Yeh, i use quickscriptz
But i need a more secure one.
Please help
Printable View
Yeh, i use quickscriptz
But i need a more secure one.
Please help
How secure can you be?
I quite like Kristall-Panel RC2. I have edited it alot though, so its more secure.
the quickscriptz has been hacked 3 times
lol
I dont think its the panel, it will be your staff with passwords such as changeme.Quote:
Originally Posted by greggy23
We have made it so our passwords cant be changeme. And when a Radio Manager adds an account, there password is randomly generated. Best way to make it secure :D
Oh god, how does it get hacked though? LOL, I just checked "check.php" it sets a SESSION for a password? No wonder its insecure, I think the whole thing needs re-thinking but no offense to the creator.
I just checked one source of it, and I think its insecure.Quote:
Originally Posted by Jack120
PHP Code:$query = mysql_query("SELECT username,djname,passwrd,rank,email FROM rp_users WHERE username = '$username'") or die(mysql_error());
$row = mysql_fetch_array($query);
$_SESSION["rp_logged"] = TRUE;
$_SESSION["rp_username"] = $row['username'];
$_SESSION["rp_passwrd"] = $row['passwrd'];
$_SESSION["rp_djname"] = $row['djname'];
$_SESSION["rp_email"] = $row['email'];
$_SESSION["rp_rank"] = $row['rank'];
So the panel can be hacked via that file?Quote:
Originally Posted by DriftPanzy
Ever heard of session stealing? They publish the users password via a SESSION its like putting it on a file on your server and calling it index.html looooooool
Yeh but im just not sure exactly how it all works i mean i us cutenews but the person who hacked that didnt change anything he jus left a message saying delete search.php. I take it change.php with the dj panel works in the same way?Quote:
Originally Posted by DriftPanzy
I dont understand, maybe hes using a PHP exploit?