2 replies to this topic

[Firebird]

Well, let me explain. The two bugs that I found in my news CMS -
a) The session login variables don't work, as far as I know. You can access any file you like without logging in.
b) The MySQL queries don't want to work. I can't put anything into MySQL, therefore cannot show it.

Here is the testing ground - News CMS - Username: demo Password: demo

And here is the zip file with the scripts in it - News Scripts

Thanks in advance, and I hope you can solve my problems.

- Firebird

Solved.

Edited by Firebird, 18 August 2006 - 08:11 AM.

[Matthew.]

The script may depend on the session being set as either 1/2/3 etc so just checking if the session is set as you suggested isnt really advisable :S

(i havent looked at it yet btw)


edit: what is it with everyone on techtuts not indenting anything?!?! no one indents on the tutorials etc :S


edit: here we go:

Quote

if (($_POST['usr'] == $_SESSION['username']) && ($_POST['pass'] == $password)) {
$_SESSION['loggedin'] = 1;

So doing as Adam said isnt a good idea, although technically it would work.

Edited by .Matt, 17 August 2006 - 02:27 PM.

[Firebird]

I was hoping to get the MySQL problem solved, that is my main concern.

But... no one really told me how to fix the sessions problem, so meh.

Edited by Firebird, 18 August 2006 - 01:32 AM.