- Joined
- Aug 10, 2011
- Messages
- 7,399
- Reaction score
- 3,308
"It's not hackable"
Ha!
If you do it all correctly then it is not hackable through the CMS.
Follow along with the video below to see how to install our site as a web app on your home screen.
Note: This feature currently requires accessing the site using the built-in Safari browser.
"It's not hackable"
Ha!
You're wrong yet again!If you do it all correctly then it is not hackable through the CMS.
Hi RageZone!
A few minutes ago i posted a thread of HabboProjects... In that thread you already seen some things about the total project...
What is TabboPHP
TabboPHP is a content management system for Habbo Retro's.
It is a fully responsive and fast cms.
It works on any browsers, without lagg or bugs.
It is not hackable!
It is based on Smarty.
What are the features?
*Facebook Login and Register.
*Groups and Homes.
*Perfect copy of Habbo.com but with groups
*FAQ and Helptool
*Forum
*Shop
*Fancy Administration Panel
Almost Habbo, a huge edit of HabboPHP
As all of you guys know, the big messed up project HabboPHP (habbophp.com) has failed their job... HabboPHP is hackable with LFI injection... So me and my team builded a new version on Smarty... Smarty is a stable administration and securing content for websites. My team and i eddited the whole Smarty version... And builded a NEW Habbo CMS on it. Wich is now with WORKING homes, groups, and facebook login! This is the first time ever a non hackable cms with working Facebook login and register, homes, and groups is gonna be made!
Almost Habbo, but still not Habbo... ?!?!?!
TabboPHP contains more plugins then the real Habbo CMS... It is more easier to install, and more easier to use.
NO WORRY FOR A WORKING DATABASE!
You can use every database you want to! TabboPHP makes new tables as tabbophp_settings, etc... This all is more easier for you guys to choose a version / update a version.
So many plugins, but still such fast?
Yes... Many people on skype asked how that can be... Such as i sad we are using Smarty Content... This also makes the website even more faster than possible..
Does this work on Xampp / IIS / ngnix / Webhost?
Yes, TabboPHP is fully functionally on ALL of these named hosts.
I recommend you using a Webhosting and a very little VPS... On this way your website is as fast as posible... And you Emulator contains no virusses or lagg because there is nothing else on the server that can mess up your emulator.
Screens & Snippets:
View attachment 140580
Pictures of the index are not included because i am making him better, and nicer. More screens wil be able to see soon.
Snippets:
CORE.PHP:
PHP:<?php#|#|#|#|#|#|#|#|#|#|#|#|#|#|#|#|#|#|#|#|#|#|#|#|#|#|#|#|#|#|#|#|#|#|#|#|#|#|#| #|#| TABBOPHP - http://tabbophp.eu #|#| Copyright © 2013 VariousCoderz. All rights reserved. #|#| #|#|#|#|#|#|#|#|#|#|#|#|#|#|#|#|#|#|#|#|#|#|#|#|#|#|#|#|#|#|#|#|#|#|#|#|#|#|#|if(!defined('CORE')) die('Error core acces') ; ini_set('display_errors', 1); ini_set('log_errors', 1); error_reporting(1); $path = dirname(__FILE__) ;$path = str_replace("includes","",$path);define('PATH',$path); /*+===================================+| Security |+===================================+*/ $injection = 'INSERT|UNION|SELECT|NULL|COUNT|FROM|LIKE|DROP|TABLE|WHERE|COUNT|COLUMN|TABLES|INFORMATION_SCHEMA|OR' ;foreach($_GET as $getSearchs){ $getSearch = explode(" ",$getSearchs); foreach($getSearch as $k=>$v){ if(in_array(strtoupper(trim($v)),explode('|',$injection))){ exit; } }} /*+===================================+| Configuration PHP |+===================================+*/ // correct Apache charset (except if it's too lateif (!headers_sent()) header('Content-Type: text/html; charset=utf-8'); ini_set('default_charset', 'utf-8'); if (function_exists('date_default_timezone_set')){ @date_default_timezone_set('Europe/Paris');} if (!defined('_MYSQL_REAL_ESCAPE_STRING_')) define('_MYSQL_REAL_ESCAPE_STRING_', function_exists('mysql_real_escape_string')); /*+===================================+| Verification installation |+===================================+*/ $file_settings = $path.'includes/settings.inc.php' ;if(!file_exists($file_settings)){ if(!file_exists($path.'/install')){ die('Install directory is missing ( ERROR 04 ). The installation folder is still active! Delete it or rename it!'); } header('Location:install/');} /*+===================================+| Importation des librarys |+===================================+*/if(!defined('SETTINGS')) require $path.'includes/settings.inc.php'; require $path.'class/html_dom.php' ; require $path.'class/cookie.class.php' ; require $path.'class/class.config.php' ; require $path.'class/class.mysql.php' ; require $path.'class/class.db.php' ; require $path.'class/smarty/Smarty.class.php'; require $path.'includes/functions.php'; require $path.'class/class.users.php'; require $path.'class/class.auth.php'; require $path.'class/class.error.php' ; require $path.'class/recaptchalib.php' ; require $path.'class/class.phpmailer.php' ; require $path.'class/class.tools.php' ; require $path.'class/class.validate.php' ; require $path.'class/rooms.class.php' ; require $path.'class/groups.class.php' ; /*+===================================+| Connection to Database |+===================================+*/ $Mysql = new Mysql(HOST,USER_DB,PASSWORD_DB,NAME_DB) ; mysql_query("SET NAMES UTF8"); /*+===================================+| Smarty Installation Secure |+===================================+*/ try{ $tpl = new Smarty(); //Smarty Template} catch (SmartyException $e) { }$config = new config() ; //Configuration$Auth = new Auth(); //Authentification$db = new Db();setGlobalStats(); /*+===================================+| Initialisation of the users |+===================================+*/ if(isset($_SESSION['uid']) && !empty($_SESSION['uid']) && is_numeric($_SESSION['uid'])) $user = new users($_SESSION['uid']); //if(isset($_SESSION['uid']) && !empty($_SESSION['uid']) && is_numeric($_SESSION['uid']))// $user = Factory::load($path,'users'.EMULATOR,array('id' => $_SESSION['uid'])); /*+===================================+| Configuration smarty |+===================================+*/ //Configuration smarty$tpl->force_compile = true ; //TRUE : Developpement ; FALSE : Production//$tpl->cache_lifetime = 900; //Dont touch this! Touching this will mess up the whole CMS.$tpl->compile_check = false;$tpl->debugging = false; $tpl->debugging_ctrl = 'NONE'; // 'NONE' on production$tpl->caching = false; try{ $tpl->template_dir = $path.'themes/tabbophp/'; $tpl->compile_dir = $path.'themes/tabbophp/templates_c/'; $tpl->config_dir = $path.'modules/lang/'; } catch (SmartyException $e) { } //Variable of the Template (Included Smarty Secure)$arrStr = explode("/", $_SERVER['SCRIPT_NAME'] ); $arrStr = array_reverse($arrStr );$tpl->assign('url',$arrStr[0]);$tpl->assign('emulator',EMULATOR);$tpl->assign('lang_dir',$path.'modules/lang');$tpl->assign('lang',$config->lang);$tpl->assignByRef('config', $config);$tpl->assignByRef('user', $user);$tpl->configLoad($path.'modules/lang/'.$config->lang.'.lang');define('SMARTY_DEBUG_CONSOLE', false); $k_public = '6LenR88SAAAAAMcaw4UWGvAUyDD_HIj97eUBsNhf'; $privatekey = '6LenR88SAAAAAGhwPRprdBpxYR1D591QjX-TVgB9'; $tpl->assign('captcha',recaptcha_get_html($k_public)); $tpl->assign('public_key',$k_public); /*+===================================+| Error texts and config |+===================================+*/ if (!isset($_SERVER['REQUEST_URI']) OR empty($_SERVER['REQUEST_URI'])){ if (substr($_SERVER['SCRIPT_NAME'], -9) == 'index.php' && empty($_SERVER['QUERY_STRING'])) $_SERVER['REQUEST_URI'] = dirname($_SERVER['SCRIPT_NAME']).'/'; else { $_SERVER['REQUEST_URI'] = $_SERVER['SCRIPT_NAME']; if (isset($_SERVER['QUERY_STRING']) AND !empty($_SERVER['QUERY_STRING'])) $_SERVER['REQUEST_URI'] .= '?'.$_SERVER['QUERY_STRING']; }} if (!isset($_SERVER['HTTP_HOST']) OR empty($_SERVER['HTTP_HOST'])) $_SERVER['HTTP_HOST'] = @getenv('HTTP_HOST'); ?>
Functions.php:
PHP:<!-- Funtions.php -- Dont touch this!!! --><?php function safe($val, $type = 'SQL'){if($type == NULL) $type = 'SQL' ; if ($type == 'HTML') { $val = strip_tags($val); return htmlspecialchars($val); } else if ($type == 'SQL') { if (get_magic_quotes_gpc()) $val = stripslashes($val); return mysql_real_escape_string($val) ; } return (false);} function hashMe($str) { $config_hash = "xCg532%@%gdvf^5DGaa6&*rFTfg^FD4\$OIFThrR_gh(ugf*/"; $str = safe(sha1($str . $config_hash),'SQL'); return $str; } function redirection($url){ if(!headers_sent()) header('Location:'.$url); else echo '<script>window.location.replace("'.$url.'");</script>' ; exit ;} function FullDate($str) { $H = date('H'); $i = date('i'); $s = date('s'); $m = date('m'); $d = date('d'); $Y = date('Y'); $j = date('j'); $n = date('n'); switch ($str) { case "day": $str = $j; break; case "month": $str = $m; break; case "year": $str = $Y; break; case "today": $str = $d; break; case "full": $str = date('d-m-Y H:i:s',mktime($H,$i,$s,$m,$d,$Y)); break; case "datehc": $str = "".$j."-".$n."-".$Y.""; break; default: $str = date('d-m-Y',mktime($m,$d,$Y)); break; } return $str; } /*function youtube($y){$url = $y;parse_str( parse_url( $url, PHP_URL_QUERY ), $my_array_of_vars );return '<object wmode="opaque" width="210" height="136"><param name="wmode" value="http://www.youtube.com/v/'.$my_array_of_vars['v'].'?version=3&hl=fr_FR" wmode="opaque"></param><param wmode="opaque" name="wmode" value="true"></param><param wmode="opaque" name="wmode" value="always"></param><embed src="http://www.youtube.com/v/'.$my_array_of_vars['v'].'?version=3&hl=fr_FR" type="application/x-shockwave-flash" width="210" height="136" allowscriptaccess="always" wmode="opaque" allowfullscreen="true"></embed></object>';} */ function youtube($url,$return='embed',$width='',$height='',$rel=0){ $urls = parse_url($url); //url is http://youtu.be/xxxx if(isset($urls['host']) && $urls['host'] == 'youtu.be' ){ $id = ltrim($urls['path'],'/'); } //url is http://www.youtube.com/embed/xxxx else if(isset($urls['path']) && strpos($urls['path'],'embed') == 1){ $id = end(explode('/',$urls['path'])); } //url is xxxx only else if(strpos($url,'/')===false){ $id = $url; } //http://www.youtube.com/watch?feature=player_embedded&v=m-t4pcO99gI //url is http://www.youtube.com/watch?v=xxxx else{ if(isset($urls['query'])){ parse_str($urls['query']); $id = $v; if(!empty($feature)){ $id = end(explode('v=',$urls['query'])); } } } //return embed iframe if(isset($id)){ if($return == 'embed' && isset($id)){ //return '<iframe width="'.($width?$width:560).'" height="'.($height?$height:349).'" src="http://www.youtube.com/embed/'.$id.'?rel='.$rel.'" frameborder="0" allowfullscreen></iframe>'; return '<object wmode="opaque" width="210" height="136"><param name="wmode" value="http://www.youtube.com/v/'.$id.'?version=3&hl=fr_FR" wmode="opaque"></param><param wmode="opaque" name="wmode" value="true"></param><param wmode="opaque" name="wmode" value="always"></param><embed src="http://www.youtube.com/v/'.$id.'?version=3&hl=fr_FR" type="application/x-shockwave-flash" width="210" height="136" allowscriptaccess="always" wmode="opaque" allowfullscreen="true"></embed></object>'; } //return normal thumb else if($return == 'thumb'){ return 'http://i1.ytimg.com/vi/'.$id.'/default.jpg'; } //return hqthumb else if($return == 'hqthumb'){ return 'http://i1.ytimg.com/vi/'.$id.'/hqdefault.jpg'; } // else return id else{ return $id; } }} function bbcode($text){ $text=safe($text,'HTML');if(preg_match('#youtube#',$text)){$youtube = preg_replace('!\[youtube\](.+)\[/youtube\]!isU', '$1',$text);if(isset($youtube) && !empty($youtube)){$text = youtube($youtube,'embed');}}$text = preg_replace('!\[quote\](.+)\[/quote\]!isU', '<div class="citationforum">$1</div>', $text); $text = preg_replace("!\[quote\=(.+)\](.+)\[\/quote\]!isU", "<div class='citationforum'><strong>$1 :</strong><br>$2</div>", $text); $text = preg_replace('!\[b\](.+)\[/b\]!isU', '<strong>$1</strong>', $text);$text = preg_replace('!\[i\](.+)\[/i\]!isU', '<em>$1</em>', $text);$text = preg_replace('!\[u\](.+)\[/u\]!isU', '<span style="text-decoration:underline;">$1</span>', $text);$text = preg_replace('!\[center\](.+)\[/center\]!isU', '<p tyle="text-align:center;margin:0px;padding:0px;">$1</p>', $text);$text = preg_replace('!\[right\](.+)\[/right\]!isU', '<p style="text-align:right;margin:0px;padding:0px;">$1</p>', $text);$text = preg_replace('!\[left\](.+)\[/left\]!isU', '<p style="text-align:left;margin:0px;padding:0px;">$1</p>', $text); $text = preg_replace('!\[titre\](.+)\[/titre\]!isU', '<h3>$1</h3>',$text); $text = preg_replace('!\[email\](.+)\[/email\]!isU', '<a onclick="ga('send', 'event', 'Outgoing', '', '<a ');" rel="nofollow" href="mailto:$1">$1</a>',$text); $text = preg_replace('!\[img\](.+)\[/img\]!isU', '<img src="$1" border="0">',$text); $text = preg_replace('!\[url\](.+)\[/url\]!isU', '<a href="$1" target="_blank">$1</a>',$text); $text = preg_replace('!\[facebook\](.+)\[/facebook\]!isU', '<a onclick="ga('send', 'event', 'Outgoing', 'facebook.com', '/<a ');" rel="nofollow" href="http://facebook.com/$1" class="uibutton confirm" target="_blank">Facebook</a>',$text); $text = preg_replace('!\[red\](.+)\[/red\]!isU', '<font color="red">$1</font>',$text);$text = preg_replace('!\[blue\](.+)\[/blue\]!isU', '<font color="blue">$1</font>',$text);$text = preg_replace('!\[green\](.+)\[/green\]!isU', '<font color="green">$1</font>',$text);$text = preg_replace('!\[orange\](.+)\[/orange\]!isU', '<font color="orange">$1</font>',$text);$text = preg_replace('!\[pink\](.+)\[/pink\]!isU', '<font color="darkpink">$1</font>',$text); $text = preg_replace('!\[small\](.+)\[/small\]!isU', '<font style="font-size:8px;">$1</font>',$text);$text = preg_replace('!\[medium\](.+)\[/medium\]!isU', '<font style="font-size:12px;">$1</font>',$text);$text = preg_replace('!\[large\](.+)\[/large\]!isU', '<font style="font-size:18px;">$1</font>',$text); $text = preg_replace('!\[br\]!isU', '<br />',$text); return($text); } //Cette fonction génère, sauvegarde et retourne un token//Vous pouvez lui passer en paramètre optionnel un nom pour différencier les formulairesfunction generer_token($nom = ''){ $token = uniqid(rand(), true); $_SESSION[$nom.'_token'] = $token; $_SESSION[$nom.'_token_time'] = time(); return $token;} //**************************************************************************////**************************************************************************////**************************************************************************// function verifier_token($referer = '', $nom = ''){ if(isset($_GET['token'])){ if(isset($_SESSION[$nom.'_token']) && isset($_SESSION[$nom.'_token_time']) && isset($_GET['token'])) if($_SESSION[$nom.'_token'] == $_GET['token']) if($_SESSION[$nom.'_token_time'] >= (time() - $temps)) if(strtolower($_SERVER['HTTP_REFERER']) == strtolower($referer)) return true; echo 'ERROR TOKEN' ; return false; } if(isset($_POST['token'])){ if(isset($_SESSION[$nom.'_token']) && isset($_SESSION[$nom.'_token_time']) && isset($_POST['token'])) if($_SESSION[$nom.'_token'] == $_POST['token']) if($_SESSION[$nom.'_token_time'] >= (time() - $temps)) if(strtolower($_SERVER['HTTP_REFERER']) == strtolower($referer)) return true; return false; }} function false_token(){ } function getLastIndice(){ $e = explode('/',$_SERVER['HTTP_REFERER']) ; $lastPage = count($e); return $e[$lastPage - 1];} //Function Log function addLog($user,$action){ if(mysql_query('INSERT INTO habbophp_logs VALUES ("","'.safe($user,'SQL').'","'.safe($action,'SQL').'",NOW(),"'.safe($_SERVER['REMOTE_ADDR'],'SQL').'")')) return(true) ; else return(false);} function addLogsPaiement($uid,$MoyenDePaiement){ if(mysql_query('INSERT INTO habbophp_paiement_logs VALUES ("","'.safe($uid,'SQL').'","'.safe($MoyenDePaiement,'SQL').'",NOW())')) return (true);} function setGlobalStats(){ $t = 'habbophp_stats' ; $d = date('Y-m-d') ; $req = mysql_query('SELECT date FROM habbophp_stats WHERE date="'.$d.'"'); if(mysql_num_rows($req) == 0) $req = mysql_query('INSERT INTO habbophp_stats (date) VALUES (NOW())'); if(!isset($_COOKIE['View'])){ setcookie('View','true', time() + 2*3600, null, null, false, true); $req = mysql_query('UPDATE '.$t.' SET visites=visites+1 WHERE date="'.$d.'"'); } $req = mysql_query('UPDATE '.$t.' SET pagesvues=pagesvues+1 WHERE date="'.$d.'"');} function selectmod($username){ $prefix = array('ADM-','MOD-','M0D-','SOS-','S0S-','XXX-','OWN-','0WN-','HELP-','SPONSO-','SP0NSO-','SP0NS0-','SPONS0-'); $first = substr($username, 0, 4); $first2 = substr($username, 0, 7); $first3 = substr($username, 0, 5); $return = "f"; $select1 = mysql_query("SELECT * FROM users WHERE username = '".$username."'"); $select2 = mysql_fetch_assoc($select1); if($select2['rank'] < 2) { if (strnatcasecmp($first,"ADM-") == false) { $return = "t"; } if (strnatcasecmp($first,"MOD-") == false) { $return = "t"; } if (strnatcasecmp($first,"M0D-") == false) { $return = "t"; } if (strnatcasecmp($first,"SOS-") == false) { $return = "t"; } if (strnatcasecmp($first,"S0S-") == false) { $return = "t"; } if (strnatcasecmp($first,"XXX-") == false) { $return = "t"; } if (strnatcasecmp($first,"0WN-") == false) { $return = "t"; } if (strnatcasecmp($first,"OWN-") == false) { $return = "t"; } if (strnatcasecmp($first2,"SPONSO-") == false) { $return = "t"; } if (strnatcasecmp($first2,"SP0NSO-") == false) { $return = "t"; } if (strnatcasecmp($first2,"SP0NS0-") == false) { $return = "t"; } if (strnatcasecmp($first2,"SPONS0-") == false) { $return = "t"; } if (strnatcasecmp($first3,"HELP-") == false) { $return = "t"; } } return $return;} $smtp = array( 'Gmail' => array('host' => 'smtp.gmail.com','port' => '465','AUTH' => 'TLS'), 'Hotmail' => array('host' => 'smtp.live.com','port'=>'25','AUTH'=>'SSL'), 'Free' => array('host' => 'smtp.free.fr','port' => '25','AUTH' => 'SSL') ); function TicketRefresh($id){ $base = uniqid("HABBOPHP-" . rand(0,99)) . "-HABBOPHP"; $request = mysql_query("UPDATE users SET auth_ticket = '".$base."' WHERE id = '".$id."' LIMIT 1"); return $base;} function GenerateRandom($type = "sso", $length = 0) { switch($type) { case "sso": $data = GenerateRandom("random",8)."-".GenerateRandom("random",4)."-".GenerateRandom("random",4)."-".GenerateRandom("random",4)."-".GenerateRandom("random",12); return $data; break; case "app_key": $data = strtoupper(GenerateRandom("random",32)).".resin-fe-".GenerateRandom("random_number",1); return $data; break; case "random": $data = ""; $possible = "0123456789abcdef"; $i = 0; while ($i < $length) { $char = substr($possible, mt_rand(0, strlen($possible)-1), 1); $data .= $char; $i++; } return $data; break; case "random_number": $data = ""; $possible = "0123456789"; $i = 0; while ($i < $length) { $char = substr($possible, mt_rand(0, strlen($possible)-1), 1); $data .= $char; $i++; } return $data; break; } } function UpdateSSO($id) { $myticket = GenerateRandom(); if(mysql_num_rows(mysql_query("SELECT * FROM user_tickets WHERE userid = '".$id."'")) > 0) { $remote_ip=safe($_SERVER["REMOTE_ADDR"],'SQL'); mysql_query("UPDATE user_tickets SET sessionticket = '".$myticket."' WHERE userid = '".$id."'") or die(mysql_error()); ; mysql_query("UPDATE user_tickets SET ipaddress = '".safe($_SERVER["REMOTE_ADDR"],'SQL')."' WHERE userid = '".$id."'") or die(mysql_error()); ; } else { mysql_query("INSERT INTO user_tickets (userid,sessionticket,ipaddress) VALUES ('".$id."','".$myticket."','".safe($_SERVER["REMOTE_ADDR"],'SQL')."')") or die(mysql_error()); } return $myticket;} function checked($source,$compare,$input){ if($source == $compare && $input == 'radio') echo 'checked="checked"' ; if($source == $compare && $input == 'select') echo 'selected="selected"' ; } function VersionIsLast(){ //Get last version if(defined('VERSION')){ $data = file_get_contents('http://release.tabbophp.eu'); //Compare if(VERSION == $data) return true; } return false;} ?><!-- TabboPHP - tabbophp.eu - By Various of VariousCoderz team -->
Questions about this development? PM me! Or leave a reply.
-Various
Even if this was an edit of HabboPHP, he had no rights to rename it to TabboPHP since its only an edit!
You're wrong yet again!
Stupid and shenanigans.25ms - 10ms is a 15ms difference, which you will notice under heavy loads
On an old hotel we removed the tpl class for a 5ms difference timed, which you could notice very easily on the site with a lot of php widgets with javascript etc
Stupid and shenanigans.
Under heavy loads? Only PHP should do heavy loads (like Database Querys for example) and in TPL-Systems the PHP-Code will be processed firstly. So loading the template system have the same time in every site refresh. The following PHP-Code does sometimes heavy loads. And after the php-code, the tpl system just give out the processed data! So the tpl system doesn't make the long loading time. It's the php-code is the reason of the long loading times, so if you just coding a very bad code, it has bad loading times - its not the fault of the tpl system.
sorry for bad english I hope you understood
so far
Yannici
MySQLi is not really 'improved'. There are many forums and online testing debating weather it is actually improved since there isn't a page speed difference. Yet if there is it's only by something like 0.000000000000001 seconds. You should look into PDO, it's easier to use and much faster. That's why a lot of people on here have a fetish towards it.
The mysqli extension, or as it is sometimes known, the MySQL improved extension, was developed to take advantage of new features found in MySQL systems versions 4.1.3 and newer. The mysqli extension is included with PHP versions 5 and later.The mysqli extension has a number of benefits, the key enhancements over the mysql extension being:
- Object-oriented interface
- Support for Prepared Statements
- Support for Multiple Statements
- Support for Transactions
- Enhanced debugging capabilities
- Embedded server support
There are many improvements and both drivers have their benefits. Your stupid post are not welcome here.MySQLi is not really 'improved'. There are many forums and online testing debating weather it is actually improved since there isn't a page speed difference. Yet if there is it's only by something like 0.000000000000001 seconds. You should look into PDO, it's easier to use and much faster. That's why a lot of people on here have a fetish towards it.
There are many improvements and both drivers have their benefits. Your stupid post are not welcome here.
Why would you use a driver which limits you to MySQL only?