-
Re: ZapCMS [PHP, OOP, From Scratch]
Jonty - I just fixed that exploit on Fresh :P
You was putting mysql_real_escape_string in the wrong place :')
You put it here:
PHP Code:
//$name = $_POST['bean_avatarName'];
$name = mysql_real_escape_string($_POST['bean_avatarName']);
It also needs to be here:
PHP Code:
else if (isset($_POST['bean_avatarName']))
{
$registerErrors = Array();
$name = mysql_real_escape_string($_POST['bean_avatarName']);
$password = $_POST['bean_password'];
$password2 = $_POST['bean_retypedPassword'];
$email = $_POST['bean_email'];
$dob_day = $_POST['bean_day'];
$dob_month = $_POST['bean_month'];
$dob_year = $_POST['bean_year'];
//$lang = $_POST['bean_lang'];
-
Re: ZapCMS [PHP, OOP, From Scratch]
Jonty, Could u include all client files for this? Thanks:tongue:
-
Re: ZapCMS [PHP, OOP, From Scratch]
Quote:
Originally Posted by
PythoneX12
Jonty, Could u include all client files for this? Thanks:tongue:
this is not yet done but when it is it shall be released in full.
Thank you.
-
Re: ZapCMS [PHP, OOP, From Scratch]
Cannot wait! This will support phoenix I assume?
-
Re: ZapCMS [PHP, OOP, From Scratch]
Quote:
Originally Posted by
Quackster
Cannot wait! This will support phoenix I assume?
It supports both Phoenix and Uber.
-
Re: ZapCMS [PHP, OOP, From Scratch]
Im still looking to check for any exploits
-
Re: ZapCMS [PHP, OOP, From Scratch]
Quote:
Originally Posted by
SiiNz
Im still looking to check for any exploits
You wouldn't know the first thing about spotting exploits.
-
Re: ZapCMS [PHP, OOP, From Scratch]
Quote:
Originally Posted by
Hejula
You wouldn't know the first thing about spotting exploits.
And how would you know that? Just because he just joined or has less posts then you doesn't mean you have justification on telling him what he can/can't do.
-
Re: ZapCMS [PHP, OOP, From Scratch]
Quote:
Originally Posted by
SiiNz
Im still looking to check for any exploits
Messages @ me page :)
-
Re: ZapCMS [PHP, OOP, From Scratch]
Quote:
Originally Posted by
Tr0ll.™
And how would you know that? Just because he just joined or has less posts then you doesn't mean you have justification on telling him what he can/can't do.
SiiNz is a guy off of Zap that was permanently banned for harassment of staff when he was fired. I hired him for a while to use him for Microsoft Points. I don't care what you think about me, i'm not here to gain reputation.
Quote:
Originally Posted by
davidaap
Messages @ me page :)
Probably, i've not coded any protection into the me page.
-
Re: ZapCMS [PHP, OOP, From Scratch]
Yes Jonty, loving you're honesty there!
Seems like some good progress has been made/is being made, keep it up :D
-
Re: ZapCMS [PHP, OOP, From Scratch]
Quote:
Originally Posted by
RobTheLobster
Yes Jonty, loving you're honesty there!
Seems like some good progress has been made/is being made, keep it up :D
Progress is slow atm, i'm feeling quite ill and don't feel like I could concentrate on coding right now.
-
Re: ZapCMS [PHP, OOP, From Scratch]
-
Re: ZapCMS [PHP, OOP, From Scratch]
Quote:
Originally Posted by
Hejula
Jonty - I just fixed that exploit on Fresh :P
You was putting mysql_real_escape_string in the wrong place :')
You put it here:
PHP Code:
//$name = $_POST['bean_avatarName'];
$name = mysql_real_escape_string($_POST['bean_avatarName']);
It also needs to be here:
PHP Code:
else if (isset($_POST['bean_avatarName']))
{
$registerErrors = Array();
$name = mysql_real_escape_string($_POST['bean_avatarName']);
$password = $_POST['bean_password'];
$password2 = $_POST['bean_retypedPassword'];
$email = $_POST['bean_email'];
$dob_day = $_POST['bean_day'];
$dob_month = $_POST['bean_month'];
$dob_year = $_POST['bean_year'];
//$lang = $_POST['bean_lang'];
This would be extremely easy to fix for every revision and for that matter every page.
PHP Code:
$data = array();
foreach( $_POST as $key => $value )
{
$data[ str_replace('bean_', '', $key) ] = mysql_real_escape_string( $value );
}
extract($data);
echo $password2;//lol123445667
-
Re: ZapCMS [PHP, OOP, From Scratch]
Quote:
Originally Posted by
Hejula
Jonty - I just fixed that exploit on Fresh :P
You was putting mysql_real_escape_string in the wrong place :')
You put it here:
PHP Code:
//$name = $_POST['bean_avatarName'];
$name = mysql_real_escape_string($_POST['bean_avatarName']);
It also needs to be here:
PHP Code:
else if (isset($_POST['bean_avatarName']))
{
$registerErrors = Array();
$name = mysql_real_escape_string($_POST['bean_avatarName']);
$password = $_POST['bean_password'];
$password2 = $_POST['bean_retypedPassword'];
$email = $_POST['bean_email'];
$dob_day = $_POST['bean_day'];
$dob_month = $_POST['bean_month'];
$dob_year = $_POST['bean_year'];
//$lang = $_POST['bean_lang'];
Instead of doing this, use..
Code:
function Filter($input = '') {
return mysql_real_escape_string($input); }
Depending if you make new classes. It would be something like this.
$blabab(blababa is your class)->(or ::)Filter;
$name = $blabab->Filter($_POST['bean_avatarName']);
