[Release] New Site
|
[Release] New Site
|
08-08-2012, 11:14 AM
Here's a site i'm releasing Download - 2 Features : News on Home (Credits to Max) Member CP (Reset lvl, Reset red, delete character) Full Class Ranks Secure register (Credits to Wizatek) Nice Design Credits to MaX for some of his code Email me at [email protected] if you want to buy one of my premium sites.
08-08-2012, 11:57 AM
/include/deletechar.php?id=1' or a_index That could be very dangerous same with resetred.php and resetlevel.php Dont forget that include pages can also be called directly from the browser and values need to be sanitized. This also works on your premium version. But thats all i saw for now
08-08-2012, 02:40 PM
/include/deletechar.php?id=1' or a_index <'0 That could be very dangerous same with resetred.php and resetlevel.php Dont forget that include pages can also be called directly from the browser and values need to be sanitized. This also works on your premium version. But thats all i saw for now Thank's for the advice, how can i make it safer?
08-08-2012, 02:46 PM
Check if the user is logged in, and check if the character is from that account. Also sanitize it, $thing = mysql_real_escape_string( $_GET['thing'] ); And u need a character id, a_index, so that means u are expecting a number, make sure it only continues when u get a number. The best way to do this is to use ctype_digit(); if( ctype_digit( $thing )) { // is a number } else { // is not a number }
08-08-2012, 03:00 PM
Ok so how's this. I also added the ctype_digit(); and it worked, if i change the id to something other than a number it will give you an error. <? //Start session session_start(); include "settings.php"; // Get Login ID $accid = $_SESSION['SESS_ACCOUNT_ID']; ?> <? if(!isset($_SESSION['SESS_MEMBER_ID']) || (trim($_SESSION['SESS_MEMBER_ID']) == '')) { } else { ?> <?php $connect = mysql_connect($server_ip, $user, $password) or die(mysql_error()); mysql_select_db($database) or die(mysql_error()); // get value of id that sent from address bar $id = mysql_real_escape_string( $_GET['id'] ); if( ctype_digit( $id )) { // Delete data in mysql from row that has this id $sql="DELETE FROM t_characters WHERE a_index='$id' AND a_user_index = '$accid'"; $result=mysql_query($sql); // if successfully deleted if($result){ echo "Delete Successful you will be redirected in 2 seconds.</a>"; } else { echo "ERROR"; } ?> <meta HTTP-EQUIV="REFRESH" content="1; url=../index.php?page=20"> <? } else { echo "<font size= '2' color='#FF0000'>That is not a number!</font>"; } ?> <? die(); } ?> <font size= '2' color='#FF0000'>You need to log in first!</font> <meta HTTP-EQUIV="REFRESH" content="1; url=../index.php"> <?php // close connection mysql_close(); ?> With this instead I wasn't able to delete someone else's character.
08-08-2012, 05:31 PM
Yes, now its safe Thanks for the help I recommend all to redownload this.
08-08-2012, 08:37 PM
good thx black u is good to make sites u reupload later u fix what wizatec say u?
|
|
« Next Oldest | Next Newest »
|
