The Arcive of Official vBulletin Modifications Site.It is not a VB3 engine, just a parsed copy! |
|
|
#1
|
|||
|
|||
Security & Data Integrity Question
All,
I am an old desk-top programmer just learning PHP. My forum users have been beating the doors down for some kind of link that shows them if anybody has posted TO them. Our forum is closed (requires full log-in prior to showing anything), so they also wanted it to not require log-in. I wrote a HTML form and PHP process form that allows the user to submit their user name either by entry field or by URL parameter. Both forms exist in a folder on our server where vBul lives. The HTML form and PHP process form are not password protected, but neither shows anything except URL links to postids in exactly the same way e-mail would. Once called the PHP process form establishes the session and logs on the database. It then executes two very simple SELCET scripts in an array walk-through that returns rows from the post database and concatenates URL links to the forum posts of interest (if any). My question is, does this introduce any kind of risk to the database security or our forum? I'm willing to let you run the forms on my user name; but we must do so via PM. Thanks for your help! BBH |
|
|
X vBulletin 3.8.12 by vBS Debug Information | |
---|---|
|
|
More Information | |
Template Usage:
Phrase Groups Available:
|
Included Files:
Hooks Called:
|