This was uncovered by NSN Sentinelâ„¢ when applied to the test sites.
In Your Account's index.php file you will find 4 placements of:
getusrinfo($user);
if (($userinfo[username] != $cookie[1]) AND ($userinfo[user_password] != $cookie[2]))
{
These should be:
cookiedecode($user);
getusrinfo($user);
if ((is_user($user)) AND ($userinfo['username'] == $cookie[1]) AND ($userinfo['user_password'] == $cookie[2])) {
Admin note: Code updated 5/28/04, our thanks to Dogman.
|
This article comes from Ravens PHP Scripts
https://www.ravenphpscripts.com
The URL for this story is:
https://www.ravenphpscripts.com/modules.php?name=News&file=article&sid=354
https://www.ravenphpscripts.com
The URL for this story is:
https://www.ravenphpscripts.com/modules.php?name=News&file=article&sid=354