Storage Script?

This is guide mostly for website tools and code, for example CMS or registration scripts.
There can also be tools.

Moderators: osRose dev team, ospRose dev team, osiRose dev team, Moderators

Re: Storage Script?

Postby xadet3 on Sat Feb 25, 2012 1:02 pm

There are some HUGE SQL injection and XSS vulnerabilities in that.
xadet3
Pero pero
Pero pero
 
Posts: 727
Joined: Tue Jan 08, 2008 11:51 pm
Location: Norwich, England.

Re: Storage Script?

Postby hoegarden31 on Sat Feb 25, 2012 1:35 pm

and why did you used msssql ?
.. well lets go to change all those crap into mysql xD
And can we have a database you use. Because there are a lot of tables we don't have. Like "Categories" "Page"... so yeah we can't test your cms...
I'm the one and only. In heaven and on earth.
Image
hoegarden31
Rackie
Rackie
 
Posts: 150
Joined: Sun Nov 13, 2011 7:13 pm

Re: Storage Script?

Postby xadet3 on Sat Feb 25, 2012 2:05 pm

hoegarden31 wrote:and why did you used msssql ?

twunk32 wrote:Here is the cms project for acturus
xadet3
Pero pero
Pero pero
 
Posts: 727
Joined: Tue Jan 08, 2008 11:51 pm
Location: Norwich, England.

Re: Storage Script?

Postby hoegarden31 on Sat Feb 25, 2012 4:19 pm

:ugeek: yeah sorry.
But it's still not usable for testing.
I'm the one and only. In heaven and on earth.
Image
hoegarden31
Rackie
Rackie
 
Posts: 150
Joined: Sun Nov 13, 2011 7:13 pm

Re: Storage Script?

Postby xadet3 on Sat Feb 25, 2012 4:53 pm

You can just look at the queries and work out the table structures quite easily from there.
xadet3
Pero pero
Pero pero
 
Posts: 727
Joined: Tue Jan 08, 2008 11:51 pm
Location: Norwich, England.

Re: Storage Script?

Postby hoegarden31 on Sat Feb 25, 2012 5:44 pm

well not exactly. Most querys are just "SELECT * FROM"...
And just look at the code :s it's a hole mess :?
I'm the one and only. In heaven and on earth.
Image
hoegarden31
Rackie
Rackie
 
Posts: 150
Joined: Sun Nov 13, 2011 7:13 pm

Re: Storage Script?

Postby Ultra on Sat Feb 25, 2012 8:00 pm

Do it will work for OsiRose or what i need to make it to work ?

Re: Storage Script?

Postby twunk32 on Sat Feb 25, 2012 12:08 pm
Here is the cms project for acturus (mssql db) my team working on in old way backs.

It had the storage organizer like AkramOnline has with extra stuff (like you can have extra storage on the web)

Note. You need to recreate some db reference manually. There might also be some bugs/flaws left (even though I hope not).

Features.

News system with category (e.g events, news, update)
User registration & Password recovery (Can set to "requires activation via mail")
User management (Can change user id, password, etc information, ban account, delete, set item mall points)
Players management (Can edit/delete/update any players stats e.g levels or items stats, car, spawn place [based on your maps id])
Storage Organizer (With extra storage on web, db check for dupes)
Content management
Customizable roles and global permissions
Cross-browser WYSIWYG editor
Clan management (Can change any clan information, remove/delete)
Private Messages/Support ticket system
Item Mall with customize category, pull item pic from item ID (Can buy item with point system)
Gallery (e.g Player's Photo & Screenshot) inc votes system.
Lottery system (Can random pick winner)
Exchange Market (Item auction can sell for zuly/points)
Flexible navigation
Templates System
Business logic and User Interface separate
Activity Logs
Security (SQL Injection/XSS)
Image

Image
Ultra
Rackie
Rackie
 
Posts: 221
Joined: Thu Jul 22, 2010 6:31 pm

Re: Storage Script?

Postby xadet3 on Sat Feb 25, 2012 10:43 pm

hoegarden31 wrote:well not exactly. Most querys are just "SELECT * FROM"...

Yes but the queries return an array with the column names as the keys.
xadet3
Pero pero
Pero pero
 
Posts: 727
Joined: Tue Jan 08, 2008 11:51 pm
Location: Norwich, England.

Re: Storage Script?

Postby PurpleYouko on Sun Feb 26, 2012 5:33 pm

hoegarden31 wrote:well not exactly. Most querys are just "SELECT * FROM"...
And just look at the code :s it's a hole mess :?


Exactly.
Then in following lines of code it loads values in from the field names in the database. It's really easy to make a database based on that.
Doesn't even matter what order the fields are in.
Need to lookup information on NARose items, skills, quests?
Now featuring a newly completed skill tree for all classes
Formatting fixed for different resolutions
Image

"A Gazelle is nothing but a giraffe plotted logarithmicaly"
User avatar
PurpleYouko
Rose Guru
Rose Guru
 
Posts: 4600
Joined: Fri Aug 10, 2007 2:05 pm

Re: Storage Script?

Postby Mark on Wed Feb 29, 2012 12:08 am

Lets tidy this thing up then, I'll post my code when iv'e tidied it up a bit and inserted the right sha1 and sql escape strings, wouldn't want anyone to XSS or sql inject us now would we :D

**Edit- Would I even need to use escape strings if were gonna use sha1's, we already have the old md5 but not too sure if its "good" enough :?
Administrator / Coder for EutopiaRose Online
Image
http://www.eutopiarose.co.uk
User avatar
Mark
Rackie
Rackie
 
Posts: 176
Joined: Tue Dec 13, 2011 8:15 am
Location: Sunny England

PreviousNext

Return to PHP / Web Guides, Scripts and tools.

Who is online

Users browsing this forum: No registered users and 2 guests