Jump to content

Recommended Posts

I have a php site for quiz, quiz are divided in category then subcategory.in php code login is mandatory to attempt quiz but now i want remove that compulsion. means i want to bypass the login compulsion.the person can attempts quiz even though if its not login. i have extract some code (mention below) i think that is restricting for login.

                                <div class="view-btn2">
                                    <a id="checkloggin<?php echo $subtype_id;?>" style="cursor:pointer" class="checkloggin btn" >view more
                                    <input type="hidden" class="userlogged" value="<?php echo $_SESSION['site_user_id']; ?>" name="userlogged"/>
                                  <?php   echo '<input type="hidden" value="exam_type.php?subcatid='.base64_encode($subtype_id).'" class="urlpath" name="userlogged">';?></a>

when i click on view more its directing to login page.Please help me to resolve this issue.

Link to comment
https://forums.phpfreaks.com/topic/311049-php-login-bypass/
Share on other sites

the complete code is as below...

 

<?php include("header.php"); 

if(isset($_GET['catid'])){
$typeid=base64_decode($_GET['catid']);

 $cat_d = executeQuery("SELECT ctype,type_id FROM `mb_category` WHERE `status`='Active' AND type_id='".checkInput($typeid)."'");
  if(mysql_num_rows($cat_d) > 0){
    $categoryd = getSingleRow("SELECT ctype,type_id FROM `mb_category` WHERE `status`='Active' AND type_id='".checkInput($typeid)."'");

    $ctype=$categoryd['ctype'];

    }
    else{
    
    header("location:index.php");
    exit;
    }
}
else{
    
    header("location:index.php");
    exit;
}

?>
        <section class="banner inner-page">
            <div class="banner-img"><img src="images/banner/courses-banner.jpg" alt=""></div>
            <div class="page-title">    
                <div class="container">
                    <h1>Competition Sub-Categories</h1>
                </div>
            </div>
        </section>
         <section class="breadcrumb ">
            <div class="container">
                <ul>
                    <li><a href="index.php">Home</a></li>
                    <li><?php echo $categoryd['ctype']; ?></li>
                </ul>
            </div>
        </section>
        
                        <?php

                        

                        

$category = executeQuery("SELECT subtype_id,subtype,type_id,image FROM `mb_subcategory` WHERE `status`='Active' AND type_id='".checkInput($typeid)."' order by subtype_id");

if(mysql_num_rows($category)== 0){ ?>
                <section class="thankYou-page">
            <div class="container">
                <div class="section-title">
                    <h2>Sorry...! For this moment</h2>
                    
                </div>
                <div class="thankYou-msg">
                    <p>Exam Sub Categories Coming Soon.</p>
                </div>
            </div>
        </section>
<?php } else { 

$category = getTableData("SELECT subtype_id,subtype,type_id,title,image FROM `mb_subcategory` WHERE `status`='Active' AND type_id='".checkInput($typeid)."' order by subtype_id");


 ?>
        
        
        
        <section class="courses-view">
            <div class="container">
                
                <div class="row">
                
                <?php 
                foreach($category as $subcategorydata){
                $subtype_id= $subcategorydata['subtype_id'];
                ?>
                
                    <div class="col-sm-6 col-md-3 checkdiv">
                    
                        <div class="course-post">
                            <div class="img">
                                   <img src="resources/subcategory/<?php echo $subcategorydata['image'];?>" alt="<?php echo $subcategorydata['subtype'];?>" style="height:180px;">
                                 
                                <div class="icon">
                                    <img src="images/book-icon.png" alt="">
                                </div>
                            </div>
                           <div class="info">
                                <div class="name"><?php echo $subcategorydata['subtype'];?></div>
                            </div>
                            <div class="product-footer">
                                <div class="comment-box">    
                                     
                                </div>
                                

                                <div class="view-btn2">
                                    <a id="checkloggin<?php echo $subtype_id;?>" style="cursor:pointer" class="checkloggin btn" >view more
                                    <input type="hidden" class="userlogged" value="<?php echo $_SESSION['site_user_id']; ?>" name="userlogged"/>
                                  <?php   echo '<input type="hidden" value="exam_type.php?subcatid='.base64_encode($subtype_id).'" class="urlpath" name="userlogged">';?></a>
                                </div>
                            </div>
                        </div>
                    
                    </div>
                <?php } ?>
                    
                </div>
             
            </div>
        </section>
<?php } include("footer.php"); ?>
    </div>
    <!-- Bootstrap core JavaScript
    ================================================== -->
    <!-- Placed at the end of the document so the pages load faster -->
    
    <script type="text/javascript" src="js/jquery-1.12.4.min.js"></script>
    <script type="text/javascript" src="js/bootstrap.js"></script>
    <script type="text/javascript" src="js/owl.carousel.js"></script>
    <script type="text/javascript" src="js/jquery.form-validator.min.js"></script>
    <script type="text/javascript" src="js/placeholder.js"></script>
    <script type="text/javascript" src="js/coustem.js"></script>
    <script src="js/checkvalid.js"></script>    
</body>


</html>

Edited by deepak1983
Link to comment
https://forums.phpfreaks.com/topic/311049-php-login-bypass/#findComment-1579436
Share on other sites

Not there either as far as I can see. However, note that is appears to be using the deprecated (for more than a decade) mysql extensions which leaves you wide open to injection attacks. You need to take down this page immediately and switch to PDO or at least mysqli.

Link to comment
https://forums.phpfreaks.com/topic/311049-php-login-bypass/#findComment-1579438
Share on other sites

6 minutes ago, deepak1983 said:

@gw1500se how to take down the post, i am unable to do.

You cannot take down the post, and even though I could it's already too late to stop people from seeing it.

Whether you're vulnerable or not depends on how checkInput() works. But that aside, you should do what gw1500se suggested: change your code to use PDO or mysqli, which both support prepared statements that will get rid of the SQL injection problems.

Link to comment
https://forums.phpfreaks.com/topic/311049-php-login-bypass/#findComment-1579562
Share on other sites

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.