Hey guys,

I know you guys have been wanting a events script, even though im not the best coder i've made a simple add, remove and view events script!!!

Heres the demo to it.
http://abhiagarwal.com/projects/freehabboevents/
And heres to download it
http://abhiagarwal.com/projects/free...bhiagarwal.zip (http://abhiagarwal.com/projects/freehabboevents/zip/event_byabhiagarwal.zip)

Please leave some comments and how to improve if u want
And leave copyright too please!
Its not at the frontend but at the backend.

Thanks,
Abhi

A demo user account might be nice. First suggestion would be to fix the repeating header of the login box.

Demo is admin
pass is admin

O.O repating header
?

User: admin
Pass: admin ;)

I'm a little confused, how would you display the Events?
On a less serious note, where you mention Page secured by AbhiAgarwal.com in the backend, I don't actually see a bunch of Abhi's securing the area?

I'm a little confused, how would you display the Events?
On a less serious note, where you mention Page secured by AbhiAgarwal.com in the backend, I don't actually see a bunch of Abhi's securing the area?
You have serious XSS flaws in the panel, as well as you don't verify that the times, are actually times at all, or numeric.

Just to let you know.

@Dentafrice
(this is not intended to insult you or anything bad ;))...

I am not saying that you haven't coded better but, when someone releases their first / one of their first scripts to the public.. you always say its **** and has xss flaws etc..
What about your script? The Caleb Mingle panel or what ever..


HKV1 was poorly coded. HKV2 was poorly coded.

You can remove the abhiagarwal part
i removed all my external security because it was a part of my site cms
I forgot it,

Thanks for the comments guys

@Dentafrice
(this is not intended to insult you or anything bad ;))...

I am not saying that you haven't coded better but, when someone releases their first / one of their first scripts to the public.. you always say its **** and has xss flaws etc..
What about your script? The Caleb Mingle panel or what ever..

Housekeeping V1 had XSS flaws in a lot of places, HKV2 didn't. Saying something was "badly coded" doesn't mean it has exploits, it means it uses methods which are stupid, illogical, and down right idiotic.

When you code, you learn more as you go on, way more.. and you look back and say almost everything you did was badly coded.

I didn't have someone (when I release HKV1) to tell me there was XSS flaws in the panel, no one checked for it, and no one exploited them for years down the road.

Now, in this day and age of this section, we have numerous more people that have experience.. and can tell people what is wrong, what they have missed, and the problems they have.

It's not that I have a ****** attitude, I just thought I might let him know, because down the road.. you tell yourself that you wished someone would have told you.

I said it in a nice way, I didn't say "stupid idiot u got XSS flawz everywer" I told him in a way that was nice, and to "just let him know".

This is not to insult you or anything, but,
keep your idiotic mouth shut. I don't need you to turn the thread around on me, when you have no right to, and will loose in the end anyway.

Interesting i know little php :) so im gonna keep my nose out of it.

And Say

Well done for realsing something for FREE :)

You can use HTML in the textboxes. (See events.)

Thanks for reiterating what I just said.

You need to login as admin anyway so it doesn't make much of a difference. You can post html in loads of webapps if you're logged in as admin. The CSRF vulnerability is much more serious.

Links don't work?

You need to login as admin anyway so it doesn't make much of a difference. You can post html in loads of webapps if you're logged in as admin. The CSRF vulnerability is much more serious.
No one using this system is going to know how to successfully exploit that anyway.

Thanks for reiterating what I just said.

Oh, I didn't see it :eusa_wall