Page 2 of 2 FirstFirst 12
Results 11 to 17 of 17
  1. #11
    Join Date
    Nov 2006
    Posts
    163
    Tokens
    0

    Default

    You will need:

    -- phpMyAdmin SQL Dump
    -- version 2.9.0.2
    -- http://www.phpmyadmin.net
    --
    -- Host: localhost
    -- Generation Time: Dec 03, 2006 at 03:12 PM
    -- Server version: 4.1.21
    -- PHP Version: 4.4.2
    --
    -- Database: `habboatt_users`
    --
    -- --------------------------------------------------------
    --
    -- Table structure for table `pmessages`
    --
    CREATE TABLE `pmessages` (
    `title` varchar(255) NOT NULL default 'Untitled Message',
    `message` text NOT NULL,
    `touser` varchar(255) NOT NULL default '',
    `from` varchar(255) NOT NULL default '',
    `unread` varchar(255) NOT NULL default 'unread',
    `date` date NOT NULL default '0000-00-00',
    `id` int(15) NOT NULL auto_increment,
    `reply` varchar(15) NOT NULL default 'no',
    `sticky` char(2) NOT NULL default '0',
    PRIMARY KEY (`id`)
    ) ENGINE=MyISAM DEFAULT CHARSET=latin1 AUTO_INCREMENT=1 ;
    --
    -- Dumping data for table `pmessages`
    --
    -- --------------------------------------------------------
    --
    -- Table structure for table `users`
    --
    CREATE TABLE `users` (
    `id` int(11) NOT NULL auto_increment,
    `username` varchar(30) NOT NULL default '',
    `password` varchar(255) NOT NULL default '',
    `email` varchar(40) NOT NULL default '',
    `msn` varchar(250) NOT NULL default 'Not Specified',
    `aim` varchar(250) NOT NULL default 'Not Specified',
    `picture` varchar(250) NOT NULL default 'http://www.habboattic.co.uk/images1/nopic.gif',
    `location` varchar(36) NOT NULL default 'Not Specified',
    `level` int(1) default '1',
    `online` varchar(12) default NULL,
    PRIMARY KEY (`id`)
    ) ENGINE=MyISAM DEFAULT CHARSET=latin1 AUTO_INCREMENT=1 ;
    --
    -- Dumping data for table `users`
    --
    Otherwise the user will start with the id 47 and the other thing 9.

  2. #12
    Join Date
    Aug 2004
    Location
    bristol
    Posts
    3,799
    Tokens
    0

    Latest Awards:

    Default

    If your server has magic_quotes_gpc disabled and you're using this script, you are open to SQL Injection attacks. I suggest everyone using this script edits the file "config.php", and replaces:

    PHP Code:
    $logged MYSQL_QUERY("SELECT * from users WHERE id='$_COOKIE[id]' AND password = '$_COOKIE[pass]'"); 
    With:
    PHP Code:

    function sanitize($str) {
    if (
    get_magic_quotes_gpc()) {
    $str stripslashes($str);
    }
    return 
    mysql_real_escape_string($str);
    }

    $SQL sprintf("SELECT * FROM users WHERE id='%d' AND password='%s'",
               
    $_COOKIE['id'],
               
    sanitize($_COOKIE['pass']));

    $logged MYSQL_QUERY($SQL); 
    I haven't tested this. I can't assure anyone it will resolve the problem, and I don't know if there's any other security issues.
    Last edited by nets; 03-12-2006 at 07:20 PM.
    kinda quit.

  3. #13
    Join Date
    Feb 2006
    Location
    Inside your PC
    Posts
    1,626
    Tokens
    0

    Latest Awards:

    Default

    Well it is the basic techtuts system taken further lol
    Our system has been safe

  4. #14
    Join Date
    Dec 2005
    Posts
    724
    Tokens
    0

    Default

    So, your just re-releasing a tech tuts system, its not even your code ? Seriously, thats just making people abuse the tutorial even more.


    Quote Originally Posted by Dude2892 View Post
    thanks should go to me and Bomb-Head who spent much time getting it working
    No, its Tech-Tuts.Not yours!
    Last edited by Jae; 03-12-2006 at 07:36 PM.
    Starting webdesign again.

  5. #15
    Join Date
    Aug 2004
    Location
    bristol
    Posts
    3,799
    Tokens
    0

    Latest Awards:

    Default

    Quote Originally Posted by Dude2892 View Post
    Our system has been safe
    You're waiting for someone to hack it until you patch it? Sure, it might be fine if magic_quotes_gpc is enabled, but that could be changed at any time.. I believe in the latest version of PHP, it's disabled by default.
    kinda quit.

  6. #16
    Join Date
    Feb 2006
    Location
    Inside your PC
    Posts
    1,626
    Tokens
    0

    Latest Awards:

    Default

    I dont know we made and modified this system a while back, sometime in mau june

  7. #17
    Join Date
    Aug 2005
    Location
    Tunbridge Wells, Kent
    Posts
    5,063
    Tokens
    1,624

    Latest Awards:

    Default

    i knew it was techtuts all along as basicly EVERY usersystem that someone has made on this forum is tech tuts LOL, nice tho ;]
    Never argue with an idiot, he'll drag you down to his level, and beat you with experience.

    Quote Originally Posted by Recursion
    *oh trust me
    *I would NEVER go ATi
    And 15 mins later...
    Sapphire ATI Radeon HD 5850 1024MB GDDR5 PCI-Express Graphics Card £195.73 1 £195.73
    *ordered.

Page 2 of 2 FirstFirst 12

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •