+- LCKB (https://lckb.dev/forum)
+-- Forum: ** OLD LCKB DATABASE ** (https://lckb.dev/forum/forumdisplay.php?fid=109)
+--- Forum: Website Scripting & Security (https://lckb.dev/forum/forumdisplay.php?fid=197)
+---- Forum: Website Releases (https://lckb.dev/forum/forumdisplay.php?fid=135)
+----- Forum: Ep1 Websites (https://lckb.dev/forum/forumdisplay.php?fid=185)
+----- Thread: [Release] New Site (/showthread.php?tid=983)
- Blackfire - 08-08-2012
Here's a site i'm releasing
Download - 2
Features :
News on Home (Credits to Max)
Member CP (Reset lvl, Reset red, delete character)
Full Class Ranks
Secure register (Credits to Wizatek)
Nice Design
Credits to MaX for some of his code
Email me at [email protected] if you want to buy one of my premium sites.
- Wizatek - 08-08-2012
/include/deletechar.php?id=1' or a_index
That could be very dangerous
same with resetred.php and resetlevel.php
Dont forget that include pages can also be called directly from the browser and values need to be sanitized.
This also works on your premium version.
But thats all i saw for now
- Koko - 08-08-2012
Nice design
- Blackfire - 08-08-2012
/include/deletechar.php?id=1' or a_index <'0
That could be very dangerous
same with resetred.php and resetlevel.php
Dont forget that include pages can also be called directly from the browser and values need to be sanitized.
This also works on your premium version.
But thats all i saw for now
Thank's for the advice, how can i make it safer?
- Wizatek - 08-08-2012
Check if the user is logged in, and check if the character is from that account.
Also sanitize it, $thing = mysql_real_escape_string( $_GET['thing'] );
And u need a character id, a_index, so that means u are expecting a number, make sure it only continues when u get a number.
The best way to do this is to use ctype_digit();
if( ctype_digit( $thing ))
{
// is a number
}
else
{
// is not a number
}
- Blackfire - 08-08-2012
Ok so how's this. I also added the ctype_digit(); and it worked, if i change the id to something other than a number it will give you an error.
<?
//Start session
session_start();
include "settings.php";
// Get Login ID
$accid = $_SESSION['SESS_ACCOUNT_ID'];
?>
<?
if(!isset($_SESSION['SESS_MEMBER_ID']) || (trim($_SESSION['SESS_MEMBER_ID']) == '')) {
} else {
?>
<?php
$connect = mysql_connect($server_ip, $user, $password) or die(mysql_error());
mysql_select_db($database) or die(mysql_error());
// get value of id that sent from address bar
$id = mysql_real_escape_string( $_GET['id'] );
if( ctype_digit( $id ))
{
// Delete data in mysql from row that has this id
$sql="DELETE FROM t_characters WHERE a_index='$id' AND a_user_index = '$accid'";
$result=mysql_query($sql);
// if successfully deleted
if($result){
echo "Delete Successful you will be redirected in 2 seconds.</a>";
}
else {
echo "ERROR";
}
?>
<meta HTTP-EQUIV="REFRESH" content="1; url=../index.php?page=20">
<?
}
else
{
echo "<font size= '2' color='#FF0000'>That is not a number!</font>";
}
?>
<?
die();
}
?>
<font size= '2' color='#FF0000'>You need to log in first!</font>
<meta HTTP-EQUIV="REFRESH" content="1; url=../index.php">
<?php
// close connection
mysql_close();
?>
With this instead I wasn't able to delete someone else's character.
- Wizatek - 08-08-2012
Yes, now its safe
- Blackfire - 08-08-2012
Yes, now its safe
Thanks for the help
I recommend all to redownload this.
- Douglas Farias - 08-08-2012
good thx black u is good to make sites u reupload later u fix what wizatec say u?
- blade5000 - 08-09-2012
link is off