vb.org Archive
Page 118 of 232 « First 1868108116117 118 119120128168218 Last »
Show 40 post(s) from this thread on one page

vb.org Archive (https://vborg.vbsupport.ru/index.php)
-   uCash & uShop (https://vborg.vbsupport.ru/forumdisplay.php?f=100)
-   -   uCash & uShop old support and thank you thread (https://vborg.vbsupport.ru/showthread.php?t=73736)

sabret00the 06-26-2004 11:30 AM
that information would be false matt, you need to run the installer

Matt Bush 06-26-2004 03:07 PM
Quote:
Originally Posted by sabret00the
that information would be false matt, you need to run the installer
If you couldn't already tell I'm new with this vB stuff. When I click install, what does it do?

rabbitdog 06-26-2004 03:11 PM
I don't think this has been addressed, because I still see the unfixed code in the zip file available for download, so I'd like to point out the fact that there is a critical bug in the uShop change username action.

This affects all current installations of the uStore with this item available for purchase.

The issue is as follows:

The "sanity" check which queries the database to see if a user already exists before accepting a changed username will never find any matches. This is because of the usage of an empty (incorrect) variable in the query.

The result is that any user can change his or her username to that of an existing user.

Note that this does NOT change permissions, so a user changing his name to that of a mod or an admin will not inherit access to those functions.

Here is the fix:

1. Open action.changeusername.php, which is stored in the /uttstore/ directory
2. Change line 5 from:

PHP Code:
$changed $DB_site->query_first("SELECT userid, username FROM ".TABLE_PREFIX."user WHERE username='".addslashes($data)."'"); 
to:

PHP Code:
$changed $DB_site->query_first("SELECT userid, username FROM ".TABLE_PREFIX."user WHERE username='".addslashes($username)."'"); 

Link14716 06-26-2004 09:41 PM
Quote:
Originally Posted by rabbitdog
I don't think this has been addressed, because I still see the unfixed code in the zip file available for download, so I'd like to point out the fact that there is a critical bug in the uShop change username action.

This affects all current installations of the uStore with this item available for purchase.

The issue is as follows:

The "sanity" check which queries the database to see if a user already exists before accepting a changed username will never find any matches. This is because of the usage of an empty (incorrect) variable in the query.

The result is that any user can change his or her username to that of an existing user.

Note that this does NOT change permissions, so a user changing his name to that of a mod or an admin will not inherit access to those functions.

Here is the fix:

1. Open action.changeusername.php, which is stored in the /uttstore/ directory
2. Change line 5 from:

PHP Code:
$changed $DB_site->query_first("SELECT userid, username FROM ".TABLE_PREFIX."user WHERE username='".addslashes($data)."'"); 
to:

PHP Code:
$changed $DB_site->query_first("SELECT userid, username FROM ".TABLE_PREFIX."user WHERE username='".addslashes($username)."'"); 
Nice catch. $data is used in several functions, but it looks like it shouldn't there. ;)

Fixed for 0.95.

GeekyDesigns 06-26-2004 10:01 PM
PHP Code:
6a9bb87ef571024592ec153b259803a0 
Post created by the GeekyDesigns vB License Verification Hash System.

Hash will be changed regularly.

GeekyDesigns 06-26-2004 10:06 PM
wootage, it worked

Zachery 06-26-2004 10:16 PM
teh woot

Taco John 06-27-2004 08:42 AM
Question: Can I make this hack so that only certain usergroups can use it?

hitmanuk2k 06-27-2004 10:37 AM
why is the cost showing up as 0.0 for everything on ushop.php? even though i have it set to larger numbers...

b4ne 06-27-2004 11:54 AM
Hi

I have this error that I have no links nowher in my Admin CP or anywhere else on the page, also when I check permission, there is no mention of this .

If I got to the ushop.php page : No Actions found.

Otherwise :
Installation : Manual (did a deinstall and reinstall)

Board vb 3.0.1

Also the very first time I try to connect to ushop.php I get some error in ushop.php on line 144 ?

But this error disapears.

And I wanted to also mention that I run the betting hack.

Any idea ?


All times are GMT. The time now is 02:11 PM.
Page 118 of 232 « First 1868108116117 118 119120128168218 Last »
Show 40 post(s) from this thread on one page

Powered by vBulletin® Version 3.8.12 by vBS
Copyright ©2000 - 2025, vBulletin Solutions Inc.

X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.04074 seconds
  • Memory Usage 1,754KB
  • Queries Executed 10 (?)
More Information
Template Usage:
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (5)bbcode_php_printable
  • (2)bbcode_quote_printable
  • (1)footer
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (6)option
  • (1)pagenav
  • (1)pagenav_curpage
  • (4)pagenav_pagelink
  • (6)pagenav_pagelinkrel
  • (1)post_thanks_navbar_search
  • (1)printthread
  • (10)printthreadbit
  • (1)spacer_close
  • (1)spacer_open 
Phrase Groups Available:
  • global
  • postbit
  • showthread
Included Files:
  • ./printthread.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/class_bbcode_alt.php
  • ./includes/class_bbcode.php
  • ./includes/functions_bigthree.php 
Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • printthread_start
  • pagenav_page
  • pagenav_complete
  • bbcode_fetch_tags
  • bbcode_create
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • printthread_post
  • printthread_complete