Forums

Discussions of the easy to use open source game control panel.

You are not logged in.

Announcement

Welcome on board ! We are very proud to present you our forums powered by FluxBB ! Please Register, do not forget to read carefully Forum Rules and feel free to Contact Us if you see any problems. Finally, take part in site life !

#1 2014-01-14 10:37:13

BackSheep
Member
Registered: 2014-01-14
Posts: 1

There may be a few

Would it be wrong of me to keep this thread for any and all customisations I make?
I expect I'll make a few to my liking a little more that's all.

I installed the script just minutes ago, and so the only thing I've changed right now is the IP address validation when adding a box, this is because some may wish to use URLs that forward to the IP address, in the case of dynamic DNS tools such as www.noip.com
To do this, open cp/admin/boxprocess.php and comment out line 82 to the start of 86, ensuring you also comment out the word else on line 86; as follows:

[== PHP ==]
/*if (!validateIP($ip))
{
$error .= T_('Invalid IP. ');
}
else */if (query_numrows( "SELECT `boxid` FROM `".DBPREFIX."box` WHERE `ip` = '".$ip."' && `login` = '".$login."'" ) != 0)

If it's okay to keep this thread, I'll add more customisations as I go, also showing how to make the changes necessary.

Offline

#2 2014-01-14 17:40:13

ThunderGod
Member
Registered: 2013-11-30
Posts: 56

Re: There may be a few

Well this is more a hack fix than a customisation, since it will be better to detect if it's a domain name or a IP. 
Ex: modifying the "validateIP" function to read check domain/ip's correctly, so you will have a regex check to see if the domain is in the valid format, also you can add a domain lookup so you can see if the domain is forwarded to a an IP or if it's fake* (which then it wouldn't be allowed) . smile  *By fake I mean that it's not resolving towards an IP

Rather than commenting and saying "I don't care what it is, valid or not it goes!" this opens room for a lot of mistakes wink 
I haven't look the validation script but if that's the only check for the IP it could be a possibility for a hole by removing it (since if there isn't a check you can pass malicious data towards the server Ex: SQL Inject / XSS)

Last edited by ThunderGod (2014-01-14 17:44:44)


FirmaHatsuneMikuCRabling-1.png

Offline

Board footer

Powered by FluxBB