Ahh vielen dank das geht schonmal^^
So und zu dem anderen Problem ich glaube ich habe schon die lösung aber ich bin nicht gut im Übersetzten
[quote=MightyE]
A security issue was discovered against the Legend of the Green Dragon code base, and your email address is registered as an admin for a Legend of the Green Dragon server.
It is imperative that you apply the below patch as soon as possible. The vulnerability permits masquerading as any user account. If you run the suipcontrol module, then your server will be protected against unwanted administrative changes, but users who are able to exploit this vulnerability will be able to masquerade as any user for any non-administrative purpose.
Unfortunately this vulnerability was disclosed to the public before it was brought to our attention, so we were not able to issue a preemptive patch. The public disclosure was removed within an hour, but anyone who read it in the mean time may be able to figure out how to exploit this vulnerability.
How to protect yourself against this exploit:
Admins of the 1.0.6 version can find an updated version of "login.php" here:
http://lotgd.net/updated_1.0.6_login.tar.gz
Admins for the 1.1.0 Dragonprime Edition can visit Dragonprime.net to find an updated version of this file as soon as it is available.
Anyone else may manually edit login.php and add this line of code immediately before the first $sql statement (typically around line 30):
$password = addslashes($password);
So typically this will look like:
$password = addslashes($password);
$sql = "SELECT * FROM " . db_prefix("accounts") . " WHERE login = '$name' AND password='$password' AND locked=0";
However it's possible that your $sql statement looks slightly different.
Please contact me at
MightyE@MightyE.org if you have questions on how to implement this on your server, and I will do my very best to help you out. As far as I know, this is the first security vulnerability discovered against the Legend of the Green Dragon core code base (meaning that it is not the result of a 3rd party module outside our control).
-Eric "MightyE" Stevens
[/quote]