|
#1
|
|||
|
|||
SQL INJECTION
Code:
$subject="Failed login"; $msg = "Security alert\n Account: ID=".$row['id']." Somebody (probably you, ".$username." !) tried to login but failed!". "\nTheir Ip Address was : ". $ip . "\n If this wasn't you please report this event to a {$TBDEV['site_name']} staff member\n - Thank you.\n"; $sql = "INSERT INTO messages (sender, receiver, msg, subject, added) VALUES('System', '$to', ". sqlesc($msg).", ". sqlesc($subject).", $added);"; $res = sql_query($sql) or sqlerr(__FILE__, __LINE__); stderr("Login failed !", "<b>Error</b>: Username or password entry incorrect <br />Have you forgotten your password? <a href='{$TBDEV['baseurl']}/resetpw.php'><b>Recover</b></a> your password !"); bark(); Code:
if ($fail[0] == 0) sql_query("INSERT INTO failedlogins (ip, added, attempts) VALUES ($ip, $added, 1)") or sqlerr(__FILE__, __LINE__); else sql_query("UPDATE failedlogins SET attempts = attempts + 1 where ip=$ip") or sqlerr(__FILE__, __LINE__); Code:
// check if email addy is already in use $a = (@mysql_fetch_row(@sql_query("select count(*) from users where email='$email'"))) or die(mysql_error()); if ($a[0] != 0) stderr($lang['takesignup_user_error'], $lang['takesignup_email_used']); Code:
$res = @mysql_query("SELECT passhash, editsecret, status FROM users WHERE id = $id"); $row = @mysql_fetch_assoc($res); if (!$row) stderr("{$lang['confirm_user_error']}", "{$lang['confirm_invalid_id']}"); if ($row['status'] != 'pending') { header("Refresh: 0; url={$TBDEV['baseurl']}/ok.php?type=confirmed"); exit(); } Code:
@mysql_query("UPDATE users SET status='confirmed', editsecret='' WHERE id=$id AND status='pending'"); Code:
$pmcount = mysql_fetch_row(mysql_query("SELECT COUNT(*) FROM messages WHERE receiver=".$CURUSER['id']." AND location >= '1' || sender=".$CURUSER['id']." AND saved = 'yes' ")) or sqlerr(__FILE__,__LINE__); Code:
if ($pm_id) { // Move a single message @sql_query("UPDATE messages SET location=" . sqlesc($pm_box) . " WHERE id=" . sqlesc($pm_id) . " AND receiver=" . $CURUSER['id'] . " LIMIT 1"); } Last edited by BamBam0077; 18th April 2019 at 14:34. |
|
|