Register for your free account! | Forgot your password?

You last visited: Today at 06:26

  • Please register to post and access all features, it's quick, easy and FREE!

Advertisement



Metin2CMS v2.0

Discussion on Metin2CMS v2.0 within the Metin2 PServer Designs, Websites & Scripts forum part of the Metin2 Private Server category.

Reply
 
Old   #1
 
elite*gold: 0
Join Date: Mar 2013
Posts: 42
Received Thanks: 25
Metin2CMS v2.10


Author: Ionuț ( me )
Size: 3.54 MB
Version: v2.10
Type: Open-Source

Features: Modern design with elements in bootstrap (v4 alpha 3), admin panel (currently in beta), member panel (currently basic systems), update system, registration, general settings in the admin panel, offline system (if the server is offline, notifications will be displayed, also the last copy of the top site), database of news is sqlite, settings files are in json.
Language: The platform is available in 9 languages:

Preview:


Download:
Documentation:

Install:
Just edit config.php with your datas.

CMS is not completely. It will be updated.


I expect criticism / opinions / advice constructive. To report an error:

Tutorial: how to add login with Google reCAPTCHA:
IonutPop is offline  
Thanks
3 Users
Old 01/14/2017, 00:45   #2
 
elite*gold: 0
The Black Market: 105/0/0
Join Date: May 2016
Posts: 8,679
Received Thanks: 1,638
Quote:
Originally Posted by IonutPop View Post

Author: Ionuț ( me )
Size: 3.54 MB
Version: v2.1
Type: Open-Source

Features: Modern design with elements in bootstrap (v4 alpha 3), admin panel (currently in beta), member panel (currently basic systems), update system, registration, general settings in the admin panel, offline system (if the server is offline, notifications will be displayed, also the last copy of the top site), database of news is sqlite, settings files are in json.
Language: English & Romanian


Preview:


Download:

Install:
Just edit config.php with your datas.

CMS is not completely. It will be updated.

I expect criticism / opinions / advice constructive. To report an error:
For the Pictures You need more Activity or Posts to show Pictures.
悪地城 is offline  
Old 01/18/2017, 14:30   #3
 
lordord's Avatar
 
elite*gold: 144
The Black Market: 157/1/0
Join Date: Oct 2009
Posts: 453
Received Thanks: 120
Gj guy !
lordord is offline  
Old 01/20/2017, 13:57   #4
 
elite*gold: 0
Join Date: Dec 2016
Posts: 1
Received Thanks: 0
Thank you! Links working!
Lunico is offline  
Old 02/17/2017, 22:04   #5
 
elite*gold: 0
Join Date: Mar 2013
Posts: 42
Received Thanks: 25
#update

Fixed bugs, problem with delete download links. Added vote4coins.
IonutPop is offline  
Old 02/18/2017, 02:35   #6
 
elite*gold: 0
Join Date: Apr 2015
Posts: 428
Received Thanks: 361
Hi, maybe i found an exploit:
if $_SESSION['captcha_email']['code'] is null so this could be an exploit

Look at...

Metin2CMS/include/functions/email.php:

Sending: [email protected]&captcha

PHP Code:
$myEmail getAccountEmail($_SESSION['id']);
$message 0;
if (isset(
$_GET['code']) && !empty($_GET['code']) && strlen($_GET['code']) == 32) {
    if (
check_email_token($myEmail$_GET['code'])) {
        
updateNewEmail();
        
update_email_token($_SESSION['id'], '');
        
header("Location: " $site_url "user/administration");
        die();
    } else {
        
$message 5;
    }
} else if (isset(
$_POST['email']) && isset($_POST['captcha'])) {
    if (
$_POST['captcha'] == $_SESSION['captcha_email']['code']) {
        
$email $_POST['email'];

        if (
isValidEmail($email)) {
            if (!
$database->checkUserEmail($email)) {
                
$code generateSocialID(32);
                
update_email_token($_SESSION['id'], $code);
                
update_new_email($_SESSION['id'], $email);
                
$message 4;
            } else 
$message 1;

        } else 
$message 2;

    } else 
$message 3;

Results:

PHP Code:
if (isset($_GET['code']) && !empty($_GET['code']) && strlen($_GET['code']) == 32// false
if (isset($_POST['email']) && isset($_POST['captcha'])) // true
if ($_POST['captcha'] == $_SESSION['captcha_email']['code']) // true
if (isValidEmail($email)) // true
if (!$database->checkUserEmail($email)) // true if there's no email like this
// -> $message = 4; 

Metin2CMS/pages/email.php:

PHP Code:
if (isset($_POST['email']) && isset($_POST['captcha'])) {
    if (
$message == 4) {
        print 
'<div class="alert alert-info alert-dismissible fade in" role="alert">
                              <button type="button" class="close" data-dismiss="alert" aria-label="Close">
                                <span aria-hidden="true">&times;</span>
                              </button>'
;
        print 
$lang['sended-link'];
        print 
'</div>';

        
$code '<br><br><a href="' $site_url 'user/email/' $code '" target="_blank" style="display: inline-block; color: #ffffff; background-color: #3498db; border: solid 1px #3498db; border-radius: 5px; box-sizing: border-box; cursor: pointer; text-decoration: none; font-size: 14px; font-weight: bold; margin: 0; padding: 12px 25px; text-transform: capitalize; border-color: #3498db;">' $lang['change-email'] . '</a>';


        
$alt_message $lang['change-email'];
        
$subject $lang['change-email'];
        
$sendName getAccountName($_SESSION['id']);
        
$sendEmail $myEmail;

        
$html_mail sendCode($_POST['email'], $code5);
        include 
'include/functions/sendEmail.php';
    }
// ... 
Results:

PHP Code:
if (isset($_POST['email']) && isset($_POST['captcha'])) // true
if ($message == 4// true 
So, i could send this mail to me:


and retrieve the code/password.

Type of attack: https://en.wikipedia.org/wiki/Cross-...equest_forgery

If you need more information about this glitch/exploit, help in finding/fixing or even adding new stuff, add me on skype: mrx.epvp :P actually i like your project ^^

But there are a lot of missused php functions and a bad practice coding style.

edit:

Something else, please do not print out validated emails (validated with php's filter validation) directly

Metin2CMS/checkusername.php

Sending: "<script>alert(document.cookie)</script>"@test.test

PHP Code:
if (isset($_POST['email'])) {
    if (
isValidEmail($_POST['email'])) {
    
// filter_var('"<script>alert(document.cookie)</script>"@test.test', FILTER_VALIDATE_EMAIL)
        
print $database->checkUserEmail($_POST['email']);
    } else print 
0;
} else print 
0
#Metho is offline  
Old 02/25/2017, 00:19   #7
 
elite*gold: 0
Join Date: Mar 2013
Posts: 42
Received Thanks: 25
Quote:
Originally Posted by #Metho View Post
Hi, maybe i found an exploit:
if $_SESSION['captcha_email']['code'] is null so this could be an exploit

Look at...

Metin2CMS/include/functions/email.php:

Sending: [email protected]&captcha

PHP Code:
$myEmail getAccountEmail($_SESSION['id']);
$message 0;
if (isset(
$_GET['code']) && !empty($_GET['code']) && strlen($_GET['code']) == 32) {
    if (
check_email_token($myEmail$_GET['code'])) {
        
updateNewEmail();
        
update_email_token($_SESSION['id'], '');
        
header("Location: " $site_url "user/administration");
        die();
    } else {
        
$message 5;
    }
} else if (isset(
$_POST['email']) && isset($_POST['captcha'])) {
    if (
$_POST['captcha'] == $_SESSION['captcha_email']['code']) {
        
$email $_POST['email'];

        if (
isValidEmail($email)) {
            if (!
$database->checkUserEmail($email)) {
                
$code generateSocialID(32);
                
update_email_token($_SESSION['id'], $code);
                
update_new_email($_SESSION['id'], $email);
                
$message 4;
            } else 
$message 1;

        } else 
$message 2;

    } else 
$message 3;

Results:

PHP Code:
if (isset($_GET['code']) && !empty($_GET['code']) && strlen($_GET['code']) == 32// false
if (isset($_POST['email']) && isset($_POST['captcha'])) // true
if ($_POST['captcha'] == $_SESSION['captcha_email']['code']) // true
if (isValidEmail($email)) // true
if (!$database->checkUserEmail($email)) // true if there's no email like this
// -> $message = 4; 

Metin2CMS/pages/email.php:

PHP Code:
if (isset($_POST['email']) && isset($_POST['captcha'])) {
    if (
$message == 4) {
        print 
'<div class="alert alert-info alert-dismissible fade in" role="alert">
                              <button type="button" class="close" data-dismiss="alert" aria-label="Close">
                                <span aria-hidden="true">&times;</span>
                              </button>'
;
        print 
$lang['sended-link'];
        print 
'</div>';

        
$code '<br><br><a href="' $site_url 'user/email/' $code '" target="_blank" style="display: inline-block; color: #ffffff; background-color: #3498db; border: solid 1px #3498db; border-radius: 5px; box-sizing: border-box; cursor: pointer; text-decoration: none; font-size: 14px; font-weight: bold; margin: 0; padding: 12px 25px; text-transform: capitalize; border-color: #3498db;">' $lang['change-email'] . '</a>';


        
$alt_message $lang['change-email'];
        
$subject $lang['change-email'];
        
$sendName getAccountName($_SESSION['id']);
        
$sendEmail $myEmail;

        
$html_mail sendCode($_POST['email'], $code5);
        include 
'include/functions/sendEmail.php';
    }
// ... 
Results:

PHP Code:
if (isset($_POST['email']) && isset($_POST['captcha'])) // true
if ($message == 4// true 
So, i could send this mail to me:


and retrieve the code/password.

Type of attack: https://en.wikipedia.org/wiki/Cross-...equest_forgery

If you need more information about this glitch/exploit, help in finding/fixing or even adding new stuff, add me on skype: mrx.epvp :P actually i like your project ^^

But there are a lot of missused php functions and a bad practice coding style.

edit:

Something else, please do not print out validated emails (validated with php's filter validation) directly

Metin2CMS/checkusername.php

Sending: "<script>alert(document.cookie)</script>"@test.test

PHP Code:
if (isset($_POST['email'])) {
    if (
isValidEmail($_POST['email'])) {
    
// filter_var('"<script>alert(document.cookie)</script>"@test.test', FILTER_VALIDATE_EMAIL)
        
print $database->checkUserEmail($_POST['email']);
    } else print 
0;
} else print 
0
thank you warned me, i made an update to fix this problem
IonutPop is offline  
Old 06/02/2017, 00:13   #8
 
elite*gold: 0
Join Date: Mar 2013
Posts: 42
Received Thanks: 25
#update
Added player management, fixed some problems with vote4coins, added functions for modules and themes, added statistics.
IonutPop is offline  
Old 06/02/2017, 22:44   #9
 
elite*gold: 0
Join Date: Jun 2017
Posts: 8
Received Thanks: 4
looks like hen cms to me
cant find any modern coding
y'all should also stop calling it cms
it's not even close to a cms
​​lua god is offline  
Old 06/03/2017, 01:10   #10

 
elite*gold: 83
Join Date: Nov 2013
Posts: 2,891
Received Thanks: 2,764
That design looks familiar ...
rollback is offline  
Thanks
1 User
Old 06/04/2017, 08:08   #11
 
elite*gold: 0
Join Date: Mar 2013
Posts: 42
Received Thanks: 25
Quote:
Originally Posted by ​​lua *** View Post
looks like hen cms to me
cant find any modern coding
y'all should also stop calling it cms
it's not even close to a cms
Can't find any modern coding? )))
CMS = content management system
As long as the administrator has the tools necessary for rapid editing, can be considered a CMS.

Quote:
Originally Posted by rollback View Post
That design looks familiar ...
Codes matter, not design. For this purpose, I added the latest system for themes.
IonutPop is offline  
Thanks
1 User
Old 06/04/2017, 22:54   #12

 
elite*gold: 83
Join Date: Nov 2013
Posts: 2,891
Received Thanks: 2,764
Quote:
Originally Posted by IonutPop View Post
CMS = content management system
As long as the administrator has the tools necessary for rapid editing, can be considered a CMS.
Yes, but editing Social-Media-Links is all I can see.
Where can I add / edit the CONTENT?
rollback is offline  
Old 06/05/2017, 10:16   #13
 
elite*gold: 0
Join Date: Mar 2013
Posts: 42
Received Thanks: 25
Quote:
Originally Posted by rollback View Post
Yes, but editing Social-Media-Links is all I can see.
Where can I add / edit the CONTENT?
You can add news, you can activate some functions in admin panel.
If it was something premium, I can accept the hate. But as something is distributed for free, I do not see why there should be hates.
IonutPop is offline  
Thanks
6 Users
Old 06/05/2017, 13:02   #14
 
BizepsSupportAccount's Avatar
 
elite*gold: 0
Join Date: Dec 2014
Posts: 1,015
Received Thanks: 498
Quote:
Originally Posted by IonutPop View Post
You can add news, you can activate some functions in admin panel.
If it was something premium, I can accept the hate. But as something is distributed for free, I do not see why there should be hates.
Dont take him serious, maybe its just not his day. Complaining about free work isn't rare in this Community.
BizepsSupportAccount is offline  
Thanks
1 User
Old 06/05/2017, 14:45   #15

 
elite*gold: 83
Join Date: Nov 2013
Posts: 2,891
Received Thanks: 2,764
Quote:
Originally Posted by IonutPop View Post
You can add news, you can activate some functions in admin panel.
If it was something premium, I can accept the hate. But as something is distributed for free, I do not see why there should be hates.
I didn't want to hate and I apologize if it looked like I wanted to. I just couldn't see anything else than editing the social media links in your screens while you considered your release as a CMS.
rollback is offline  
Reply

Tags
cms, homepage, hp, metin2cms, metin2cms.cf


Similar Threads Similar Threads
[Online Tool] Metin2CMS ItemsDB
01/26/2024 - Metin2 Guides & Templates - 18 Replies
https://i.imgur.com/xPwzlqM.png Hello! This is a site where you can find an interactive database objects in Metin2. I know there are already so, but this list contains the list of objects to date and in addition has been added search function object name I hope it will help you! Metin2CMS - Items DB



All times are GMT +1. The time now is 06:26.


Powered by vBulletin®
Copyright ©2000 - 2024, Jelsoft Enterprises Ltd.
SEO by vBSEO ©2011, Crawlability, Inc.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Support | Contact Us | FAQ | Advertising | Privacy Policy | Terms of Service | Abuse
Copyright ©2024 elitepvpers All Rights Reserved.