Here little secuirty fix :) Disc. It's fix for this : If you remember i told that any one can send any message from any one and can send message anonymously .. Hope i fix it :
]FIX:
just add it in handle_inputH.php3
in function addmessage
it's better put it after globals
----cut here----
include("./lib/get_IP.lib.php3");
$getn=mysql_query ("SELECT username from ".C_USR_TBL."");
while ($row=mysql_fetch_array ($getn))
{
$n=$row ["username"];
if ($n!=$U) {$chk=TRUE;} else {$chk=FALSE; break;}
}
$U=ereg_replace (" ","",$U);
if ($chk==TRUE) {$M=""; exit;}
if ($U=="") {exit;}
$getIP=mysql_query ("SELECT ip from ".C_USR_TBL." where username='$U'");
$row=mysql_fetch_array ($getIP);
$ip_u=$row["ip"];
if ($ip_u!=$IP) {exit;}
----cut here--------
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
Here little secuirty fix :) Disc. It's fix for this : If you remember i told that any one can send any message from any one and can send message anonymously .. Hope i fix it :
]FIX:
just add it in handle_inputH.php3
in function addmessage
it's better put it after globals
----cut here----
include("./lib/get_IP.lib.php3");
$getn=mysql_query ("SELECT username from ".C_USR_TBL."");
while ($row=mysql_fetch_array ($getn))
{
$n=$row ["username"];
if ($n!=$U) {$chk=TRUE;} else {$chk=FALSE; break;}
}
$U=ereg_replace (" ","",$U);
if ($chk==TRUE) {$M=""; exit;}
if ($U=="") {exit;}
$getIP=mysql_query ("SELECT ip from ".C_USR_TBL." where username='$U'");
$row=mysql_fetch_array ($getIP);
$ip_u=$row["ip"];
if ($ip_u!=$IP) {exit;}
----cut here--------
Hi Alexei!
Do you recieved the mail I sent you this morning?
Regards,
Loc