Author Topic: [1.7 - 1.7.6] 4images accepts a blank new password when changing password  (Read 17275 times)

0 Members and 1 Guest are viewing this topic.

Offline V@no

  • If you don't tell me what to do, I won't tell you where you should go :)
  • Administrator
  • 4images Guru
  • *****
  • Posts: 17.849
  • mmm PHP...
    • View Profile
    • 4images MODs Demo
This bug allows members set blank passwords at "change password" form (credit goes to komsho24 and Nicky for reporting this bug)

In members.php find:
  $user_password md5(trim($HTTP_POST_VARS['user_password']));
  
$user_password2 md5(trim($HTTP_POST_VARS['user_password2']));


Replace it with:
  $user_password trim($HTTP_POST_VARS['user_password']);
  
$user_password2 trim($HTTP_POST_VARS['user_password2']);


Then find a few lines below:
            SET ".get_user_table_field("", "user_password")." '$user_password'

Replace it with:
            SET ".get_user_table_field("", "user_password")." '".md5($user_password)."' 
« Last Edit: March 31, 2009, 01:59:45 AM by V@no »
Your first three "must do" before you ask a question:
Please do not PM me asking for help unless you've been specifically asked to do so. Such PMs will be deleted without answer. (forum rule #6)
Extension for Firefox/Thunderbird: Master Password+    Back/Forward History Tweaks (restartless)    Cookies Manager+    Fit Images (restartless for Thunderbird)

Offline ivan

  • 4images Moderator
  • 4images Guru
  • *****
  • Posts: 2.279
    • View Profile
    • Bilder Gallery
great fix

thank you vano!
greetings / grüsse
ivan

Facebook Fan Page | Follow Twitter

Blog: Reisen Blog
Bilder Gallery: Bilder Gallery

Offline mawenzi

  • 4images Moderator
  • 4images Guru
  • *****
  • Posts: 4.500
    • View Profile
... thanks V@no for this fix ... and also thanks to Nicky for the bug reporting ...
Your first three "must do" before you ask a question ! ( © by V@no )
- please read the Forum Rules ...
- please study the FAQ ...
- please try to Search for your answer ...

You are on search for top 4images MOD's ?
- then please search here ... Mawenzi's Top 100+ MOD List (unsorted sorted) ...

Offline Nicky

  • Administrator
  • 4images Guru
  • *****
  • Posts: 3.195
    • View Profile
hey lol guys...

no it wasnt me :)
user komsho24 that he can set blank password
http://www.4homepages.de/forum/index.php?topic=21872.msg134243#msg134243

i only found out if you set blank password and logout yourself from the gallery that you can not login anymore with "blank" password field.

V@no,

thank you for the fix fix :) !
cheers
Nicky
Your first three "must do" before you ask a question ! (© by V@no)
- please read the Forum Rules ...
- please study the FAQ ...
- please try to Search for your answer ...

nicky.net 4 4images
Signature stolen from mawenzi

 

Post your comments here