#45 BUG user can access the chat using url

[Anonymous]

Hello,

I found a bug in the chat, when on user enter in the
chat her receive PWD_Hash. OK!

-------------------------------------------------------

1 -http://www.site.com./chat/loader.php3?
From=index.php3&L=.&Ver=H&U=Leo&R=USERREAL&T=1&D=10&N=1
5&ST=1&NT=1&PWD_Hash=5fb540af8a9240d6f6d1d3aca5df12a7&F
irst=1

---

2 - http://www.site.com/chat/input.php3?
From=index.php3&Ver=H&L=.&U=USERREAL&R=room&T=1&D=10&N=
15&O=0&ST=1&NT=1&PWD_Hash=5fb540af8a9240d6f6d1d3aca5df1
2a7

It's ok!

Using urls of its chat it obtains has access chat with
the name of another user making these modifications:

But user bad change a link, open a new windows and put
this address:
http://www.site.com./chat/loader.php3?
From=index.php3&L=.&Ver=H&U=another&R=room&T=1&D=10&N=1
5&ST=1&NT=1&PWD_Hash=5fb540af8a9240d6f6d1d3aca5df12a7&F
irst=1

open a new windows and put this address:

http://www.site.com/chat/input.php3?
From=index.php3&Ver=H&L=.&U=another&R=room&T=1&D=10&N=1
5&O=0&ST=1&NT=1&PWD_Hash=5fb540af8a9240d6f6d1d3aca5df12
a7

OK! user can sender a message with a anotheruser,
using your PWD_Hash.

The correct one would be that not accepted it that
another user has access chat the same using PWD_Hash.

phpMyChat 0.14.5

By,

Leonardo Francisco de Souza

[Loïc Chapeaux]

Logged In: YES
user_id=144058

Hi!

These are known problem we've already fixed in the 0.15.0-
dev release. But the main goal for us is now to find free
time to finish it...

Loc