4images Forum & Community
4images Help / Hilfe => Bug Fixes & Patches => Topic started by: V@no on March 29, 2009, 09:49:56 PM
-
This bug allows members set blank passwords at "change password" form (credit goes to komsho24 (http://www.4homepages.de/forum/index.php?action=profile;u=19732) and Nicky (http://www.4homepages.de/forum/index.php?action=profile;u=3) for reporting this bug)
In members.php find:
$user_password = md5(trim($HTTP_POST_VARS['user_password']));
$user_password2 = md5(trim($HTTP_POST_VARS['user_password2']));
Replace it with:
$user_password = trim($HTTP_POST_VARS['user_password']);
$user_password2 = trim($HTTP_POST_VARS['user_password2']);
Then find a few lines below:
SET ".get_user_table_field("", "user_password")." = '$user_password'
Replace it with:
SET ".get_user_table_field("", "user_password")." = '".md5($user_password)."'
-
... thanks V@no for this fix ... and also thanks to Nicky for the bug reporting ...
-
hey lol guys...
no it wasnt me :)
user komsho24 (http://www.4homepages.de/forum/index.php?action=profile;u=19732) that he can set blank password
http://www.4homepages.de/forum/index.php?topic=21872.msg134243#msg134243
i only found out if you set blank password and logout yourself from the gallery that you can not login anymore with "blank" password field.
V@no,
thank you for the fix fix :) !