Bravo List

Bravo List (http://www.bvlist.com/index.php)
-   Community Cafe (http://www.bvlist.com/forumdisplay.php?f=18)
-   -   TorrentFox alfa (http://www.bvlist.com/showthread.php?t=2932)

wMan 2nd July 2009 11:29
TorrentFox alfa
 
anyone wants fixed xzone source ? with extra security like
PHP Code:
////////////////////////////////////////////here we go with some security///////////////////////////////////////////////
function maxsysop () {
global $CURUSER;
$lmaxclass  6//max class
$lsysopnames = array("wolfman"); //staff names
if ($CURUSER["class"] >= $lmaxclass)
if (!in_array($CURUSER["username"], $lsysopnamestrue)) { // true for strict comparison
$msg "Fake Account Detected: Username: ".$CURUSER["username"]." - UserID: ".$CURUSER["id"]." - UserIP : ".getip();
write_log($msg);
stderr("Access Denied!","We come to believe you are using a fake account, therefore we've logged this action!");
}
// Check Staff IDS            
define ('UC_STAFF'4); // moderator
if ($CURUSER['class'] >= UC_STAFF) {
$allowed_ID = array(34); // staff IDs
if (!in_array((int)$CURUSER['id'], $allowed_IDtrue)) { // true for strict comparison
$msg "Fake Account Detected: Username: ".$CURUSER["username"]." - UserID: ".$CURUSER["id"]." - UserIP : ".getip();
write_log($msg);
stderr("Access Denied!","We come to believe you are using a fake account, therefore we've logged this action!");            
}        
}
}
function hacker_dork($hacked_what)
{
$ip=getip();
$ban_ip sqlesc(trim($_SERVER['REMOTE_ADDR']));
$res mysql_query("SELECT id, username, modcomment FROM users WHERE ip = $ban_ip AND class < ".UC_ADMINISTRATOR);
if (mysql_num_rows($res) > 0){    
$arr mysql_fetch_assoc($res);
$subject sqlesc($arr['username']." tired to hack $hacked_what");
$body sqlesc("user: [url=userdetails.php?id=".$arr['id']."]".$arr['username']."[/url] \n with IP: $ban_ip [server remote address] $ip [function getip]\n tried to hack $hacked_what.\n ");
$modcomment gmdate("Y-m-d") . " Banned for trying to hack $hacked_what...\n"$arr['modcomment'];
mysql_query("UPDATE users set enabled='no', modcomment = ".sqlesc($modcomment)." where id=".$arr['id']);    
} else {
$subject sqlesc("attempt to hack $hacked_what");
$body sqlesc("user with IP: $ban_ip \n tried to hack $hacked_what.\n ");
}
auto_post$subject $body );
stderr("Wtf You Aint Staff""Tut Tut..Nice try... You've just gone and banned yourself n00b !!");
die();    
}
////////// /* to pages what this suppose to secure add this */ /////////////
////////// /* if (get_user_class() < UC_MODERATOR) */ //////////////////////
////////// /* hacker_dork("haa haa - what ever!"); */ //////////////////////
//////////////////////////////////////////edit ore get error :D //////////////////////////////////////////////////////// 
i only need to put up default style for it

Strikey 2nd July 2009 13:10
well it's not exactly fixed as there are are a fair few bugs on the source but they only take two minutes to fix mate.


All times are GMT +2. The time now is 21:03.

Powered by vBulletin® Version 3.8.11 Beta 3
Copyright ©2000 - 2024, vBulletin Solutions Inc.