2008-05-24, 05:31 PM
Found an exploit in your function as well as a problem that might prevent it working for some.
Use that in the plugin file instead of the current function there.
function ajax_cr_action()
{
global $mybb, $db;
if ($mybb->input['action'] == 'CheckUsername') {
$query = $db->query("SELECT username FROM `".TABLE_PREFIX."users` WHERE `username` = '" . $db->escape_string($_GET['user']) . "'");
$count = $db->num_rows($query);
if ($count > 0) {
$return_value = $_GET['user'] . ",Invalid";
} else {
$return_value = $_GET['user'] . ",Working";
}
echo $return_value;
}
}
Use that in the plugin file instead of the current function there.