MasterCMS is an advanced management system of content for Retro Servers called "The Retro Servers Framework", written in PHP 7 with features like Advanced Theme System (yes, finally you can make you own theme with easiness) unique functions like export, or import your template, select or even delete it... etc makes MasterCMS an amazing CMS for Retro Servers!
Re: MasterCMS | The RetroServers Revolution | Themes System | Multi Emulator | Multi
design is copied maybe you leave credits for Sonay, me and Y. x)
29-05-17
The General
Re: MasterCMS | The RetroServers Revolution | Themes System | Multi Emulator | Multi
Maybe write a proper topic about what emulators are supported, features, performance etc.
29-05-17
NoBrain
Re: MasterCMS | The RetroServers Revolution | Themes System | Multi Emulator | Multi
I'd give it a solid 1/10 purely for effort.
Front end design is pretty basic and the Housekeeping is just painful to look at. The following is a really quick run through so I'm more than likely missing things.
You are not using prepared statements.
You are not using proper MVC.
There is no CSRF protection.
Little to no commenting on the code.
Using tabs instead of spaces.
In some cases you have used tabs for half the file and then switched to spaces for the other half.
Formatting is completely whack.
From what I can tell there is almost no protection/filtering on the data being passed into the queries.
I noticed in some cases you are suppressing the errors rather than fixing them.
Re: MasterCMS | The RetroServers Revolution | Themes System | Multi Emulator | Multi
Quote:
Originally Posted by NoBrain
I'd give it a solid 1/10 purely for effort.
Front end design is pretty basic and the Housekeeping is just painful to look at. The follow is a really quick run through so I'm more than likely missing things.
You are not using prepared statements.
You are not using proper MVC.
There is no CSRF protection.
Little to no commenting on the code.
Using tabs instead of spaces.
In some cases you have used tabs for half the file and then switched to spaces for the other half.
Formatting is completely whack.
From what I can tell there is almost no protection/filtering on the data being passed into the queries.
I noticed in some cases you are suppressing the errors rather than fixing them.
design is copied maybe you leave credits for Sonay, me and Y. x)
This design was inspired by a public design by Sonay, i will put his credits
And why you? you make the design? my friend Yonier makes a design from 0 inspired on BobbaBIZ design, but i will put credits
sorry, my english is not perfect
This design was inspired by a public design by Sonay, i will put his credits
And why you? you make the design? my friend Yonier makes a design from 0 inspired on BobbaBIZ design, but i will put credits
sorry, my english is not perfect
- - - Updated - - -
Ok bro
- - - Updated - - -
I will put that
- - - Updated - - -
Thanks bro
Bobba.biz is my hotel. Sonay made most pages, but in your download are some pages of me and Y also. So yeah, credits would be good at this point.
30-05-17
BurakDev
Re: MasterCMS | The RetroServers Revolution | Themes System | Multi Emulator | Multi
Your project need a lot of work before being the "retroservers revolution".
As @NoBrain said, I hope the methods encriptPassword, filter, htmlFilter is a big joke.
And the code formatting isn't fucked up by GitHub viewer, raw file have same shit
30-05-17
Delight
Re: MasterCMS | The RetroServers Revolution | Themes System | Multi Emulator | Multi
Good luck with that SQLi and CSRF.
I wouldn't even call this PHP 5, so why call it PHP 7?
Re: MasterCMS | The RetroServers Revolution | Themes System | Multi Emulator | Multi
Okay. I see queries inside a controller? I always thought database shit should be done in a model. Also, the code isn't really great.
PHP Code:
define('ADS', true);
What does this do?
PHP Code:
$query = $this->con->query("SELECT * FROM news WHERE id = '{$this->protection->filter($id)}' LIMIT 1"); $select = mysqli_fetch_assoc($query);
Use prepared statements...
PHP Code:
if (!$select['block_view_profile']) {
Isset??
30-05-17
NoBrain
Re: MasterCMS | The RetroServers Revolution | Themes System | Multi Emulator | Multi
Quote:
Originally Posted by Glaceon
Okay. I see queries inside a controller? I always thought database shit should be done in a model. Also, the code isn't really great.
Models define the validation rules for input fields and saving data, relationships to other tables, what table it should access and any custom methods that related to that table and need to be globally accessible to the Controllers. Queries are run through the Controllers but the Models are used for many things.
30-05-17
Emily
Re: MasterCMS | The RetroServers Revolution | Themes System | Multi Emulator | Multi
Quote:
Originally Posted by NoBrain
Models define the validation rules for input fields and saving data, relationships to other tables, what table it should access and any custom methods that related to that table and need to be globally accessible to the Controllers. Queries are run through the Controllers but the Models are used for many things.
Oh yeah of course, I should've known; I even looked at some Symfony examples today. Stupid me. Thanks for telling me though.
05-06-17
ovflowd
Re: MasterCMS | The RetroServers Revolution | Themes System | Multi Emulator | Multi
Code is like... @NoBrains over 9000. That's something awful to look.
How did you coded this without in your head something popup like "I think there is so much if/elses here"...
Guy what the hell it's that encryption method. Does you ever know that passwords need be hashed and not encrypted.
I can just decode the password with base64_decode.
Dafuq. That method isn't even secure.
Anyways, good luck with refactoring this. Maybe you be a newbie on programming field, so good luck.
05-06-17
LxBlack
Re: MasterCMS | The RetroServers Revolution | Themes System | Multi Emulator | Multi
The design is a "Default Theme" you can to create your own theme easy, and i know i use a lot of if/else, At first I liked to use them but now I realized that they look orribles, I could use elseif.
I create the encryption function for if a CMS uses an encryption type do not have to restart users and simply change the type of encryption to that of its old cCMS
05-06-17
Emily
Re: MasterCMS | The RetroServers Revolution | Themes System | Multi Emulator | Multi
Quote:
Originally Posted by LxBlack
The design is a "Default Theme" you can to create your own theme easy, and i know i use a lot of if/else, At first I liked to use them but now I realized that they look orribles, I could use elseif.
I create the encryption function for if a CMS uses an encryption type do not have to restart users and simply change the type of encryption to that of its old cCMS
B-B-But you don't ENCRYPT passwords... you HASH them o_O If you encrypt them and somehow the database is leaked all the passwords can be decrypted o_O.
05-06-17
LxBlack
Re: MasterCMS | The RetroServers Revolution | Themes System | Multi Emulator | Multi
I will change to MD5, Thanks!
05-06-17
Tafelglotzer
Re: MasterCMS | The RetroServers Revolution | Themes System | Multi Emulator | Multi
Quote:
Originally Posted by LxBlack
I will change to MD5, Thanks!
Dont use md5!!! use password_hash()
05-06-17
ovflowd
Re: MasterCMS | The RetroServers Revolution | Themes System | Multi Emulator | Multi
Quote:
Originally Posted by LxBlack
I will change to MD5, Thanks!
MD5 isn't anymore secure. Use password_hash() or at least bcrypt() or something else.
05-06-17
Emily
Re: MasterCMS | The RetroServers Revolution | Themes System | Multi Emulator | Multi
Quote:
Originally Posted by LxBlack
I will change to MD5, Thanks!
You should as others suggested as well use password_hash. It will become like:
PHP Code:
$password = password_hash('password');
Where as 'password' is the password you want to hash.
You can verify using password_verify:
PHP Code:
if (password_verify('inputpassword', $hash))
Where as 'inputpassword' is the input password you want to check the user inserts (non-hashed) and $hash is the hashed password from the database.
05-06-17
ovflowd
Re: MasterCMS | The RetroServers Revolution | Themes System | Multi Emulator | Multi
Quote:
Originally Posted by Glaceon
You should as others suggested as well use password_hash. It will become like:
PHP Code:
$password = password_hash('password');
Where as 'password' is the password you want to hash.
You can verify using password_verify:
PHP Code:
if (password_verify('inputpassword', $hash))
Where as 'inputpassword' is the input password you want to check the user inserts (non-hashed) and $hash is the hashed password from the database.
Regarding, that by default password_hash() will use RANDOM Salts. Because that, recommend to use "PASSWORD_BCRYPT" flag.
Re: MasterCMS | The RetroServers Revolution | Themes System | Multi Emulator | Multi
Quote:
Originally Posted by saamus
Regarding, that by default password_hash() will use RANDOM Salts. Because that, recommend to use "PASSWORD_BCRYPT" flag.
***
Quote:
Warning
The salt option has been deprecated as of PHP 7.0.0. It is now preferred to simply use the salt that is generated by default.
So, shouldn't use custom salts.
05-06-17
ovflowd
Re: MasterCMS | The RetroServers Revolution | Themes System | Multi Emulator | Multi
Quote:
Originally Posted by Glaceon
So, shouldn't use custom salts.
The salt option is the third argument from the function, the second one "PASSWORD_BCRYPT" still recommended.
06-06-17
Taiga
Re: MasterCMS | The RetroServers Revolution | Themes System | Multi Emulator | Multi
Not going to bash on this but there is nothing advanced on this project. I think this is more of an learning experience for you guys and you should drop the 'advanced framework' and just call it a website for retro servers.
It's good to see you guys working on this project and I really encourage you guys to keep working on it but don't say it's something that it isn't it just makes it look bad.
MD5 on it's own was never secure in the first place, it's just another hashing algorythm.
You should always seed your passwords when you hash them so it will not be obvious inside the database if users share the same password.
Anyways as many suggested, use the password_hash function which is build-in into PHP since 5.5. It has hashing and seeding built-in. PHP: password_hash - Manual
Here is a friendly warning as a developer:
Quote:
YOU SHOULD NEVER ENCRYPT PASSWORDS; HASH THEM INSTEAD.
HASHING IS A ONE WAY OPERATION AND CANNOT BE REVERSED.
DO NOT USE OLD TUTORIALS FOR PASSWORD HASHING; LOOK UP RECENT ONES.
- - - Updated - - -
Quote:
Originally Posted by saamus
The salt option is the third argument from the function, the second one "PASSWORD_BCRYPT" still recommended.
No need to manually supply a salt since it's done on the fly in PHP. I suggest a minimum cost of 10.
Re: MasterCMS | The RetroServers Revolution | Themes System | Multi Emulator | Multi
lol this section turned to fucking shit. look at you all acting like you're 10x better than him and are naturally born web developers, stfu
i don't quite get why u all overcomplicate cms' now adays, it's not that deep bro. just use ubercms or idk make one from scratch, use joopies mysqli class, use raintpl and bobs your uncle fannys your aunt.
12-07-17
JerryCool
Re: MasterCMS | The RetroServers Revolution | Themes System | Multi Emulator | Multi
Quote:
Originally Posted by Livar
lol this section turned to fucking shit. look at you all acting like you're 10x better than him and are naturally born web developers, stfu
i don't quite get why u all overcomplicate cms' now adays, it's not that deep bro. just use ubercms or idk make one from scratch, use joopies mysqli class, use raintpl and bobs your uncle fannys your aunt.
