deepak1983 Posted July 8, 2020 Share Posted July 8, 2020 I have a php site for quiz, quiz are divided in category then subcategory.in php code login is mandatory to attempt quiz but now i want remove that compulsion. means i want to bypass the login compulsion.the person can attempts quiz even though if its not login. i have extract some code (mention below) i think that is restricting for login. <div class="view-btn2"> <a id="checkloggin<?php echo $subtype_id;?>" style="cursor:pointer" class="checkloggin btn" >view more <input type="hidden" class="userlogged" value="<?php echo $_SESSION['site_user_id']; ?>" name="userlogged"/> <?php echo '<input type="hidden" value="exam_type.php?subcatid='.base64_encode($subtype_id).'" class="urlpath" name="userlogged">';?></a> when i click on view more its directing to login page.Please help me to resolve this issue. Quote Link to comment https://forums.phpfreaks.com/topic/311049-php-login-bypass/ Share on other sites More sharing options...
gw1500se Posted July 8, 2020 Share Posted July 8, 2020 Nope. That just contains the login info. The code that restricts access is going to be an 'if' block that tests the login info. Quote Link to comment https://forums.phpfreaks.com/topic/311049-php-login-bypass/#findComment-1579434 Share on other sites More sharing options...
deepak1983 Posted July 8, 2020 Author Share Posted July 8, 2020 (edited) the complete code is as below... <?php include("header.php"); if(isset($_GET['catid'])){ $typeid=base64_decode($_GET['catid']); $cat_d = executeQuery("SELECT ctype,type_id FROM `mb_category` WHERE `status`='Active' AND type_id='".checkInput($typeid)."'"); if(mysql_num_rows($cat_d) > 0){ $categoryd = getSingleRow("SELECT ctype,type_id FROM `mb_category` WHERE `status`='Active' AND type_id='".checkInput($typeid)."'"); $ctype=$categoryd['ctype']; } else{ header("location:index.php"); exit; } } else{ header("location:index.php"); exit; } ?> <section class="banner inner-page"> <div class="banner-img"><img src="images/banner/courses-banner.jpg" alt=""></div> <div class="page-title"> <div class="container"> <h1>Competition Sub-Categories</h1> </div> </div> </section> <section class="breadcrumb "> <div class="container"> <ul> <li><a href="index.php">Home</a></li> <li><?php echo $categoryd['ctype']; ?></li> </ul> </div> </section> <?php $category = executeQuery("SELECT subtype_id,subtype,type_id,image FROM `mb_subcategory` WHERE `status`='Active' AND type_id='".checkInput($typeid)."' order by subtype_id"); if(mysql_num_rows($category)== 0){ ?> <section class="thankYou-page"> <div class="container"> <div class="section-title"> <h2>Sorry...! For this moment</h2> </div> <div class="thankYou-msg"> <p>Exam Sub Categories Coming Soon.</p> </div> </div> </section> <?php } else { $category = getTableData("SELECT subtype_id,subtype,type_id,title,image FROM `mb_subcategory` WHERE `status`='Active' AND type_id='".checkInput($typeid)."' order by subtype_id"); ?> <section class="courses-view"> <div class="container"> <div class="row"> <?php foreach($category as $subcategorydata){ $subtype_id= $subcategorydata['subtype_id']; ?> <div class="col-sm-6 col-md-3 checkdiv"> <div class="course-post"> <div class="img"> <img src="resources/subcategory/<?php echo $subcategorydata['image'];?>" alt="<?php echo $subcategorydata['subtype'];?>" style="height:180px;"> <div class="icon"> <img src="images/book-icon.png" alt=""> </div> </div> <div class="info"> <div class="name"><?php echo $subcategorydata['subtype'];?></div> </div> <div class="product-footer"> <div class="comment-box"> </div> <div class="view-btn2"> <a id="checkloggin<?php echo $subtype_id;?>" style="cursor:pointer" class="checkloggin btn" >view more <input type="hidden" class="userlogged" value="<?php echo $_SESSION['site_user_id']; ?>" name="userlogged"/> <?php echo '<input type="hidden" value="exam_type.php?subcatid='.base64_encode($subtype_id).'" class="urlpath" name="userlogged">';?></a> </div> </div> </div> </div> <?php } ?> </div> </div> </section> <?php } include("footer.php"); ?> </div> <!-- Bootstrap core JavaScript ================================================== --> <!-- Placed at the end of the document so the pages load faster --> <script type="text/javascript" src="js/jquery-1.12.4.min.js"></script> <script type="text/javascript" src="js/bootstrap.js"></script> <script type="text/javascript" src="js/owl.carousel.js"></script> <script type="text/javascript" src="js/jquery.form-validator.min.js"></script> <script type="text/javascript" src="js/placeholder.js"></script> <script type="text/javascript" src="js/coustem.js"></script> <script src="js/checkvalid.js"></script> </body> </html> Edited July 8, 2020 by deepak1983 Quote Link to comment https://forums.phpfreaks.com/topic/311049-php-login-bypass/#findComment-1579436 Share on other sites More sharing options...
gw1500se Posted July 8, 2020 Share Posted July 8, 2020 Not there either as far as I can see. However, note that is appears to be using the deprecated (for more than a decade) mysql extensions which leaves you wide open to injection attacks. You need to take down this page immediately and switch to PDO or at least mysqli. Quote Link to comment https://forums.phpfreaks.com/topic/311049-php-login-bypass/#findComment-1579438 Share on other sites More sharing options...
deepak1983 Posted July 12, 2020 Author Share Posted July 12, 2020 @gw1500se how to take down the post, i am unable to do. Quote Link to comment https://forums.phpfreaks.com/topic/311049-php-login-bypass/#findComment-1579560 Share on other sites More sharing options...
requinix Posted July 12, 2020 Share Posted July 12, 2020 6 minutes ago, deepak1983 said: @gw1500se how to take down the post, i am unable to do. You cannot take down the post, and even though I could it's already too late to stop people from seeing it. Whether you're vulnerable or not depends on how checkInput() works. But that aside, you should do what gw1500se suggested: change your code to use PDO or mysqli, which both support prepared statements that will get rid of the SQL injection problems. Quote Link to comment https://forums.phpfreaks.com/topic/311049-php-login-bypass/#findComment-1579562 Share on other sites More sharing options...
deepak1983 Posted July 12, 2020 Author Share Posted July 12, 2020 please help me to change.I am newbie. Quote Link to comment https://forums.phpfreaks.com/topic/311049-php-login-bypass/#findComment-1579563 Share on other sites More sharing options...
requinix Posted July 12, 2020 Share Posted July 12, 2020 First thing to do is read the documentation to understand what you will be working with: PDO's prepared statements If you're still not sure how to use them, there are plenty of resources on the internet about it. Quote Link to comment https://forums.phpfreaks.com/topic/311049-php-login-bypass/#findComment-1579564 Share on other sites More sharing options...
deepak1983 Posted July 12, 2020 Author Share Posted July 12, 2020 Thanks a lot. can you remove my membership,i will join again.some one is misusing this code. Quote Link to comment https://forums.phpfreaks.com/topic/311049-php-login-bypass/#findComment-1579565 Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.