[BETA] MapleBitCMS

[itscolee]

Do you have the latest version of maplebit? If not, please install that.

Reinstalled everything, issue is still occuring. No new account shows up in the DB, can't login to the website.

 

[Xanix]

Reinstalled everything, issue is still occuring. No new account shows up in the DB, can't login to the website.

This happened to me too, and it's happening again.

 

[CrysisMS]

Well, when i register it uses a SHA 1 as you said eariler... But maple doesn't use sha 1 if i'm correctly...

 

[greenelfx]

Well, when i register it uses a SHA 1 as you said eariler... But maple doesn't use sha 1 if i'm correctly...

Maple can use any type of password hashing mechanism, if implemented properly throughout the source. Most sources use SHA1.
MapleBit does not support plaintext passwords, and there are no plans to ever support them.

 

[ZyriC]

Hi, may i know how to exclude banned players shown on Rankings page?

 

[Basis]

Hi, may i know how to exclude banned players shown on Rankings page?

Create a variable that checks the ban state from the character table.

$ban = // access the database

if ($ban < 1) {
  echo 'Display the character.';
} else {
  echo '';
}

If the rank number is being drawn from the character table as well, then filtering out the banned people will leave gaps. So say the person ranked #2 is banned, then it will jump from 1 to 3. To fix this, you can create a variable that counts each person in the sequence.

$i = 1;
// display the character and make sure the rank column is displaying the variable $i
$i++

So long as $i++ is inside the loop, it will automatically add 1 for each time the loop is run which will put the correct number for each character regardless of what their rank actually is in the database.

 

[ZyriC]

Hi, sorry this is a stupid question, but how do I add them into the rankings.php?

 

[greenelfx]

Hi, sorry this is a stupid question, but how do I add them into the rankings.php?

How much more hand holding do you need to accomplish this? Basis wrote a fairly in depth way to cleanly accomplish what you are going after. Do yourself a favor and learn basic programming/logic skills. Also, this thread is not really meant for getting support.

 

[Basis]

Hi, sorry this is a stupid question, but how do I add them into the rankings.php?

Ok, I actually looked into the code and it appears that a while loop is being used to display one table row per character. It looks like he already handled ranking such that you can filter out banned people without worrying about the number. I haven't tried it myself, but you should be able to just add what you need into the $result variable and then call the banned row like this.

One with comments

while($row = $result->fetch_assoc()) { // this is in rankings.php
  if ($row['banned'] < 1) { // The if statement to wrap around the table
    // Insert table row here
  } else { // if banned, then display nothing
  } // Close the if
} // This is already in rankings.php

One without comments

while($row = $result->fetch_assoc()) {
  if ($row['banned'] < 1) {
  } else {
  }
}

One with the complete code

while($row = $result->fetch_assoc()) {
	if ($row['banned'] < 1) {
	$ranking++;
	$name = $row['name'];
	echo "
	<tr>
		<td><span class=\"badge\">$ranking</span></td>
		<td class=\"hidden-sm hidden-xs\"><img src=\"".$siteurl."assets/img/GD/create.php?name=".$name."\" alt=\"".$name."\" class=\"avatar img-responsive\" style=\"margin: 0 auto;\"></td>
		<td><a href=\"?base=main&page=character&n=".$row['name']."\">".$row['name']."</a></td>
		<td>";
			if ($row['job']=="000")
				echo "Beginner";
			if ($row['job']=="100")
				echo "Warrior";
			if ($row['job']=="110")
				echo "Fighter";
			if ($row['job']=="120")
				echo "Page";
			if ($row['job']=="130")
				echo "Spearman";
			if ($row['job']=="111")
				echo "Crusader";
			if ($row['job']=="121")
				echo "White Knight";
			if ($row['job']=="131")
				echo "Dragon Knight";
			if ($row['job']=="112")
				echo "Hero";
			if ($row['job']=="122")
				echo "Paladin";
			if ($row['job']=="132")
				echo "Dark Knight";
			if ($row['job']=="200")
				echo "Magician";
			if ($row['job']=="210")
				echo "Wizard";
			if ($row['job']=="220")
				echo "Wizard";
			if ($row['job']=="230")
				echo "Cleric";
			if ($row['job']=="211")
				echo "Mage";
			if ($row['job']=="221")
				echo "Mage";
			if ($row['job']=="231")
				echo "Priest";
			if ($row['job']=="212")
				echo "Arch Mage";
			if ($row['job']=="222")
				echo "Arch Mage";
			if ($row['job']=="232")
				echo "Bishop";
			if ($row['job']=="300")
				echo "Bowman";
			if ($row['job']=="310")
				echo "Hunter";
			if ($row['job']=="320")
				echo "Crossbowman";
			if ($row['job']=="311")
				echo "Ranger";
			if ($row['job']=="321")
				echo "Sniper";
			if ($row['job']=="312")
				echo "Bow Master";
			if ($row['job']=="322")
				echo "Crossbow Master";
			if ($row['job']=="400")
				echo "Thief";
			if ($row['job']=="410")
				echo "Assassin";
			if ($row['job']=="420")
				echo "Bandit";
			if ($row['job']=="411")
				echo "Hermit";
			if ($row['job']=="421")
				echo "Chief Bandit";
			if ($row['job']=="412")
				echo "Night Lord";
			if ($row['job']=="422")
				echo "Shadower";
			if ($row['job']=="500")
				echo "Pirate";
			if ($row['job']=="510")
				echo "Brawler";
			if ($row['job']=="520")
				echo "Gunslinger";
			if ($row['job']=="511")
				echo "Marauder";
			if ($row['job']=="521")
				echo "Buccaneer";
			if ($row['job']=="512")
				echo "Outlaw";
			if ($row['job']=="522")
				echo "Corsair";
			if ($row['job']=="900")
				echo "GMs";
			if ($row['job']=="910")
				echo "SuperGM";
			if ($row['job']=="1000")
				echo "Noblesse";
			if ($row['job']=="1100")
				echo "Dawn Warrior";
			if ($row['job']=="1110")
				echo "Dawn Warrior 2";
			if ($row['job']=="1111")
				echo "Dawn Warrior 3";
			if ($row['job']=="1112")
				echo "Dawn Warrior 4";
			if ($row['job']=="1200")
				echo "Flame Wizard";
			if ($row['job']=="1210")
				echo "Flame Wizard 2";
			if ($row['job']=="1211")
				echo "Flame Wizard 3";
			if ($row['job']=="1212")
				echo "Flame Wizard 4";
			if ($row['job']=="1300")
				echo "Wind Archer";
			if ($row['job']=="1310")
				echo "Wind Archer 2";
			if ($row['job']=="1311")
				echo "Wind Archer 3";
			if ($row['job']=="1312")
				echo "Wind Archer 4";
			if ($row['job']=="1400")
				echo "Night Walker";
			if ($row['job']=="1410")
				echo "Night Walker 2";
			if ($row['job']=="1411")
				echo "Night Walker 3";
			if ($row['job']=="1412")
				echo "Night Walker 4";
			if ($row['job']=="1500")
				echo "Thunder Breaker";
			if ($row['job']=="1510")
				echo "Thunder Breaker 2";
			if ($row['job']=="1511")
				echo "Thunder Breaker 3";
			if ($row['job']=="1512")
				echo "Thunder Breaker 4";
			if ($row['job']=="2000")
				echo "Legend";
			if ($row['job']=="2100")
				echo "Aran";
			if ($row['job']=="2111")
				echo "Aran 2";
			if ($row['job']=="2112")
				echo "Aran 3";
			
			if($servertype == 1){
				echo "</td>
				<td>".$row['reborns']."</td>";
			}			
			echo "
			<td>".$row['level']."</td>
		</tr>";
	} else {
	}
}

 

[ZyriC]

i added, it says banned undefined or smth. i add above:

$ban = $row['banned'];

but then it says the one i added is undefined. I tried adding a.banned but it says : Unknown column 'a.banned' in 'field list'

 

[greenelfx]

i added, it says banned undefined or smth. i add above:

$ban = $row['banned'];

but then it says the one i added is undefined. I tried adding a.banned but it says : Unknown column 'a.banned' in 'field list'

Please take this to PMs. This thread is not meant for receiving individual help.

 

[Snopboy]

Been looking up on the ACP and I noticed that when you edit a user's password, it simply store the password the way you entered it (there's real_escape_string and strip_tags) and it doesn't any type of encryption at all, not even sha1..
This may result in a user not able to access his account because if the pw is stored as normal chars and not hashed, the check in the login system will not match it.
I changed my encryption to md5 because of a game server that has been added to my network so I'll be changing the manage-account file as well.
This is the latest revision of MapleBit, you might as well want to update it in your files

 

[greenelfx]

Been looking up on the ACP and I noticed that when you edit a user's password, it simply store the password the way you entered it (there's real_escape_string and strip_tags) and it doesn't any type of encryption at all, not even sha1..
This may result in a user not able to access his account because if the pw is stored as normal chars and not hashed, the check in the login system will not match it.
I changed my encryption to md5 because of a game server that has been added to my network so I'll be changing the manage-account file as well.
This is the latest revision of MapleBit, you might as well want to update it in your files

Good find, thanks. Password handling throughout MapleBit could be easily improved, so I may do that soon.
I'm may also rollout a feature that allows admins to select their password encryption type, eg sha1, plaintext, md5, and bcrypt.
Although all servers should be using bcrypt, that won't happen anytime soon!

 

[Snopboy]

Good find, thanks. Password handling throughout MapleBit could be easily improved, so I may do that soon.
I'm may also rollout a feature that allows admins to select their password encryption type, eg sha1, plaintext, md5, and bcrypt.
Although all servers should be using bcrypt, that won't happen anytime soon!

Yeah, you're right however most server owners don't have sufficient knowledge to even modify the basic features in their source while following a tutorial lol, let alone changing the encryption and implementing a new one that require the use of external libs unlike sha1/md5, which are included in every language so you don't need to use external libraries and extensions/plugins of some sort.

May I also suggest for future releases to change the way the admin panel works and maybe moving the News and Events to GM panel?
I'll check the entire app and will look for places for improvement but so far MapleBit is the best public MS CMS so I don't think there'll be much place for improvement but maybe new features and such.

Also, another suggestion is to rework MapleBit (which I'll be happy to do with you, I'll learn from it a lot) completely to write it from scratch using the latest PHP features, PDO (use the try and catch functions) and lots more and maybe even to make it an MVC so that it will be easier for people to make themes without having to deal with the back-end but rather dealing with front-end only.
Also I'll be thinking of a way to make it easier to customize it like instead of editing the files and templates directly, why not adding "manage themes" feature (not bootstrap-based) like vBulletin, IPB and WordPress has?

 

[greenelfx]

Yeah, you're right however most server owners don't have sufficient knowledge to even modify the basic features in their source while following a tutorial lol, let alone changing the encryption and implementing a new one that require the use of external libs unlike sha1/md5, which are included in every language so you don't need to use external libraries and extensions/plugins of some sort.

May I also suggest for future releases to change the way the admin panel works and maybe moving the News and Events to GM panel?
I'll check the entire app and will look for places for improvement but so far MapleBit is the best public MS CMS so I don't think there'll be much place for improvement but maybe new features and such.

Also, another suggestion is to rework MapleBit (which I'll be happy to do with you, I'll learn from it a lot) completely to write it from scratch using the latest PHP features, PDO (use the try and catch functions) and lots more and maybe even to make it an MVC so that it will be easier for people to make themes without having to deal with the back-end but rather dealing with front-end only.
Also I'll be thinking of a way to make it easier to customize it like instead of editing the files and templates directly, why not adding "manage themes" feature (not bootstrap-based) like vBulletin, IPB and WordPress has?

I've actually already written a Maple CMS backbone with Laravel (full support for PDO, theming, etc.). I won't be releasing it any time soon because I will be using it in the future when people buy websites for me. So, MapleBit will not be upgraded to MVC, PDO, etc. Only the only development I plan on doing is fixing bugs and adding minor features that may have been left out.

 

[Matt Sixx]

I've actually already written a Maple CMS backbone with Laravel (full support for PDO, theming, etc.). I won't be releasing it any time soon because I will be using it in the future when people buy websites for me. So, MapleBit will not be upgraded to MVC, PDO, etc. Only the only development I plan on doing is fixing bugs and adding minor features that may have been left out.

Working on my pc, but not my VPS. When I go to the row 95, I can't find anything that could be an error?

You must be registered to see links

I also forgot to mention that its only happening on register page.

 

[Cygnus]

Working on my pc, but not my VPS. When I go to the row 95, I can't find anything that could be an error?

You must be registered to see links

I also forgot to mention that its only happening on register page.

As it says, there's a syntax error at line 95. Unless you feel like trying to take this opportunity to learn a bit of php syntax, only way we can help you is if you post an extract of your register.php

 

[Matt Sixx]

As it says, there's a syntax error at line 95. Unless you feel like trying to take this opportunity to learn a bit of php syntax, only way we can help you is if you post an extract of your register.php

Syntax error in fresh clean install would be kind of odd, even more since it was working on my pc before and now its not on my vps.

<?php
if(basename($_SERVER["PHP_SELF"]) == "register.php"){
die("403 - Access Forbidden");
}
if(isset($_SESSION['id'])){
echo "<meta http-equiv=refresh content="0; url=?base=ucp">";
}
else{
echo "<h2 class="text-left">Registration</h2><hr/>";
if (@$_POST["register"] != "1") {
?>
<form action="?base=main&page=register" method="POST" role="form">
<div class="form-group">
<label for="inputUser">Username</label>
<input type="text" name="musername" maxlength="12" class="form-control" id="inputUser" required autocomplete="off" placeholder="Username">
</div>
<div class="form-group">
<label for="inputPass">Password</label>
<input type="password" name="mpass" maxlength="30" class="form-control" id="inputPass" required autocomplete="off" placeholder="Password">
</div>
<div class="form-group">
<label for="inputConfirm">Confirm Password</label>
<input type="password" name="mpwcheck" maxlength="30" class="form-control" id="inputConfirm" required autocomplete="off" placeholder="Confirm Password">
</div>
<div class="form-group">
<label for="inputEmail">Email</label>
<input type="email" name="memail" maxlength="50" class="form-control" id="inputEmail" required autocomplete="off" placeholder="Email">
</div>
<b>reCaptcha</b>
<?php
require_once('assets/config/recaptchalib.php');
$error = null;
$publickey = "6LemqAwAAAAAAF4dIpSjTB3GJt1ax0MRQ9FvOX_T";
$privatekey = "6LemqAwAAAAAAO69RT3j9M1eHPX_ahhmC6Gakuwb";
echo recaptcha_get_html($publickey, $error);
?>
<br/>
<input type="submit" class="btn btn-primary" name="submit" alt="Register" value="Register »"/>
<input type="hidden" name="register" value="1" />
</form>
<br/>
<?php
} else {
if (!isset($_POST["musername"]) OR
!isset($_POST["mpass"]) OR
!isset($_POST["mpwcheck"]) OR
!isset($_POST["memail"]) OR
!isset($_POST["recaptcha_response_field"])) {
die ("<div class="alert alert-error"><b>Error A:</b> Please fill in the correct ReCAPTCHA code!<br/><a href="?base=main&page=register" class="areg">« Go Back</a></div>");
}

$getusername = $mysqli->real_escape_string($_POST["musername"]); # Get Username
$username = preg_replace("/[^A-Za-z0-9 ]/", '', $getusername); # Escape and Strip
$password = $_POST["mpass"]; # Get Password
$confirm_password =$_POST["mpwcheck"]; # Get Confirm Password
$email = $mysqli->real_escape_string($_POST["memail"]);
$birth = "1990-01-01";
$ip = getRealIpAddr();

$continue = false;

require_once('assets/config/recaptchalib.php');

$publickey = "6LemqAwAAAAAAF4dIpSjTB3GJt1ax0MRQ9FvOX_T";
$privatekey = "6LemqAwAAAAAAO69RT3j9M1eHPX_ahhmC6Gakuwb";

$resp = null;
$danger = null;

if ($_POST["recaptcha_response_field"]) {
$resp = recaptcha_check_answer ($privatekey, $_SERVER["REMOTE_ADDR"], $_POST["recaptcha_challenge_field"], $_POST["recaptcha_response_field"]);
if ($resp->is_valid) {
$continue = true;
}
}

if (!$continue) {
echo ("<div class="content"><div class="contentbg registerbg"></div><div class="body_register"><div class="alert alert-danger"><b>Error:</b> Please fill in the correct ReCAPTCHA code!<br/><a href="?base=main&page=register" class="areg">« Go Back</a></div></div></div>");
} else {
$select_user_result = $mysqli->query("SELECT id FROM accounts WHERE name='".$username."' OR email='".$email."' LIMIT 1");
$returned = $select_user_result->num_rows;
if ($returned > 0) {
echo ("<div class="alert alert-danger"><b>Error:</b> This username or email is already used!<br/><a href="?base=main&page=register">« Go Back</a>");
} else if ($password != $confirm_password) {
echo ("<div class="alert alert-danger">Passwords didn't match!<br/><a href="?base=main&page=register">« Go Back</a></div></div></div>");
} else if (strlen($password) < 4 || strlen($password) > 12) {
echo ("<div class="alert alert-danger">Your password must be between 4-12 characters<br/><a href="?base=main&page=register">« Go Back</a>");
} else if (strlen($username) < 4 || strlen($username) > 12) {
echo ("<div class="alert alert-danger">Your username must be between 4-12 characters<br/><a href="?base=main&page=register">« Go Back</a>");
} else if (!strstr($email, '@')) {
echo ("<div class="alert alert-danger">You have filled in a wrong email address<br/><a href="?base=main&page=register">« Go Back</a>");
} else {
//All data is ok
$password = sha1($password);
$insert_user_query = "INSERT INTO accounts (`name`, `password`, `ip`, `email`, `birthday`) VALUES ('".$username."', '".$password)."', '".$ip."', '".$email."', '".$birth."')";
$mysqli->query($insert_user_query);
echo"
<br/><div class="alert alert-success"><b>Success!</b> Please login, and head to the downloads page to get started!</div>
";
}
}
}
}
?>

 

[Cygnus]

Line 95 ".$password)." - > ".$password."
Not sure why you set it up to $password = sha1($password);
instead of using .hash("sha1", $password) at line 95, but yeh, the ) after password gives the syntax error.

 

[Matt Sixx]

Line 95 ".$password)." - > ".$password."
Not sure why you set it up to $password = sha1($password);
instead of using .hash("sha1", $password) at line 95, but yeh, the ) after password gives the syntax error.

MapleBit CMS was already that way.

Well thank you, removing ) worked