Home Community Mys-Script Creative Off-Topic |
|
|
Thread Tools | Display Modes |
|
#1
|
||||
|
||||
Asked this b4 I think... adopt hole
If you use the URL http://taleofdragons.net/adopt.php?id=# and replace # with certain (low) numbers, you can adopt different dragons
I could never figure out how to prevent this :( Help please... |
#2
|
||||
|
||||
umm this problem still exists in Mys v1.3.x? Thought it was already fixed back in Mys v1.2.2, are you sure you are not using a heavily modified version of the script?
If you have this problem, you may fix this by adding a specific session variable to the doadopt page, or a hidden field value to the adoption form. This acts like a checkpoint to see if the user can adopt a certain pet.
__________________
Mysidia Adoptables, a free and ever-improving script for aspiring adoptables/pets site. |
#3
|
|||
|
|||
It's still an issue. All someone would have to do to avoid this line (in adopt.php):
Code:
$_SESSION["allow"] = 1; |
#4
|
||||
|
||||
I see, so this is how they manage to get away from the session check... Looks like adoption session has to be redesigned, I will do it in a bit.
__________________
Mysidia Adoptables, a free and ever-improving script for aspiring adoptables/pets site. |
#5
|
||||
|
||||
Thanks Hof! It's pretty important for people not to be able to exploit this on my site and several members have already brought it to my attention that they know how to do so.
|
#6
|
||||
|
||||
Well add this at the beginning of the script:(below the 'START SCRIPT' section):
PHP Code:
__________________
Mysidia Adoptables, a free and ever-improving script for aspiring adoptables/pets site. |
#7
|
|||
|
|||
Quote:
This has pretty much the same problem, only now the user has to add &Submit= to it, like /doadopt.php?id=1&Submit=. |
#8
|
||||
|
||||
I see, this is getting more and more series. How about changing the form method from GET to POST?
__________________
Mysidia Adoptables, a free and ever-improving script for aspiring adoptables/pets site. |
#9
|
||||
|
||||
Perhaps have a look at http://www.mysidiaadoptables.com/for...read.php?t=504 and see if any of that will help...
I'm planning on going back to a system like that once I get CH ready to launch.
__________________
|
#10
|
|||
|
|||
Quote:
Quote:
|
|
|
Similar Threads | ||||
Thread | Thread Starter | Forum | Replies | Last Post |
Adopt pages, and general adopt/index page :L | blondbananamix | Questions and Supports | 26 | 07-22-2011 12:12 PM |
FAQ - LOOK HERE FIRST for the answers to those questions that are asked over and over | Seapyramid | Questions and Supports | 8 | 09-29-2010 11:34 PM |
2 - column on Adopt page and my Adopt page? | SieghartZeke | Questions and Supports | 2 | 10-12-2009 02:58 PM |
What's New? |
What's Hot? |
What's Popular? |