Metin2CMS v2.0

[Only registered and activated users can see links. Click Here To Register...]
Author: Ionuț ( me )
Size: 3.54 MB
Version: v2.10
Type: Open-Source

Features: Modern design with elements in bootstrap (v4 alpha 3), admin panel (currently in beta), member panel (currently basic systems), update system, registration, general settings in the admin panel, offline system (if the server is offline, notifications will be displayed, also the last copy of the top site), database of news is sqlite, settings files are in json.
Language: The platform is available in 9 languages:

Preview:


Download: [Only registered and activated users can see links. Click Here To Register...]
Documentation: [Only registered and activated users can see links. Click Here To Register...]

Install:
Just edit config.php with your datas.

CMS is not completely. It will be updated.


I expect criticism / opinions / advice constructive. To report an error: [Only registered and activated users can see links. Click Here To Register...]

Tutorial: how to add login with Google reCAPTCHA: [Only registered and activated users can see links. Click Here To Register...]

Quote:

Originally Posted by IonutPop [Only registered and activated users can see links. Click Here To Register...] Author: Ionuț ( me ) Size: 3.54 MB Version: v2.1 Type: Open-Source Features: Modern design with elements in bootstrap (v4 alpha 3), admin panel (currently in beta), member panel (currently basic systems), update system, registration, general settings in the admin panel, offline system (if the server is offline, notifications will be displayed, also the last copy of the top site), database of news is sqlite, settings files are in json. Language: English & Romanian Preview:  Spoiler [Only registered and activated users can see links. Click Here To Register...] [Only registered and activated users can see links. Click Here To Register...] [Only registered and activated users can see links. Click Here To Register...] [Only registered and activated users can see links. Click Here To Register...] [Only registered and activated users can see links. Click Here To Register...] [Only registered and activated users can see links. Click Here To Register...] [Only registered and activated users can see links. Click Here To Register...] [Only registered and activated users can see links. Click Here To Register...] Download: [Only registered and activated users can see links. Click Here To Register...] Install: Just edit config.php with your datas. CMS is not completely. It will be updated. I expect criticism / opinions / advice constructive. To report an error: [Only registered and activated users can see links. Click Here To Register...]

For the Pictures :) You need more Activity or Posts to show Pictures.

Gj guy !

Thank you! Links working!

#update

Fixed bugs, problem with delete download links. Added vote4coins.

Hi, maybe i found an exploit:
if $_SESSION['captcha_email']['code'] is null so this could be an exploit

Look at...

Metin2CMS/include/functions/email.php:

Sending: email=my@email.domain&captcha

Results:


Metin2CMS/pages/email.php:

Results:

So, i could send this mail to me:


and retrieve the code/password.

Type of attack: https://en.wikipedia.org/wiki/Cross-...equest_forgery

If you need more information about this glitch/exploit, help in finding/fixing or even adding new stuff, add me on skype: mrx.epvp :P actually i like your project ^^

But there are a lot of missused php functions and a bad practice coding style.

edit:

Something else, please do not print out validated emails (validated with php's filter validation) directly

Metin2CMS/checkusername.php

Sending: "<script>alert(document.cookie)</script>"@test.test

Quote:

Originally Posted by #Metho Hi, maybe i found an exploit: if $_SESSION['captcha_email']['code'] is null so this could be an exploit Look at... Metin2CMS/include/functions/email.php: Sending: email=my@email.domain&captcha PHP Code: $myEmail = getAccountEmail($_SESSION['id']); $message = 0; if (isset($_GET['code']) && !empty($_GET['code']) && strlen($_GET['code']) == 32) {     if (check_email_token($myEmail, $_GET['code'])) {         updateNewEmail();         update_email_token($_SESSION['id'], '');         header("Location: " . $site_url . "user/administration");         die();     } else {         $message = 5;     } } else if (isset($_POST['email']) && isset($_POST['captcha'])) {     if ($_POST['captcha'] == $_SESSION['captcha_email']['code']) {         $email = $_POST['email'];         if (isValidEmail($email)) {             if (!$database->checkUserEmail($email)) {                 $code = generateSocialID(32);                 update_email_token($_SESSION['id'], $code);                 update_new_email($_SESSION['id'], $email);                 $message = 4;             } else $message = 1;         } else $message = 2;     } else $message = 3; }  Results: PHP Code: if (isset($_GET['code']) && !empty($_GET['code']) && strlen($_GET['code']) == 32) // false if (isset($_POST['email']) && isset($_POST['captcha'])) // true if ($_POST['captcha'] == $_SESSION['captcha_email']['code']) // true if (isValidEmail($email)) // true if (!$database->checkUserEmail($email)) // true if there's no email like this // -> $message = 4;  Metin2CMS/pages/email.php: PHP Code: if (isset($_POST['email']) && isset($_POST['captcha'])) {     if ($message == 4) {         print '<div class="alert alert-info alert-dismissible fade in" role="alert">                               <button type="button" class="close" data-dismiss="alert" aria-label="Close">                                 <span aria-hidden="true">&times;</span>                               </button>';         print $lang['sended-link'];         print '</div>';         $code = '<br><br><a href="' . $site_url . 'user/email/' . $code . '" target="_blank" style="display: inline-block; color: #ffffff; background-color: #3498db; border: solid 1px #3498db; border-radius: 5px; box-sizing: border-box; cursor: pointer; text-decoration: none; font-size: 14px; font-weight: bold; margin: 0; padding: 12px 25px; text-transform: capitalize; border-color: #3498db;">' . $lang['change-email'] . '</a>';         $alt_message = $lang['change-email'];         $subject = $lang['change-email'];         $sendName = getAccountName($_SESSION['id']);         $sendEmail = $myEmail;         $html_mail = sendCode($_POST['email'], $code, 5);         include 'include/functions/sendEmail.php';     } // ...  Results: PHP Code: if (isset($_POST['email']) && isset($_POST['captcha'])) // true if ($message == 4) // true  So, i could send this mail to me:  Spoiler PHP Code: function sendCode($name, $code, $type = 1) {     global $lang, $site_url;     $lang_user = $lang['user-name'];     if ($type == 1)         $type = $lang['code-delete-chars'];     else if ($type == 2)         $type = $lang['storekeeper'];     else if ($type == 3)         $type = $lang['delete-account-info'];     else if ($type == 4)         $type = $lang['password'];     else if ($type == 5) {         $type = $lang['change-email'];         $lang_user = $lang['new-email-address'];     }     return '<!doctype html>             <html>             <head>                 <meta name="viewport" content="width=device-width">                 <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">                 <title>Metin2CMS</title>                 <style media="all" type="text/css">                        [MENTION=473221]Media[/MENTION] all {                         .btn-primary table td:hover {                             background-color: #34495e !important;                         }                         .btn-primary a:hover {                             background-color: #34495e !important;                             border-color: #34495e !important;                         }                     }                        [MENTION=473221]Media[/MENTION] all {                         .btn-secondary a:hover {                             border-color: #34495e !important;                             color: #34495e !important;                         }                     }                        [MENTION=473221]Media[/MENTION] only screen and (max-width: 620px) {                         table[class=body] h1 {                             font-size: 28px !important;                             margin-bottom: 10px !important;                         }                         table[class=body] h2 {                             font-size: 22px !important;                             margin-bottom: 10px !important;                         }                         table[class=body] h3 {                             font-size: 16px !important;                             margin-bottom: 10px !important;                         }                         table[class=body] p,                         table[class=body] ul,                         table[class=body] ol,                         table[class=body] td,                         table[class=body] span,                         table[class=body] a {                             font-size: 16px !important;                         }                         table[class=body] .wrapper,                         table[class=body] .article {                             padding: 10px !important;                         }                         table[class=body] .content {                             padding: 0 !important;                         }                         table[class=body] .container {                             padding: 0 !important;                             width: 100% !important;                         }                         table[class=body] .header {                             margin-bottom: 10px !important;                         }                         table[class=body] .main {                             border-left-width: 0 !important;                             border-radius: 0 !important;                             border-right-width: 0 !important;                         }                         table[class=body] .btn table {                             width: 100% !important;                         }                         table[class=body] .btn a {                             width: 100% !important;                         }                         table[class=body] .img-responsive {                             height: auto !important;                             max-width: 100% !important;                             width: auto !important;                         }                         table[class=body] .alert td {                             border-radius: 0 !important;                             padding: 10px !important;                         }                         table[class=body] .span-2,                         table[class=body] .span-3 {                             max-width: none !important;                             width: 100% !important;                         }                         table[class=body] .receipt {                             width: 100% !important;                         }                     }                        [MENTION=473221]Media[/MENTION] all {                         .ExternalClass {                             width: 100%;                         }                         .ExternalClass,                         .ExternalClass p,                         .ExternalClass span,                         .ExternalClass font,                         .ExternalClass td,                         .ExternalClass div {                             line-height: 100%;                         }                         .apple-link a {                             color: inherit !important;                             font-family: inherit !important;                             font-size: inherit !important;                             font-weight: inherit !important;                             line-height: inherit !important;                             text-decoration: none !important;                         }                     }                 </style>             </head>             <body class="" style="font-family: sans-serif; -webkit-font-smoothing: antialiased; font-size: 14px; line-height: 1.4; -ms-text-size-adjust: 100%; -webkit-text-size-adjust: 100%; background-color: #f6f6f6; margin: 0; padding: 0;">                 <table border="0" cellpadding="0" cellspacing="0" class="body" style="border-collapse: separate; mso-table-lspace: 0pt; mso-table-rspace: 0pt; width: 100%; background-color: #f6f6f6;" width="100%" bgcolor="#f6f6f6">                     <tr>                         <td style="font-family: sans-serif; font-size: 14px; vertical-align: top;" valign="top">&nbsp;</td>                         <td class="container" style="font-family: sans-serif; font-size: 14px; vertical-align: top; display: block; Margin: 0 auto !important; max-width: 580px; padding: 10px; width: 580px;" width="580" valign="top">                             <div class="content" style="box-sizing: border-box; display: block; Margin: 0 auto; max-width: 580px; padding: 10px;">                                 <table class="main" style="border-collapse: separate; mso-table-lspace: 0pt; mso-table-rspace: 0pt; width: 100%; background: #fff; border-radius: 3px;" width="100%">                                     <tr>                                         <td class="wrapper" style="font-family: sans-serif; font-size: 14px; vertical-align: top; box-sizing: border-box; padding: 20px;" valign="top">                                             <table border="0" cellpadding="0" cellspacing="0" style="border-collapse: separate; mso-table-lspace: 0pt; mso-table-rspace: 0pt; width: 100%;" width="100%">                                                 <tr>                                                     <td style="font-family: sans-serif; font-size: 14px; vertical-align: top;" valign="top">                                                         <p style="font-family: sans-serif; font-size: 14px; font-weight: normal; margin: 0; Margin-bottom: 15px;">' . $lang_user . ': ' . $name . '</p>                                                         <p style="font-family: sans-serif; font-size: 14px; font-weight: normal; margin: 0; Margin-bottom: 15px;">' . $type . ': <b>' . $code . '</b></p>                                                     </td>                                                 </tr>                                             </table>                                         </td>                                     </tr>                                 </table>                                 <div class="footer" style="clear: both; padding-top: 10px; text-align: center; width: 100%;">                                     <table border="0" cellpadding="0" cellspacing="0" style="border-collapse: separate; mso-table-lspace: 0pt; mso-table-rspace: 0pt; width: 100%;" width="100%">                                         <tr>                                             <td class="content-block" style="font-family: sans-serif; vertical-align: top; padding-top: 10px; padding-bottom: 10px; font-size: 12px; color: #999999; text-align: center;" valign="top" align="center">                                                 <span class="apple-link" style="color: #999999; font-size: 12px; text-align: center;">Please do not replay to this email.</span>                                             </td>                                         </tr>                                     </table>                                 </div>                             </div>                         </td>                         <td style="font-family: sans-serif; font-size: 14px; vertical-align: top;" valign="top">&nbsp;</td>                     </tr>                 </table>             </body>     </html>'; }  and retrieve the code/password. Type of attack: https://en.wikipedia.org/wiki/Cross-...equest_forgery If you need more information about this glitch/exploit, help in finding/fixing or even adding new stuff, add me on skype: mrx.epvp :P actually i like your project ^^ But there are a lot of missused php functions and a bad practice coding style. edit: Something else, please do not print out validated emails (validated with php's filter validation) directly Metin2CMS/checkusername.php Sending: "<script>alert(document.cookie)</script>"@test.test PHP Code: if (isset($_POST['email'])) {     if (isValidEmail($_POST['email'])) {     // filter_var('"<script>alert(document.cookie)</script>"@test.test', FILTER_VALIDATE_EMAIL)         print $database->checkUserEmail($_POST['email']);     } else print 0; } else print 0;

thank you warned me, i made an update to fix this problem

#update
Added player management, fixed some problems with vote4coins, added functions for modules and themes, added statistics.

looks like hen cms to me
cant find any modern coding
y'all should also stop calling it cms
it's not even close to a cms

That design looks familiar ...
[Only registered and activated users can see links. Click Here To Register...]

Quote:

Originally Posted by ​​lua god looks like hen cms to me cant find any modern coding y'all should also stop calling it cms it's not even close to a cms

Can't find any modern coding? :))))
CMS = content management system
As long as the administrator has the tools necessary for rapid editing, can be considered a CMS.

Quote:

Originally Posted by rollback That design looks familiar ... [Only registered and activated users can see links. Click Here To Register...]

Codes matter, not design. For this purpose, I added the latest system for themes.

Quote:

Originally Posted by IonutPop CMS = content management system As long as the administrator has the tools necessary for rapid editing, can be considered a CMS.

Yes, but editing Social-Media-Links is all I can see.
Where can I add / edit the CONTENT?

Quote:

Originally Posted by rollback Yes, but editing Social-Media-Links is all I can see. Where can I add / edit the CONTENT?

You can add news, you can activate some functions in admin panel.
If it was something premium, I can accept the hate. But as something is distributed for free, I do not see why there should be hates.

Quote:

Originally Posted by IonutPop You can add news, you can activate some functions in admin panel. If it was something premium, I can accept the hate. But as something is distributed for free, I do not see why there should be hates.

Dont take him serious, maybe its just not his day. Complaining about free work isn't rare in this Community.

Quote:

Originally Posted by IonutPop You can add news, you can activate some functions in admin panel. If it was something premium, I can accept the hate. But as something is distributed for free, I do not see why there should be hates.

I didn't want to hate and I apologize if it looked like I wanted to. I just couldn't see anything else than editing the social media links in your screens while you considered your release as a CMS.