|
You last visited: Today at 06:26
Advertisement
Metin2CMS v2.0
Discussion on Metin2CMS v2.0 within the Metin2 PServer Designs, Websites & Scripts forum part of the Metin2 Private Server category.
01/13/2017, 19:24
|
#1
|
elite*gold: 0
Join Date: Mar 2013
Posts: 42
Received Thanks: 25
|
Metin2CMS v2.10
Author: Ionuț ( me )
Size: 3.54 MB
Version: v2.10
Type: Open-Source
Features: Modern design with elements in bootstrap (v4 alpha 3), admin panel (currently in beta), member panel (currently basic systems), update system, registration, general settings in the admin panel, offline system (if the server is offline, notifications will be displayed, also the last copy of the top site), database of news is sqlite, settings files are in json.
Language: The platform is available in 9 languages:
[en] English
[ro] Română
[fr] Français
[pl] Polski
[pt-BR] Português (BR)
[es] Español
[it] Italiano
[hu] Magyar
[de] Deutsch
Preview:
Download: Documentation:
Install:
Just edit config.php with your datas.
CMS is not completely. It will be updated.
I expect criticism / opinions / advice constructive. To report an error:
Tutorial: how to add login with Google reCAPTCHA:
|
|
|
01/14/2017, 00:45
|
#2
|
elite*gold: 0
Join Date: May 2016
Posts: 8,679
Received Thanks: 1,638
|
Quote:
Originally Posted by IonutPop
Author: Ionuț ( me )
Size: 3.54 MB
Version: v2.1
Type: Open-Source
Features: Modern design with elements in bootstrap (v4 alpha 3), admin panel (currently in beta), member panel (currently basic systems), update system, registration, general settings in the admin panel, offline system (if the server is offline, notifications will be displayed, also the last copy of the top site), database of news is sqlite, settings files are in json.
Language: English & Romanian
Preview:
Download:
Install:
Just edit config.php with your datas.
CMS is not completely. It will be updated.
I expect criticism / opinions / advice constructive. To report an error:
|
For the Pictures You need more Activity or Posts to show Pictures.
|
|
|
01/18/2017, 14:30
|
#3
|
elite*gold: 144
Join Date: Oct 2009
Posts: 453
Received Thanks: 120
|
Gj guy !
|
|
|
01/20/2017, 13:57
|
#4
|
elite*gold: 0
Join Date: Dec 2016
Posts: 1
Received Thanks: 0
|
Thank you! Links working!
|
|
|
02/17/2017, 22:04
|
#5
|
elite*gold: 0
Join Date: Mar 2013
Posts: 42
Received Thanks: 25
|
#update
Fixed bugs, problem with delete download links. Added vote4coins.
|
|
|
02/18/2017, 02:35
|
#6
|
elite*gold: 0
Join Date: Apr 2015
Posts: 428
Received Thanks: 361
|
Hi, maybe i found an exploit:
if $_SESSION['captcha_email']['code'] is null so this could be an exploit
Look at...
Metin2CMS/include/functions/email.php:
Sending: [email protected]&captcha
PHP Code:
$myEmail = getAccountEmail($_SESSION['id']); $message = 0; if (isset($_GET['code']) && !empty($_GET['code']) && strlen($_GET['code']) == 32) { if (check_email_token($myEmail, $_GET['code'])) { updateNewEmail(); update_email_token($_SESSION['id'], ''); header("Location: " . $site_url . "user/administration"); die(); } else { $message = 5; } } else if (isset($_POST['email']) && isset($_POST['captcha'])) { if ($_POST['captcha'] == $_SESSION['captcha_email']['code']) { $email = $_POST['email'];
if (isValidEmail($email)) { if (!$database->checkUserEmail($email)) { $code = generateSocialID(32); update_email_token($_SESSION['id'], $code); update_new_email($_SESSION['id'], $email); $message = 4; } else $message = 1;
} else $message = 2;
} else $message = 3; }
Results:
PHP Code:
if (isset($_GET['code']) && !empty($_GET['code']) && strlen($_GET['code']) == 32) // false if (isset($_POST['email']) && isset($_POST['captcha'])) // true if ($_POST['captcha'] == $_SESSION['captcha_email']['code']) // true if (isValidEmail($email)) // true if (!$database->checkUserEmail($email)) // true if there's no email like this // -> $message = 4;
Metin2CMS/pages/email.php:
PHP Code:
if (isset($_POST['email']) && isset($_POST['captcha'])) { if ($message == 4) { print '<div class="alert alert-info alert-dismissible fade in" role="alert"> <button type="button" class="close" data-dismiss="alert" aria-label="Close"> <span aria-hidden="true">×</span> </button>'; print $lang['sended-link']; print '</div>';
$code = '<br><br><a href="' . $site_url . 'user/email/' . $code . '" target="_blank" style="display: inline-block; color: #ffffff; background-color: #3498db; border: solid 1px #3498db; border-radius: 5px; box-sizing: border-box; cursor: pointer; text-decoration: none; font-size: 14px; font-weight: bold; margin: 0; padding: 12px 25px; text-transform: capitalize; border-color: #3498db;">' . $lang['change-email'] . '</a>';
$alt_message = $lang['change-email']; $subject = $lang['change-email']; $sendName = getAccountName($_SESSION['id']); $sendEmail = $myEmail;
$html_mail = sendCode($_POST['email'], $code, 5); include 'include/functions/sendEmail.php'; } // ...
Results:
PHP Code:
if (isset($_POST['email']) && isset($_POST['captcha'])) // true if ($message == 4) // true
So, i could send this mail to me:
PHP Code:
function sendCode($name, $code, $type = 1) { global $lang, $site_url;
$lang_user = $lang['user-name'];
if ($type == 1) $type = $lang['code-delete-chars']; else if ($type == 2) $type = $lang['storekeeper']; else if ($type == 3) $type = $lang['delete-account-info']; else if ($type == 4) $type = $lang['password']; else if ($type == 5) { $type = $lang['change-email']; $lang_user = $lang['new-email-address']; }
return '<!doctype html> <html>
<head> <meta name="viewport" content="width=device-width"> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8"> <title>Metin2CMS</title> <style media="all" type="text/css"> [MENTION=473221]Media[/MENTION] all { .btn-primary table td:hover { background-color: #34495e !important; } .btn-primary a:hover { background-color: #34495e !important; border-color: #34495e !important; } } [MENTION=473221]Media[/MENTION] all { .btn-secondary a:hover { border-color: #34495e !important; color: #34495e !important; } } [MENTION=473221]Media[/MENTION] only screen and (max-width: 620px) { table[class=body] h1 { font-size: 28px !important; margin-bottom: 10px !important; } table[class=body] h2 { font-size: 22px !important; margin-bottom: 10px !important; } table[class=body] h3 { font-size: 16px !important; margin-bottom: 10px !important; } table[class=body] p, table[class=body] ul, table[class=body] ol, table[class=body] td, table[class=body] span, table[class=body] a { font-size: 16px !important; } table[class=body] .wrapper, table[class=body] .article { padding: 10px !important; } table[class=body] .content { padding: 0 !important; } table[class=body] .container { padding: 0 !important; width: 100% !important; } table[class=body] .header { margin-bottom: 10px !important; } table[class=body] .main { border-left-width: 0 !important; border-radius: 0 !important; border-right-width: 0 !important; } table[class=body] .btn table { width: 100% !important; } table[class=body] .btn a { width: 100% !important; } table[class=body] .img-responsive { height: auto !important; max-width: 100% !important; width: auto !important; } table[class=body] .alert td { border-radius: 0 !important; padding: 10px !important; } table[class=body] .span-2, table[class=body] .span-3 { max-width: none !important; width: 100% !important; } table[class=body] .receipt { width: 100% !important; } } [MENTION=473221]Media[/MENTION] all { .ExternalClass { width: 100%; } .ExternalClass, .ExternalClass p, .ExternalClass span, .ExternalClass font, .ExternalClass td, .ExternalClass div { line-height: 100%; } .apple-link a { color: inherit !important; font-family: inherit !important; font-size: inherit !important; font-weight: inherit !important; line-height: inherit !important; text-decoration: none !important; } } </style> </head>
<body class="" style="font-family: sans-serif; -webkit-font-smoothing: antialiased; font-size: 14px; line-height: 1.4; -ms-text-size-adjust: 100%; -webkit-text-size-adjust: 100%; background-color: #f6f6f6; margin: 0; padding: 0;"> <table border="0" cellpadding="0" cellspacing="0" class="body" style="border-collapse: separate; mso-table-lspace: 0pt; mso-table-rspace: 0pt; width: 100%; background-color: #f6f6f6;" width="100%" bgcolor="#f6f6f6"> <tr> <td style="font-family: sans-serif; font-size: 14px; vertical-align: top;" valign="top"> </td> <td class="container" style="font-family: sans-serif; font-size: 14px; vertical-align: top; display: block; Margin: 0 auto !important; max-width: 580px; padding: 10px; width: 580px;" width="580" valign="top"> <div class="content" style="box-sizing: border-box; display: block; Margin: 0 auto; max-width: 580px; padding: 10px;">
<table class="main" style="border-collapse: separate; mso-table-lspace: 0pt; mso-table-rspace: 0pt; width: 100%; background: #fff; border-radius: 3px;" width="100%">
<tr> <td class="wrapper" style="font-family: sans-serif; font-size: 14px; vertical-align: top; box-sizing: border-box; padding: 20px;" valign="top"> <table border="0" cellpadding="0" cellspacing="0" style="border-collapse: separate; mso-table-lspace: 0pt; mso-table-rspace: 0pt; width: 100%;" width="100%"> <tr> <td style="font-family: sans-serif; font-size: 14px; vertical-align: top;" valign="top"> <p style="font-family: sans-serif; font-size: 14px; font-weight: normal; margin: 0; Margin-bottom: 15px;">' . $lang_user . ': ' . $name . '</p> <p style="font-family: sans-serif; font-size: 14px; font-weight: normal; margin: 0; Margin-bottom: 15px;">' . $type . ': <b>' . $code . '</b></p> </td> </tr> </table> </td> </tr> </table>
<div class="footer" style="clear: both; padding-top: 10px; text-align: center; width: 100%;"> <table border="0" cellpadding="0" cellspacing="0" style="border-collapse: separate; mso-table-lspace: 0pt; mso-table-rspace: 0pt; width: 100%;" width="100%"> <tr> <td class="content-block" style="font-family: sans-serif; vertical-align: top; padding-top: 10px; padding-bottom: 10px; font-size: 12px; color: #999999; text-align: center;" valign="top" align="center"> <span class="apple-link" style="color: #999999; font-size: 12px; text-align: center;">Please do not replay to this email.</span> </td> </tr> </table> </div> </div> </td> <td style="font-family: sans-serif; font-size: 14px; vertical-align: top;" valign="top"> </td> </tr> </table> </body> </html>'; }
and retrieve the code/password.
Type of attack: https://en.wikipedia.org/wiki/Cross-...equest_forgery
If you need more information about this glitch/exploit, help in finding/fixing or even adding new stuff, add me on skype: mrx.epvp :P actually i like your project ^^
But there are a lot of missused php functions and a bad practice coding style.
edit:
Something else, please do not print out validated emails (validated with php's filter validation) directly
Metin2CMS/checkusername.php
Sending: "<script>alert(document.cookie)</script>"@test.test
PHP Code:
if (isset($_POST['email'])) { if (isValidEmail($_POST['email'])) { // filter_var('"<script>alert(document.cookie)</script>"@test.test', FILTER_VALIDATE_EMAIL) print $database->checkUserEmail($_POST['email']); } else print 0; } else print 0;
|
|
|
02/25/2017, 00:19
|
#7
|
elite*gold: 0
Join Date: Mar 2013
Posts: 42
Received Thanks: 25
|
Quote:
Originally Posted by #Metho
Hi, maybe i found an exploit:
if $_SESSION['captcha_email']['code'] is null so this could be an exploit
Look at...
Metin2CMS/include/functions/email.php:
Sending: [email protected]&captcha
PHP Code:
$myEmail = getAccountEmail($_SESSION['id']); $message = 0; if (isset($_GET['code']) && !empty($_GET['code']) && strlen($_GET['code']) == 32) { if (check_email_token($myEmail, $_GET['code'])) { updateNewEmail(); update_email_token($_SESSION['id'], ''); header("Location: " . $site_url . "user/administration"); die(); } else { $message = 5; } } else if (isset($_POST['email']) && isset($_POST['captcha'])) { if ($_POST['captcha'] == $_SESSION['captcha_email']['code']) { $email = $_POST['email']; if (isValidEmail($email)) { if (!$database->checkUserEmail($email)) { $code = generateSocialID(32); update_email_token($_SESSION['id'], $code); update_new_email($_SESSION['id'], $email); $message = 4; } else $message = 1; } else $message = 2; } else $message = 3; }
Results:
PHP Code:
if (isset($_GET['code']) && !empty($_GET['code']) && strlen($_GET['code']) == 32) // false if (isset($_POST['email']) && isset($_POST['captcha'])) // true if ($_POST['captcha'] == $_SESSION['captcha_email']['code']) // true if (isValidEmail($email)) // true if (!$database->checkUserEmail($email)) // true if there's no email like this // -> $message = 4;
Metin2CMS/pages/email.php:
PHP Code:
if (isset($_POST['email']) && isset($_POST['captcha'])) { if ($message == 4) { print '<div class="alert alert-info alert-dismissible fade in" role="alert"> <button type="button" class="close" data-dismiss="alert" aria-label="Close"> <span aria-hidden="true">×</span> </button>'; print $lang['sended-link']; print '</div>'; $code = '<br><br><a href="' . $site_url . 'user/email/' . $code . '" target="_blank" style="display: inline-block; color: #ffffff; background-color: #3498db; border: solid 1px #3498db; border-radius: 5px; box-sizing: border-box; cursor: pointer; text-decoration: none; font-size: 14px; font-weight: bold; margin: 0; padding: 12px 25px; text-transform: capitalize; border-color: #3498db;">' . $lang['change-email'] . '</a>'; $alt_message = $lang['change-email']; $subject = $lang['change-email']; $sendName = getAccountName($_SESSION['id']); $sendEmail = $myEmail; $html_mail = sendCode($_POST['email'], $code, 5); include 'include/functions/sendEmail.php'; } // ...
Results:
PHP Code:
if (isset($_POST['email']) && isset($_POST['captcha'])) // true if ($message == 4) // true
So, i could send this mail to me:
PHP Code:
function sendCode($name, $code, $type = 1) { global $lang, $site_url; $lang_user = $lang['user-name']; if ($type == 1) $type = $lang['code-delete-chars']; else if ($type == 2) $type = $lang['storekeeper']; else if ($type == 3) $type = $lang['delete-account-info']; else if ($type == 4) $type = $lang['password']; else if ($type == 5) { $type = $lang['change-email']; $lang_user = $lang['new-email-address']; } return '<!doctype html> <html> <head> <meta name="viewport" content="width=device-width"> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8"> <title>Metin2CMS</title> <style media="all" type="text/css"> [MENTION=473221]Media[/MENTION] all { .btn-primary table td:hover { background-color: #34495e !important; } .btn-primary a:hover { background-color: #34495e !important; border-color: #34495e !important; } } [MENTION=473221]Media[/MENTION] all { .btn-secondary a:hover { border-color: #34495e !important; color: #34495e !important; } } [MENTION=473221]Media[/MENTION] only screen and (max-width: 620px) { table[class=body] h1 { font-size: 28px !important; margin-bottom: 10px !important; } table[class=body] h2 { font-size: 22px !important; margin-bottom: 10px !important; } table[class=body] h3 { font-size: 16px !important; margin-bottom: 10px !important; } table[class=body] p, table[class=body] ul, table[class=body] ol, table[class=body] td, table[class=body] span, table[class=body] a { font-size: 16px !important; } table[class=body] .wrapper, table[class=body] .article { padding: 10px !important; } table[class=body] .content { padding: 0 !important; } table[class=body] .container { padding: 0 !important; width: 100% !important; } table[class=body] .header { margin-bottom: 10px !important; } table[class=body] .main { border-left-width: 0 !important; border-radius: 0 !important; border-right-width: 0 !important; } table[class=body] .btn table { width: 100% !important; } table[class=body] .btn a { width: 100% !important; } table[class=body] .img-responsive { height: auto !important; max-width: 100% !important; width: auto !important; } table[class=body] .alert td { border-radius: 0 !important; padding: 10px !important; } table[class=body] .span-2, table[class=body] .span-3 { max-width: none !important; width: 100% !important; } table[class=body] .receipt { width: 100% !important; } } [MENTION=473221]Media[/MENTION] all { .ExternalClass { width: 100%; } .ExternalClass, .ExternalClass p, .ExternalClass span, .ExternalClass font, .ExternalClass td, .ExternalClass div { line-height: 100%; } .apple-link a { color: inherit !important; font-family: inherit !important; font-size: inherit !important; font-weight: inherit !important; line-height: inherit !important; text-decoration: none !important; } } </style> </head> <body class="" style="font-family: sans-serif; -webkit-font-smoothing: antialiased; font-size: 14px; line-height: 1.4; -ms-text-size-adjust: 100%; -webkit-text-size-adjust: 100%; background-color: #f6f6f6; margin: 0; padding: 0;"> <table border="0" cellpadding="0" cellspacing="0" class="body" style="border-collapse: separate; mso-table-lspace: 0pt; mso-table-rspace: 0pt; width: 100%; background-color: #f6f6f6;" width="100%" bgcolor="#f6f6f6"> <tr> <td style="font-family: sans-serif; font-size: 14px; vertical-align: top;" valign="top"> </td> <td class="container" style="font-family: sans-serif; font-size: 14px; vertical-align: top; display: block; Margin: 0 auto !important; max-width: 580px; padding: 10px; width: 580px;" width="580" valign="top"> <div class="content" style="box-sizing: border-box; display: block; Margin: 0 auto; max-width: 580px; padding: 10px;"> <table class="main" style="border-collapse: separate; mso-table-lspace: 0pt; mso-table-rspace: 0pt; width: 100%; background: #fff; border-radius: 3px;" width="100%"> <tr> <td class="wrapper" style="font-family: sans-serif; font-size: 14px; vertical-align: top; box-sizing: border-box; padding: 20px;" valign="top"> <table border="0" cellpadding="0" cellspacing="0" style="border-collapse: separate; mso-table-lspace: 0pt; mso-table-rspace: 0pt; width: 100%;" width="100%"> <tr> <td style="font-family: sans-serif; font-size: 14px; vertical-align: top;" valign="top"> <p style="font-family: sans-serif; font-size: 14px; font-weight: normal; margin: 0; Margin-bottom: 15px;">' . $lang_user . ': ' . $name . '</p> <p style="font-family: sans-serif; font-size: 14px; font-weight: normal; margin: 0; Margin-bottom: 15px;">' . $type . ': <b>' . $code . '</b></p> </td> </tr> </table> </td> </tr> </table> <div class="footer" style="clear: both; padding-top: 10px; text-align: center; width: 100%;"> <table border="0" cellpadding="0" cellspacing="0" style="border-collapse: separate; mso-table-lspace: 0pt; mso-table-rspace: 0pt; width: 100%;" width="100%"> <tr> <td class="content-block" style="font-family: sans-serif; vertical-align: top; padding-top: 10px; padding-bottom: 10px; font-size: 12px; color: #999999; text-align: center;" valign="top" align="center"> <span class="apple-link" style="color: #999999; font-size: 12px; text-align: center;">Please do not replay to this email.</span> </td> </tr> </table> </div> </div> </td> <td style="font-family: sans-serif; font-size: 14px; vertical-align: top;" valign="top"> </td> </tr> </table> </body> </html>'; }
and retrieve the code/password.
Type of attack: https://en.wikipedia.org/wiki/Cross-...equest_forgery
If you need more information about this glitch/exploit, help in finding/fixing or even adding new stuff, add me on skype: mrx.epvp :P actually i like your project ^^
But there are a lot of missused php functions and a bad practice coding style.
edit:
Something else, please do not print out validated emails (validated with php's filter validation) directly
Metin2CMS/checkusername.php
Sending: "<script>alert(document.cookie)</script>"@test.test
PHP Code:
if (isset($_POST['email'])) { if (isValidEmail($_POST['email'])) { // filter_var('"<script>alert(document.cookie)</script>"@test.test', FILTER_VALIDATE_EMAIL) print $database->checkUserEmail($_POST['email']); } else print 0; } else print 0;
|
thank you warned me, i made an update to fix this problem
|
|
|
06/02/2017, 00:13
|
#8
|
elite*gold: 0
Join Date: Mar 2013
Posts: 42
Received Thanks: 25
|
#update
Added player management, fixed some problems with vote4coins, added functions for modules and themes, added statistics.
|
|
|
06/02/2017, 22:44
|
#9
|
elite*gold: 0
Join Date: Jun 2017
Posts: 8
Received Thanks: 4
|
looks like hen cms to me
cant find any modern coding
y'all should also stop calling it cms
it's not even close to a cms
|
|
|
06/03/2017, 01:10
|
#10
|
elite*gold: 83
Join Date: Nov 2013
Posts: 2,891
Received Thanks: 2,764
|
That design looks familiar ...
|
|
|
06/04/2017, 08:08
|
#11
|
elite*gold: 0
Join Date: Mar 2013
Posts: 42
Received Thanks: 25
|
Quote:
Originally Posted by lua ***
looks like hen cms to me
cant find any modern coding
y'all should also stop calling it cms
it's not even close to a cms
|
Can't find any modern coding? )))
CMS = content management system
As long as the administrator has the tools necessary for rapid editing, can be considered a CMS.
Quote:
Originally Posted by rollback
That design looks familiar ...
|
Codes matter, not design. For this purpose, I added the latest system for themes.
|
|
|
06/04/2017, 22:54
|
#12
|
elite*gold: 83
Join Date: Nov 2013
Posts: 2,891
Received Thanks: 2,764
|
Quote:
Originally Posted by IonutPop
CMS = content management system
As long as the administrator has the tools necessary for rapid editing, can be considered a CMS.
|
Yes, but editing Social-Media-Links is all I can see.
Where can I add / edit the CONTENT?
|
|
|
06/05/2017, 10:16
|
#13
|
elite*gold: 0
Join Date: Mar 2013
Posts: 42
Received Thanks: 25
|
Quote:
Originally Posted by rollback
Yes, but editing Social-Media-Links is all I can see.
Where can I add / edit the CONTENT?
|
You can add news, you can activate some functions in admin panel.
If it was something premium, I can accept the hate. But as something is distributed for free, I do not see why there should be hates.
|
|
|
06/05/2017, 13:02
|
#14
|
elite*gold: 0
Join Date: Dec 2014
Posts: 1,015
Received Thanks: 498
|
Quote:
Originally Posted by IonutPop
You can add news, you can activate some functions in admin panel.
If it was something premium, I can accept the hate. But as something is distributed for free, I do not see why there should be hates.
|
Dont take him serious, maybe its just not his day. Complaining about free work isn't rare in this Community.
|
|
|
06/05/2017, 14:45
|
#15
|
elite*gold: 83
Join Date: Nov 2013
Posts: 2,891
Received Thanks: 2,764
|
Quote:
Originally Posted by IonutPop
You can add news, you can activate some functions in admin panel.
If it was something premium, I can accept the hate. But as something is distributed for free, I do not see why there should be hates.
|
I didn't want to hate and I apologize if it looked like I wanted to. I just couldn't see anything else than editing the social media links in your screens while you considered your release as a CMS.
|
|
|
Similar Threads
|
[Online Tool] Metin2CMS ItemsDB
01/26/2024 - Metin2 Guides & Templates - 18 Replies
https://i.imgur.com/xPwzlqM.png
Hello! This is a site where you can find an interactive database objects in Metin2. I know there are already so, but this list contains the list of objects to date and in addition has been added search function object name
I hope it will help you!
Metin2CMS - Items DB
|
All times are GMT +1. The time now is 06:26.
|
|