Register | Login | |||||
Main
| Memberlist
| Active users
| ACS
| Commons
| Calendar
| Online users Ranks | FAQ | Color Chart | Photo album | IRC Chat |
| |
0 user currently in Acmlmboard support?. |
Acmlm's Board - I2 Archive - Acmlmboard support? - COMPLETE Patch Code for 1.92 and Erk+1.9 | | | |
Add to favorites | "RSS" Feed | Next newer thread | Next older thread |
User | Post | ||
Dekker Avesque Goomba Level: 10 Posts: 19/32 EXP: 3754 For next: 660 Since: 08-29-04 Since last post: 190 days Last activity: 13 days |
| ||
Alright... This seems to be a complete patch, finally... If anyone wants the patched files themselves, they should contact me. HERE If you don't understand how to use the code in that text file, contact me via e-mail, IM, or PM and I'll be happy to explain it to you. |
|||
Nebetsu Shmee Level: 55 Posts: 1154/1574 EXP: 1291130 For next: 23059 Since: 09-01-04 From: Nebland Since last post: 3 hours Last activity: 1 hour |
| ||
Totally awesome! Thanks man! | |||
Ashly Level: 14 Posts: 42/57 EXP: 10514 For next: 2557 Since: 03-15-04 From: The Netherlands Since last post: 140 days Last activity: 62 days |
| ||
and what will this patch do... | |||
DarkSlaya POOOOOOOOOOOORN! Level: 88 Posts: 3468/4249 EXP: 6409254 For next: 241410 Since: 05-16-04 From: Montreal, Quebec, Canada Since last post: 8 hours Last activity: 5 hours |
| ||
If you actually read the text file, you would know it is to prevent SQL injections at two places on your board. | |||
Dekker Avesque Goomba Level: 10 Posts: 21/32 EXP: 3754 For next: 660 Since: 08-29-04 Since last post: 190 days Last activity: 13 days |
| ||
Actually, three... The last code-block works on Erk+1.9 editprofile.php and 1.92 or Erk+1.9 reigster.php... Remember, copy my IF statement and just change the $variable if you have any other numerical variables you've added into editprofile/register. NOTE: Sadly, it seems there are other ways of performing SQL injections on an acmlm board, as my fix didn't protect my own board entirely... :-/ It's a damn good thing I've been making nightly back-ups, lately... I'm working on finding that fourth hole, people... Until then... Back up your board! |
|||
Nebetsu Shmee Level: 55 Posts: 1157/1574 EXP: 1291130 For next: 23059 Since: 09-01-04 From: Nebland Since last post: 3 hours Last activity: 1 hour |
| ||
I always have backup of my php and I make a backup of the SQL database regularly. | |||
Dekker Avesque Goomba Level: 10 Posts: 22/32 EXP: 3754 For next: 660 Since: 08-29-04 Since last post: 190 days Last activity: 13 days |
| ||
Also, a slight glitch... For unknown reasons, on some boards after using this patch users cannot edit their profiles. This did not happen on my board, and hasn't happened on many, but it still has happened. Apparently, the board thinks everyone is a hacker. To fix this, rather than using the block of code labelled for use in Acmlm 1.92's editprofile.php for the editprofile.php, use the block of code that's for use with Erk+1.9's editprofile and Acmlm 1.92's register in editprofile.php. If you can, it's preferrable to use the proper code... Why? Merely because it actually outputs an error message. The second is just as secure, it simply isn't as stylish. |
|||
Tamarin Calanis We exist. Earth exists. The universe exists. Do we really need to know why? Level: 59 Posts: 355/1802 EXP: 1672751 For next: 377 Since: 07-12-04 From: The gas station on the corner... Since last post: 5 hours Last activity: 5 hours |
| ||
Actually, Dekk, at your board, I can't edit my password. Still. I said that there, though. I can edit my layout just fine, but... well, no luck on the password. |
|||
Dekker Avesque Goomba Level: 10 Posts: 23/32 EXP: 3754 For next: 660 Since: 08-29-04 Since last post: 190 days Last activity: 13 days |
| ||
Whoah, really? What error message does it give you? I mean, password isn't numerical... It doesn't even get checked by my patch. Edit; Whoah, it would seem the patch does cause this. Strange. Honestly, I can't say why... However, I can say that if you use the second method of patching, which I guess everyone should use instead ot the other, than it won't happen. Infact, I'll edit that text file so it is only the one non-erroneous method. (edited by Dekker Avesque on 03-08-05 01:17 AM) |
|||
Tamarin Calanis We exist. Earth exists. The universe exists. Do we really need to know why? Level: 59 Posts: 357/1802 EXP: 1672751 For next: 377 Since: 07-12-04 From: The gas station on the corner... Since last post: 5 hours Last activity: 5 hours |
| ||
Originally posted by Dekker AvesqueEh, I don't use all-letter passwords. Easier to guess. Anyway, I get the "Invalid Profile Data" message, then logged out. (edited by Tamarin Calanis on 03-08-05 01:19 AM) |
|||
Dekker Avesque Goomba Level: 10 Posts: 24/32 EXP: 3754 For next: 660 Since: 08-29-04 Since last post: 190 days Last activity: 13 days |
| ||
Yeah, it'll log you out if it thinks you're trying to exploit. Anyway, it doesn't matter whether or not you use numbers or letters in pass, I just meant the board doesn't treat the variable that is your password as a number. Anyway, I've fixed it now, and updated the textfile. Read the new dekkpatch.txt to see what changes've been made... The code is actually a lot simpler now. |
Add to favorites | "RSS" Feed | Next newer thread | Next older thread |
Acmlm's Board - I2 Archive - Acmlmboard support? - COMPLETE Patch Code for 1.92 and Erk+1.9 | | | |