Ok,

UserSystem v1.0.3 has now been released and as well as cleaning up some vars better, its also loaded with some new features including VIP management, send furni, profiles, memberlist etc etc etc

I've replaced htmlspecialchars with a clean function


<?php
function clean($str)
{
$st = strip_tags(addslashes(stripslashes(htmlspecialchar s($str))));
return $st;
}
?>


Hope thats sufficient Oo

Anyways, heres link

http://www.habbo-center.com/scripts/


Please post any feedback

Could you do a list of all the features?

any demos xD

Could you do a list of all the features?

theyrs a full list of features on the download page :)


any demos xD

Nope, havent got a demo set up yet due to all the CMS'y aspects of the script.

Any demo available?

Edit: okay, if anyone sets it up please do post :) Thanks

Grr! Tis still unsecure.

You should use:

http://www.php.net/mysql_real_escape_string
"Note: If this function is not used to escape data, the query is vulnerable to SQL Injection Attacks."

Plus why strip and add slashes again? If you are concerned that it is already stripped using magic quotes then just check magic_quotes_gpc to see if it is enabled...

Here are the features:

Some Features of the system include:
- Furni System
- PM System
- Badge System
- Credits System
- Automated VIP System
- Mini-CMS
- Easy to use admin options
- Easy to use installer
- Only need to edit ONE file.

Grr! Tis still unsecure.

You should use:

http://www.php.net/mysql_real_escape_string
"Note: If this function is not used to escape data, the query is vulnerable to SQL Injection Attacks."

Plus why strip and add slashes again? If you are concerned that it is already stripped using magic quotes then just check magic_quotes_gpc to see if it is enabled...

magicquotes is enabled..

Errm.. magic quotes is dependant on the PHP configuration so unless you have magic powers to decide that people who run your usersystem has magic quotes enabled you should check first.

Also please review the link about mysql_real_escape_string as if the end user's server runs a different char set to the default one then you could be exposing them to SQL injection.


magicquotes is enabled..

HabboStation.net/user1
u: admin
p: admin

demo :]

HabboStation.net/user1
u: admin
p: admin

demo :]

ty ;)

6chars..

Very Nice Script +Rep(Or Atleast ill try)

Been Looking For Something Like This for my fansite :]

Ty :)

Rep returned

OFf Topic: Added Rep when figured out on Your Ty Rep Returned Post

and now trying on my site just downlaoded it

nice of you to gicve this out for free

although i dislike the template, maybe make a proper habbo template?

nice of you to gicve this out for free

although i dislike the template, maybe make a proper habbo template?

ditto that and i really dnt lyk the navigator aswell.. try changing it but overall everything is nice..

Quite nice and useful, could do with skin tho :)

nice of you to gicve this out for free

although i dislike the template, maybe make a proper habbo template?


ditto that and i really dnt lyk the navigator aswell.. try changing it but overall everything is nice..


Quite nice and useful, could do with skin tho :)


Thanks ;)

With regards to the skinning of it, I was really concentrating on making something that works before i did skin and one of the main reasons i made it open-source is so people could be creative with it.

But yh, when i get round to making a skin for it, i will :)

This is still VERY insecure, I think you need to learn more about php security.

disco-tragedy.org/habbgeeks/index.php

er. wth?

Very Nice Script +Rep ;)

Your IP was NOT logged
Ah whats the point in that?

Ah whats the point in that?
So it tells someone who has nothing to do they can have as many admin sign in attempts without ever being known.

Ah whats the point in that?

IP logging can be enabled/disabled through the System Prefrences page, If IP logging is enabled, Your IP: -Your IP Here- will be displayed.


So it tells someone who has nothing to do they can have as many admin sign in attempts without ever being known.

Haha, funny :S

Sorry but thats pretty pointless

Their IP is stored in a hidden field?

I LOL'D.

disco-tragedy.org/habbgeeks/index.php

er. wth?

It would help if you ran the installer...


+
yh simon, coded login page ages ago.

It would help if you ran the installer...


+
yh simon, coded login page ages ago.

I did. =[

If the IP is taken from the hidden input field.

Then that is the most idiotic thing EVER.

I did. =[

did u edit the config.php file to your database details?


If the IP is taken from the hidden input field.

Then that is the most idiotic thing EVER.

Il change it now Oo

Si, Senor.
xD

Thats weird then :S

it works fine for everyone else..

Can you install it for me?

Can you install it for me?

Theres no reason it shouldnt work for you...

Try deleting the database, remaking and reinstalling it.

Can I see a Demo of this as I still dont understand what the hell it is :p

Can I see a Demo of this as I still dont understand what the hell it is :p

Ed, il set one up now for you, give me 2 mins and il pm when done.

Thanks Babe:D

Still not working.
</3

prudence, i just installed one in under a minute there.. theres nothing wrong with the script, so either your not installing it correctly, or your server does not meet the requirements needed to run it.

Could you show me a demo aswell xo

Its kl but whats the point of it?

You don't have to be rude...

Im not - Its good but whats the point of it - what u meant to use it for

Merc, il set you up a demo acc now :)

CJ.
Set me up a demo also?

k, pm'd you both. :)

Sj55 set me aswell please i may use

Its quite nice but the layout is well discusting and it does need more features but i suppose it could be a beginer site ;)b

I know about the layout :P

I posted something about it 2 pages or so back, or i didnt and im going weird..

But thanks :) And if you have any feature requests, pm me :)