still getting the error....
any suggestions ?
Cris D., on 16 March 2010 - 08:18 AM, said:
Let us know how you go...
2
[Snippet] membership_validator
Started by Cris D., Dec 27 2007 11:15 AM
24 replies to this topic
#21
-
- Member
-
- 76 posts
Etomite Forum Fan
Posted 16 March 2010 - 12:30 PM
Didn't work...
still getting the error....
any suggestions ?
still getting the error....
any suggestions ?
#22
-
- Developers
-
- 1,104 posts
Loves Etomite Forums!
- Gender:Male
Posted 16 March 2010 - 09:37 PM
Wiper2007, on 16 March 2010 - 12:30 PM, said:
Didn't work...
still getting the error....
any suggestions ?
still getting the error....
any suggestions ?
$hash=$_GET['hash'];
//stop hacking attempts
if(!preg_match('#^[a-f0-9]{32}$#i', $hash))
return $messages['error1'];
not this:
if(is_numeric($_GET['hash'])){
$hash=$_GET['hash'];
}else{
//someone is trying to inject GET values into the browser
return $messages['error1'];}
which is totaly wrong for an MD5 hash (beig letters and numbers).ie make sure you are gettting the snippet from the "Download File"button, NOT the list of archive files listed below on the downoad page.
#23
-
- Member
-
- 76 posts
Etomite Forum Fan
Posted 17 March 2010 - 10:20 PM
Hi Chris
I've downloaded it by clicking the download button...
I've the:
in the membership_verifier snippet - and not in the membership_validator... are this correct?
I've downloaded it by clicking the download button...
I've the:
$hash=$_GET['hash'];
//stop hacking attempts
if(!preg_match('#^[a-f0-9]{32}$#i', $hash))
return $messages['error1'];
in the membership_verifier snippet - and not in the membership_validator... are this correct?
Cris D., on 16 March 2010 - 09:37 PM, said:
1) Make sure you are using the latest version of this snippet, I posted one that did not validat the hash correctly. Make sure that the membership_validator snippet has these lines:
not this:
ie make sure you are gettting the snippet from the "Download File"button, NOT the list of archive files listed below on the downoad page.
$hash=$_GET['hash'];
//stop hacking attempts
if(!preg_match('#^[a-f0-9]{32}$#i', $hash))
return $messages['error1'];
not this:
if(is_numeric($_GET['hash'])){
$hash=$_GET['hash'];
}else{
//someone is trying to inject GET values into the browser
return $messages['error1'];}
which is totaly wrong for an MD5 hash (beig letters and numbers).ie make sure you are gettting the snippet from the "Download File"button, NOT the list of archive files listed below on the downoad page.
#24
-
- Developers
-
- 1,104 posts
Loves Etomite Forums!
- Gender:Male
Posted 18 March 2010 - 09:49 AM
Yeah that's right. PM me if you want me to take a hands on look.
#25
-
- Member
-
- 76 posts
Etomite Forum Fan
Posted 20 March 2010 - 08:07 AM
Hi Chris
Thanks - but I'm uninstalling the snippets...
Thanks - but I'm uninstalling the snippets...
Cris D., on 18 March 2010 - 09:49 AM, said:
Yeah that's right. PM me if you want me to take a hands on look.
1 user(s) are reading this topic
0 members, 1 guests, 0 anonymous users
