slope 2 The Xtreme - Chronicles of Quizorthia Logo endicon

Navigation
Home
Account
 - Login
 - Register
News
2 The Xtreme
null- Introduction
null- House Rules
null- Contact the GM
null- Campaigns
null- Characters
null- Races
null- Magic
null- Space
null- Banking
null- Spacecraft
null- Store
null- Children
null- BMI
Test Graphics
null- Carrara 6
null- DAZ Studio
null- Isicander Project
null- Poser 6
Newsletter
Site Map

Account

Anonymous Avatar
Good morning, Guest


 ► Register
 ► Member List

Username:

Pass Word/Phrase:

Remember Me for




Whos Online
Active over the last 15 minutes

Currently Online:
• Members: 0
• Ghosts: 0
• Guests: 4
• Bots: 1
• Total: 5

Members/Bots Online:
Other


OpenRPG Server
Our OpenRPG server named
2 The Xtreme
is Inactive

Stats
The Home page has been viewed 58,717 times.
We received a total of
2,100,649
page views since
June 09, 2002



82 Total (17 Pages, 5 per page)

First Previous ... 1 2 3 4 5 6 ... Next Last


  Current Events - Behind the scenes of index.php      
Posted by: MGCJerry on Apr 11, 2016 @ 16:59 EDT
Last Edited: May 3, 2016 @ 21:24 EDT
downvote story upvote story Score: 10.0 10.0
2 people like this story! 0 people hate this story.

Lately I've been seeing a lot of people trying to load /etc/passwd using this CMS. Sorry my friends, the $_GET[page] request URI doesn't work like this. index.php?page=../../../../../../../../../../../../../../../../../etc/passwd

Edited: May 3, 2016
Yea, this doesn't work either. index.php?page=whateverpage=../../../../../../../../../../../../../../../../../etc/passwd

This CMS does NOT work like this:
include($_GET['page']);

Here is how this CMS loads pages in a step by step...
First off, $_GET & $_POST are NOT used directly.
1. Bans are checked against the list. If your IP is found in the block list, all you get is a banned page and the script exits.
2. Rogue Admin rules (which are set by admins) are checked. I have "../" as a rule that triggers a ban. As well as "http://" or even "ftp://". If Rogue Admin finds these - anywhere, it carries out the action that is configured for that rule and ALL site variables are set to false. Since remote requests are not utilized, I have bans setup for them. This CMS cannot load remote resources anyhow- By design.
3. "api.sanitation" Removes all non-text characters for $_GET['page'] (quotes, slashes, dots, punctuation, etc) Note: "api.sanitation" is the only place where $_GET and $_POST are used. All variables get a first sanitation pass and creates a new global. This global is used exclusively in the CMS. If nothing is left after sanitation, the variables are unset entirely. The result is this will show you the home page.
4. After sanitation, "header.php" fetches the current list of all pages (The menus stem from this output). If you are requesting a specific page and the page exists in the list AND is enabled, AND you have permission to see it, the "header.php" will tell "index.php" what page to load from the database. If the page doesnt exist in the page list, you will get a 404 error page. If you are not allowed to see the page you get a 403 error.

Your URI actually NEVER sees the database, or is ever used in a database query. It is compared to a current list of pages, and the script will build its query from its own results, never yours. Even if I deleted the http & ftp rules, there is an include restriction built into modules system where it will once again only load a local file if it is present in its own list AND in a specific location. Else all you get is a 404, and I get am includes error report. For clarity: ?page= does NOT perform ANY file operations of any kind in any portion of the system.

Hope you enjoyed this look behind the scenes. Remember, reading is your friend. You don't want to look like a dingus because you didn't read the documents its bad for your image.

Comments are disabled for this story

     

  Welcome to the new 2 The Xtreme Chronicles of Quizorthia      
Posted by: MGCJerry on Dec 31, 2015 @ 18:59 EST
Last Edited: Jan 26, 2016 @ 21:00 EST
downvote story upvote story Score: 10.0 10.0
2 people like this story! 0 people hate this story.

Once again, 2 The Xtreme has had a major change. Though this site is being placed back online, 2 The Xtreme is no longer a running game. This site will now simply be an online archive of the 2 The Xtreme universe and will likely remain inactive for the immediate future. 2 The Xtreme can restart if there is enough interest to resume the game.

Updated: January 26, 2016
I have merged the old site stats with the new site. There is a gap between May 24, 2014 and January 24, 2016 because the site was primarily offline. Copying the stats by hand for this missing period just isn't going to happen. The site start date has also been reset back to when the stats begin, June 9, 2002.

Updated: January 23/24, 2016:
The old Newsletter module, and actual newsletters have been restored. Though I said I would not have a "wall of shame", I decided against it. I now have a public ban list. You can find it in the menu. The stats have once again been reset. There is now a system in place that will tell me how popular specific pages are on the site.

Updated: January 19, 2016:
I have restored the old news articles from the previous site. All comments and votes did not make the transfer. I had to mess with the database a little to get the votes for this story to properly show & update.

Updated: January 16, 2016:
I seen there were a number of misreporting page views with the RPG system, and I was unable to reliably alter the page view data, so all the stats have been reset to today.

Updated: January 9, 2016:
There have been a handful of changes to a few of the underlying systems to improve administrator side of things. After looking at the current statistics system, I decided it needed to be slightly expanded, especially on the RPG system. I'm still not sure how I'm going to handle the old game logs. I would love to place them back online but I still working on ideas of putting these old logs back online.

Regarding the RPG modules that were in use on the old site.
The RPG system has entered 95% completion. Much of the internal core has been adopted to function on my new system. User created characters, they will remain in the database. They are presently locked from editing. There will eventually be capacity to resume creating and editing characters as there was on the old site, but with a username/password combo. That username & password combo will only be valid for that ONE (1) character. Once this function is live, incomplete, and stupid characters will be deleted at will. Providing there is enough interest, a system can be put in place to allow you to store your characters on-site.

Old site features have also been changed.
• The forums are gone. They're dead Jim.
• PHP-Nuke downloads are also gone.
• PHP-Nuke support of any kind also gone.

Expect to see just as few updates in the future as have occurred in the past; not many. Also, there is no public Wall of Shame. Everyone's favorite anti-spam system, "Rogue Admin" is live as well and is just as aggressive as it has always been. I expect to see tons of wordpress and drupal exploits making their way across this site. The ban page is much more tame. Time for me to move on, it was fun in the past with Rogue Admin kicking around the 1337, Google, cut-n-paste skiddies.

Otherwise, enjoy.
MGCJerry

Comments are disabled for this story

     

  Merry Christmas & Happy New Year      
Posted by: MGCJerry on Dec 24, 2011 @ 11:36 EST
Last Edited: Never
downvote story upvote story Score: 10.0 10.0
2 people like this story! 0 people hate this story.
I'd like to take this time to wish everyone...

A MERRY CHRISTMAS and a safe NEW YEAR.

And if you don't like it,
You can just ass rape your political correct ass with a used condom on the closest tree stump and then finish it off by going and fucking yourself.
Comments are disabled for this story

     

  Happy Thanksgiving      
Posted by: MGCJerry on Nov 24, 2011 @ 08:49 EST
Last Edited: Never
downvote story upvote story Score: 0.0 0.0
0 people like this story! 0 people hate this story.

I'd like to take this time to wish everyone...

A Happy Thanksgiving

And if you don't like it,
You can take your politically correct ass and jump out of a perfectly good fucking airplane without a damn parachute.

Comments are disabled for this story

     

  Spammers & News      
Posted by: MGCJerry on Oct 15, 2011 @ 16:31 EDT
Last Edited: Never
downvote story upvote story Score: 0.0 0.0
0 people like this story! 0 people hate this story.

One day, just maybe one day spammers will learn that I dont tolerate their kind. As a result ALL gmail accounts have been banned from future registration, which is effective a week ago.

Another bit of news as well. The site will be going offline for an extended period of time in the next week or so. No, I'm not killing it, I'm replacing the machine that its running on for expanded functionality for my other more important sites and projects.

Comments are disabled for this story

     

82 Total (17 Pages, 5 per page)

First Previous ... 1 2 3 4 5 6 ... Next Last


[ Home | Account | News | Public Ban List | Carrara 6 | Introduction | House Rules | DAZ Studio ]
[ 2 The Xtreme | Isicander Project | Poser 6 | Newsletter | Site Map | Contact the GM | Campaigns | Characters ]
[ Races | Magic | Space | Banking | Spacecraft | Store | Children | BMI ]

This page was generated in 0.04589 seconds using 20 queries.
This page consumed 2.45 MiB of memory during its creation.

MGCMS Programming by MGCJerry
Copyright © 1992-2006, 2008-2012, 2015-2017 Jerry Meszaros (MGCJerry)
ALL RIGHTS RESERVED
Best Viewed with any modern standards compliant browser.