Authlevel Protection

    This site uses cookies. By continuing to browse this site, you are agreeing to our Cookie Policy.

    • Authlevel Protection

      When users change(hack) the authlevel after login ..
      Is it possible to protect with the following sources?


      common.php
      My 2moons is old.

      /* Authlevel Protection - out of service. */
      if($_SESSION['authlevel'] != $USER['authlevel']) {
      $db->query("UPDATE ".USERS." SET `authlevel` = '".$_SESSION['authlevel']."' WHERE `id` = ".$USER['id'].";");
      redirectTo('index.php');
      }
      --------------------------------------------------------------------------------------
    • how do they hack the autlevel after login first of all ? It should be better to protect that issue
    • First of all, the session admin access, existing or not existing, does absolutely nothing. Even if you steal admin password, you know it is used to login/auth. I am curious how they change that values and if that really exists, solution is simple: force auth_level>0 column or recode the admin panel and problem solved.

      Also @noonn which version you're using? Have seen your games around 1.3 and 1.5 . Maybe any old security issue not affecting current game?

      PS. Now that i talked about admin panel, it needs to be recoded. Uses primitive coding and old db vars.

      The post was edited 1 time, last by Qwa ().