Beta Testers Wanted - New DDL Script on the Scene!

[Little Dragon]

We are looking for beta testers for our new script, DDL CMS.

If you're interested, or if you have comments or suggestions (as this will likely streamline the "system"), please reply here (no PM's please).

Download it here:
http://www.ddlcms.com/download.php

If you have any installation errors at all, or if you find a bug, please note it and advise.

*Some* of the features:

- secure, no exploits or security holes
- cheat proof toplist with ip logging and customizable gateway page
- instant hard link exchange with automatic reciprocal link checking
- dead-link-report system with "deadlink-threshold" for automatic dead link delete
- advanced multi autosubmitter - idiot proof, secure, and automatically retries any failed submissions
- allows only 20 submits per day per site
- allows same file submitted again once per 5 days
- compatible with all autosubmitters (submit.php)
- automatic whitelist system - you set how many downloads must be added before a site gets on your whitelist automatically
- one-click blacklist system - all downloads from the site get deleted instantly
- blacklist and whitelist displayed on submit page
- blog style page maker with wyswig editor
- affiliate links added to the bottom of all pages automatically
- autosubmit your pages with ONE CLICK - no copying and pasting
- affiliate links are pulled from the autosubmitter urls automatically
- multiple category selection options in admin
- top downloads by category, number of top files editable in admin
- search within a category
- "top 5 downloads this week" at top of ddl list
- recent downloads listed at bottom, number displayed editable in admin
- recent searches listed at bottom, number displayed editable in admin
- top searches listed at bottom, number displayed editable in admin
- sponsored searches, customizable in admin
- sponsored links, customizable in admin
- SEO friendly URLs with mod rewrite
- SEO optimized setup - custom title, description, keywords distributed throughout the code of all pages and in image ALT tags
- cross-browser compatibility - IE 5+, Firefox, Safari, Chrome, etc.. tested
- skinnable and fully customizable
- no text databases -- all databases are on MYSQL
- Db table check and repair
- Db backup and restore
- keyword banning - flags words in red for items you may not want to add to the downloads
- spam blocker - blocks spam words completely
- mailing list build unique email list from all submissions, link and traffic exchanges

Admin:
- paginated queue
- paginated downloads
- one-click delete or blacklist or whitelist system
- set max downloads in database
- set max downloads in queue
- pre-monetized - just enter 3 affiliate usernames and the script does the rest for you (ie. Clickbank username).
- additional ad blocks for menu panel (add/edit/delete)
- additional ad blocks for Xxx category pages (add/edit/delete)
- view or ban ips from using your advanced autosubmitter
- add/edit/delete urls into your autosubmitter
- view/edit/delete failed submit-to urls for sites that go down (failed submits are logged)
- automatic page creation - terms of service, contact, copyright, etc..
- RSS feed based on local pages
- there's more, just a lot of little goodies that I can't remember, but so far it appears bug-free and everything works as a neat little package.

I should add, the script is designed to make things easy and self-sustaining, but does not want to encourage lazyness. It is also designed to make things cleaner and high quality, so there's a lot less crappy sites for people who end up using this script.

Even more features going into a subsequent release, already in development!

Comments or suggestions welcome.

Little Dragon Reviewed by Little Dragon on 12th Jun 2009. Beta Testers Wanted - New DDL Script on the Scene! We are looking for beta testers for our new script, DDL CMS. If you're interested, or if you have comments or suggestions (as this will likely streamline the "system"), please reply here (no PM's please). Download it here: http://www.ddlcms.com/download.php If you have any installation errors at all, or if you find a bug, please note it and advise. *Some* of the features: Rating: 5

[litewarez]

Found a possible flaw.. havent exploited it yet lol too erly but in topsite addlink.php

dbcom("INSERT INTO instantle VALUES(NULL, '{$_POST['instantLEname']}', '{$_POST['instantLEemail']}', '{$_POST['instantLEtitle']}', '$url', '{$_POST['instantLEdescription']}', 1);");

your passing $_POST into a sql query function after taking a look at you dbCom function your basically running any query thats passed into it, Easily i could exploit this and UNION ur admin passwords as your config is MySql based,

so you can take
- secure, no exploits or security holes of your *Some* of the features list for starters lol

[Dman]

@litewarez - LOL, it's funny he wrote it's secure. Someone needs to learn how to use prepared statements/$mysqli->real_escape_string

[JmZ]

ok well first of all you have to realise that the audience you're aiming for are warez webmasters. They want to be able to heavily modify their DDL site, not use a load of "user friendly" crap.

For example, your index.php contains absolutely no html. Good webmasters don't want this, they want a standard HTML markup containing bits of PHP so they can modify it more easily.

Next, not a good idea calling a functions file "funcs.inc". Perfect for script kiddies who wanna download a DDL's source.

Also, I see you based most, if not all of your config in SQL. From experience I know webmasters don't want this either. They deal with files a lot, not databases, meaning they want to be able to open a config file and change a few lines.

Now onto the rest of the code. You can clearly see, it's either a KDDL edited or you copied a load of KDDL code. Bad idea, KDDL is the worst coded DDL script ever.

I could go on and on but I'm not here to totally rip up your "new" script (notice the quotes as its half KDDL which is years old).

Note: Sorry if i sound like I hate you but these things need to be said.

[Little Dragon]

As I said, it's in "beta testing" and these are the comments I appreciate -- that's the reason for this post.

The script is based on Kddl -- for a few reasons, one being that we wanted compatibility with most DDL sites out there (ability to "upgrade" or convert), second, to keep the ideas behind the original kddl script going, but in a more efficient manner.

The script is not intended for heavy modification, however it's possible by looking at certain other files (not index.php). Not to mention the editing options in Admin panel.

Thanks for the info on SQL security... getting Dev team on this and if there are any other issues, please don't hesitate to advise -- this is what I need -- good constructive criticism so it can be addressed and fixed.

[Little Dragon]

Found a possible flaw.. havent exploited it yet lol too erly but in topsite addlink.php

dbcom("INSERT INTO instantle VALUES(NULL, '{$_POST['instantLEname']}', '{$_POST['instantLEemail']}', '{$_POST['instantLEtitle']}', '$url', '{$_POST['instantLEdescription']}', 1);");

your passing $_POST into a sql query function after taking a look at you dbCom function your basically running any query thats passed into it, Easily i could exploit this and UNION ur admin passwords as your config is MySql based,

so you can take
- secure, no exploits or security holes of your *Some* of the features list for starters lol

Fail. Your theory is flawed, but I won't say where. I will confirm this:

The DDLCMS script is secure, with no exploits or security holes.

@litewarez - LOL, it's funny he wrote it's secure. Someone needs to learn how to use prepared statements/$mysqli->real_escape_string

From Dev. Team:

Most initial scripting was done using PHP4. Later on, a decision was made to make PHP5 a pre-requisite. It also needs to be using mysqli, the improved interface to MySQL. Most sites aren't build with that module though. Even with prepared statements, that's not a magic bullet. They still must have proper input validation, which is what this site has now. I would say proper input validation is more important than prepared statements.

Next, not a good idea calling a functions file "funcs.inc". Perfect for script kiddies who wanna download a DDL's source.

There's not even any source in that file. And even if someone downloaded
that file, what would it give?

As part of additional security, the config and funcs files would ideally be stored under a base directory only readable by the webserver, but not the public.

Note: Sorry if i sound like I hate you but these things need to be said.

Nah. I appreciate the input!

[WDBIZ]

It's about time the DDL scene had some variety, good luck with your script mate.

[r0ck]

well I must say I did like the design....but once trying it out I just didnt like it much at all.

However keep up the work and I hope to see this turn into something great

[el_jentel1]

Looks good, good luck with your project.

[Switchblade187]

well I must say I did like the design....but once trying it out I just didnt like it much at all.

However keep up the work and I hope to see this turn into something great

If you don't like the design, you can always edit it and make it look different.

I'm sure in the future they will release more custom stuff, but seriously for the amount of stuff that's in this script, it's a pretty solid first release.

How many people have actually installed it to look all the features? I'm blown away by the admin area alone. This script has serious potential.

I'll try this on a few sites and see how it goes. Can't hurt imo.