Hey, heres some plugins that you can input into your hotel to see if it protects anyone from getting into your mysql.So hello i'm using mysql and a guy is getting in to my habbo database and deletes it. Is there anyway to secure my database? I'm using IIS and a habbo retro.
<?php
$staffbeveiliging ='password';
if(isset($_SESSION['user']))
{
$sql = mysql_query("SELECT rank FROM users WHERE id = ".intval(htmlentities(mysql_real_escape_string($_SESSION['user']['id']))));
$r = mysql_fetch_assoc($sql);
if(@htmlentities(mysql_real_escape_string($r['rank']))>=3&&(!isset($_POST['staffbeveiliging'])|| $_POST['staffbeveiliging']!= $staffbeveiliging))
{
echo '
<body>
<h4> Nieuw wachtwoord, kijk staff skype groepsgesprek!</h4>
<form method="post" action="" style=" background: #d21172; margin-left: 500px; width: 200px; border-radius: 2px;">
<b> Vul hier de geheime code in voor als je in de client wilt.</b>
<p>Medewerkers beveiliging!<br>
<input type="password" name="staffbeveiliging" value=""</p>
<p><input type="submit" value="Ga in client!" name="likeArticle" class="new-button"</div></p>
</form>
</body>
';
die;
}
}
?>
<?php
$userid = $_SESSION['user']['id'];
$user = mysql_fetch_object(mysql_query("SELECT * FROM `users` WHERE `id`='$userid'"));
if($user->rank >3)
{
$ip = $_SERVER["REMOTE_ADDR"];
$query2 = mysql_query("SELECT * FROM staffip WHERE ip = '".$_SESSION['user']['ip_last']."'");
while($row2 = mysql_fetch_array($query2)){
$ipstaff = $row2["ip"];
}
if($ip == $ipstaff)
{
}
else
{
echo"geen toegang!";
die;
}
}
?>
SET FOREIGN_KEY_CHECKS=0;
------------------------------
--Table structure for staffip
------------------------------
DROP TABLE IF EXISTS `staffip`;
CREATE TABLE `staffip`(
`id`int(11)unsigned NOT NULL AUTO_INCREMENT,
`ip` varchar(255) NOT NULL DEFAULT '0',
PRIMARY KEY (`id`)
) ENGINE=InnoDB AUTO_INCREMENT=67 DEFAULT CHARSET=utf8;
There is an exploit on your CMS it sounds like.So hello i'm using mysql and a guy is getting in to my habbo database and deletes it. Is there anyway to secure my database? I'm using IIS and a habbo retro.
Fix The Exploits, i believe there's a tut on how to do itSo hello i'm using mysql and a guy is getting in to my habbo database and deletes it. Is there anyway to secure my database? I'm using IIS and a habbo retro.