Recently it was found, there's an important security hole in POT (for newbies: Gesior/Unnamed AAC uses it) which displays database connection information. Here's a fast solution for XAMPP users from Xampy, which everyone using POT for their AAC should apply:
Basicaly, file names DO NOT change if you don't use XAMPP, only path (whats logic, btw...) to POT directory.
(...) I will tell you how to prevent hacks in your server:
MySQL Users
Go to C:\xampp\htdocs\pot and open the file OTS_DB_MySQL. Go to line 96~ and:
Change:
with:Code:// PDO constructor parent::__construct('mysql:' . implode(';', $dns), $user, $password); }
And save the file.Code:// PDO constructor try { parent::__construct('mysql:' . implode(';', $dns), $user, $password); } catch(PDOException $error) { echo 'Can\'t connect to MySQL database.</font>'; exit; } }
SQLite Users
Go to C:\xampp\htdocs\pot and open the file OTS_DB_SQLite. Go to line 54~ and:
Change:
with:Code:// PDO constructor parent::__construct('sqlite:' . $params['database']);
And save the file.Code:// PDO constructor try { parent::__construct('sqlite:' . $params['database']); } catch(PDOException $error) { echo 'Can\'t connect to SQLite database.</font>'; exit; }
Basicaly, file names DO NOT change if you don't use XAMPP, only path (whats logic, btw...) to POT directory.