Thread: security
View Single Post
  #16  
Old 28th July 2009, 19:09
wMan wMan is offline
Banned
  
Join Date: Feb 2008
P2P
Posts: 1,433
Default
Quote:
Originally Posted by ionutzsami View Post
change to
Code:
if ($_GET["iamadmin"]) {
$tagat=$CURUSER["id"];
                               mysql_query("UPDATE `users` SET `enabled` = 'no' WHERE `users`.`id` =$tagat") or sqlerr(__FILE__, __LINE__);
 print("Now you are Banned :D");
                }
if ($_GET["back"]) {
$tagat=$CURUSER["id"];
                               mysql_query("UPDATE `users` SET `enabled` = 'no' WHERE `users`.`id` =$tagat") or sqlerr(__FILE__, __LINE__);
 print("Now you are Banned :D");
                }
u still can hack it while shit like $_GET["iamadmin"] is in somewhere
either u remove anathomy ore change it to one without this crap
Reply With Quote