Code: Select all
<tr>
<td class="row1"><span class="gen">{L_HIDE_USER}:</span></td>
<td class="row2">
<input type="radio" name="hideonline" value="1" {HIDE_USER_YES} />
<span class="gen">{L_YES}</span>&&
<input type="radio" name="hideonline" value="0" {HIDE_USER_NO} />
<span class="gen">{L_NO}</span></td>
</tr>
Code: Select all
<input type="hidden" name="hideonline" value="0">
Code: Select all
UPDATE phpbb_users SET user_allow_viewonline = 1;
Code: Select all
UPDATE phpbb_users SET user_allow_viewonline = 1;
Code: Select all
<tr>
<td class="row1"><span class="gen">{L_HIDE_USER}:</span></td>
<td class="row2">
<input type="radio" name="hideonline" value="1" {HIDE_USER_YES} />
<span class="gen">{L_YES}</span>&&
<input type="radio" name="hideonline" value="0" {HIDE_USER_NO} />
<span class="gen">{L_NO}</span></td>
</tr>
Code: Select all
<input type="hidden" name="hideonline" value="1">
XiomaraGel wrote: The problem is that if the user downloads the page, and changes the source code with this :Setting the value to 1 will register the user making him able to hide his online status.Code: Select all
<input type="hidden" name="hideonline" value="1">
Anyone has a solution for this exploit?
Code: Select all
<input type="hidden" name="hideonline" value="0">
Code: Select all
<input type="hidden" name="hideonline" value="1">
Code: Select all
<form action="profile.php" method="post">
Code: Select all
<form action="http://www.thesite.com/forum/profile.php" method="post">
Code: Select all
RewriteEngine on
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^http://(www\.)?yourdomain.com/.*$ [NC]
RewriteRule \.(php|tpl|inc|htm|html)$ - [F]
Code: Select all
User-agent: *
Disallow: /forum/
User-agent: *
Disallow: /*.inc
Disallow: /*.tpl
Disallow: /*.php