2013-07-31, 09:44 PM
Was adding the ACP Pin from the tutorial that Paul made, and it seems like it has changed and differs from what is said in the tutorial so I took a wild shot and read the php code and I added it like this:
*Scroll to the end
Tutorial:
http://www.mybbsecurity.net/topic-add-se...-acp-login
Would what I added cause a security issue or is that fine?
Thanks,
Hydra
*Scroll to the end
if($mybb->input['action'] == "unlock")
{
$user = array();
if($mybb->input['username'])
{
$query = $db->simple_select("users", "*", "LOWER(username)='".$db->escape_string(my_strtolower($mybb->input['username']))."'");
$user = $db->fetch_array($query);
if(!$user['uid'])
{
$error[] = $lang->error_invalid_username;
}
}
else if($mybb->input['uid'])
{
$query = $db->simple_select("users", "*", "uid='".intval($mybb->input['uid'])."'");
$user = $db->fetch_array($query);
$acpuid = $mybb->user['uid'];
<!--WHAT I ADDED-->
if (isset($config['acp_pin'][$acpuid]) && $mybb->input['pin'] != $config['acp_pin'][$acpuid]) {
$default_page->show_login("Invalid PIN","error");
}
<!--END | Nothing else was changed, just this portion was added.-->
if(!$user['uid'])
{
$error[] = $lang->error_invalid_uid;
}
}
Tutorial:
http://www.mybbsecurity.net/topic-add-se...-acp-login
Would what I added cause a security issue or is that fine?
Thanks,
Hydra