Part One:
Find:
PHP Code:
//-- Sysop Tools --//
$query = "SELECT *
FROM controlpanel
WHERE status=0 AND max_class=6" or sqlerr(__FILE__, __LINE__);
$sql = sql_query($query);
while ($row = mysql_fetch_array($sql))
{
$id = $row['id'];
$name = $row['name'];
$url = $row['url'];
$image = $row['image'];
$max_class = $row['max_class'];
if ($max_class == 6)
{
$max_class = "Sysop";
}
Replacement:
PHP Code:
//-- Sysop Tools --//
$query = "SELECT *
FROM controlpanel
WHERE status=0 AND max_class=6" or sqlerr(__FILE__, __LINE__);
$sql = sql_query($query);
while ($row = mysql_fetch_array($sql))
{
$id = sqlesc($row['id']);
$name = sqlesc(htmlspecialchars($row['name']));
$url = sqlesc($row['url']);
$image = sqlesc(htmlspecialchars($row['image']));
$max_class = sqlesc($row['max_class']);
if ($max_class == 6)
{
$max_class = "Sysop";
}
Find:
PHP Code:
//-- Admin Tools --//
$query = "SELECT *
FROM controlpanel
WHERE status=0 AND max_class=5" or sqlerr(__FILE__, __LINE__);
$sql = sql_query($query);
while ($row = mysql_fetch_array($sql))
{
$id = $row['id'];
$name = $row['name'];
$url = $row['url'];
$image = $row['image'];
$max_class = $row['max_class'];
if ($max_class == 5)
{
$max_class = "Administrator";
}
Replacement:
PHP Code:
//-- Admin Tools --//
$query = "SELECT *
FROM controlpanel
WHERE status=0 AND max_class=5" or sqlerr(__FILE__, __LINE__);
$sql = sql_query($query);
while ($row = mysql_fetch_array($sql))
{
$id = sqlesc($row['id']);
$name = sqlesc(htmlspecialchars ($row['name']));
$url = sqlesc($row['url']);
$image = sqlesc(htmlspecialchars($row['image']));
$max_class = sqlesc($row['max_class']);
if ($max_class == 5)
{
$max_class = "Administrator";
}
Find:
PHP Code:
//-- Mod Tools --//
$query = "SELECT *
FROM controlpanel
WHERE status=0 AND max_class=4" or sqlerr(__FILE__, __LINE__);
$sql = sql_query($query);
while ($row = mysql_fetch_array($sql))
{
$id = $row['id'];
$name = $row['name'];
$url = $row['url'];
$image = $row['image'];
$max_class = $row['max_class'];
if ($max_class == 4)
{
$max_class = "Moderator";
}
Replacement:
PHP Code:
//-- Mod Tools --//
$query = "SELECT *
FROM controlpanel
WHERE status=0 AND max_class=4" or sqlerr(__FILE__, __LINE__);
$sql = sql_query($query);
while ($row = mysql_fetch_array($sql))
{
$id = sqlesc($row['id']);
$name = sqlesc(htmlspecialchars ($row['name']));
$url = sqlesc($row['url']);
$image = sqlesc(htmlspecialchars ($row['image']));
$max_class = sqlesc($row['max_class']);
if ($max_class == 4)
{
$max_class = "Moderator";
}
PART 2:
Find:
PHP Code:
while ($row = mysql_fetch_array($sql))
{
$file = $row["url"];
$id = $row["id"];
$status = $row["status"];
$max_class = $row['max_class'];
$fileaction = $_GET['fileaction'];
if ($fileaction == $row[id] & $CURUSER['class'] < "$max_class")
{
error_message("warn", "Access Denied", "Your Staff Level Is Incorrect For This Area.");
}
Replacement:
PHP Code:
while ($row = mysql_fetch_array($sql))
{
$file = sqlesc($row["url"]);
$id = sqlesc($row["id"]);
$status = sqlesc($row["status"]);
$max_class = sqlesc($row['max_class']);
$fileaction = sqlesc($_GET['fileaction']);
if ($fileaction == $row[id] & $CURUSER['class'] < "$max_class")
{
error_message("warn", "Access Denied", "Your Staff Level Is Incorrect For This Area.");
}
Find:
PHP Code:
$query = "SELECT *
FROM controlpanel
WHERE status=1 AND max_class=7" or sqlerr(__FILE__, __LINE__);
$sql = sql_query($query);
while ($row = mysql_fetch_array($sql))
{
$id = $row['id'];
$name = $row['name'];
$url = $row['url'];
$image = $row['image'];
Replacement:
PHP Code:
$query = "SELECT *
FROM controlpanel
WHERE status=1 AND max_class=7" or sqlerr(__FILE__, __LINE__);
$sql = sql_query($query);
while ($row = mysql_fetch_array($sql))
{
$id = sqlesc($row['id']);
$name = sqlesc(htmlspecialchars ($row['name']));
$url = sqlesc($row['url']);
$image = sqlesc($row['image']);
Find:
PHP Code:
$query = "SELECT *
FROM controlpanel
WHERE status=1 AND max_class=6" or sqlerr(__FILE__, __LINE__);
$sql = sql_query($query);
while ($row = mysql_fetch_array($sql))
{
$id = $row['id'];
$name = $row['name'];
$url = $row['url'];
$image = $row['image'];
Replacement:
PHP Code:
$query = "SELECT *
FROM controlpanel
WHERE status=1 AND max_class=6" or sqlerr(__FILE__, __LINE__);
$sql = sql_query($query);
while ($row = mysql_fetch_array($sql))
{
$id = sqlesc($row['id']);
$name = sqlesc(htmlspecialchars ($row['name']));
$url = sqlesc($row['url']);
$image = sqlesc($row['image']);
Find:
PHP Code:
$query = "SELECT *
FROM controlpanel
WHERE status=1 AND max_class=5" or sqlerr(__FILE__, __LINE__);
$sql = sql_query($query);
while ($row = mysql_fetch_array($sql))
{
$id = $row['id'];
$name = $row['name'];
$url = $row['url'];
$image = $row['image'];
Replacement:
PHP Code:
$query = "SELECT *
FROM controlpanel
WHERE status=1 AND max_class=5" or sqlerr(__FILE__, __LINE__);
$sql = sql_query($query);
while ($row = mysql_fetch_array($sql))
{
$id = sqlesc($row['id']);
$name = sqlesc(htmlspecialchars ($row['name']);
$url = sqlesc($row['url']);
$image = sqlesc($row['image']);
Find:
PHP Code:
$query = "SELECT *
FROM controlpanel
WHERE status=1 AND max_class=4" or sqlerr(__FILE__, __LINE__);
$sql = sql_query($query);
while ($row = mysql_fetch_array($sql))
{
$id = $row['id'];
$name = $row['name'];
$url = $row['url'];
$image = $row['image'];
Replacement:
PHP Code:
$query = "SELECT *
FROM controlpanel
WHERE status=1 AND max_class=4" or sqlerr(__FILE__, __LINE__);
$sql = sql_query($query);
while ($row = mysql_fetch_array($sql))
{
$id = sqlesc($row['id']);
$name = sqlesc(htmlspecialchars ($row['name']);
$url = sqlesc($row['url']);
$image = sqlesc($row['image']);
Once done should be secured now!, mysql_real_escape_string(); was used to secure the queries being utitised within.