diff --git a/classes/class_file_checker.php b/classes/class_file_checker.php
index 886b6697..67829c5b 100644
--- a/classes/class_file_checker.php
+++ b/classes/class_file_checker.php
@@ -13,9 +13,10 @@
"housexclusive.net", "plixid.com", "h33t", "reggaeme.com" ,"ThePirateBay.org",
"Limetorrents.com", "AhaShare.com", "MixFiend.blogstop", "MixtapeTorrent.blogspot");
+
function check_file($Type, $Name) {
check_name(strtolower($Name));
- check_extensions($Type, $Name);
+ check_extensions($Type, strtolower($Name));
}
function check_name($Name) {
diff --git a/sections/login/login.php b/sections/login/login.php
index 0e4ce020..94ff7ee8 100644
--- a/sections/login/login.php
+++ b/sections/login/login.php
@@ -26,7 +26,7 @@
| Password |
- |
+ |
|
diff --git a/sections/torrents/download.php b/sections/torrents/download.php
index 22927262..5e277f91 100644
--- a/sections/torrents/download.php
+++ b/sections/torrents/download.php
@@ -3,6 +3,7 @@
enforce_login();
$TorrentPass = $LoggedUser['torrent_pass'];
$DownloadAlt = $LoggedUser['DownloadAlt'];
+ $UserID = $LoggedUser['ID'];
} else {
$UserInfo = $Cache->get_value('user_'.$_REQUEST['torrent_pass']);
if(!is_array($UserInfo)) {
@@ -25,6 +26,13 @@
$TorrentID = $_REQUEST['id'];
+$uih = user_heavy_info($UserID);
+if ($_REQUEST['authkey'] != $uih['AuthKey']) {
+
+ error(403);
+ die;
+}
+
if (!is_number($TorrentID)){ error(0); }
$Info = $Cache->get_value('torrent_download_'.$TorrentID);
diff --git a/sections/user/edit.php b/sections/user/edit.php
index 744367dc..6255df95 100644
--- a/sections/user/edit.php
+++ b/sections/user/edit.php
@@ -426,11 +426,11 @@ function checked($Checked) {
| New password |
- |
+ |
| Re-type new password |
- |
+ |
| Reset passkey |