desjardins2010 Posted December 26, 2010 Share Posted December 26, 2010 Hey guys/Gals ok, so if you want code let me know but in essence just a quick question to an unforseen issue. Were creating a virutal hacking simulation (for those who have been following me) and we just finised with the crack.php that compares the passwordcracker to the target users Systemkey (the piece that protects the target's pc from lower level attacks) if the passwordcracker is larger than the systemkey or equal to it, it will start the crack procress (that is simply a progress bar, then forward to userhome.php) issue were having right now is when the user attempts to crack but isn't high enough to do so it gives a message saying your software isn't high enough... ISSUE: if at this point I just go and type in userhome.php it connects me without having to crack it.. there is a session set in place that makes sure users are logged in the whole time but can't figure out how I can stop this from allowing access without a successful crack first.... any ideas would be greatly appreciated Thanks; desjardins, jeff Link to comment https://forums.phpfreaks.com/topic/222696-hope-there-is-a-simple-solution/ Share on other sites More sharing options...
joel24 Posted December 27, 2010 Share Posted December 27, 2010 I dare say you'll have to provide the code Link to comment https://forums.phpfreaks.com/topic/222696-hope-there-is-a-simple-solution/#findComment-1151650 Share on other sites More sharing options...
desjardins2010 Posted December 27, 2010 Author Share Posted December 27, 2010 ok, so these are the three files we speak of, the action starts at u2u.php didn't feel I had to use that here it's just a form that sends the entered IP address to homepage.php --> homepage.php checks for the submit andcompares the IPaddress to the database to see if the IP exists --> the users passwordcracker if clicked will lead to crack.php --> this will check to see if the target systems 'systemkey' is smaller than or equal to the players password cracker --> if it is it shows a simple progress bar and sends them to userhome.php if it's not if tells them that the software they are using ins't large enough .. issue again is that from this point I can just go and type in userhome.php and get in without cracking... if you can clean any of this code up also feel free. userhome.php <?php session_start(); if (!isset($_SESSION['username'])) { echo "Sorry you must be logged in to view this page<BR>"; echo "Please <a href='index.php'>GO BACK</a> and try again"; exit(); } else { if ($_SESSION['username']) { $player = $_SESSION['username']; $userlevel = $_SESSION['userlevel']; $cracker = $_SESSION['cracker']; $cpuspeed = $_SESSION['cpuspeed']; $ip = $_SESSION['ip']; } } ?> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=utf-8" /> <title>Heavens Hackers : Virtual Online Hacking Simulation</title> <style type="text/css"> <!-- .style1 {color: #FFFFFF} --> </style> </head> <body alink="#FFFFFF" vlink="#FFFFFF" link="#FFFFFF"> <table width="650" border="0" align="center" cellpadding="0" cellspacing="0" bgcolor="#000000"> <!--DWLayoutTable--> <tr> <td width="10" height="36"> </td> <td width="630"> </td> <td width="10"> </td> </tr> <tr> <td height="39"></td> <td align="center" valign="center"><form action="homepage.php" method="post"> <a href="u2u.php"><img src="images/home.png" width="26" height="26" border="0" /></a> <input type="text" name="ip" size="60" /> <input type="submit" name="submit" value="CONNECT" /> </form></td> <td></td> </tr> <tr> <td height="195" colspan="3" valign="top"><table background="images/u2uimg.jpg" width="100%" border="0" cellpadding="0" cellspacing="0"> <!--DWLayoutTable--> <tr> <td width="13" height="18"></td> <td width="624"></td> <td width="13"></td> </tr> <tr> <td height="58"></td> <td valign="top"> <div align="center"><?php echo "<font color='#ffffff'>You are connect to </font><font color='#ffffff'>" . long2ip($ip). "</font>";?></div></td> <td></td> </tr> <tr> <td height="68"> </td> <td> </td> <td></td> </tr> <tr> <td height="38" colspan="3" valign="bottom"><div align="center"> <?php //add links for add to bounce slots, access logfile, logout, files echo "<font size='1px' color='#ffffff'>Add IP to Bounce List | <a href='userhome.php'>Access Logfile</a> | Files | <a href='targetbank.php'>Bank Details</a> | Logout</font>"; ?> </div></td> </tr> <tr> <td height="15"></td> <td></td> <td></td> </tr> </table> </td> </tr> <tr> <td align="center" height="92" colspan="3" valign="top"><img src="images/u2uimg2.jpg" width="650" height="92" /></td> </tr> <tr> <td height="296" colspan="3" valign="top"><table width="100%" border="0" cellpadding="0" cellspacing="0"> <!--DWLayoutTable--> <tr> <td width="650" height="296" valign="top"><div align="center"><form action="edituserlog.php" method="post"> <textarea class='form' ID='logfile' name='logfile' rows='20' cols='70'> <?php //make connection with database to access logfile information $connect = mysql_connect("localhost","removed","removed") or die ("Could Not Connect To Server"); mysql_select_db('heaven_users'); $query = mysql_query("SELECT logfile FROM members WHERE IPaddress='$ip'") or die ("Could Not Query Database members"); while ($info = mysql_fetch_assoc($query)) { //set varibles $logfile = $info['logfile']; } echo $logfile; ?> </textarea><br> <input type=submit value="Edit log" class=form> </form></div></td> </tr> </table> </td> </tr> <tr> <td height="89"></td> <td></td> <td></td> </tr> </table> </body> </html> crack.php <?php session_start(); if (!isset($_SESSION['username'])) { echo "Sorry you must be logged in to view this page<BR>"; echo "Please <a href='index.php'>GO BACK</a> and try again"; exit(); } else { if ($_SESSION['username']) { $player = $_SESSION['username']; $userlevel = $_SESSION['userlevel']; $cracker = $_SESSION['cracker']; $cpuspeed = $_SESSION['cpuspeed']; $ip = $_SESSION['ip']; $userip = $_SESSION['userip']; $exper = $_SESSION['exper']; } } ?> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=utf-8" /> <title>Heavens Hackers : Virtual Online Hacking Simulation</title> <style type="text/css"> <!-- .style1 {color: #FFFFFF} --> </style> </head> <body alink="#FFFFFF" vlink="#FFFFFF" link="#FFFFFF"> <table width="650" border="0" align="center" cellpadding="0" cellspacing="0" bgcolor="#000000"> <!--DWLayoutTable--> <tr> <td width="10" height="36"> </td> <td width="630"> </td> <td width="10"> </td> </tr> <tr> <td height="39"></td> <td align="center" valign="center"><form action="homepage.php" method="post"> <a href="u2u.php"><img src="images/home.png" width="26" height="26" border="0" /></a> <input type="text" name="ip" size="60" /> <input type="submit" name="submit" value="CONNECT" /> </form></td> <td></td> </tr> <tr> <td height="195" colspan="3" valign="top"><table background="images/u2uimg.jpg" width="100%" border="0" cellpadding="0" cellspacing="0"> <!--DWLayoutTable--> <tr> <td width="13" height="18"></td> <td width="624"></td> <td width="13"></td> </tr> <tr> <td height="58"></td> <td valign="top"> <div align="center"> <?php //start progress bar check to see if the systemkey on server is greater than the passwordcracker or equal if it is let it go if not stop it $db = mysql_connect ("localhost","****","******") or die ("Could Not Connect To Database"); $select = mysql_select_db ('heaven_users') or die ("Could Not Select Database"); $query = mysql_query ("SELECT * FROM members WHERE IPaddress='$ip'") or die (mysql_error()); $query2 = mysql_query ("SELECT * FROM members WHERE username='$player'") or die (mysql_error()); while ( ($row1 = mysql_fetch_assoc($query)) && ($row2 = mysql_fetch_assoc($query2)) ) { $systemkey = substr($row1['systemkey'], -3); $passwordcracker = substr($row2['passwordcracker'], -3); $remotelogfile = $row1['logfile']; $playerlog = $row2['logfile']; $experadd = +5; $newexper = $exper + $experadd; } if ($passwordcracker >= $systemkey) { mysql_query ("UPDATE members SET logfile = '$remotelogfile $userip logged into admin' WHERE IPaddress =$ip") or die (mysql_error()); mysql_query ("UPDATE members SET logfile = '$playerlog admin logged into ".long2ip($ip)."' WHERE username='$player'") or die (mysql_error()); //give exp for cracking remote system mysql_query ("UPDATE members SET exper = '$newexper' WHERE username='$player'") or die (mysql_error()); //progress bar and forward to userprofile.php got to find a way to block this if they havn't cracked it echo "<table width='100%' border='1' cellpadding='1' cellspacing='1' bgcolor='#666666'><tr><td width='506' height='52' valign='top'><script type='text/javascript'>function progress(){if(document.images['bar'].width<400){document.images['bar'].width+=5;document.images['bar'].height=5; }else{clearInterval(ID);window.location='userhome.php';}}var ID;window.onload=function(){ID=setInterval('progress();',$cpuspeed);}</script><img src='images/white.gif' name='bar'/><br /><font color='#ffffff'>Cracking....</font></td></tr></table>"; } else { echo "<font color='#ffffff'>Mate, it seems you don't have the proper software to crack this server. Visit the shop to upgrade or complete more jobs to gain cash</font><br />"; } ?> </div></td> <td></td> </tr> <tr> <td height="121"> </td> <td> </td> <td></td> </tr> </table> </td> </tr> <tr> <td align="center" height="92" colspan="3" valign="top"><img src="images/u2uimg2.jpg" width="650" height="92" /></td> </tr> <tr> <td height="296"></td> <td></td> <td></td> </tr> </table> </body> </html> homepage.php <?php session_start(); if (!isset($_SESSION['username'])) { echo "Sorry you must be logged in to view this page<BR>"; echo "Please <a href='index.php'>GO BACK</a> and try again"; exit(); } else { if ($_SESSION['username']) { $player = $_SESSION['username']; $userlevel = $_SESSION['userlevel']; $cracker = $_SESSION['cracker']; $systemkey = $_SESSION['systemkey']; //check for submit $submit = $_POST['submit']; $ip = ip2long($_POST['ip']); //database format for compare $_SESSION['ip'] = $ip; } } //start connection with server to check if IP is valid $connect = mysql_connect ("localhost","****","*****") or die ("Could Not Connect To Server"); $sql = mysql_select_db ('heaven_users') or dir ("Could Not Select Database"); $sql2 = mysql_query ("SELECT IPaddress FROM members WHERE IPaddress='$ip'"); $rows = mysql_num_rows($sql2); //we have the result of the row count we want that if it's 0 to echo no service found at address; else if more than 0 bring up that account ?> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=utf-8" /> <title>Heavens Hackers : Virtual Online Hacking Simulation</title> </head> <body alink="#FFFFFF" vlink="#FFFFFF" link="#FFFFFF"> <table width="650" border="0" align="center" cellpadding="0" cellspacing="0" bgcolor="#000000"> <!--DWLayoutTable--> <tr> <td width="10" height="36"> </td> <td width="630"> </td> <td width="10"> </td> </tr> <tr> <td height="39"></td> <td align="center" valign="center"><form action="homepage.php" method="post"> <a href="u2u.php"><img src="images/home.png" width="26" height="26" border="0" /></a> <input type="text" name="ip" size="60" /> <input type="submit" name="submit" value="CONNECT" /> </form></td> <td></td> </tr> <tr> <td height="195" colspan="3" valign="top"><table background="images/u2uimg.jpg" width="100%" border="0" cellpadding="0" cellspacing="0"> <!--DWLayoutTable--> <tr> <td width="13" height="18"></td> <td width="624"></td> <td width="13"></td> </tr> <tr> <td height="58"></td> <td valign="top"><div align="center"> <?php if ($rows==0) { echo "<font color='#ffffff'>No Service Found At<br /></font><font color='#ffffff'>" .long2ip($ip)."</font><br />"; echo "<a href='u2u.php'>Please go back and try again</a>"; exit(); } else { //display information to crack said IP address echo "<font size ='medium' color='#ffffff'>You were able to ping<br /></font><font color='#ffffff'>" .long2ip($ip)."</font>"; } ?> </div></td> <td></td> </tr> <tr> <td height="34"> </td> <td> </td> <td></td> </tr> <tr> <td height="85" colspan="3" valign="top"><table width="100%" border="0" cellpadding="0" cellspacing="0"> <!--DWLayoutTable--> <tr> <td width="219" height="66" valign="top"><div align="center"><?php echo "<font color='#ffffff'><br /><a href='crack.php'>" .$cracker. "</a></font>"; ?> </div></td> <td width="215" valign="top"><div align="center"><?php echo "<font color='#ffffff'><br /><a href='crack.php'>" .$cracker. "</a></font>"; ?> </div></td> <td width="216" valign="top"><!--DWLayoutEmptyCell--> </td> </tr> <tr> <td height="19"> </td> <td> </td> <td> </td> </tr> </table> </td> </tr> </table> </td> </tr> <tr> <td align="center" height="92" colspan="3" valign="top"><img src="images/u2uimg2.jpg" width="650" height="92" /></td> </tr> <tr> <td height="270" colspan="3" align="center" valign="top"> <?php //welcome message for IP connected to ?> </tr> </table> </body> </html> Link to comment https://forums.phpfreaks.com/topic/222696-hope-there-is-a-simple-solution/#findComment-1151653 Share on other sites More sharing options...
joel24 Posted December 27, 2010 Share Posted December 27, 2010 so you need to ensure the user has 'cracked'... set a session variable when cracking is completed ... if I've understood your code correctly, something like this (in crack.php) if ($passwordcracker >= $systemkey) { mysql_query ("UPDATE members SET logfile = '$remotelogfile $userip logged into admin' WHERE IPaddress =$ip") or die (mysql_error()); mysql_query ("UPDATE members SET logfile = '$playerlog admin logged into ".long2ip($ip)."' WHERE username='$player'") or die (mysql_error()); //give exp for cracking remote system mysql_query ("UPDATE members SET exper = '$newexper' WHERE username='$player'") or die (mysql_error()); $_SESSION['cracked'] = true; //progress bar and forward to userprofile.php got to find a way to block this if they havn't cracked it echo "<table width='100%' border='1' cellpadding='1' cellspacing='1' bgcolor='#666666'><tr><td width='506' height='52' valign='top'><script type='text/javascript'>function progress(){if(document.images['bar'].width<400){document.images['bar'].width+=5;document.images['bar'].height=5; }else{clearInterval(ID);window.location='userhome.php';}}var ID;window.onload=function(){ID=setInterval('progress();',$cpuspeed);}</script><img src='images/white.gif' name='bar'/><br /><font color='#ffffff'>Cracking....</font></td></tr></table>"; } else { echo "<font color='#ffffff'>Mate, it seems you don't have the proper software to crack this server. Visit the shop to upgrade or complete more jobs to gain cash</font><br />"; $_SESSION['cracked'] = false; } then on userhome.php if ($_SESSION['cracked'] != true) { //if not true, redirect back to crack header('location: crack.php'); exit(); } Link to comment https://forums.phpfreaks.com/topic/222696-hope-there-is-a-simple-solution/#findComment-1151664 Share on other sites More sharing options...
desjardins2010 Posted December 27, 2010 Author Share Posted December 27, 2010 Thank you soo much that worked like a charm... funny thing is session was the first thing I thought of i'm new to php and didn't think you could start another session with having one running already so never even tried that,,, lol thanks Link to comment https://forums.phpfreaks.com/topic/222696-hope-there-is-a-simple-solution/#findComment-1151774 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.