Norton blocking access to my PHP

[mitcho]

I have a CMS for my website which i built about 1 year ago.

 

I have just got the latest Norton Antivirus and it now blocks access to the page giving a phishing warning - which i know is wrong because its my own cms and i would phish myself lol.

 

Anyway I thought I would post my code up here - its pretty much the login page that is blocked i guess, i can't get passed it to try any other pages. maybe i have used some older style of coding that is frowned upon by norton. Tell me what you guys think??? Thanks

 

admin_login.php

Please type in your username and password to login into your website manager:<br/>
	<font color="#FF0000">
		<?php
		if (isset($_GET['message']))
			print("<br>".$_GET['message'].":<br/>");
		?>
	</font>
</blockquote>
<blockquote>
<h3>ADMIN ONLY - LOGIN</h3>	
<form name="frmLogin" method="post" action="admin_confirm.php">
<table width="100" border="0" cellspacing="0" cellpadding="0">
	<tr>
		<td align="right" width="15%">Username:    </td>
		<td> <input type="text" id="username" name="username" width="100"></td>
	</tr>
	<tr>
		<td align="right" width="15%">Password:    </td>
		<td> <input type="password" id="userpassword" name="userpassword" width="100"></td>
	</tr>
	<tr>
	  <td align="right"> </td>
	  <td height="30" valign="bottom"><div align="right">
	    <input name="submit" type="submit" class="btn" id="save" onmouseover="this.className='btn btnhov'" onmouseout="this.className='btn'" value="Login" >
      </div></td>
  </tr>
</table>
</form>

 

admin_confirm.php

<?php
include "db.php";
$result = mysql_query("select * from admin where password=MD5('".$_POST['userpassword']."') and username='".$_POST['username']."'");
if(!$result) die("Can't execute query!".mysql_error());
if(mysql_num_rows($result)>0)
	{
		$arow=mysql_fetch_array($result);

		setcookie("eckuser", $arow['username'],time()+7200,"/");
		setcookie("eckpass", $arow['password'],time()+7200,"/");
		mysql_close($dbh);

		$username = trim($_POST['username']);
		$password = trim($_POST['userpassword']);

		session_start();
		session_register('username');
		session_register('password');
		$sess_id = session_id();

		$c_hour = date("H");    //Current Hour
		$c_min = date("i");    //Current Minute
		$c_sec = date("s");    //Current Second
		$c_mon = date("m");    //Current Month
		$c_day = date("d");    //Current Day
		$c_year = date("Y");    //Current Year
		$t_timestamp = mktime($c_hour,$c_min,$c_sec,$c_mon,$c_day,$c_year);


		header("Location: index.php?new_login=1&stamp=$t_timestamp");
		exit;         

/*			print("Congratulations ".$_POST['username']."<br>You may now proceed to the <a	href='index.php'>admin area</a>!");*/
	}					
else 
	{
		echo "User name '".$_POST['username']."' or password '".$_POST['userpassword']."' is incorrect, please try again"; 
	}
mysql_close($dbh);
?>

 

db.php

<?php


$dbh=mysql_connect ("localhost", "*removed*", "*removed*") or die ('Cannot connect to the database because:'. mysql_error().'.<br>Please try again soon.');
$db="easternc_eckdb";
mysql_select_db($db , $dbh)
or	die("Can't select $db ");
?>

 

Edit by Daniel0: Removed database credentials.

[Guest Xanza]

You probably shouldn't give out your database passwords... :/

[mitcho]

whoops - thanks very much for removing those. I just wasn't thinking!

[MadTechie]

Phishing warning are often linked to the sites URL..

check here and enter your URL.. see what comes up

[mitcho]

I typed in the sites URL in the Macafee link you provided but there was no entry for it. So i guess im in the clear there?

[mitcho]

Ok, this is still a problem , but i just found out something interesting.

 

If i do not type the "WWW" in front of the URL i use to access my site admin online, it WORKS!

 

But if i include the WWW then Norton blocks it?!?

[.josh]

can't you just go into your norton program and make your site an exception to it's rule?