TornEnvironment - V13 - Completely from scratch - SQL - C# - Stable

[Quackster]

It is, at least it's better than my old code I used. And yeah, NHibernate is really annoying to manage. It forced me to use an ID when I didn't want it (for example fuserights don't need an unique ID) in my way.

ID's can also be strings.

 

[Emily]

ID's can also be strings.

I could've done it in that way, but I'd rather stick with the 'old' method, it's much easier and quicklier also it's easier to manage. I can generate classes really easy so making the public int public string's etc isn't much work.

 

[James]

Should this be closed, you said you're done with habbo development?

 

[James]

Back on topic, if you want this closed contact a moderator, if not keep on.

 

[Horns]

Nice!

 

[Emily]

Working a bit on the CMS:

define('_INC', 'includes');
define('CLSPATH', 'classes');

include(_INC . '/' . CLSPATH . '/class.configuration.php');
include(_INC . '/' . CLSPATH . '/class.database.php');
include(_INC . '/' . CLSPATH . '/class.core.php');

Core::initialize();

class Core
{
	private static $database = null;

	public static function initialize() 
	{	
		self::$database = new Database();
	}
}

class Configuration
{
	private static $types = array
	(
		'mysql' => array
			(
				'hostname' => 'localhost',
				'username' => 'root',
				'password' => '',
				'database' => 'aciddb'
			),
		'mus' => array
			(
				'ip_addr' => '127.0.0.1',
				'port' => '30001'
			)
	);
	
	public static function getValue($type, $key)
	{
		return Configuration::$types[$type][$key];
	}
}

class Database
{
	private $pdo;
	
	public function Database()
	{
		try
		{
			$this->pdo = new PDO('mysql:host=' . Configuration::getValue('mysql', 'hostname') . ';dbname=' . Configuration::getValue('mysql', 'database'), Configuration::getValue('mysql', 'username'), Configuration::getValue('mysql', 'password'));
		}
		catch (PDOException $ex)
		{
			echo 'Error while attemting to connect PDO, error: '  . $ex->getMessage();
		}
	}
}

More updates will come soon

 

[Joopie]

Avoid try catch. Only use it when you have a usefull task that needs to be executed. Its not there to log the error and continues the script which cause more exceptions because there was something wrong elsewhere and you ignored it...

 

[Emily]

Avoid try catch. Only use it when you have a usefull task that needs to be executed. Its not there to log the error and continues the script which cause more exceptions because there was something wrong elsewhere and you ignored it...

Well I only added it at PDO since it handles the PDOException if any details are wrong, and it will give 2 auto errors except of one, thanks for the tip anyway.

 

[Nathandj]

define('DS', DIRECTORY_SEPARATOR);
define('_INC', 'includes');
define('CLSPATH', 'classes');

include(_INC . DS . CLSPATH . DS . 'class.configuration.php');
include(_INC . DS . CLSPATH . DS . 'class.database.php');
include(_INC . DS . CLSPATH . DS . 'class.core.php');

Core::initialize();

 

[Emily]

define('DS', DIRECTORY_SEPARATOR);
define('_INC', 'includes');
define('CLSPATH', 'classes');

include(_INC . DS . CLSPATH . DS . 'class.configuration.php');
include(_INC . DS . CLSPATH . DS . 'class.database.php');
include(_INC . DS . CLSPATH . DS . 'class.core.php');

Core::initialize();

Yeah that's what I used first, except of I used '/' itself except of DIRECTORY_SEPARATOR. Will update it, thanks for the support.

Also, I started the layout, will be default bootstrap (no really special one) because they can't really sue this CMS since it's not just Habbo, I make multiple libraries for multiple databases, including Habbo databases (which are ofcourse filtered, I won't use HabboSQL.php but for example CommunitySQL.php, and I won't use the name Habbo ANYWHERE in the CMS)

It's not much I have done in the name of the layout itself, more like the PHP poop.

Now, I will post some PHP for proof, I don't know for how much it is good but did my best:

$error = '';

if (isset($_POST['name']) && isset($_POST['password']))
{
	
	// Hopefully this filters it out
	
	$name = $_POST['name'];
	$name = stripslashes($name);
	$name = mysql_real_escape_string($name);
	
	$pass = $_POST['password'];
	$pass = stripslashes($pass);
	$pass = mysql_real_escape_string($pass);
	
	if (strlen($name) > 0)
	{
		if (strlen($pass) > 0)
		{
			$res = Core::$database->createResult('SELECT * FROM members WHERE username = :name');
			$res->addParam(':name', $name);
			$res->execute();
			
			if ($res->columnCount() < 1)
			{
				$error = 'Username not found!';
			}
			else
			{
				$user = $res->fetch();
				
				if ($user['password'] != $pass)
				{
					$error = 'Wrong password!';
				}
				else
				{
					$_SESSION['NAME'] = $name;
					$_SESSION['USER'] = $user;
					
					header("Location: home.php");
				}
			}
		}
		else
		{
			$error = 'Please insert your password!';
		}
	}
	else
	{
		$error = 'Please insert your username!';
	}
}

Finished the database class also. Will do a template system soon but I was lazy to do xd

 

[Caustik]

Why not build off an existing PHP framework?
Better yet, why not try and see how far you can get with ASP.NET MVC!

 

[Joopie]

Did some tweeks. Personelly I like this more. Look arround, pointed out some stuff in the comment sections in it.

And it might be me, but imagine you have verry big function with allot of if-else statements in it. The way you did this would end up like huge mountains. People with small screen will be fucked because of that.

The way I did this is more flatter and comes directly to it's point. It's like reading, left to right, top to bottom. And not like yours jumping straight to the bottom if something fails at the top.

But that's personally of how I think about it....

function TryLoginUser($username, $password)
{
	if (empty($username))
	{
  return 'Please insert your username!';
	}
	else if (empty($password))
	{
  return 'Please insert your password!';
	}
	
	$res = Core::$database->createResult('SELECT * FROM `members` WHERE `username` = :name LIMIT 1');
	// LIMIT 1 because you expect one record
	$res->addParam(':name', $username);
	$res->execute();
	
	if ($res->columnCount() < 1) // Column? Not a row? Colomn is a field like "password, username" etc
	{
  return 'Username not found!';
	}
	
	$user = $res->fetch();
	
	if ($user['password'] != $password) // You dont encrypt your passwords?
	{
  return 'Wrong password!';
	}
	
	$_SESSION['NAME'] = $username;
	$_SESSION['USER'] = $user;
	
	return true;
}

if (isset($_POST['name'], $_POST['pass']))
{
	$username = mysql_real_escape_string($_POST['name']);
	$password = mysql_real_escape_string($_POST['pass']);
	// No need to strip slashes, you compare them. Use them when you return the variable back to the client (print/echo)
	// And you're still using the old MySQL lib? :<
	
	if (($result = TryLoginUser($username, $password)) == =true)
	{
  
  header("Location: home.php");
	}
	else
	{
  printf('Do whatever you like with your error: %s', $result);
	}
}

 

[Emily]

Did some tweeks. Personelly I like this more. Look arround, pointed out some stuff in the comment sections in it.

And it might be me, but imagine you have verry big function with allot of if-else statements in it. The way you did this would end up like huge mountains. People with small screen will be fucked because of that.

The way I did this is more flatter and comes directly to it's point. It's like reading, left to right, top to bottom. And not like yours jumping straight to the bottom if something fails at the top.

But that's personally of how I think about it....

function TryLoginUser($username, $password)
{
	if (empty($username))
	{
  return 'Please insert your username!';
	}
	else if (empty($password))
	{
  return 'Please insert your password!';
	}
	
	$res = Core::$database->createResult('SELECT * FROM `members` WHERE `username` = :name LIMIT 1');
	// LIMIT 1 because you expect one record
	$res->addParam(':name', $username);
	$res->execute();
	
	if ($res->columnCount() < 1) // Column? Not a row? Colomn is a field like "password, username" etc
	{
  return 'Username not found!';
	}
	
	$user = $res->fetch();
	
	if ($user['password'] != $password) // You dont encrypt your passwords?
	{
  return 'Wrong password!';
	}
	
	$_SESSION['NAME'] = $username;
	$_SESSION['USER'] = $user;
	
	return true;
}

if (isset($_POST['name'], $_POST['pass']))
{
	$username = mysql_real_escape_string($_POST['name']);
	$password = mysql_real_escape_string($_POST['pass']);
	// No need to strip slashes, you compare them. Use them when you return the variable back to the client (print/echo)
	// And you're still using the old MySQL lib? :<
	
	if (($result = TryLoginUser($username, $password)) == =true)
	{
  
  header("Location: home.php");
	}
	else
	{
  printf('Do whatever you like with your error: %s', $result);
	}
}

Dear Joopie,

No I use PDO, I only use mysql_real_escape_string (I don't really remember if PDO did had some custom one). Thanks for helping anyway I forgot I had to do it in OOP when I was first testing my PDO database class if it worked but I had to do it in a OOP class, you making me remind of it.

Anyways, will put a git soon. They can't sue me, since it looks like a social network (which were my first plans for this little website) but after that I decided to integrate this for Torn, Butterfly (and million of edit/renames), Snowlight, HoloEmu, Uber/Phoenix and I might contact Leon to integrate Comet. But ofcourse I first focus on Torn and when Torn is practically done, I will integrate those emulators (starting with the most popular ones). When that's done, I might quit Habbo, or I will integrate Torn in C++, Java, VB .NET and Python (maybe even PHP), but those are just future plans, so not sure really.

 

[Quackster]

What happened to this?

Battleball is v13, rebound was v26, also, I miss the old times so much, I remember playing battleball and they switched to rebound, I liked it less, good ol' memories.

Gonna continue today, I did some work to recreate the old website Habbo used in those days. To give you a little idea:

It's going to be completed 100% with homes (and groups, don't know if they were there but I think they were) and it's going to have secure PHP. Thanks to web.archive.org for taking me to the old layout (for HTML and some images) and thanks to ZabboWEB for the images + css + js etc.

 

[Emily]

What happened to this?

I still got it, however, I didn't had my files and I started working on a better website, because my other one was kinda.. screwed, but then I thought of something different than a CMS for just one CMS, I'll also use AcidPHP (the PHP website I use also for Torn, so basically TornCMS) for my own website (like a social network)

I might also finish that old one, but I thought it was bad coded (even worse than this one, which could be also improved alot!)

@Joopie

I checked your comments. No I don't hash my passwords yet as I'm in developing stage but of course I'm planning to add hashing (own hashing with MD5/SHA1, don't expect much from it).

#commit 2 XD

I created a new GitHub account (

You must be registered to see links

), here you can see most likely the website edits, I don't know if I will put my emulator on it.

Nothing is really on, I can't make commits something's wrong, will look to it later.

#commit 3...

It should work now, fixed it, the website is on, however it's about to be really much changed (template system, more pages etc..), go in AcidPHP repo, not Acid (that one was test so I will remove it soon)

 

[Clawed]

mysql_real_escape_string() can be used with PDO?

 

[Emily]

mysql_real_escape_string() can be used with PDO?

mysql_real_escape_string is a function to filter variables.

 

[Joopie]

mysql_real_escape_string is a function to filter variables.

And is part of the MySQL Lib. I also thought you also needed a mysql connection to get that function to work. Not sure if a PDO mysql connection is the same...

A qoute from php.net about the second argument of the escape_string function

The MySQL connection. If the link identifier is not specified, the last link opened by

You must be registered to see links

is assumed. If no such link is found, it will try to create one as if

You must be registered to see links

was called with no arguments. If no connection is found or established, an E_WARNING level error is generated.

It also says: "Use mysqli_real_escape_string when using MySQLi or PDO:quote when using PDO" when you want to secure inputs

 

[Emily]

And is part of the MySQL Lib. I also thought you also needed a mysql connection to get that function to work. Not sure if a PDO mysql connection is the same...

A qoute from php.net about the second argument of the escape_string function



It also says: "Use mysqli_real_escape_string when using MySQLi or PDO:quote when using PDO" when you want to secure inputs[/COLOR]

Aha, I thought you could always use mysql_real_escape_string even if you use MySQLi/PDO.

Will update ASAP, want to take a small break from web developing (did it already for a long time)

 

[The General]

Or use prepared statements and you dont have to worry about SQL Injections.