This security problem affects all versions of the Digital Scribe, but can be fixed by modifying one file.

Open login.php

Line 17 & 18 original:
$mdpass=MD5($HTTP_POST_VARS['pass1']);
$query = "SELECT ID,level FROM ".$conf['tbl']['teachers']." where pass='$mdpass' AND user=\"$HTTP_POST_VARS[username]\"";

Change the lines to:
$user=sanitize_paranoid_string($HTTP_POST_VARS[username]);
$mdpass=MD5($HTTP_POST_VARS['pass1']);
$query = "SELECT ID,level FROM ".$conf['tbl']['teachers']." where pass='$mdpass' AND user=\"$user\"";


Add this at the end of the file just before the last line of: ?>
function sanitize_paranoid_string($string, $min='', $max='') 
{ 
$string = preg_replace("/[^a-zA-Z0-9]/", "", $string); 
$len = strlen($string); 
if((($min != '') && ($len < $min)) || (($max != '') && ($len > $max))) 
return FALSE; 
return $string; 
} 
 
 

That's it, you are once again secure. This was the only change from version 1.4 to 1.4.1