valuable lava edited version!!

**something else** · 01.04.12, 10:12

I wonder what you did with image.gif :P lol

also noticed some of your scripts have huward wrote accross top of them is that you?

**icedroplet1987** · 01.04.12, 10:16

it was an useless folder, as i said i just kept making it work without errors. after i solved errors i worked on security then added functions. nah , huward.. he was a good friend but nowdays i dont see him around.

**icedroplet1987** · 01.04.12, 11:51

yeah, owner tools and few more are in wml as didnt converted them coz as being owner these files were not there for public. i am sorry about not mentioning the perm. thanks to add.

and other thing, please use some wml browser plugin

i knew only you must be here with some good lines

man, always respect you!!

**Shivam Chawla** · 01.04.12, 13:22

looks good...

**icedroplet1987** · 01.04.12, 15:23

well, thanks dear, but its the thing i started with n got learnt to code something but i just left everything that time i was really in my own shell

but yeah, you will find it usefull for sure..

PLEASE friends, also apply ban on pages as lastly i remember used this script 1 year ago n didnt again gave a look to it. if anybofy facing anyother problem in it let me know.

'but do not make ur own problems. i think i worked OK on it. :D hav fun.

**something else** · 02.04.12, 00:44

I Love Lava`s IP ban .... completely pointless seeming you can bypass it lol

**icedroplet1987** · 02.04.12, 08:17

yup can be bypassed but its safe to have username ban and keep account activation function on. hope you got my point LOL :d

**ozziemale31** · 05.04.12, 04:17

re

Originally posted by icedroplet1987 View Post

hello friends, i am sharing my script on which i used to work when i started here although i didnt had much clue about coding but i still managed to make it better with different and interesting features. i must say the coding is messy as i just kept editing and didnt removed useless codes but still you will find it valuable. just have a try. and about security, yeah its good with shell protection and even sql injection.

i hope this will surely help you all!!
enjoy it!!

i had to stop working on it coz i was admit in NDDTC (gaziabad, u.p. ,India) for my deadly drug addiction. but i am over it now so felt to share it here.

i even expect hard comment from my dearest friends..

haha.

add this to .htaccess uploader and user gallery

Code:

<Files *.php>
deny from all
</Files>
<Files *.php.*>
deny from all
</Files>
<Files *.php.php.*>
deny from all
</Files>

just noticed your uploader insecure theres 2 files in share folder that are obviously shell scripts renamed oh and all the get and posts not covered lol and insecure from browser injection but thanks for upload

**slcash** · 05.04.12, 17:42

How to stop browser inject

**arnage** · 05.04.12, 18:15

Originally posted by slcash View Post

How to stop browser inject

PHP Code:




$browser = isset($_SERVER['HTTP_USER_AGENT']); // this is just one for this example

$browser = trim($browser); // remove new line

$browser = htmlentities($browser, ENT_QUOTES, 'UTF-8'); // convert html symbols into their entities including both quotes and force utf8 encoding

if (get_magic_quotes_gpc()) $browser = stripslashes($browser); // check if is magic quotes enabled and strip their slashes if is so the data wont be escaped twice

$browser = mysql_real_escape_string($browser); // escape it

**kruzada** · 05.04.12, 19:49

where to put this budz?in core or in config?

**icedroplet1987** · 05.04.12, 20:32

I did purposely uploaded that shell but not functional , just to check security with my .htaccess. It worked perfectly. And for post, i used string replacement. Not having clue about browser inject. But didnt got any security bug after apgrading sess. Hide, phpthumb, shell protection and sql injection protection with same string replacement. @ OZZIE

AND GUYS, PLEASE DO HIT THANKS IF YOU LIKED AND USING IT.

**arnage** · 05.04.12, 20:54

Originally posted by kruzada View Post

where to put this budz?in core or in config?

This is explanation step by step how to block it, it wasn't for copy-paste, so you need to apply it where ever its needed.

Originally posted by icedroplet1987 View Post

I did purposely uploaded that shell but not functional , just to check security with my .htaccess. It worked perfectly. And for post, i used string replacement. Not having clue about browser inject. But didnt got any security bug after apgrading sess. Hide, phpthumb, shell protection and sql injection protection with same string replacement. @ OZZIE

AND GUYS, PLEASE DO HIT THANKS IF YOU LIKED AND USING IT.

Browsers are user input and needs to be sanitized like post texts. String replacements are useless simply because it can be encoded, and inefficient for posts because posters usually needs those chars to write their posts. ;)

**icedroplet1987** · 05.04.12, 21:04

Originally posted by arnage View Post

Browsers are user input and needs to be sanitized like post texts. String replacements are useless simply because it can be encoded, and inefficient for posts because posters usually needs those chars to write their posts. ;)

YUP, BUT AS I TOLD EARLIER that i wasnt just started learning things so only string replacement was the easiest option for me. although it does affects the user"s posts. better, make it more usefull for users by coding with expert hands( you) .

but i did ok, didnt i?

valuable lava edited version!!

valuable lava edited version!!

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment