[PHP] SPRX/Projects Website - Page 9 - NextGenUpdate
Page 9 of 9 First 7 8 9
THREAD: [PHP] SPRX/Projects Website
  1. 06-04-2017, 05:18 PM
    #1
    67
    Posts
    327
    Reputation
    Jun 2016
    NextGenUpdate
    Hello NextGenUpdate,
    I don't know if this is the right place to post this, admins or mods please move it to the right place!
    I'm making a website for whoever needs it, cuz why not lol
    i'll make sure to release it this week but i can't promise cuz i got university exams
    However, i need your suggestions and your opinions!

    Check Project Updates Here: [Only registered and activated users can see links. ]

    Screenshots:
    Spoiler:

    You must register to view this content.
    You must register to view this content.
    You must register to view this content.
    You must register to view this content.
    Admin Dashboard:
    Spoiler:

    You must register to view this content.
    You must register to view this content.
    You must register to view this content.
    You must register to view this content.


    Installer:
    Spoiler:

    You must register to view this content.
    You must register to view this content.



    Theme Used:
    Spoiler:

    AdminLTE by [Only registered and activated users can see links. ]
    [Only registered and activated users can see links. ]
    Last edited by HamoodDev; 09-25-2017 at 09:22 AM. Reason: Updated Github link

  2. The Following 3 Users Say Thank You to HamoodDev For This Useful Post:

    , , ,

  3. The Following User Groaned At HamoodDev For This Awful Post:


  4. 12-12-2017, 12:40 PM
    #81
    Algebra's Avatar
    Algebra
    NextGenUpdate Elite
    Algebra's Avatar
    Algebra
    NextGenUpdate Elite
    239
    Posts
    1,734
    Reputation
    Dec 2014
    NextGenUpdate
    Sponsored Links

    Originally Posted by JB View Post
    Why are you supporting a version of PHP that is almost EOL, and more importantly not supporting a version that has massive enhancements, improvements and optimisations? Saw in the comments above it now supports PHP 7.

    Also, please try to adhere to certain code standards, namely PSR-1 and PSR-2 at a very minimum.

    Edit for anyone who will be downloading this to use in a production environment

    Don't. It's full of vulnerabilities, poor code and in some cases, site-breaking bugs. Honestly, considering it's using PDO (which fully supports prepared & sanitized statements), I was shocked to see there's fucking SQL injection vectors in the source. If necessary I'll fucking write a replacement to this, because it's god damn awful. If any of you are using this, remove it instantly or risk putting your website, server and users at risk of exploitation.
    Man I just looked at this source lol
  5. Sponsored Links
  6. 12-12-2017, 12:46 PM
    #82
    Algebra's Avatar
    Algebra
    NextGenUpdate Elite
    Algebra's Avatar
    Algebra
    NextGenUpdate Elite
    239
    Posts
    1,734
    Reputation
    Dec 2014
    NextGenUpdate
    Originally Posted by JB View Post
    Aye man it's been too long. Are you on discord? Think I saw you in MLB's server.
    The source it's self needs to be rewritten from the actual shell of the website to the very end. There's no helping this source and you'd be crazy to even attempt to fix it.
  7. 12-12-2017, 01:46 PM
    #83
    JB's Avatar
    JB
    Remember, no Russian
    JB's Avatar
    JB
    Remember, no Russian
    463
    Posts
    10,393
    Reputation
    Dec 2009
    NextGenUpdate
    Iím going to assume my help isnít wanted. Take what I have said and learn from your mistakes. You will become a much better developer.
  8. 12-12-2017, 05:51 PM
    #84
    Tustin's Avatar
    Tustin
    Former Site Developer
    Tustin's Avatar
    Tustin
    Former Site Developer
    5,486
    Posts
    291,381
    Reputation
    May 2008
    NextGenUpdate
    I just took a look at this and you have a pretty big bug on redirects:
    Code:
    	    if($_SESSION['rank'] == 0)
    	    {
    		    header("Location: pages/banned.php");
    	    }
    You can ignore HTTP 302 redirects with some browser extensions. Having that code will indeed set the header, but the script will continue to execute regardless of what happens. If you installed one of these extensions, you could access any page where this is being done on, regardless of permissions.

    Simply die() or exit() the script after the header function call to fix this, like so:
    Code:
    	    if($_SESSION['rank'] == 0)
    	    {
    		    header("Location: pages/banned.php");
                        die();
    	    }
  9. The Following User Says Thank You to Tustin For This Useful Post:


  10. 12-13-2017, 10:13 AM
    #85
    Algebra's Avatar
    Algebra
    NextGenUpdate Elite
    Algebra's Avatar
    Algebra
    NextGenUpdate Elite
    239
    Posts
    1,734
    Reputation
    Dec 2014
    NextGenUpdate
    Originally Posted by Tustin View Post
    I just took a look at this and you have a pretty big bug on redirects:
    Code:
    	    if($_SESSION['rank'] == 0)
    	    {
    		    header("Location: pages/banned.php");
    	    }
    You can ignore HTTP 302 redirects with some browser extensions. Having that code will indeed set the header, but the script will continue to execute regardless of what happens. If you installed one of these extensions, you could access any page where this is being done on, regardless of permissions.

    Simply die() or exit() the script after the header function call to fix this, like so:
    Code:
    	    if($_SESSION['rank'] == 0)
    	    {
    		    header("Location: pages/banned.php");
                        die();
    	    }
    That's just one of the bugs
  11. 12-14-2017, 08:49 AM
    #86
    69
    Posts
    497
    Reputation
    Apr 2014
    NextGenUpdate
    this source did take about 4 or 5 hours to go threw and fix all the bugs and security issues but its saved me about half the time i would have used coding it all from scratch
Page 9 of 9 First 7 8 9

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •