Script Modifications & Fixatio 10.10.08
IMPORTANT!!! Payment will be in ESCROW MODE, ONLY WHEN WE SAW FIXATIONS AND AFTER RECEIVED THE FIXED SCRIPT.
If you don’t agree, please AVOID BIDDING.
Please work in the installation in: www.temposolution.org
As user:
User:tempo
Pass: zander98
As Admin:
User: Admin
Pass: zander98
For Script instalation
The ftp and cpanel is:
User: tempo
Pass: zander98
Fixations:
1.There is an error in the user side /after SIGNING as a USER (user: tempo pass: zander 98)
If you got to “YOUR REFERRALS”
http://www.temposolution.org/account_referrals.php
Warning: mysql_fetch_array(): supplied argument is not a valid MySQL result resource in /home/tempo/public_html/account_referrals.php on line 116
Warning: mysql_fetch_array(): supplied argument is not a valid MySQL result resource in /home/tempo/public_html/account_referrals.php on line 116
Warning: mysql_fetch_array(): supplied argument is not a valid MySQL result resource in /home/tempo/public_html/account_referrals.php on line 116
Warning: mysql_fetch_array(): supplied argument is not a valid MySQL result resource in /home/tempo/public_html/account_referrals.php on line 116
Warning: mysql_fetch_array(): supplied argument is not a valid MySQL result resource in /home/tempo/public_html/account_referrals.php on line 116
Warning: mysql_fetch_array(): supplied argument is not a valid MySQL result resource in /home/tempo/public_html/account_referrals.php on line 116
Warning: mysql_fetch_array(): supplied argument is not a valid MySQL result resource in /home/tempo/public_html/account_referrals.php on line 116
Warning: mysql_fetch_array(): supplied argument is not a valid MySQL result resource in /home/tempo/public_html/account_referrals.php on line 116
2. Actually if you see THE ACCSES TO ENTER THE Admin are in this script is entering the user and password admin in the same form login for users *customers* we need you separate the method who the admin login in their zone. We want admins login using a secret url for example.
If the script is www.temposolution.org
Then the systems will go to a private login for admins.
Notice: Why we need this change, well know people using this script that has been hackled using ddd user exploit in login form to get admin grants also we know this script sometimes have been brute force hacked using the login form to get admin grant.
3.Aactully if you study the method how admin login in the script we need a second security measure in the admin login process .after admin enter the first user and pass we need admin enter a security second password this password must be encrypted and only me know the password also you must create a method to setup this second password secretly in the system and no accessible to anyone. In the system. We think actually in some part of the script there is a code to send information to a perpetrator &script backdoor could you find it please?
4.We need you see if there is any option to hackers enter to our data base to clean the data we find the current script have a method to encrypt the DB but we are not agree if its possible.
5.If you enter to admin zone in the script and go to section Payment Settings there is some password when admin enter keep visible in the form for example go to Liberty Reserve Process the info related to Secret word its completely visible then if a hacker get admin in the system can use this info to hack our liberty reserve account. could you put this option to see only dots when admin the this information In other section there is the same problem.fix that also
The admin user is admin pass zander98
