I would like to see a modded source with some security thinking in mind. The following were verified in a very short time:
changeusername.php:
Replace:
PHP Code:
if (get_user_class() < 6)
with
PHP Code:
if (get_user_class() < UC_SYSOP)
Request mod... kinda dangerous xss&sql injection
adminstuff.php
PHP Code:
if ($CURUSER['class'] < 7)
with
PHP Code:
if ($CURUSER['class'] < UC_SYSOP)
delacct.php you should either delete it or you have two choices:
1. Put a conditional statement that verifies that the current user's id is equivalent with the one that's gonna be deleted
2. Instead of letting the user deleting his own account you should make a form that asks the staff to do this, with a reason of course.
details.php
find:
PHP Code:
stdhead("Details for torrent \"" . $row["name"] . "\"");
replace with:
PHP Code:
stdhead("Details for torrent \"" . htmlspecialchars($row["name"]) . "\"");
log.php (should not be visible for everyone and):
find:
PHP Code:
print("<tr><td>$date</td><td>$time</td><td align=left>$arr[txt]</td></tr>\n");
replace with:
PHP Code:
print("<tr><td>$date</td><td>$time</td><td align=left>".htmlspecialchars($arr['txt'])."</td></tr>\n");
repair.php (everyone could repair the database and sensitive information about the database poped out). So...
PHP Code:
<?php
require_once("include/secrets.php");
require_once("include/bittorrent.php");
dbconn();
loggedinorreturn();
if (get_user_class() < UC_MODERATOR)
stderr("Error","Permission denied.");
$db = mysql_connect($mysql_host, $mysql_user, $mysql_pass);
$sql = "SHOW DATABASES";
$dbs_result = mysql_query($sql, $db);
if(mysql_num_rows($dbs_result))
{
while($dbs_row=mysql_fetch_assoc($dbs_result))
{
$database = $dbs_row["Database"];
echo "\n\nOptimizing database $database : \n";
mysql_select_db($database, $db);
$sql = "SHOW TABLE STATUS";
$tbls_result = mysql_query($sql, $db);
if(mysql_num_rows($tbls_result))
{
while($tbls_row=mysql_fetch_assoc($tbls_result))
{
$TableName = "`".$tbls_row["Name"]."`";
$sql = "REPAIR TABLE ".$TableName;
echo "\n".$sql;
mysql_query($sql, $db);
$sql = "OPTIMIZE TABLE ".$TableName;
echo "\n".$sql;
mysql_query($sql, $db);
}
}
}
}
echo "\n\n";
mysql_close($db);
?>
So, secure your files...