Jump to content

Recommended Posts

Hey guys,

 

Too my horrer i opened my unfinished website today to find there had been a posting under my admin account. I belive this is through hacking my account and cant find how they did it.

 

Im hoping someone would be able to replicate this in order for me to fix the error and secure mysite before it goes live.

 

The address is http://www.runningprofiles.com

 

Jarratt Perkins (phpfreaks name is on the page linked  'Login - PHP FREAKS!!! PLEASE HELP ME')

Hey sorry about the delay.

 

 

 

Below is the login code.

<?php
ini_set('session.cookie_lifetime', 0);
ini_set('session.cache_expire', 0);

session_start();
header("Cache-control: private");
?><?php 
require_once ( 'settings.php' );

if ( array_key_exists ( '_submit_check', $_POST ) )
{
	if ( $_POST['username'] != '' && $_POST['password'] != '' )
	{
		$query = 'SELECT ID, Username, Active, Password FROM ' . DBPREFIX . 'users WHERE Username = ' . $db->qstr ( $_POST['username'] ) . ' AND Password = ' . $db->qstr ( md5 ( $_POST['password'] ) );

		$ip = $_SERVER['REMOTE_ADDR'];
		$user = $_POST['username'];
		$date = date("m/d/Y g:i:s");
	mysql_query("UPDATE users SET ip = '$ip' WHERE username = '$user'");
	mysql_query("UPDATE users SET lastlog = '$date' WHERE username = '$user'");

		if ( $db->RecordCount ( $query ) == 1 )
		{
			$row = $db->getRow ( $query );
			if ( $row->Active == 1 )
			{
				set_login_sessions ( $row->ID, $row->Password, ( $_POST['remember'] ) ? TRUE : FALSE );
				header ( "Location: " . REDIRECT_AFTER_LOGIN );
			}
			elseif ( $row->Active == 0 ) {
				$error = 'Your membership was not activated. Please open the email that we sent and click on the activation link.';
			}
			elseif ( $row->Active == 2 ) {
				$error = 'You are suspended!';
			}
		}
		else {		
			$error = 'Login failed!';		
		}
	}
	else {
		$error = 'Please use both your username and password to access your account';
	}
}
?>

 

 

The stop login function on each page is..

 

checkLogin('1 2');


/**
* checkLogin
*
* Applies restrictions to visitors based on membership and level access
* Also handles cookie based "remember me" feature
*
* @access	public
* @param	string
* @return	bool TRUE/FALSE
*/
function checkLogin($levels)
{

			global $db;
			$kt = split(' ', $levels);

			if (!$_SESSION['logged_in'])
			{

							$access = false;

							if (isset($_COOKIE['cookie_id']))
							{ //if we have a cookie

											$query = 'SELECT * FROM ' . DBPREFIX . 'users WHERE ID = ' . $db->qstr($_COOKIE['cookie_id']);

											if ($db->RecordCount($query) == 1)
											{ //only one user can match that query
															$row = $db->getRow($query);

															//let's see if we pass the validation, no monkey business
															if ($_COOKIE['authenticate'] == md5(getIP() . $row->Password . $_SERVER['USER_AGENT']))
															{
																			//we set the sessions so we don't repeat this step over and over again
																			$_SESSION['user_id'] = $row->ID;
																			$_SESSION['logged_in'] = true;

																			//now we check the level access, we might not have the permission
																			if (in_array(get_level_access($_SESSION['user_id']), $kt))
																			{
																							//we do?! horray!
																							$access = true;
																			}
															}
											}
							}
			}
			else
			{
							$access = false;

							if (in_array(get_level_access($_SESSION['user_id']), $kt))
							{
											$access = true;
							}
			}

			if ($access == false)
			{
							header('Location: http://www.runningprofiles.com/error.php');
							exit();

			}
}


 

phpinfo(); shows - reg_globals as off

  • 2 weeks later...

Hi Runnerjp,

 

Just had a quick look at the code and it does not look like you are checking any data that is submitted before you use it to query the database.

 

This may have left the site open to SQL injection attacks. There are a few posts on this forum that explain how to prevent injection attacks.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.