• There is NO official Otland's Discord server and NO official Otland's server list. The Otland's Staff does not manage any Discord server or server list. Moderators or administrator of any Discord server or server lists have NO connection to the Otland's Staff. Do not get scammed!

Security POT security warning!

Status
Not open for further replies.
Recently it was found, there's an important security hole in POT (for newbies: Gesior/Unnamed AAC uses it) which displays database connection information. Here's a fast solution for XAMPP users from Xampy, which everyone using POT for their AAC should apply:

Xampy said:
(...) I will tell you how to prevent hacks in your server:

MySQL Users
Go to C:\xampp\htdocs\pot and open the file OTS_DB_MySQL. Go to line 96~ and:
Change:
Code: 
        // PDO constructor
        parent::__construct('mysql:' . implode(';', $dns), $user, $password);
    }
with:
Code: 
        // PDO constructor
	try
	{
		parent::__construct('mysql:' . implode(';', $dns), $user, $password);
	}
	catch(PDOException $error)
	{
		echo 'Can\'t connect to MySQL database.</font>';
			exit;
	}
    }
And save the file.


SQLite Users
Go to C:\xampp\htdocs\pot and open the file OTS_DB_SQLite. Go to line 54~ and:
Change:
Code: 
        // PDO constructor
        parent::__construct('sqlite:' . $params['database']);
with:
Code: 
        // PDO constructor
	try
	{
		parent::__construct('sqlite:' . $params['database']);
	}
	catch(PDOException $error)
	{
		echo 'Can\'t connect to SQLite database.</font>';
			exit;
	}
And save the file.
Click to expand...

Basicaly, file names DO NOT change if you don't use XAMPP, only path (whats logic, btw...) to POT directory.
 
Click to expand...
kingi96 said:
i get this problem :


Warning: date() [function.date]: It is not safe to rely on the system's timezone settings. You are *required* to use the date.timezone setting or the date_default_timezone_set() function. In case you used any of those methods and you are still getting this warning, you most likely misspelled the timezone identifier. We selected 'Europe/Paris' for '2.0/DST' instead in C:\xampp\htdocs\pot\OTS_Account.php on line 396

Warning: date() [function.date]: It is not safe to rely on the system's timezone settings. You are *required* to use the date.timezone setting or the date_default_timezone_set() function. In case you used any of those methods and you are still getting this warning, you most likely misspelled the timezone identifier. We selected 'Europe/Paris' for '2.0/DST' instead in C:\xampp\htdocs\pot\OTS_Account.php on line 396

Warning: date() [function.date]: It is not safe to rely on the system's timezone settings. You are *required* to use the date.timezone setting or the date_default_timezone_set() function. In case you used any of those methods and you are still getting this warning, you most likely misspelled the timezone identifier. We selected 'Europe/Paris' for '2.0/DST' instead in C:\xampp\htdocs\pot\OTS_Account.php on line 396

Warning: date() [function.date]: It is not safe to rely on the system's timezone settings. You are *required* to use the date.timezone setting or the date_default_timezone_set() function. In case you used any of those methods and you are still getting this warning, you most likely misspelled the timezone identifier. We selected 'Europe/Paris' for '2.0/DST' instead in C:\xampp\htdocs\pot\OTS_Account.php on line 396

Warning: date() [function.date]: It is not safe to rely on the system's timezone settings. You are *required* to use the date.timezone setting or the date_default_timezone_set() function. In case you used any of those methods and you are still getting this warning, you most likely misspelled the timezone identifier. We selected 'Europe/Paris' for '2.0/DST' instead in C:\xampp\htdocs\accountmanagement.php on line 52

Warning: date() [function.date]: It is not safe to rely on the system's timezone settings. You are *required* to use the date.timezone setting or the date_default_timezone_set() function. In case you used any of those methods and you are still getting this warning, you most likely misspelled the timezone identifier. We selected 'Europe/Paris' for '2.0/DST' instead in C:\xampp\htdocs\accoun
Click to expand...

And you have there all informations required to get rid of that warning.
 
ye i am noob scripter only! and i can everything without the pot holes and i will learn to fix it so plz can anyone help me!
 
Why is this thread still not locked? It was fixed ages ago retards.
 
Admins or Mods or Global Mods got much working on delete theards or comments from another users ^.-
 
Status
Not open for further replies.
Back
Top