Bravo List
Page 2 of 3 1 2 3
Show 40 post(s) from this thread on one page

Bravo List (http://www.bvlist.com/index.php)
-   Downloads (http://www.bvlist.com/forumdisplay.php?f=16)
-   -   Darkseeder PreModded Source (http://www.bvlist.com/showthread.php?t=1124)

johnake 13th October 2008 15:57
I would like to see a modded source with some security thinking in mind. The following were verified in a very short time:
changeusername.php:

Replace:
PHP Code:
if (get_user_class() < 6
with
PHP Code:
if (get_user_class() < UC_SYSOP
Request mod... kinda dangerous xss&sql injection

adminstuff.php

PHP Code:
if ($CURUSER['class'] < 7
with
PHP Code:
if ($CURUSER['class'] < UC_SYSOP
delacct.php you should either delete it or you have two choices:

1. Put a conditional statement that verifies that the current user's id is equivalent with the one that's gonna be deleted
2. Instead of letting the user deleting his own account you should make a form that asks the staff to do this, with a reason of course.

details.php

find:
PHP Code:
stdhead("Details for torrent \"" $row["name"] . "\""); 
replace with:

PHP Code:
stdhead("Details for torrent \"" htmlspecialchars($row["name"]) . "\""); 
log.php (should not be visible for everyone and):

find:
PHP Code:
print("<tr><td>$date</td><td>$time</td><td align=left>$arr[txt]</td></tr>\n"); 
replace with:
PHP Code:
print("<tr><td>$date</td><td>$time</td><td align=left>".htmlspecialchars($arr['txt'])."</td></tr>\n"); 
repair.php (everyone could repair the database and sensitive information about the database poped out). So...


PHP Code:
<?php
require_once("include/secrets.php");
require_once("include/bittorrent.php");
dbconn();
loggedinorreturn();

if (get_user_class() < UC_MODERATOR)
  stderr("Error","Permission denied.");


$db mysql_connect($mysql_host$mysql_user$mysql_pass);
$sql "SHOW DATABASES";
$dbs_result mysql_query($sql$db);
if(mysql_num_rows($dbs_result))
{
while($dbs_row=mysql_fetch_assoc($dbs_result))
{
$database $dbs_row["Database"];
echo "\n\nOptimizing database $database : \n";
mysql_select_db($database$db);
$sql "SHOW TABLE STATUS";
$tbls_result mysql_query($sql$db);
if(mysql_num_rows($tbls_result))
{
while($tbls_row=mysql_fetch_assoc($tbls_result))
{
$TableName "`".$tbls_row["Name"]."`";
$sql "REPAIR TABLE ".$TableName;
echo "\n".$sql;
mysql_query($sql$db);
$sql "OPTIMIZE TABLE ".$TableName;
echo "\n".$sql;
mysql_query($sql$db);
}
}
}
}
echo "\n\n";
mysql_close($db);
?>
So, secure your files...

wMan 13th October 2008 16:22
also in delacct.php

add

Code:
if (get_user_class() < UC_ADMINISTRATOR)
stderr("Sorry", "Access denied.");
so only staff cant delete a users account

al_ltoticmat 13th October 2008 19:01
What is username tbdev password?

Also, I want to add my username as Sysop.

Thank you.

wMan 13th October 2008 19:30
add your tracker signup your then the sysop/owner ..............hey presto

underx 13th October 2008 21:13
Quote:
Originally Posted by clocktower (Post 5178)
add the sql code in your sites database jesssssssssssssss
I added the sql in my data base and I got those errors !!!

al_ltoticmat 14th October 2008 05:57
Thank you.

How can I used skin from http://bvlist.com/tbdev-source/794-t...etmaniack.html ?

weezy 25th October 2010 06:00
i have a probel with the status bar!
 
I don't have a status bar

asdfag 30th June 2013 02:58
Hi
 
When i import the database is giving me this error:

Quote:
Error
SQL query:

#
# Structura de tabel pentru tabelul `addedrequests`
#
CREATE TABLE `addedrequests` (

`id` INT( 10 ) UNSIGNED NOT NULL AUTO_INCREMENT ,
`requestid` INT( 10 ) UNSIGNED NOT NULL DEFAULT '0',
`userid` INT( 10 ) UNSIGNED NOT NULL DEFAULT '0',
PRIMARY KEY ( `id` ) ,
KEY `pollid` ( `id` ) ,
KEY `userid` ( `userid` )
) TYPE = MYISAM AUTO_INCREMENT =48;

MySQL said:

#1064 - You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'TYPE=MyISAM AUTO_INCREMENT=48' at line 12
Can anyone help me?

wMan 12th July 2013 20:06
this will fix it mate :muscle:



Code:
CREATE TABLE IF NOT EXISTS  `addedrequests` (
  `id` int(10) unsigned NOT NULL auto_increment,
  `requestid` int(10) unsigned NOT NULL default '0',
  `userid` int(10) unsigned NOT NULL default '0',
  PRIMARY KEY  (`id`),
  KEY `pollid` (`id`),
  KEY `userid` (`userid`),
  KEY `requestid_userid` (`requestid`,`userid`)
) ENGINE=MyISAM DEFAULT CHARSET=utf8;

--
-- Dumping data for table `addedrequests`
--


-- --------------------------------------------------------

Krack3r 8th November 2013 19:37
Thanks m8
 
Thanks m8 getting ready to rock and roll:war:


All times are GMT +2. The time now is 07:01.
Page 2 of 3 1 2 3
Show 40 post(s) from this thread on one page

Powered by vBulletin® Version 3.8.11 Beta 3
Copyright ©2000 - 2024, vBulletin Solutions Inc.