Casey Posted May 25, 2011 Posted May 25, 2011 Can some one secure the do pic change cuz when i try it it makes me staff <?php include "globals.php"; switch($_GET['action']) { case 'sexchange2': do_sex_change(); break; case 'sexchange': conf_sex_change(); break; case 'passchange2': do_pass_change(); break; case 'passchange': pass_change(); break; case 'namechange2': do_name_change(); break; case 'namechange': name_change(); break; case 'picchange2': do_pic_change(); break; case 'picchange': pic_change(); break; case 'forumchange2': do_forum_change(); break; case 'forumchange': forum_change(); break; default: prefs_home(); break; } function prefs_home() { global $db,$ir,$c,$userid,$h; print "<h3>Preferences</h3> <a href='preferences.php?action=sexchange'>Sex Change</a><br /> <a href='preferences.php?action=passchange'>Password Change</a><br /> <a href='preferences.php?action=namechange'>Name Change</a><br /> <a href='preferences.php?action=picchange'>Display Pic Change</a><br /> <a href='preferences.php?action=forumchange'>Forum Info Change</a><br />"; } function conf_sex_change() { global $ir,$c,$userid,$h; if($ir['gender'] == "Male") { $g="Female"; } else { $g="Male"; } print "Are you sure you want to become a $g?<br /> <a href='preferences.php?action=sexchange2'>Yes</a> | <a href='preferences.php'>No</a>"; } function do_sex_change() { global $db,$ir,$c,$userid,$h; if($ir['gender'] == "Male") { $g="Female"; } else { $g="Male"; } $db->query("UPDATE users SET gender='$g' WHERE userid=$userid"); print "Success, you are now $g!<br /> <a href='preferences.php'>Back</a>"; } function pass_change() { global $ir,$c,$userid,$h; print "<h3>Password Change</h3><form action='preferences.php?action=passchange2' method='post'>Current Password: <input type='password' name='oldpw' /><br /> New Password: <input type='password' name='newpw' /><br /> Confirm: <input type='password' name='newpw2' /><br /> <input type='submit' value='Change PW' /></form>"; } function do_pass_change() { global $db,$ir,$c,$userid,$h; if(md5($_POST['oldpw']) != $ir['userpass']) { print "The current password you entered was wrong.<br /> <a href='preferences.php?action=passchange'>> Back</a>"; } else if($_POST['newpw'] !== $_POST['newpw2']) { print "The new passwords you entered did not match!<br /> <a href='preferences.php?action=passchange'>> Back</a>"; } else { $db->query("UPDATE users SET userpass=md5('{$_POST['newpw']}') WHERE userid=$userid"); print "Password changed!"; } } function name_change() { global $ir,$c,$userid,$h; print "<h3>Name Change</h3> Please note that you still use the same name to login, this procedure simply changes the name that is displayed. <form action='preferences.php?action=namechange2' method='post'> New Name: <input type='text' name='newname' /><br /> <input type='submit' value='Change Name' /></form>"; } function do_name_change() { global $db,$ir,$c,$userid,$h; if($_POST['newname'] == "") { print "You did not enter a new name.<br /> <a href='preferences.php?action=namechange'>> Back</a>"; } else { $_POST['newname']=str_replace(array("<", ">", "\\\'"), array("<", ">", "'"), $_POST['newname']); $db->query("UPDATE users SET username='{$_POST['newname']}' WHERE userid=$userid"); print "Username changed!"; } } function pic_change() { global $ir,$c,$userid,$h; print "<h3>Pic Change</h3> Please note that this must be externally hosted, <a href='http://imageshack.us'>ImageShack</a> is our recommendation.<br /> Any images that are not 150x150 will be automatically resized <form action='preferences.php?action=picchange2' method='post'> New Pic: <input type='text' name='newpic' value='{$ir['display_pic']}' /><br /> <input type='submit' value='Change Name' /></form>"; } function do_pic_change() { global $db,$ir,$c,$userid,$h; if($_POST['newpic'] == "") { print "You did not enter a new pic.<br /> <a href='preferences.php?action=picchange'>> Back</a>"; } else { $_POST['newpic']=str_replace('php\\\'',''', $_POST['newpic']); $db->query("UPDATE users SET display_pic='{$_POST['newpic']}' WHERE userid=$userid"); print "Pic changed!"; } } function forum_change() { global $ir,$c,$userid,$h; print "<h3>Forum Info Change</h3> Please note that the avatar must be externally hosted, <a href='http://imageshack.us'>ImageShack</a> is our recommendation.<br /> Any avatars that are not 100x100 will be automatically resized <form action='preferences.php?action=forumchange2' method='post'> Avatar: <input type='text' name='forums_avatar' value='{$ir['forums_avatar']}' /><br /> Signature (you may use BBcode): <textarea rows=10 cols=50 name='forums_signature'>{$ir['forums_signature']}</textarea><br /> <input type='submit' value='Change Info' /></form>"; } function do_forum_change() { global $db,$ir,$c,$userid,$h; $_POST['forums_avatar']=str_replace(array("<", ">"), array("<", ">"), $_POST['forums_avatar']); $db->query("UPDATE users SET forums_avatar='{$_POST['forums_avatar']}', forums_signature='{$_POST['forums_signature']}' WHERE userid=$userid"); print "Forum Info changed!"; } $h->endpage(); ?> Quote
lucky3809 Posted May 27, 2011 Posted May 27, 2011 Well you have no security what so ever on the whole script, i bet your users can also get your login and hash pass in your forum too... Quote
Dominion Posted May 27, 2011 Posted May 27, 2011 Update your mccodes v2 copy from mccodes.com. 2.03 fixed this issue. Quote
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.