "exploit" that I supposedly left in there is an unfiltered $_GET param that is actually left unfiltered in the stock copy of uber. So where's your theory now.

Exploit is in article.php btw. Enjoy. This is why Supa will stay private for a while before release - idiots like you.

---

You can't blame em if the CMS has exploits in there.

Quote:

---

Originally Posted by Zak©

You can't blame em if the CMS has exploits in there.

---

I can when they're telling everyone I planted it when it was there originally.

I understand the frustration - people are mad because a param was left unfiltered. However, a simple $_GET param is easily resolvable.

There shouldn't be further argument regarding this.
If your understanding of PHP is at least basic, then you should be able to resolve the issue.

mysql_real_escape_string(stripslashes(trim( $_GET SHIT )))

Wow that's really hard :O

Quote:

---

Originally Posted by azaidi

mysql_real_escape_string(stripslashes(trim( $_GET SHIT )))

Wow that's really hard :O

---

Woa. Woa. Woa. Woa.
Stop there.

Do you even know what Realescape, Stripslashes, and Trim does?

You will only need Stripslashes & Trim, or you could do this
Functions Bro, Functions

PHP Code:

---


/**
 * Cleans the inputted String
 * Will protects against Basic SQL injections
 * @param $_GET / $_POST
 * @return Stripped Variable
 */
function cleanvar($s_string){
    
$sStr = Stripslashes($s_string);

$sTtr = Trim($sStr);

return $sTtr;
}


cleanvar($_GET[ADMINPASSWORDINPLAINTEXTISSOSAFE]); 


---

Quote:

---

Originally Posted by G33k

Woa. Woa. Woa. Woa.
Stop there.

Do you even know what Realescape, Stripslashes, and Trim does?

You will only need Stripslashes & Trim, or you could do this
Functions Bro, Functions

PHP Code:

---


/**
 * Cleans the inputted String
 * Will protects against Basic SQL injections
 * @param $_GET / $_POST
 * @return Stripped Variable
 */
function cleanvar($s_string){
    
$sStr = Stripslashes($s_string);

$sTtr = Trim($sStr);

return $sTtr;
}


cleanvar($_GET[ADMINPASSWORDINPLAINTEXTISSOSAFE]); 


---

---

You do realize that if anything is going in, or coming out of a database you want to use mysql_real_escape_string right?

When you're trimming a string, you're basically removing whitespaces from both sides, which imo, could cause a lot of database confusion if someone posts a space before an e-mail or something. Stripslashes just removes backslashes.. Therefore the function you're using really isn't cleaning the string from any/all vulnerabilities that it may contain. That's where mysql_real_escape_string comes in handy. It removes specicial characters that could manipulate your SQL database.

So function or not, his code was still correct over yours... that is if your main intention was stripping the string completely clean. Goes to show that functions doesn't always make your code 'right'. It just makes it more organized, and dynamic... while also requiring less work down the line. Before moving onto functions you should at least understand the complete basics.

Not trying to offend you or anything either. =P

Quote:

---

Originally Posted by Aaron

You do realize that if anything is going in, or coming out of a database you want to use mysql_real_escape_string right?

When you're trimming a string, you're basically removing whitespaces from both sides, which imo, could cause a lot of database confusion if someone posts a space before an e-mail or something. Stripslashes just removes backslashes.. Therefore the function you're using really isn't cleaning the string from any/all vulnerabilities that it may contain. That's where mysql_real_escape_string comes in handy. It removes specicial characters that could manipulate your SQL database.

So function or not, his code was still correct over yours... that is if your main intention was stripping the string completely clean. Goes to show that functions doesn't always make your code 'right'. It just makes it more organized, and dynamic... while also requiring less work down the line. Before moving onto functions you should at least understand the complete basics.

Not trying to offend you or anything either. =P

---

You also need to be connected to a db to use mysql_real_escape_string but if you use MySQLi..

PHP Code:

---

$db = new MySQLi("connection infos");
$string = "''''lol''''";
echo $db->real_escape_string($string); 


---

^^

It was just an example typed on my mobile, I know how to make a function of it. + What G33k did can be shortened a lot:

function cleanvar($s_string){
return stripslashes(trim($s_string));
}
I know I left the mysql_real_escape string out but I'm just shortening his php code :P

Code is not about being short.
If i could, i could paste all code from conradUK into 1 PHP FILE

BUT THAT WOULD BE A CLUSTERFUCK

well if you code it your way the cms is instead of 20mb gonna be 50mb -.-"