Bravo List
Register
Go Back   > Bravo List > P2P > Forum > Downloads
Reply
  #11  
Old 13th October 2008, 15:57
johnake's Avatar
johnake johnake is offline
Senior Member
 
Join Date: Dec 2007
Posts: 52
Default
I would like to see a modded source with some security thinking in mind. The following were verified in a very short time:
changeusername.php:

Replace:
PHP Code:
if (get_user_class() < 6
with
PHP Code:
if (get_user_class() < UC_SYSOP
Request mod... kinda dangerous xss&sql injection

adminstuff.php

PHP Code:
if ($CURUSER['class'] < 7
with
PHP Code:
if ($CURUSER['class'] < UC_SYSOP
delacct.php you should either delete it or you have two choices:

1. Put a conditional statement that verifies that the current user's id is equivalent with the one that's gonna be deleted
2. Instead of letting the user deleting his own account you should make a form that asks the staff to do this, with a reason of course.

details.php

find:
PHP Code:
stdhead("Details for torrent \"" $row["name"] . "\""); 
replace with:

PHP Code:
stdhead("Details for torrent \"" htmlspecialchars($row["name"]) . "\""); 
log.php (should not be visible for everyone and):

find:
PHP Code:
print("<tr><td>$date</td><td>$time</td><td align=left>$arr[txt]</td></tr>\n"); 
replace with:
PHP Code:
print("<tr><td>$date</td><td>$time</td><td align=left>".htmlspecialchars($arr['txt'])."</td></tr>\n"); 
repair.php (everyone could repair the database and sensitive information about the database poped out). So...


PHP Code:
<?php
require_once("include/secrets.php");
require_once(
"include/bittorrent.php");
dbconn();
loggedinorreturn();

if (
get_user_class() < UC_MODERATOR)
  
stderr("Error","Permission denied.");


$db mysql_connect($mysql_host$mysql_user$mysql_pass);
$sql "SHOW DATABASES";
$dbs_result mysql_query($sql$db);
if(
mysql_num_rows($dbs_result))
{
while(
$dbs_row=mysql_fetch_assoc($dbs_result))
{
$database $dbs_row["Database"];
echo 
"\n\nOptimizing database $database : \n";
mysql_select_db($database$db);
$sql "SHOW TABLE STATUS";
$tbls_result mysql_query($sql$db);
if(
mysql_num_rows($tbls_result))
{
while(
$tbls_row=mysql_fetch_assoc($tbls_result))
{
$TableName "`".$tbls_row["Name"]."`";
$sql "REPAIR TABLE ".$TableName;
echo 
"\n".$sql;
mysql_query($sql$db);
$sql "OPTIMIZE TABLE ".$TableName;
echo 
"\n".$sql;
mysql_query($sql$db);
}
}
}
}
echo 
"\n\n";
mysql_close($db);
?>
So, secure your files...
__________________
PHP Code:
class mySelf extends World
   
{
       public 
$health;
       private 
$friends;
       protected 
$love;
  
   public function 
__construct()
  {
       
$this->health 100;
       
$this->friends 2;
       
$this->love true;
  }
  protected function 
__love()
  { 
      
//has a bug... for the moment...
      //will fix it later.. until then:
      
sleep(15*365*24*3600);
  }

Reply With Quote
  #12  
Old 13th October 2008, 16:22
wMan wMan is offline
Banned
 
Join Date: Feb 2008
P2P
Posts: 1,433
Default
also in delacct.php

add

Code:
if (get_user_class() < UC_ADMINISTRATOR)
stderr("Sorry", "Access denied.");
so only staff cant delete a users account
Reply With Quote
  #13  
Old 13th October 2008, 19:01
al_ltoticmat al_ltoticmat is offline
Senior Member
 
Join Date: Oct 2008
Posts: 44
Default
What is username tbdev password?

Also, I want to add my username as Sysop.

Thank you.
Reply With Quote
  #14  
Old 13th October 2008, 19:30
wMan wMan is offline
Banned
 
Join Date: Feb 2008
P2P
Posts: 1,433
Default
add your tracker signup your then the sysop/owner ..............hey presto
Reply With Quote
  #15  
Old 13th October 2008, 21:13
underx underx is offline
Senior Member
 
Join Date: Sep 2008
Posts: 84
Default
Quote:
Originally Posted by clocktower View Post
add the sql code in your sites database jesssssssssssssss
I added the sql in my data base and I got those errors !!!
Reply With Quote
  #16  
Old 14th October 2008, 05:57
al_ltoticmat al_ltoticmat is offline
Senior Member
 
Join Date: Oct 2008
Posts: 44
Default
Thank you.

How can I used skin from http://bvlist.com/tbdev-source/794-t...etmaniack.html ?

Last edited by al_ltoticmat; 14th October 2008 at 06:05.
Reply With Quote
  #17  
Old 25th October 2010, 06:00
weezy's Avatar
weezy weezy is offline
Member
 
Join Date: May 2009
P2P
Posts: 12
Default i have a probel with the status bar!
I don't have a status bar
Reply With Quote
  #18  
Old 30th June 2013, 02:58
asdfag asdfag is offline
Member
 
Join Date: Jul 2012
P2P
Posts: 1
Default Hi
When i import the database is giving me this error:

Quote:
Error
SQL query:

#
# Structura de tabel pentru tabelul `addedrequests`
#
CREATE TABLE `addedrequests` (

`id` INT( 10 ) UNSIGNED NOT NULL AUTO_INCREMENT ,
`requestid` INT( 10 ) UNSIGNED NOT NULL DEFAULT '0',
`userid` INT( 10 ) UNSIGNED NOT NULL DEFAULT '0',
PRIMARY KEY ( `id` ) ,
KEY `pollid` ( `id` ) ,
KEY `userid` ( `userid` )
) TYPE = MYISAM AUTO_INCREMENT =48;

MySQL said:

#1064 - You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'TYPE=MyISAM AUTO_INCREMENT=48' at line 12
Can anyone help me?
Reply With Quote
  #19  
Old 12th July 2013, 20:06
wMan wMan is offline
Banned
 
Join Date: Feb 2008
P2P
Posts: 1,433
Thumbs up
this will fix it mate



Code:
CREATE TABLE IF NOT EXISTS  `addedrequests` (
  `id` int(10) unsigned NOT NULL auto_increment,
  `requestid` int(10) unsigned NOT NULL default '0',
  `userid` int(10) unsigned NOT NULL default '0',
  PRIMARY KEY  (`id`),
  KEY `pollid` (`id`),
  KEY `userid` (`userid`),
  KEY `requestid_userid` (`requestid`,`userid`)
) ENGINE=MyISAM DEFAULT CHARSET=utf8;

--
-- Dumping data for table `addedrequests`
--


-- --------------------------------------------------------
Reply With Quote
  #20  
Old 8th November 2013, 19:37
Krack3r Krack3r is offline
Member
 
Join Date: Nov 2013
P2P
Posts: 2
Default Thanks m8
Thanks m8 getting ready to rock and roll
Reply With Quote
The Following User Says Thank You to Krack3r For This Useful Post:
nicukent (17th November 2013)
Reply

Tags
darkseeder , premodded , source

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump



All times are GMT +2. The time now is 16:22. vBulletin skin by ForumMonkeys. Powered by vBulletin® Version 3.8.11 Beta 3
Copyright ©2000 - 2024, vBulletin Solutions Inc.