Ice Dynasty CMS Lite

[MjClarke1]

Open modules/login.php

Code:

if(isset($_POST['submit'])) {
$U = $_POST['user'];
$P = md5($_POST['pass']);

Should be:

Code:

if(isset($_POST['submit'])) {
if(!get_magic_quotes_gpc()) {
$U = addslashes($_POST['user']);
$P = md5($_POST['pass']);
} else {
$U = $_POST['user'];
$P = md5($_POST['pass']);
}

To prevent some SQL Injections.

all this code is based on the original coders Matt and Mike.

Am I supposed to be named Mike?

We're both Matt.

and all mike did when it became dynasty was refine the code a bit and gave it a better template, so like i said, matt created the base coding

Of course as this all was written a couple years ago, I did not write all the code, I was still learning at the time, so I merely revised the code, improved it, etc...

Matt creating the base coding is one of the reasons there were coding problems and SQL injections (like the one mentioned above)

I've probably missed things here and there but hey, when I did all of it, I just started getting into programming <3

[Flik]

Mirror: http://host.nextevo.net/download.php...ce-Dynasty.zip

[-DefaulT]

Open modules/login.php

Code:

all his revision, removed to save space

To prevent some SQL Injections.



Am I supposed to be named Mike?

We're both Matt.



Of course as this all was written a couple years ago, I did not write all the code, I was still learning at the time, so I merely revised the code, improved it, etc...

Matt creating the base coding is one of the reasons there were coding problems and SQL injections (like the one mentioned above)

I've probably missed things here and there but hey, when I did all of it, I just started getting into programming <3

thought i read somewhere your name was mark sorry, haha, anyways yeah, i didnt touch any of the already existing code, such as the login, so i didnt check for sql injections, that pretty much means, that all dynasty users are in danger of sql injections, unless u make an updated version, ill fix it when i get a chance im currently in limbo with computers hopping around.

So just to verify, yes matt for original cms, me for functions, and matt.2 for revisions, improvements, etc.

:] p.s flik ty for mirror i will add to original post.

[MjClarke1]

thought i read somewhere your name was mark sorry, haha, anyways yeah, i didnt touch any of the already existing code, such as the login, so i didnt check for sql injections, that pretty much means, that all dynasty users are in danger of sql injections, unless u make an updated version, ill fix it when i get a chance im currently in limbo with computers hopping around.

So just to verify, yes matt for original cms, me for functions, and matt.2 for revisions, improvements, etc.

:] p.s flik ty for mirror i will add to original post.

I'd update it but I don't do support anymore, so I could care less, but I thought I'd just share that. I'm sure that there are many more places where you can inject because the variables input directly to the SQL statement and aren't checked

[-DefaulT]

yeah once i get a new laptop ill continue this project, ill do a bunch of security fixes for it. But until then yeah.

[ALEKSSOFT]

That's like lolz!

[-DefaulT]

That's like lolz!

please don't spam the topic, I took a quick peak at your past posts and all are like this or "thanks for share" if you don't have anything to contribute, or an actual meaningful post then, please don't spam my topic.

[SeraphiPod]

:)

The theme is nice, but it seems a little "messed"?
I think?

~SeraphiPod

[-DefaulT]

hence why it pretty much died.

This was my latest version that i never finished.
http://img101.imageshack.us/img101/8407/storage.png

[lordmight]

Removed.

[Mod]Removed due to a hack. It makes himself a GM in your server.[/mod]

Put up a new version without the hack. Till then, closed.

Hmmm something's fishy

---------- Post added at 01:43 PM ---------- Previous post was at 01:42 PM ----------

Removed.

[Mod]Removed due to a hack. It makes himself a GM in your server.[/mod]

Put up a new version without the hack. Till then, closed.

Hmmm something's fishy

[-DefaulT]

yeah that was on an OLD topic.
Go ahead and check the files there all safe, i dont even play rose anymore.

[Fusion7]

suitable for arcturus?

[-DefaulT]

suitable for arcturus?

no and please dont necro bump D: