
Originally Posted by
Eronisch
Direct hacking, some fággot keeps going in my database and edit everything he wants ..
i think its the checknametaken injection, ok first go to 'inc/class.users.php'
Look for
Code:
public function IsNameTaken($nm = '')
{
return ((mysql_num_rows(dbquery("SELECT null FROM users WHERE username = '" . $nm . "' LIMIT 1")) > 0) ? true : false);
}
replace that with
Code:
public function IsNameTaken($nm = '')
{
return ((mysql_num_rows(dbquery("SELECT null FROM users WHERE username = '" . mysql_real_escape_string(stripslashes($nm)) . "' LIMIT 1")) > 0) ? true : false);
}