Jam skin for Rev cms- Incomplete but useable!

Well I started a skin for revcms a few weeks ago, but have since had little time to finish it off.
It is based off the new paypal layout, which some of you may or may not of seen!
Feel free to edit the images/code/ anything and everything. It is a bit messy in places, but a couple hours of work would soon sort that.

Includes-
Guide(uses javascript, you'll see how to edit it)
Rare values(Was released on here, added into this skin)
Top ten richest users(Coded by me on homepage)
Enjoy!

Jam.rar

Oh and a quick mash up of screenshots
http://oi46.tinypic.com/b9j7eq.jpg

Re: Jam skin for Rev cms- Incomplete but useable!

Sweet :) Nice Navigator you have there.

Ill stick to my custom cms for now.
Thanks anyways.

Re: Jam skin for Rev cms- Incomplete but useable!

Exploit free rare values page:

Code:

<?php include("header2.php"); ?> <section id="content" tabindex="-1"> <div id="messageBox" class="empty"></div> <section id="main"> <div class="blackDotsHeroTop"></div> <div class="nsb_16_8 clear"> <div class="one column"> <h1 class="pageHeadline2"> Rare values</h1> <h2 class="pageSubHeadline">Here you can view the current rare values. Keep checking as they are reguarly updated!</h2> <?php mysql_query( "CREATE TABLE IF NOT EXISTS `values` ( `id` int(11) NOT NULL AUTO_INCREMENT, `name` varchar(255) NOT NULL, `price` varchar(255) NOT NULL, `imgurl` varchar(255) NOT NULL, `timestamp` varchar(255) NOT NULL, PRIMARY KEY (`id`) ) ENGINE=MyISAM DEFAULT CHARSET=latin1 AUTO_INCREMENT=5 ;" ); ?> <ul> <?php if( isset( $_GET['add'] ) ) { ?><li><a href="{url}/values">Rare Values</a></li> <?php }else{ ?><li class="selected">Rare Values</li> <?php } ?> <?php if( $_SESSION['user']['rank'] >= 6 ) { ?><?php if( !isset( $_GET['add'] ) ) { ?><li class="last"><a href="{url}/index.php?url=values&add">Add Rare</a></li> <?php }else{ ?><li class="selected last">Add Rare</li> <?php } ?> <?php } ?> </ul> <h2 class="title"><b><font size="4">Rare Values</font></b></h2> <div style="padding:5px;"> <?php if( isset( $_GET['add'] ) and $_SESSION['user']['rank'] >= 6 ) { if( $_GET['id'] ) { $id = mysql_real_escape_string($_GET['id']); $query = mysql_query( "SELECT * FROM `values` WHERE id = '$id'" ); $array = mysql_fetch_assoc( $query ); } if( $_POST['submit'] ) { $rare_name = mysql_real_escape_string($_POST['rare_name']); $rare_imgurl = mysql_real_escape_string($_POST['rare_imgurl']); $rare_price = mysql_real_escape_string($_POST['rare_price']); $time = time(); if( $_GET['id'] ) { echo "<center><strong>Rare has been updated!</strong></center>"; mysql_query( "UPDATE `values` SET name = '{$rare_name}', imgurl = '{$rare_imgurl}', price = '{$rare_price}', timestamp = '{$time}' WHERE id = '{$_GET['id']}' " ); }else{ echo "<center><strong>Rare has been added!</strong></center>"; mysql_query( "INSERT INTO `values` ( name, imgurl, price, timestamp ) VALUES ( '{$rare_name}', '{$rare_imgurl}', '{$rare_price}', '{$time}' )" ); } echo "<meta http-equiv=\"refresh\" content=\"3;url={url}/values\" />"; }else{ echo "<div>"; echo "<form method=\"post\">"; echo "<table width=\"100%\" cellpadding=\"0\" cellspacing=\"5\">"; echo "<tr>"; echo "<td style=\"width: 25%; text-align: right;\"><label for=\"rare_name\">Rare Name</label></td>"; echo "<td style=\"padding: 0 0 0 10px;\"><input type=\"text\" name=\"rare_name\" size=\"50\" value=\"{$array['name']}\"></td>"; echo "</tr>"; echo "<tr>"; echo "<td style=\"width: 25%; text-align: right;\"><label for=\"rare_imgurl\">Image Url</label></td>"; echo "<td style=\"padding: 0 0 0 10px;\"><input type=\"text\" name=\"rare_imgurl\" size=\"50\" value=\"{$array['imgurl']}\"></td>"; echo "</tr>"; echo "</tr>"; echo "<tr>"; echo "<td style=\"width: 25%; text-align: right;\"><label for=\"rare_price\">Price</label></td>"; echo "<td style=\"padding: 0 0 0 10px;\"><input type=\"text\" name=\"rare_price\" size=\"50\" value=\"{$array['price']}\"></td>"; echo "</tr>"; echo "</table>"; echo "<div class=\"settings-buttons\">"; echo "<input type=\"submit\" value=\"Submit\" name=\"submit\" class=\"submit\" style=\"float: right;\">"; echo "</div>"; echo "</form>"; echo "</div>"; } }elseif( isset( $_GET['delete'] ) and $_GET['id'] ) { $idd = mysql_real_escape_string($_GET['id']); echo "<center><strong>Rare has been deleted!</strong></center>"; mysql_query( "DELETE FROM `values` WHERE id = '$idd'" ); echo "<meta http-equiv=\"refresh\" content=\"3;url={url}/values\" />"; }else{ $query = mysql_query( "SELECT * FROM `values`" ); $j = "a"; echo "<table width=\"100%\" border=\"0\" cellspacing=\"3\" cellpadding=\"5\">"; echo "<tr align=\"center\" style=\"font-weight: bold;\">"; echo "<td>Image</td>"; echo "<td>Name</td>"; echo "<td>Price</td>"; echo "<td>Last Edited</td>"; if( $_SESSION['user']['rank'] >= 6 ) { echo "<td>Options</td>"; } echo "</tr>"; while( $array = mysql_fetch_assoc( $query ) ) { $credits = $array['price']." Credits"; $goldbars500 = ( $array['price'] / 500 )." (<img src=\"http://img204.imageshack.us/img204/5826/goldbar500.png\" />)"; echo "<tr align=\"center\" id=\"rare-{$array['id']}\" class=\"rare {$j}\">"; echo "<td><img src=\"{$array['imgurl']}\" /></td>"; echo "<td>{$array['name']}</td>"; echo "<td>"; echo $credits; echo "<br />"; echo $goldbars500; echo ""; echo "</td>"; echo "<td>".date( "D, d F Y H:i (P)", $array['timestamp'] )."</td>"; if( $_SESSION['user']['rank'] >= 6 ) { echo "<td>"; echo "<a href=\"{url}/index.php?url=values&add&id={$array['id']}\">Edit</a>"; echo "<br />"; echo "<a href=\"{url}/index.php?url=values&delete&id={$array['id']}\">Delete</a>"; echo "</td>"; } echo "</tr>"; $j++; if( $j == "c" ) { $j = "a"; } } echo "</table>"; } ?> </div> <div class="two column nogutter"> <div class="tray-element"> </div> </div> </div> <div class="blackDotsHeroBottom"></div> </section> </section> <?php include("/footer3.php"); ?>

There were three exploits in it... All by unfiltered GET variables. If someone uses this I can run any query on their database with them even knowing so...

Re: Jam skin for Rev cms- Incomplete but useable!

Quote:

Originally Posted by tdid

There were three exploits in it... All by unfiltered GET variables. If someone uses this I can run any query on their database with them even knowing so...

I never got round to checking for exploits, the rare values I added I assumed was safe.

Re: Jam skin for Rev cms- Incomplete but useable!

So much potential in this theme.

Re: Jam skin for Rev cms- Incomplete but useable!

This is a very nice, and clean skin. According to the images, and maybe, if you don't mind, could you please send me some un-edited pictures through PM, as I am not into retros anymore. But other than that, it looks nice, and always be sure to check for exploits. I wish for you to complete this even more, and add more features. But it is a nice base for anyone who wishes to continue to edit and add to the style!

Re: Jam skin for Rev cms- Incomplete but useable!

I am confused as to what this means.

Quote:

I've left a little suprise incase you choose to claim he credits

Have you left a backdoor in this theme?

Re: Jam skin for Rev cms- Incomplete but useable!

Quote:

Originally Posted by Quackster

I am confused as to what this means.

Have you left a backdoor in this theme?

I did, but then I removed it as I thought it was childish. I forgot to edit the footer!

Re: Jam skin for Rev cms- Incomplete but useable!

I don't like it, it's too messy.

Re: Jam skin for Rev cms- Incomplete but useable!

Uhmm.. Very like Paypal.com. But nice man.

Re: Jam skin for Rev cms- Incomplete but useable!

Quote:

Originally Posted by Quid

Uhmm.. Very like Paypal.com.

Quote:

It is based off the new paypal layout, which some of you may or may not of seen!

You really don't say!

Re: Jam skin for Rev cms- Incomplete but useable!

Quote:

Originally Posted by Armo

I don't like it, it's too messy.

Off-topic

Seems like all you can do is negative and grief others thread just because you want to have your post-count up so badly and don't worry everyone is noticing that so when you are going to be posting again then please just post something constructive or don't post at all because it's not making sense at all because all this what you are doing is grieving and messing up someone's release with your spamming.

You haven't tested it nor ever seen it good and therefore you are already judging useless things.

On-topic

Looking good , hopefully you are able to make some more RevCMS skins more once you want to though.