If it is, an $admin variable wouldn't be needed, as we'd already know it was in the admin control area.
Results 11 to 19 of 19
Thread: Php help
-
How could this hapen to meeeeeeeeeeeeeee?
lol.
-
This is for making users charlie... am I been thick or something? At the moment it seems to be you...
This is for making users, the admin variable is to determine if that user would have admin rights, it then stores the details in the database. $admin related to the admin column.
-
Originally Posted by Hypertext
Can you really not interpret something as easy as that? Originally Posted by Hypertext
It's a checkbox.. on/off? if checkbox is on, do you not get that?
I mean.. you're a professional coder.. you should understand that?
It's not posting permissions?! That would be stupid.
-
In which case, I'll change my point. Somebody could easily navigate to this page and send a spoofed $_POST array, thus adding themselves a user, which is dangerous, regardless of whether the page with the form is secure.
How could this hapen to meeeeeeeeeeeeeee?lol.
-
and the chances of that person knowing what the structure of the site is, and what the file name would be?
-
I'm pretty damn sure, that isn't all of his code.
Couldn't spoof that.PHP Code:<?php
include "config.php";
$core->user->requireLogin();
$core->user->requireAdmin();
$action = $_GET ["action"];
switch($action) {
}
?>
Plus he isn't asking for if it is secure or not, he's asking what's the matter with it.
-
Where did that code come from? Originally Posted by Dentafrice
And we're inferencing that. You could easily have made bad functions. of requireLogin() and requireAdmin().How could this hapen to meeeeeeeeeeeeeee?lol.
-
It was an example..?
of course I could have.. but I didn't.. :rolleyes:
-
Reply With Quote
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts