Welcome to Geeklog, Anonymous Sunday, December 22 2024 @ 11:40 pm EST
Geeklog Forums
Serious bug in usersettings ?
Status: offline
remy
Forum User
Full Member
Registered: 06/09/03
Posts: 162
Location:Rotterdam & Bonn
The constantly vhanging of the field pwrequestid in table['users'] caught my attention.
Than I discovered the code
DB_change ($_TABLES['users'], 'pwrequestid', "$reqid",
'username', $username);
in /usersettings.php within the punction edit_user(). This function displays only the form to change the user settings. The variable $username is not even set. So the DB_change changes the complete table, leaving users alone with an expired request later on.
I think this code is there in error.
Maybe I do oversee something. Can somebody help me out ?
Than I discovered the code
Text Formatted Code
$reqid = substr (md5 (uniqid (rand (), 1)), 1, 16);DB_change ($_TABLES['users'], 'pwrequestid', "$reqid",
'username', $username);
I think this code is there in error.
Maybe I do oversee something. Can somebody help me out ?
5
5
Quote
Status: offline
remy
Forum User
Full Member
Registered: 06/09/03
Posts: 162
Location:Rotterdam & Bonn
I've corrected the $username into $_USER['username'].
I'm not sure if that's correct. Possibly the code does not belong there. The other programs /users.php and /admin/user.php don't have these lines.
I would expect in any case /admin/user.php to have the lines, if they are correct.
I'm not sure if that's correct. Possibly the code does not belong there. The other programs /users.php and /admin/user.php don't have these lines.
I would expect in any case /admin/user.php to have the lines, if they are correct.
4
2
Quote
All times are EST. The time is now 11:40 pm.
- Normal Topic
- Sticky Topic
- Locked Topic
- New Post
- Sticky Topic W/ New Post
- Locked Topic W/ New Post
- View Anonymous Posts
- Able to post
- Filtered HTML Allowed
- Censored Content