Advanced search  

News:

cpg1.5.48 Security release - upgrade mandatory!
The Coppermine development team is releasing a security update for Coppermine in order to counter a recently discovered vulnerability. It is important that all users who run version cpg1.5.46 or older update to this latest version as soon as possible.
[more]

Pages: [1]   Go Down

Author Topic: Need I destroy session after I create it?  (Read 1974 times)

0 Members and 1 Guest are viewing this topic.

chzuqi

  • Coppermine novice
  • *
  • Offline Offline
  • Gender: Male
  • Posts: 22
    • Puzzz Jigsaw World
Need I destroy session after I create it?
« on: March 16, 2009, 09:42:16 am »

I edit the file "register.php" and put the Security Code Check In it just look like the file I  uploaded.
The file saved the Security Code into $_SESSION['SafeCode'],need I destroy it when it invalid? ???

I put
Code: [Select]
array('safecode'),after
Code: [Select]
array('input', 'email', $lang_register_php['email'], 255),
and put this to display Security Code
Code: [Select]
case 'safecode':
    echo <<<EOT
    <tr><td width="40%" class="tableb"  height="25">
        <script language="javascript">
function startRequest(){
$("#re").load("ajaxcheckcode.php?safecode="+$("#safeccc").val());
}
</script>
            Security Code:<span style="font-size:10px">(click to refresh)</span><img src=ajaxcode.php onclick="this.src='ajaxcode.php?nocache='+Math.random()" style="cursor:hand"/></td>
        <td width="60%" class="tableb" valign="top">
        <input type=text name=safecode id=safeccc style="width:80px" onBlur="startRequest()"><span id=re style="padding-left:30px;font-size:12px"></span>
        </td></tr>
EOT;
    break;
after
Code: [Select]
foreach ($form_data as $element) switch ($element[0]) {
put thw code to check the Security Code
Code: [Select]
session_start();
if ((get_post_var('safecode') != $_SESSION['SafeCode']) or ($_SESSION['CodeTime']<time())){
$error = '<li>' . 'Security Code Wrong';
return false;
}
after
Code: [Select]
$result = cpg_db_query($sql);
The file I used has uploaded.
Logged

Joachim Müller

  • Dev Team member
  • Coppermine addict
  • ****
  • Offline Offline
  • Gender: Male
  • Posts: 47843
  • aka "GauGau"
    • gaugau.de
Re: Need I destroy session after I create it?
« Reply #1 on: March 17, 2009, 08:56:45 am »

Ask the person you got your "securitycode" hack from. It's not part of Coppermine, so how are we suppossed to know what that hack does and what it takes to make it work.
What is that piece of code suppossed to do? Is it some sort of captcha hack? If yes, use the captcha mod or plugin that is being discussed here on our site. If you insist on using a third-party hack that doesn't come from this site, you're on your own.
Logged

chzuqi

  • Coppermine novice
  • *
  • Offline Offline
  • Gender: Male
  • Posts: 22
    • Puzzz Jigsaw World
Re: Need I destroy session after I create it?
« Reply #2 on: March 17, 2009, 09:42:59 am »

Thanks. I will use captcha to insetd it.
Logged
Pages: [1]   Go Up
 

Page created in 0.018 seconds with 20 queries.