2016-01-14, 03:58 PM
hi all, i added a custom page to mybb (1.6.12) forum.
this page call via ajax a php page passing lat e lng as parameter and returns a serach result.
$Selec is a query containg lat & lng passed from page.
into the php page this code is used to log all the calls:
$params = array(
'Page' => 'search.php',
'Params' => mysql_real_escape_string($Select),
'Time' => date("Y-m-d H:i:s"),
'uid' => $mybb->user['uid']
);
}
$db->write_query("INSERT INTO Log (Page, Params, Time, uid) VALUES ('".implode("','", $params)."')");
in the log i've 2 records with the same select, exactly the same lat and lng but differents uid.
Checking the ip of the 2 users the are in two differents cities.
The only explanation one user logged in with the other credentials and made the same search.
this page call via ajax a php page passing lat e lng as parameter and returns a serach result.
$Selec is a query containg lat & lng passed from page.
into the php page this code is used to log all the calls:
$params = array(
'Page' => 'search.php',
'Params' => mysql_real_escape_string($Select),
'Time' => date("Y-m-d H:i:s"),
'uid' => $mybb->user['uid']
);
}
$db->write_query("INSERT INTO Log (Page, Params, Time, uid) VALUES ('".implode("','", $params)."')");
in the log i've 2 records with the same select, exactly the same lat and lng but differents uid.
Checking the ip of the 2 users the are in two differents cities.
The only explanation one user logged in with the other credentials and made the same search.