Konsigliare Posted April 30, 2010 Share Posted April 30, 2010 Upon opening login.php you will notice a line: You're unable to view this code. Viewing code within this forum requires registration, you can register here for free. This updates the users IP address to the one used to login, however, if for example their password is 'qwerty' or something similar and surprisingly common, this will set the ip to the users ip on all accounts with the password 'qwerty'. A simple fix is to change it to: You're unable to view this code. Viewing code within this forum requires registration, you can register here for free. The $worked array, or whatever it is, is already declared a few lines above that and identifies the user by the username they entered. I'm not sure how much sense that all makes sense, but I'm very tierd so yeah Quote Link to comment Share on other sites More sharing options...
DigitalGerm Posted May 1, 2010 Share Posted May 1, 2010 lol, you have eagle eyes. You could also use this to get the real IP You're unable to view this code. Viewing code within this forum requires registration, you can register here for free. Quote Link to comment Share on other sites More sharing options...
SlanderDesign Posted May 3, 2010 Share Posted May 3, 2010 lol, you have eagle eyes. You could also use this to get the real IP You're unable to view this code. Viewing code within this forum requires registration, you can register here for free. No offence meant here but X_forward is open to ip hacks... Quote Link to comment Share on other sites More sharing options...
Djkanna Posted May 3, 2010 Share Posted May 3, 2010 That's why you filter incoming data! Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.