Scratch

XenoK wrote:

We are prolly gonna add recaptcha tothe signup page when i make that.  I want you to make some security enhancements to what we have, and proof checking the current new user files.  I have on my calendar to make enhancements to the user_edit.php file today, i already have some things in mind.

ok

chongyian wrote:

XenoK wrote:

chongyian wrote:

Not trying to interfere, but ... OMG! XenoK! you are from singapore too?

Im from the US

http://xenokian.blogspot.sg/? sg?

Thats blogger conversion.  For me it shows up as .com

blogger tracks what region you are in, and based on what extensions they have registered, they automatically convert it to that region.  I am from the United States.  The internet is fascinating, isnt it?  Thats what we are trying to harness here at eternity incurakai, the power to amaze.

Last edited by XenoK (2012-10-03 07:59:54)

P110, could you login to the site, (the login page is currently unaffected by maintenance), and test out the new editing page?  Don't use the link in the admin panel, that's a different file that I'll add later.  go here to test it when you're logged in.

I'm going to make my final adjustments to user_edit.php, and then move on to user_report.php

I had some issues with styling the label element for some reason, so we'll have to wrap a div around it with the class labelwrap whenever we make a new form to style it correctly.  Should I keep the background transition for each field?

arghh, I hate time diff, this sat I should get on loads so we can make quite a bit of progress then, I'll make a sample ip catching code, to show you after  testin user_edit.php

XenoK wrote:

P110, could you login to the site, (the login page is currently unaffected by maintenance), and test out the new editing page?  Don't use the link in the admin panel, that's a different file that I'll add later.  go here to test it when you're logged in.

Works fine! And I like all of the new fields you've added, very professional!!

the tabs were a bit of work to do.

I'm extremely sorry if I am intruding on your thread, but I would like to suggest that you improve the security of your login system.
It's currently very easily broken. I was able to log in as any arbitrary user with an extremely simple piece of SQL injection.

jvvg wrote:

trinary wrote:

I'm extremely sorry if I am intruding on your thread, but I would like to suggest that you improve the security of your login system.
It's currently very easily broken. I was able to log in as any arbitrary user with an extremely simple piece of SQL injection.

This can be fixed by simply escaping SQL data.

Something which they are currently /not/ doing.

trinary wrote:

I'm extremely sorry if I am intruding on your thread, but I would like to suggest that you improve the security of your login system.
It's currently very easily broken. I was able to log in as any arbitrary user with an extremely simple piece of SQL injection.

will do.  it's on my list of todos:

> fix WHOIS info
> fix security on login
> go through all current user_ files and debug, and fix spelling mistakes, and digital organization

I hate the time diff too   


--

I'll work on improving these files as much as I can before moving onto the admin files for our users section.