« previous next »
Pages: [1]

Author Topic: [FIX] - login.php  (Read 4825 times)

0 Members and 1 Guest are viewing this topic.

Offline thunderstrike

  • 4images Guru
  • *******
  • Posts: 2.327
    • View Profile
[FIX] - login.php
« on: September 08, 2007, 06:05:36 PM »
Detail: Check for valid chars for username & password.

Find:

Quote
else {
  $user_name = trim($HTTP_POST_VARS['user_name']);
  $user_password = trim($HTTP_POST_VARS['user_password']);

replace:

Code: [Select]
else {
  $user_name = (isset($HTTP_POST_VARS['user_name'])) ? trim($HTTP_POST_VARS['user_name']) : "";
  $user_name = preg_replace("/[^A-Za-z0-9_-]+/i", "", $user_name);
  $user_password = (isset($HTTP_POST_VARS['user_password'])) ? trim($HTTP_POST_VARS['user_password']) : "";
  $user_password = preg_replace("/[^A-Za-z0-9_-]+/i", "", $user_password);

user no use other char with A-Z a-z0-9_- for user name and password.
Logged
8 steps need when ask question -

- PHP version (ACP - > phpinfo())
- mySQL version (ACP - > phpinfo())
- 4images version
- Post screenshot / URL
- Post code in BB Code (no need full file for code) or post attach file
- It doesn't work. What is say - what is do for no work
- Install MOD ? If so - please say (troubleshooting)
- Read FAQ ? Install Bug fixes ?
Pages: [1]
« previous next »