Posted on: 03/31/04 04:42am
By: junaidy
Posted on: 03/31/04 02:09pm
By: Dirk
COM_accessLog ("An attempt was made to illegally change the account information of user {$_USER['uid']}.");(line 648 in usersettings.php).
Posted on: 04/12/04 12:44am
By: junaidy
Posted on: 04/12/04 12:52pm
By: Dirk
Posted on: 04/13/04 03:27am
By: junaidy
function custom_usersave($uid) { global $_CONF, $_TABLES, $HTTP_POST_VARS; // Note you will need to ensure all data is prepared correctly before inserts - as quotes may need to be escaped with addslashes() $fullname =addslashes($HTTP_POST_VARS['fullname']); $nickname =addslashes($HTTP_POST_VARS['nickname']); $birth =addslashes($HTTP_POST_VARS['birth_day'] . $HTTP_POST_VARS['birth_month'] . $HTTP_POST_VARS['birth_year']); $address =addslashes($HTTP_POST_VARS['address']); $postcode =addslashes($HTTP_POST_VARS['postcode']); $email =addslashes($HTTP_POST_VARS['email']); $country =addslashes($HTTP_POST_VARS['country']); $gender =addslashes($HTTP_POST_VARS['gender']); $race =addslashes($HTTP_POST_VARS['race']); $language =addslashes($HTTP_POST_VARS['language']); $status =addslashes($HTTP_POST_VARS['status']); $mobile_maker =addslashes($HTTP_POST_VARS['mobile_maker']); $house =addslashes($HTTP_POST_VARS['house']); $transport =addslashes($HTTP_POST_VARS['transport']); $occupation =addslashes($HTTP_POST_VARS['occupation']); $monthly_income =addslashes($HTTP_POST_VARS['monthly_income']); $job_stud =addslashes($HTTP_POST_VARS['job_stud']); $education =addslashes($HTTP_POST_VARS['education']); $interest =addslashes($HTTP_POST_VARS['interest']); $leisure =addslashes($HTTP_POST_VARS['leisure']); $smoker =addslashes($HTTP_POST_VARS['smoker']); $cc_usage =addslashes($HTTP_POST_VARS['cc_usage']); $if_cc_usage =addslashes($HTTP_POST_VARS['if_cc_usage']); $know_friend =addslashes($HTTP_POST_VARS['know_friend']); $result = DB_query("SELECT * FROM {$_TABLES['custom_memberinfo']} WHERE uid = $uid"); $nrows = DB_numRows($result); if ($nrows == 0) { // no such user DB_query("INSERT INTO {$_TABLES['custom_memberinfo']} (" ." uid,fullname,nickname,birth,address,postcode,country," ."gender,race,language,status,mobile_maker,house,transport," ."occupation,monthly_income,job_stud,education,interest,leisure," ."smoker,cc_usage,if_cc_usage,know_friend,last_update" .") VALUES (" ."$uid,'$fullname','$nickname','$birth','$address','$postcode'," ."'$country','$gender','$race','$language','$status','$mobile_maker'," ."'$house','$transport','$occupation','$monthly_income','$job_stud'," ."'$education','$interest','$leisure','$smoker','$cc_usage','$if_cc_usage','$know_friend'," ."NOW() )"); } else { DB_query("UPDATE {$_TABLES['custom_memberinfo']} SET " ."fullname='$fullname'," ."nickname='$nickname'," ."birth='$birth'," ."address='$address'," ."postcode='$postcode'," ."country='$country'," ."gender='$gender'," ."race='$race'," ."language='$language'," ."status='$status'," ."mobile_maker='$mobile_maker'," ."house='$house'," ."transport='$transport'," ."occupation='$occupation'," ."monthly_income='$monthly_income'," ."job_stud='$job_stud'," ."education='$education'," ."interest='$interest'," ."leisure='$leisure'," ."smoker='$smoker'," ."cc_usage='$cc_usage'," ."if_cc_usage='$if_cc_usage'," ."know_friend='$know_friend'," ."last_update=NOW() " ."WHERE uid=$uid"); } DB_query("UPDATE {$_TABLES['users']} SET " // not used ."fullname='{$HTTP_POST_VARS['firstname']} {$HTTP_POST_VARS['lastname']}' " ."email='{$HTTP_POST_VARS['email']}'," ."homepage='{$HTTP_POST_VARS['homepage']}' " ."WHERE uid=$uid"); return true; }
in userform() -- /* Main Form used for Custom membership to add/edit and display custom user form */ function custom_userform($mode,$uid="",$msg="") { global $_CONF, $_TABLES, $LANG04; if (!empty($msg)) { $retval .= COM_startBlock($LANG04[21]) . $msg . COM_endBlock(); } if ($mode == "edit") { $post_url = $_CONF['site_url']."/usersettings.php"; $postmode = "saveuser"; $submitbutton = "<input type='submit' value='{$LANG04[9]}'>"; $passwd_input = '<tr bgcolor="#FFFFFF">' . LB . '<td align="right"><b>' .$LANG04[4]. '</b></td>' . LB . '<td> </td>' . LB . '<td><input type="password" name="passwd" size="25" maxlength="32" value=""></td>' . LB . '<td> </td>' . LB . '</tr>' . LB; $result = DB_query("SELECT * FROM {$_TABLES['users']} WHERE uid=$uid"); $A = DB_fetchArray($result); $result = DB_query("SELECT * FROM {$_TABLES['custom_memberinfo']} WHERE uid=$uid"); $B = DB_fetchArray($result); $message = "<br><font size=3><br></font><font size=2 color=black><b>{$LANG04[1]} {$A['username']}</b></font>"; } elseif ($mode == "moderate" ) { $submitbutton = '<input type="button" value="Back" onclick="javascript:history.go(-1)">'; $result = DB_query("SELECT * FROM {$_TABLES['users']} WHERE uid=$uid"); $A = DB_fetchArray($result); $result = DB_query("SELECT * FROM {$_TABLES['custom_memberinfo']} WHERE uid=$uid"); $B = DB_fetchArray($result); } else { $post_url = $_CONF['site_url']."/users.php"; $postmode = "create"; $submitbutton = "<font color=red>$LANG04[24]</font><br><input type='submit' value='{$LANG04[27]}'>"; $passwd_input = ""; $message = "<br><font size=2 color=black>$LANG04[23]</font>"; $A=array(); $B=array(); } $user_templates = new Template ($_CONF['path'] . 'system'); $user_templates->set_file('memberdetail', 'memberdetail.thtml'); $user_templates->set_var('layout_url', $_CONF['layout_url']); $user_templates->set_var('post_url', $post_url); $user_templates->set_var('startblock', COM_startBlock("$LANG04[22]")); $user_templates->set_var('message', $message); $user_templates->set_var('USERNAME', "$LANG04[2]"); $user_templates->set_var('USERNAME_HELP', ""); $user_templates->set_var('username', $A['username']); $user_templates->set_var('passwd_input', $passwd_input); $user_templates->set_var('FULLNAME', ""); $user_templates->set_var('FULLNAME_HELP', ""); $user_templates->set_var('fullname', $B['fullname']); $user_templates->set_var('NICKNAME', ""); $user_templates->set_var('NICKNAME_HELP', "Enter Your SMS Nickname"); $user_templates->set_var('nickname', $B['nickname']); $user_templates->set_var('ADDRESS', ""); $user_templates->set_var('ADDRESS_HELP', ""); $user_templates->set_var('address', $B['address']); $user_templates->set_var('POSTCODE', ""); $user_templates->set_var('POSTCODE_HELP', ""); $user_templates->set_var('postcode', $B['postcode']); $user_templates->set_var('EMAIL', ""); $user_templates->set_var('EMAIL_HELP', ""); $user_templates->set_var('email', $A['email']); $user_templates->set_var('GENDER', ""); $user_templates->set_var('GENDER_HELP', ""); $user_templates->set_var('gender', $B['gender']); $user_templates->set_var('RACE', ""); $user_templates->set_var('RACE_HELP', ""); $user_templates->set_var('race', $B['race']); $user_templates->set_var('LANGUAGE', ""); $user_templates->set_var('LANGUAGE_HELP', "Choose Your Prefered Language"); $user_templates->set_var('language', $B['language']); $user_templates->set_var('STATUS', ""); $user_templates->set_var('STATUS_HELP', ""); $user_templates->set_var('status', $B['status']); $user_templates->set_var('MOBILE_MAKER', ""); $user_templates->set_var('MOBILE_MAKER_HELP', ""); $user_templates->set_var('mobile_maker', $B['mobile_maker']); $user_templates->set_var('HOUSE', ""); $user_templates->set_var('HOUSE_HELP', ""); $user_templates->set_var('house', $B['house']); $user_templates->set_var('TRANSPORT', ""); $user_templates->set_var('TRANSPORT_HELP', ""); $user_templates->set_var('transport', $B['transport']); $user_templates->set_var('OCCUPATION', ""); $user_templates->set_var('OCCUPATION_HELP', ""); $user_templates->set_var('occupation', $B['occupation']); $user_templates->set_var('MONTHLY_INCOME', ""); $user_templates->set_var('MONTHLY_INCOME_HELP', ""); $user_templates->set_var('monthly_income', $B['monthly_income']); $user_templates->set_var('JOB_STUD', ""); $user_templates->set_var('JOB_STUD_HELP', ""); $user_templates->set_var('job_stud', $B['job_stud']); $user_templates->set_var('EDUCATION', ""); $user_templates->set_var('EDUCATION_HELP', ""); $user_templates->set_var('education', $B['education']); $user_templates->set_var('INTEREST', ""); $user_templates->set_var('INTEREST_HELP', ""); $user_templates->set_var('interest', $B['interest']); $user_templates->set_var('LEISURE', ""); $user_templates->set_var('LEISURE_HELP', ""); $user_templates->set_var('leisure', $B['leisure']); $user_templates->set_var('SMOKER', ""); $user_templates->set_var('SMOKER_HELP', ""); $user_templates->set_var('smoker', $B['smoker']); $user_templates->set_var('CC_USAGE', ""); $user_templates->set_var('CC_USAGE_HELP', ""); $user_templates->set_var('cc_usage', $B['cc_usage']); $user_templates->set_var('IF_CC_USAGE', ""); $user_templates->set_var('IF_CC_USAGE_HELP', ""); $user_templates->set_var('if_cc_usage', $B['if_cc_usage']); $user_templates->set_var('KNOW_FRIEND', ""); $user_templates->set_var('KNOW_FRIEND_HELP', ""); $user_templates->set_var('know_friend', $B['know_friend']); $user_templates->set_var('user_id', $user); $user_templates->set_var('postmode', $postmode); $user_templates->set_var('submitbutton', $submitbutton); $user_templates->set_var('endblock', COM_endBlock()); if (!empty($A['photo']) AND $_CONF['allow_user_photo'] == 1) { $user_templates->set_var('user_photo','<img src="' . $_CONF['site_url'] . '/images/userphotos/' . $A['photo'] . '" alt="">'); } else { $user_templates->set_var('user_photo',''); } $user_templates->parse('output', 'memberdetail'); $retval .= $user_templates->finish($user_templates->get_var('output')); return $retval; }
(121@219.94.88.57) - An attempt was made to illegally change the account information of user 121. (121@219.94.88.57) - An attempt was made to illegally change the account information of user 121. (2@219.94.88.57) - An attempt was made to illegally change the account information of user 2. (2@219.94.88.57) - An attempt was made to illegally change the account information of user 2.