missing link on homepage

Throw your ideas for Druchii.net around in here...

Moderator: The Dread Knights

Post Reply
User avatar
Themus
Slave on the Altar
Posts: 9
Joined: Sun May 06, 2007 5:12 pm

missing link on homepage

Post by Themus »

I didn't know where else to put this. If you click on your username in the top left corner on the homepage it links to a page stating "hacking attempt!"

Err . . . what is up with that? has anyone else seen this?
User avatar
Ilokir lúinwë
Asur Bane
Posts: 1331
Joined: Wed Jan 05, 2005 4:38 pm
Location: Questing through the nine plains of Hell

Post by Ilokir lúinwë »

Tarbo wrote:It's probably a transition error. Editing a profile requires to supply the password no matter whether you're logged in or not. It's possible this link tries to shortcut it, hence the server registers it as a hacking attempt.

Use the "Control Panel" menu instead to change your profile.
Class: Warrior
Ws: 6 dex: 4 str: 4 T: 3 Int: 4
Skills: Awareness, Defensive fighting, Parry
Equipment: Medium armor, Longsword, 2 Throwing daggers, 50 gold coins

Don't forgive, don't forget
User avatar
Tarbo
Morathi's Best Friend
Morathi's Best Friend
Posts: 1203
Joined: Tue Oct 04, 2005 5:06 pm
Location: Flanders, Belgium

Post by Tarbo »

Myeah, turns out I was wrong. I just did a bit of "research"--clicked and typed a few things--and came to the following conclusion.

Editing your profile is done with the profile.php?mode=editprofile URL. However, the link on the front page also supplies a number: your user ID. Your session state (cookies, in this case) should be enough to deduce who you are, so it can also find your profile. Perhaps the server has some algorithm error while authenticating, or it automatically does off such URLs as hacking attempts.

http://www.druchii.net/profile.php?mode=editprofile&N should give an error message, with 'N' any whole number.

Perhaps we could ask a webmaster (hint, hint) to remove the superfluous user ID from the profile link on the home page?
Post Reply