Injection attempt.

[DissObey]

Ok, so im viewing a users profile to welcome them to the game and come across this for their internet info.

Internet Info

IP Hostname

Last Hit 127.0.0.1', money='2 N/A

Last Login 127.0.0.1', turns='2000000000 N/A

Signup 127.0.0.1', turns='2000000000 N/A

It looks like they have tried to cheat, just wondering if theres anything i can add to my register page to make it a little more secure.

[Magictallguy]

Re: Injection attempt.

Change your IP catcher in header.php and global_func.php.

Find:

$IP = ($_SERVER['HTTP_X_FORWARDED_FOR'])
    ? $_SERVER['HTTP_X_FORWARDED_FOR']
    : $_SERVER['REMOTE_ADDR'];

 

Change to/replace with:

$IP = $_SERVER['REMOTE_ADDR'];

[Isomerizer]

Re: Injection attempt.

Check out...

http://criminalexistence.com/ceforums/i ... ic=28592.0

&&

http://criminalexistence.com/ceforums/i ... ic=28463.0

[AlabamaHit]

Re: Injection attempt.

There are 5 files. and 6 Edits to do.

[DissObey]

Re: Injection attempt.

Thanks for the help, i have altered the files, and will go through the threads.

Is it safe to assume all users with ip 127.0.0.1 have attempted to inject or an error registering ips?

[AlabamaHit]

Re: Injection attempt.

No

[DELETE ME NOW!]

Re: Injection attempt.

Ip: 127.0.0.1 is default, like localhost

[Magictallguy]

Re: Injection attempt.

 

Ip: 127.0.0.1 is default, like localhost

That's not what he asked..

[DissObey]

Re: Injection attempt.

I know, but a player should never be able to use the ip 127.0.0.1 right?

[Lithium]

Re: Injection attempt.

 

I know, but a player should never be able to use the ip 127.0.0.1 right?

Wrong!

"Should never be able" != Can't

[Strats]

Re: Injection attempt.

Thanks Magic for the Fix :)