[PHP/Recruiting] Sky CMS - MMORPG Private Server Content Management

I've recently picked back up my old project of creating a universal MMORPG private server CMS. Basically a CMS you can use for any game found here at RZ. The name will probably be changed. Its just something that went with the template I'm using.

It will install similarly to vB, asking you for a few basic configurations. The installation will then prompt you to select your game where the CMS will base itself around. Adding functionality for each game's database will take time but I believe it would be an interesting project.

I've been working on the base all morning. Its kind of a mix of OOP and procedural programming atm, though I plan on having it completely OOP based by the time its finished.

If anyone is interested in helping out just send me a message or hit me up on MSN. If you have any questions or suggestions feel free to post them. I'd like to hear any and all feedback regarding this project.

Got a live demo now. It may occasionally be down as its hosted off my PC.

Live demo: http://rondev.dyndns.org/skycms/index.php

Login w/
User: Demo
Pass: demo123

I encourage anyone to try out all the features implemented so far to help me find bugs. If you add new articles just delete them afterwards so people can be updated on the progress.



Preview shots. Took them out of img tags since they were too big.

http://i40.tinypic.com/10y2n7k.png

http://i44.tinypic.com/260ylgm.png

http://i42.tinypic.com/214y452.png

Suggestion: make the background pictures of minecraft, with the top portion the sky in minecraft. The beige on the bottom is less interesting than a beautiful minecraft creation :D.

Quote:

---

Originally Posted by jMerliN

Suggestion: make the background pictures of minecraft, with the top portion the sky in minecraft. The beige on the bottom is less interesting than a beautiful minecraft creation :D.

---

Make a script that has a creeper blowing up the page and I'll totally do it. :D

This looks awesome, good luck :D
Will you be making a theme system for this?

Quote:

---

Originally Posted by Caustik

This looks awesome, good luck :D
Will you be making a theme system for this?

---

Planning on it. I only learned PHP back in mid-july so this is a test for myself pretty much.

Even if I can't pull it off I'm sure someone would be willing to help out.

closed or open source?

It'll make more progress being open source, though if anyone is willing to help out I want to get their opinions first.

Implemented article deletion, will add editing after playing some tf2. :P

view pics.

Feel free to PM me if you still need coder. Not a pro but I know some things.

Got a live demo link.

Sky CMS

Login w/
User: Demo
Pass: demo123

I encourage anyone to try out all the features implemented so far to help me find bugs. If you add new articles just delete them afterwards so people can be updated on the progress.

Edit-
Demo is back up, automatic updates restarted my PC while I was at school

(might of found a bug or it might of been done on purpose).

I generated a news article with basically

Code:

---

<b>bold</b>
<em>italic</em>
<a href="http://google.com.au">link</a>

---

and when I went back to edit the article it goes back to plain text, so it just says bold, italic and the link disappears altogether.

Articles for the most part will only work with text and line breaks. There aren't any formatting functions except for slashes and breaks.

Ron, you should make ranks, and do so other people can't change news and such? I can see the demo user can edit, text etc.

Looks like there already is ranks.

When logged in it says - Rank: Administrator

Yeah, there are ranks. I set the demo as admin so people can test out the management panel. I trust no one here will try to fuck anything up lol.

Oh lol, didn't see that Parker :p

Well, okay Ron :) I was just wondering why it could access it :p

Yep, no prob.

Multiple XSS / SQLi vulnerabilities. I reported it to Ron along with screen shots and point-of-entry.

You should really work more on your security skills before trying to make something like this public, though it's a DEMO I understand that, but still security is a big problem. Especially when your running WAMP, then again I will say its only a Demo.

Fail.

Someone exploited your demo...

Protect from SQL injections:
http://forum.ragezone.com/f578/php-m...on-rid-656725/

Fail how? Its obviously a prototype lol. I have absolutely no concern over security of something that will never be released.

I'm coding it in a way that will let me roughly test out different ways to do things. I've made and sold multiple secure websites I've coded from scratch, so saying I should improve security on a prototype is failed logic.

Got anything useful to post?
Posted via Mobile Device

Yet, you've been coding for what.. since the middle of July... so yet most likely you have no knowledge of extended OOP / Other types of SQL Injections... tell me what other "sites" you have made and "so-called" secure websites maybe we can test your bluff... this may be 'prototype' but yet doesn't shine all too well.

Let's test your "skills" less than one year doesn't constitute you as a good programmer or even secure at that, Let me know when you reach year 4+.

Edit : Also, why would I want to release my PHP work on a site full of leechers, I work for pay not for free lol. IE I actually get paid for my job title as a programmer and have credentials to do so.

Recap:

Quote:

---

I encourage anyone to try out all the features implemented so far to help me find bugs.

---

*I post security fix*

Quote:

---

Originally Posted by Ron

Got anything useful to post?
Posted via Mobile Device

---

Fail.

>Exploit a Demo
>Get Bigger e-Penis
>Bigger e-Penis
>e-Penis

http://lolzombie.com/wp-content/uplo...ge_e_penis.jpg


By the way; I didn't exploit it. Q_Q

Totally had a post written but my fail blackberry's browser crashed lol, I'll make a proper post when I get home.

uebari; are you serious? lol
Posted via Mobile Device

LOL, awe.. some ego you have for a newbie to PHP that can easily be injected. So, still let's see your other work if your so "good".

So your Post count is big... but that doesn't mater you "professional" or better than anyone, just means you wasted your life more than others.....

yay for E-Peen xD...

Quote:

---

Originally Posted by Ron

uebari; are you serious? lol

---

Oooo is this a Coder Duel! :scared:

I don't think he even knows how to use PDO or OOP yet... so it's not a real Duel.

Ignoring above arguments, if you need GFX I can help.
I'm still a noob, but I know my way around Photoshop.

PM me.

Quote:

---

Originally Posted by (Basic)

Ignoring above arguments, if you need GFX I can help.
I'm still a noob, but I know my way around Photoshop.

PM me.

---

1.) Not an argument, his thing is very useless and insecure, we tried to help but he told me to post something more useful.

2.) If he had a lower post-count and less rep, people would see how shitty his code is (which apparently hasn't improved since his first cms release in July, where he claims to have "first started coding php:"

PHP Code:

---

<center>
<?php

include('config.php');
include_once('functions.php');

if(isset($_POST['register'])){
    $username = $_POST['username'];
    $password = $_POST['password1'];
    $confirm_password = $_POST['password2'];
    $email = $_POST['email1'];
    $confirm_email = $_POST['email2'];
    $pin = $_POST['pin1'];
    $confirm_pin = $_POST['pin2'];

    if ((preg_match('/[\'^£$%&*()}{@#~?><>,|=_+¬-]/', $username)) || (preg_match('/[\'^£$%&*()}{@#~?><>,|=_+¬-]/', $password))){
        echo '<font color="red">Special characters not allowed in account name or password.</font>';
        exit();
    }
    if ((preg_match('/[\'^£$%&*()}{@#~?><>,|=_+¬-]/', $pin)) || (preg_match('/[\'^£$%&*()}{@#~?><>,|=_+¬-]/', $confirm_pin))){
        echo '<font color="red">Special characters not allowed in PIN.</font>';
        exit();
    }

    echo '<p><b>-- Result --</b></p>';

    if((strlen($username) < "4") || (strlen($username) > "15")){
        echo '<font color="red">Account name length must be between 4 and 15 characters.</font>';
        exit();
    } else if($password != $confirm_password){
        echo '<font color="red">Your passwords do not match.</font>';
        exit();
    } else if((strlen($password) < "4") || (strlen($password) > "15")){
        echo '<font color="red">Your password must be between 4 and 15 characters long.</font>';
        exit();    
    } else if($email == NULL){
        echo '<font color="red">Please enter an email address.</font>';
        exit();
    } else if($email != $confirm_email){
        echo '<font color="red">Email address does not match.</font>';
        exit();
    } else if($pin == NULL){
        echo '<font color="red">Please enter a security PIN.</font>';
        exit();
    } else if($pin != $confirm_pin){
        echo '<font color="red">Your PIN numbers do not match.</font>';
        exit();
    } else if(strlen($pin) != "4"){
        echo '<font color="red">Your PIN must be 4 numbers.</font>';
        exit();
    } else {
        doAccountDB();
        $query = "INSERT INTO t_account (name, pwd, pw2, email, pin) VALUES ('$username', '".md5($password)."', '$confirm_password', '$email', '$pin')";
        $res = mysqli_query($mysqli_account, $query) or die(mysqli_error($mysqli_account));
        if($res == true){
            echo '<font color="green">Account created.</font>';
        }
        mysqli_close($mysqli_account);
    }
}

?>
</center>

---

If you can't find anything wrong with that code, you cannot code.

3.) Why don't you just help with a real CMS that's actually open source and secure?


Edit: This is not a flame war, it's an eye-opener for a very arrogant person with too many noobs bowing down for nothing.


Want something more useful Ron?

Accept Constructive Criticism. The First Time.

If you want to make your own CMS, I recommend you use a PHP framework if you are not highly experienced. Even if you are... it is still a good idea.

Are you using MySQLi over the standard procedural MySQL stuff?

Anyway, looks good, good luck!
Posted via Mobile Device

Quote:

---

Originally Posted by Caustik

Are you using MySQLi over the standard procedural MySQL stuff?

Anyway, looks good, good luck!
Posted via Mobile Device

---

Of course. I've always used mysqli, as all the books / tutorials I've read followed it.

Quote:

---

Originally Posted by Ron

Of course. I've always used mysqli, as all the books / tutorials I've read followed it.

---

You're not using the features it offers, such as prepared statements..

Go ahead and negative rep me, you're still doing it wrong.

When a hacker contacted me with security vulnerabilities on my CMS, I said "thank-you" and fixed it the same day.

At least I was nice enough to tell you how to fix it, you should tell me "thank you very much."

I love it, the theme is really nice! Unfortunately I can't view the demo as the link is down. Good luck.

QMaple v97 - Homepage ripped your style?

Nah, its too simple..the cms is way too basic.