4images Forum & Community
Welcome, Guest. Please login or register.
Did you miss your activation email?
December 18, 2018, 03:02:43 PM

Login with username, password and session length
Search:     Advanced search
Follow 4images on twitter: Click here to follow!
Togle to toolbar
Translate this page with =>
Translate this page >
* Home Help Search Login Register
 
+  4images Forum & Community
|-+  4images Help / Hilfe
| |-+  Bug Fixes & Patches
| | |-+  [1.7 - 1.7.6] 4images accepts a blank new password when changing password
0 Members and 1 Guest are viewing this topic. « previous next »
Pages: [1] Print
Author Topic: [1.7 - 1.7.6] 4images accepts a blank new password when changing password  (Read 16586 times)
V@no
If you don't tell me what to do, I won't tell you where you should go :)
Administrator
4images Guru
*****
Offline Offline

Posts: 17849

Thank You
-Given: 47
-Receive: 578

mmm PHP...


View Profile WWW
« on: March 29, 2009, 09:49:56 PM »

This bug allows members set blank passwords at "change password" form (credit goes to komsho24 and Nicky for reporting this bug)

In members.php find:
1
2
  $user_password md5(trim($HTTP_POST_VARS['user_password']));
  
$user_password2 md5(trim($HTTP_POST_VARS['user_password2']));

Replace it with:
1
2
  $user_password trim($HTTP_POST_VARS['user_password']);
  
$user_password2 trim($HTTP_POST_VARS['user_password2']);

Then find a few lines below:
1
            SET ".get_user_table_field("", "user_password")." '$user_password'

Replace it with:
1
            SET ".get_user_table_field("", "user_password")." '".md5($user_password)."' 
« Last Edit: March 31, 2009, 01:59:45 AM by V@no » Logged

Your first three "must do" before you ask a question:
Please do not PM me asking for help unless you've been specifically asked to do so. Such PMs will be deleted without answer. (forum rule #6)
Extension for Firefox/Thunderbird: Master Password+    Back/Forward History Tweaks (restartless)    Cookies Manager+    Fit Images (restartless for Thunderbird)
ivan
4images Moderator
4images Guru
*****
Offline Offline

Posts: 2279

Thank You
-Given: 4
-Receive: 31


View Profile WWW
« Reply #1 on: March 29, 2009, 10:28:41 PM »

great fix

thank you vano!
Logged

greetings / grüsse
ivan

Facebook Fan Page | Follow Twitter

Blog: Reisen Blog
Bilder Gallery: Bilder Gallery
mawenzi
4images Moderator
4images Guru
*****
Offline Offline

Posts: 4500

Thank You
-Given: 36
-Receive: 121


View Profile
« Reply #2 on: March 30, 2009, 04:34:04 PM »

... thanks V@no for this fix ... and also thanks to Nicky for the bug reporting ...
Logged

Your first three "must do" before you ask a question ! ( © by V@no )
- please read the Forum Rules ...
- please study the FAQ ...
- please try to Search for your answer ...

You are on search for top 4images MOD's ?
- then please search here ... Mawenzi's Top 100+ MOD List (unsorted sorted) ...
Nicky
Administrator
4images Guru
*****
Offline Offline

Posts: 3195

Thank You
-Given: 26
-Receive: 59


View Profile
« Reply #3 on: March 30, 2009, 06:09:55 PM »

hey lol guys...

no it wasnt me Smile
user komsho24 that he can set blank password
http://www.4homepages.de/forum/index.php?topic=21872.msg134243#msg134243

i only found out if you set blank password and logout yourself from the gallery that you can not login anymore with "blank" password field.

V@no,

thank you for the fix fix Smile !
Logged

cheers
Nicky
Your first three "must do" before you ask a question ! (© by V@no)
- please read the Forum Rules ...
- please study the FAQ ...
- please try to Search for your answer ...

nicky.net 4 4images
Signature stolen from mawenzi
Pages: [1] Print 
« previous next »
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF | SMF © 2015, Simple Machines Valid XHTML 1.0! Valid CSS!
Page created in 0.04 seconds with 19 queries.
Post your comments here