No brown nosing here - just think back to the number of times you have seen me do this. I ALWAYS regret it.

So teks, have you ever looked over vShare? If so, what's your technical opinion on that one as a tube script?

Dont relate bitterness to coffin nails... I want to make sure I can't come back.... Trust me its what I want and I know it... sometimes its hard to leave... othertimes its a blessing, i will make my exit a blessign

Well, if you fixed them already then what is all this ranting about?

Nobody should be thanking you for anything because you haven't fixed
anything for them or even explained what happened to cause you to
find a problem.

:1orglaugh:1orglaugh

I did try to offer help to Zorgman in this area as well....

He doesn't quite get it.

-Ben

Does that me you managed unencoded the backend files?

stfu fatty

no it means i wrote my own fucking admin, how do you like those apples?

why am i fighting with a bunch of trolls.. lol

im gone, i wont be back... have fun playing games with other trolls...

ughm... i laugh at the next moron to pay $10k to skin this board.. lol, worse then shoveling it into a fireplace hahah

So why exactly did you purchase multiple copies if it's garbage and you could do it yourself?

I know why I bought it. I can't code and wanted to test the waters before having something custom coded.

I have no doubt that Dean and company will square this up when he gets back online.

Nicely played sir..

http://www.nnteenmodels.net/gfy/clapping.gif

You are arguing with youself fatso. :1orglaugh

Everyone except the Rodman dick with the fake nick was on your side until
you starting blowing shit out of your mouth on everybody.

Drink much lately?

http://www.cherryflava.com/photos/un...ka_compare.jpg

thread of the year

have you rewritten 100% or just most?

here is a basic security function: http://entertainmentscript.com/sec.phps is 1 thing and running mysql_real_escape_string on EVERY user submitted $_POST or $_GET or $_REQUEST variable BEFORE inserting it into the DB will go a LONG ways.

This at the bottom of something like a config file will reject forms submitted from other places.

Some people should be shot for abusing ternaries.

so why would you buy several copies of the scipt then check the code afterwards?

the entire problem is security, the code other than that is fine.

situations like this:
simply have: $yourname = $_POST['yourname'];

what HAS to be done is before you EVER insert anything into the DB you need to run something like this:

$number = mysql_real_escape_string($_POST['txtNumber']);

Also if you want a quick protection from form bots simply paste that code I posted into config.php

As you can imagine the fix is very simple BUT it happens in so many places that it will take a bit of time for a real fix to be posted.

Zorgman if you want any help let me know. I can certainly think of a few things I'd do to secure this thing and a few things that could REALLY improve the speed of this script.

hello farkedup you have been a busy man of late havent talked to you in a while. If you aint busy later I will hit you up on ICQ

I'm getting ready to buy this script, farkedup or one of you other eggheads want to handle the install and the security fix?

I'm working on moving a bunch of my editable pages and templates into the DB and coding a caching system and then I have to code a tool to allow users to submit embed codes... THEN after all of that is done I'm going to recode some sections of my script so if you can think of anything that needs an overhaul please give me some suggestions! I think making these things easier to edit will help out a LOT of people.

I just spoke with Dean and this is something that has been fixed. The problem was that some people didn't get the updated files. Simple as that.

Yep ok I will speak to you a bit later on ICQ

Yea same here.. Dean is a ok top dawg im my book! :pimp

Hi Guys,

While I do not like the fact that teksonline has to resort to blackmail to tell someone that their is a problem, I thank him for pointing out a major problem that I didn't even know about.

Over 5 weeks ago I had a few programmers check the source code of TEVS for any errors I made. They came back with a few fixed and I put those fixes into place. I rezipped TEVS and uploaded it to the server. But it was my mistake I had uploaded it to the wrong directory. So up till now everyone has downloaded the old original files. - My Fault. I am sorry about that.

I believe a few installs that I did got the secure files but please contact me anyway with the below details.

If you have TEVS installed, please contact me right away and I will personally fix this for you.

Email: [email protected]

BTW - MrYellow, trying to force your services and script project on me and webmasters using TEVS is in way helping me or these webmasters. As I have pointed out, you took offense when I declined your offer and now you call me names like {wanked} and {tosser}. For what reason?

teksonline, I would also like to add. That since you had 100% re-written the admin controls which work fine on over 400 licenses so far. I can only asume you are using a stolen copy of TEVS.

I'v got no emails or support tickets from you nor icq or other forms of messages.

Any normal members would have asked questions before trying to blackmail someone. Unless their using stolen code.

Prove me wrong!

Thanks Dean! I just dropped you a line. :thumbsup

Riiiight. And CGI is bulletproof, right?

post it now, dude.

Damn this guy is a real psychopath

ok wait.. i got lost here.. how was anyone blackmailed? was there money involved? if so, thats a criminal offense... if not moneym then what?

not trying to be a dick here, i just dont see blackmail here when someone just pointed out security leaks in an app.

hlowever, thiss should have been discussed in private rather then here...

Blackmail is the threat to reveal something damaging unless a demand is met.

k0nr4d Didn't I hire you years ago?

Well, I'd say that it's impossible to inject something into a
mysql database that doesn't even exist.

But maybe you know something I dont know.

You did read what the stated problem was didn't you?

And for your information many servers, if not most, are now running php as cgi.

http://us3.php.net/security.cgi-bin

Read that. Please fucking read it!!!! :mad::mad::mad:


The notion that running php means never running cgi is the biggest lie ever sold!

Are you retarded?

Are you tarded?

maybe....

You fuckin serious mang? You mean a simple:
would fix the sploit? LOL Man, I thought it would be better coded for sure. Sad to hear.

I'm glad I program in ColdFusion, bless you CFQueryParam.