Jump to content
  • Announcements

    • Aureus

      Community Rules [READ BEFORE POSTING]   08/14/2016

      This is the Aureus Community Guidelines, which includes our Rules and FAQ. Failure to abide by these rules will result in punishment, which can be as severe as permanently losing access to Aureus.                                                                                                                                                                                                                                                                                                                                                        Information/Standard Policy Different rules have different punishments for breaking them. Being suspended is not the same as being banned. Bans are permanent. Suspensions are temporary restrictions on a variety of privileges. You cannot be banned for doing something not covered by the rules, but you can be suspended at the discretion of the staff. Individual categories or forums may have their own sets of rules, but the Global Rules apply to all of them. You can have a maximum of 5 warning points before you'll get banned. Warning points expire after 30 days. Suspensions last between 24 to 72 hours. Punishments for breaking each rule are up to the staff unless otherwise specified in the stated rule. Anything not covered is left to be handled by the administrator(s) of the site. These guidlines apply to Aureus and any official extension of its services, including (but not limited to): the Aureus Discord server, official Aureus social media accounts, etc. Global Rules Do not post anything illegal. This will result in an immediate suspension. Linking to content is acceptable (because we don't host it), but posts with such content can be removed at the discretion of staff. Do not create multiple accounts. This will result in all accounts being immediately banned. Do not spam. Unless you have something meaningful to contribute, don't. Doing this repeatedly will result in a warning. Proofread your content. We aren't going to warn you for misspelling a single word, but don't format your posts with annoying fonts or colors and PLEASE make sure that others can read and understand what you're posting. Do not post inappropriate content. Don't post gore, porn, or anything else that may otherwise be inappropriate directly on the forums. If you must, please link it offsite and mark your topic as NSFW in the topic title or with tags/a prefix. This applies to every section of the site. This also includes posting things in the wrong section. Do not abuse the reputation system. Reputation should not be taken very seriously, but blatant abuse of the system (gang repping, etc.) will be met with a warning. Do not double post. Unless you have a good reason (bumping, posting images, etc.), please don't do this. It makes things cluttered. Edit your last post instead. Do not complain about 'offensive content'. The staff and management of this community take a neutral stance on content that would be regarded as offensive (and ISN'T covered by other rules). If something offends you, it offends you. We won't be removing/censoring content unless it blatantly breaks other rules. Add spoilers to large amounts of content. If you have extremely long posts, YouTube videos, a bunch of images, or other content to embed please put it in spoiler tags. Failure to do so repeatedly may be met with a warning. Do not post content that could be harmful to the site or community members. This includes otherwise private content or personal information.   Moderator Rules Do not abuse information available to you on the site. This includes for off-site, on-site, or personal use. Do not abuse power available to you as staff. You can't ban somebody just because you don't like them, and you should only suspend users for good reasons. Do not deviate from the standard policy for moderation. Administrators put these policies in place for a reason. Follow all Global Rules and specific Forum Rules. Failure to do so can result in revocation of your moderator status. You cannot create rules as a moderator. It is the job of the administrators to assert dominance; not you. Anything in the rules without a specified punishment should be met with a single warning.   Frequently Asked Questions (FAQ)
       
      Q: I don't see my question here, what do I do?
      A: PM a staff member. They will most likely be able to answer your question.
       
      Q: I saw somebody break the rules, what do I do?
      A: Just report the content and move on.
       
      Q: Can I have x rank?
      A: No.
       
      Q: I have a suggestion for the site, how and where do I explain it?
      A: Post it in the Forum Help and Suggestions area.
       
      Q: Where can I find the rule pages for every subforum?
      A: Not all subforums have them, but you can easily find all the rule pages with the search function. Check posts with the tag "rules"; they will all be pinned in their respective subforums as well. Q: I lost access to my old account. What do I do? A: Do not make a new account. Contact a staff member (preferably via the Discord server) and let them know. If we can confirm your identity, we'll try and help you restore access to your account.
    • Aureus

      Announcing The Rile5 Archive   09/04/2017

      The community started small. First, there was a new revolutionary game: Club Penguin. A small cheating scene began to form, with multiple cheat blogs starting up to compete with each other for the helm. A man gained popularity by releasing a popular client known as Penguin Storm. Another man, during the reign of the ever-famous iCPv3, released the forever-remembered-- and renamed-- CPPSHQ. And during these early times, when we looked to the stars for the next breakthrough, and were greeted with one every week, a popular member of the community created a site. He posted about it in Xat, and on IRC. Very quickly, this took off, with dozens of signs up on day 1. A new revolution had been born, and a new community finally found its home. Although CPPSHQ beat its competitors into the newspaper of the realm, its true homepage-- its true gathering center-- survived somewhere else. It survived here:   Rile5 boomed with activity, becoming the major hub for the CPPS community and giving comfort to its more than 10,000 members. Whether it be new CPPS advertisements or new sources, Rile5 was the place to go. All things must come to an end, and Rile5 found its end in mid 2015. The owner, Riley, shut down the site with a brief message:  Today, Aureus strives to move forward with the community past the realm of antiquated Flash games and into a truly creative space. We created a technology and programming forum to provide the future of the community, past the time of Rile5. But we want to honor these roots. Rile5 holds a very special place in all of our hearts, and every staff member here remembers the good days of logging into it. That is why now, we are announcing something that nobody has done before: we are releasing a public archive of the Rile5 forums to you, the community. This includes all of the posts Rile5 had public at the time of its closure, which totals more than 300,000. Nobody has laid eyes on these since its sudden shutdown in 2015, and we spent hours upon hours of effort to compile this archive. The Rile5 Archive is Aureus' way of recognizing and thanking the important past of the community, as we look forward to the future. We hope that you will all find this educational and nostalgic, and that together we can appreciate the work of our predecessors and past selves. The Rile5 Archive includes old sources, code snippets, advertisements, announcements, SpeedyCPPSHQ articles, introductions, and everything in between. This is now in read-only, even if you had an account, as our goal is to preserve the history-- not modify it. Please join me in sifting through the hundreds of thousands of pieces of historical content on our famed predecessor at https://archive.aureus.pw/ today. As always, thank you for participating in the Aureus community,

Dev

Contributor
  • Content count

    124
  • Joined

  • Last visited

  • Days Won

    5

Dev last won the day on February 2

Dev had the most liked content!

1 Follower

About Dev

  • Rank
    Top kek

Programming

  • Programming Languages
    PHP

Recent Profile Visitors

3,035 profile views
  1. NodeJS MYSQL problem

    Requesting the topic to be closed as I have found a solution. SOLUTION: The best way to check was to check if the array was empty using results.length and I also noticed my first query wasn't working which checks whether the username exists or not so it was spilling out the password undefined error. For the first query I used: if (results.length === 0) { to check if the array is empty so that it returns the user not found error and for the password I used: if(result.length != 0) { Only if the array is full, it will execute the if statement so I won't get the undefined password error anymore.
  2. NodeJS MYSQL problem

    Hi, I have been trying to execute MYSQL queries, they work fine but when they return null because the following username does not exist, I get the following error: TypeError: Cannot read property 'password' of undefined connection.execute("SELECT `password` FROM `users` WHERE `user` = ?", [username], function(error, result, fields) { if(!error && result) { var hash = result[0].password.toUpperCase(); That's the half part of the file that has been giving the following error, especially this line: var hash = result[0].password.toUpperCase(); The if statement shouldn't execute unless everything is fine and it still does even though the query returns null when the following username does not exist. Any help would be appreciated. Thanks, Dev.
  3. AKAWebhost

    You have a point there, but I wouldn't cheat my customers either because that would make me look like a fraud and of course give a bad reputation to my web-hosting company. I don't only develop CPPSes, I have done many other things outside the CPPS community because I don't want to start my internet career inside a CPPS community, well no one does. My capability to manage websites/servers may be bad for you, but I am taking it as an experience; an experience that will help me grasp the knowledge and help me start a successful career. I really appreciate your constructive criticism, thank you.
  4. AKAWebhost

    Hi everyone. Welcome to AKAWebhost, we are the cheapest web-host available out there and we guarantee you that our service is the best and we will never ever suspend your services without any warning. Our main aim is to provide you all with good support so that you all continue with our web-host. Our packages includes really cheap plans like: Basic(0.50$ + monthly) and Advanced($2+ Monthly). Cool right? So, why not get started now? Thanks, Dev(CEO). Our website: https://akawebhost.pw/ Discord: https://discord.gg/uM2AMY6
  5. CPPS hosting

    Hi people. CPPSHosting is a service meant for the CPPS community. In this service, we setup your CPPS for you for just a dollar or more if you choose extra features. We will have packages from which you can select the package you want to choose for hosting your CPPS. There are two packages, basic(0.50 cents + extra features) and advanced(2$ + extra features). For more information make sure to see the channel #featurespackages. Cheap price guaranteed. Discord: https://discord.gg/nyyhpzx Requirements: 1. A VPS of at least 1 gb ram. 2. A source of your own choice. Note: AS2 CPPS only.
  6. AS2 Games Problem

    Anyway, before locking the thread would you mind to share your fix with us?
  7. Shell detector

    Hey everyone! This file was taken from github, I don't claim any credits for this shell detector. The shell detector technically helps you detect shells in your web directory, it is a fast check so you don't have to worry about slow processing. Download the zip file: PHP-Shell-Detector-master.zip Add all the files in your web directory and open the shelldetector.php via your browser. Example: http://example.com/shelldetector.php It will ask you for username and password; the default username is admin and the password is protect, these can be changed via the shelldetector.php file. When you input your details it will start scanning for suspicious files and can detect any shells as the db at least contains 603 shells. Picture: http://prntscr.com/faoqbe It just took seconds to detect that shell. I suggest you use this shell detector everyday to see if anyone has uploaded any shell in your web directory. Thanks, Dev
  8. Hey everyone! The script edits the configuration file for you. The only thing you have to do is provide your database details correctly or the script will not execute. It does not only edit the Database configuration for you, but it also creates all the tables/columns at your database for you. Don't worry the script is not exploitable as you are the only one who will be executing the script. As it's a simple script, I decided to use MySqli If you don't want it to do some things, you can just answer by typing 'no' or if you want to continue just type 'yes'. The script is simple and easy to use, and it is only meant for people who are new to the community and have problems setting up Kitsune. Here is the script: Just upload this file at your Kitsune's main folder and it will do your work for you; the only thing you have to do is provide some details. Example: php testfile.php Note: Make sure you extracted all the files from the zip file for Kitsune. Enjoy!
  9. XSS exploits are very dangerous as you can execute a lot of things if your website is exploitable to xss exploits. Suppose a website is using a register with username and password form. Username: <script>alert('test')</script> Pass: normal pass. And when you click submit an alert prompt will pop up saying test. That indicates that your website is exploitable to XSS. That's just a simple code, I can do lots more like download a file from your website or even upload any file, probably a shell. You can patch this by using a simple method: $username = htmlentities; $password = htmlentities; So once again after implementing that change I am going to try the exploit. Username: <script>alert('test')</script> Pass: 123123 There you go! The code did not work which means your website is not exploitable to XSS anymore! Also make sure to limit chars for the username, password form or else execution of XSS will become easy for the hacker. htmlentities will block the execution of the html codes which makes your website safe against XSS attacks. Thanks, Dev
  10. Add the game room ids in an array then create a if function using that array's variable.
  11. Kitsune AS2 Changing hash to sha256

    Yes, but I am sure that kitsune as3 source is same as the as2 one with just little changes?
  12. I've followed this tutorial for changing my hash to sha256 in the as2 client I have followed everything correctly, but the problem is it keeps on saying incorrect password. The hash I have used in my database is '96CAE35CE8A9B0244178BF28E4966C2CE1B8385723A96A6B838858CDD6CA0A1E' = 123123 Here is my Hashing.php: <?php namespace Kitsune\ClubPenguin; final class Hashing { public static function generateRandomKey() { $psuedoBytes = openssl_random_pseudo_bytes(10); //suggested by B00mX0r :) $randomKey = bin2hex($psuedoBytes); return $randomKey; } public static function swapBy16($password) { return substr($password, 16, 16) . substr($password, 0, 16); } public static function encryptPassword($password) { $password = hash_hmac('sha256', $password, '1234567890123456');//1234567890123456 is your secret key, change it to the one you have in the AS file $hash = self::swapBy16($password); return $hash; } public static function getLoginHash($hash, $randomKey) { $hash .= $randomKey; $hash .= "b44ff00fda967f3e39ec66147790a79aY(02.>'H}t\":E1_root"; $hash = self::encryptPassword($hash); $hash = self::swapBy16($hash); return $hash; } } ?> Login.php: <?php namespace Kitsune\ClubPenguin; use Kitsune\Logging\Logger; use Kitsune\DatabaseManager; use Kitsune\ClubPenguin\Packets\Packet; final class Login extends ClubPenguin { public $worldManager; public $loginAttempts; public function __construct() { parent::__construct(); Logger::Fine("Login server is online"); } protected function handleLogin($socket) { $penguin = $this->penguins[$socket]; if($penguin->handshakeStep !== "randomKey") { return $this->removePenguin($penguin); } $this->databaseManager->add($penguin); $username = Packet::$Data['body']['login']['nick']; $password = Packet::$Data['body']['login']['pword']; if($penguin->database->usernameExists($username) === false) { $penguin->send("%xt%e%-1%100%"); return $this->removePenguin($penguin); } $penguinData = $penguin->database->getColumnsByName($username, array("ID", "Username", "Password", "Banned")); $dbPass = strtoupper(substr($penguinData["Password"], 0, 32)); $encryptedPassword = Hashing::getLoginHash($dbPass, $penguin->randomKey); if($encryptedPassword != $password) { if(!isset($this->loginAttempts[$penguin->ipAddress])) { // helps prevent the flooding of login attempts $this->loginAttempts[$penguin->ipAddress][$username] = array(time(), 1); } else { list($previousAttempt, $attemptCount) = $this->loginAttempts[$penguin->ipAddress][$username]; if((time() - $previousAttempt) <= 3600) { $attemptCount++; } else { $attemptCount = 1; } $this->loginAttempts[$penguin->ipAddress][$username] = array(time(), $attemptCount); if($attemptCount > 5) { return $penguin->send("%xt%e%-1%150%"); } } $penguin->send("%xt%e%-1%101%"); return $this->removePenguin($penguin); } elseif($penguinData["Banned"] > strtotime("now") || $penguinData["Banned"] == "perm") { if(is_numeric($penguinData["Banned"])) { $hours = round(($penguinData["Banned"] - strtotime("now")) / ( 60 * 60 )); $penguin->send("%xt%e%-1%601%$hours%"); $this->removePenguin($penguin); } else { $penguin->send("%xt%e%-1%603%"); $this->removePenguin($penguin); } } else { if(isset($this->loginAttempts[$penguin->ipAddress][$username])) { list($previousAttempt) = $this->loginAttempts[$penguin->ipAddress][$username]; if((time() - $previousAttempt) <= 3600) { return $penguin->send("%xt%e%-1%150%"); } else { unset($this->loginAttempts[$penguin->ipAddress][$username]); } } $loginKey = md5(strrev($penguin->randomKey)); $penguin->database->updateColumnById($penguinData["ID"], "LoginKey", $loginKey); $penguin->handshakeStep = "login"; $penguin->id = $penguinData["ID"]; $worldsString = $this->worldManager->getWorldsString(); $buddies = $penguin->getBuddyList(); $buddyWorlds = $this->worldManager->getBuddyWorlds($buddies); $penguin->send("%xt%gs%-1%0%0%"); $penguin->send("%xt%l%-1%{$penguinData["ID"]}%$loginKey%$buddyWorlds%"); } } protected function handleDisconnect($socket) { $penguin = $this->penguins[$socket]; $this->removePenguin($penguin); } public function removePenguin($penguin) { $this->removeClient($penguin->socket); $this->databaseManager->remove($penguin); unset($this->penguins[$penguin->socket]); Logger::Notice("Player disconnected"); } } ?> I have added $dbPass = strtoupper(substr($penguinData["Password"], 0, 32)); $encryptedPassword = Hashing::getLoginHash($dbPass, $penguin->randomKey); Under: $penguinData = $penguin->database->getColumnsByName($username, array("ID", "Username", "Password", "Banned")); That's the only changes I made. What might be the problem?
×