Login process
Asked Modified Viewed 2,678 times
asked
login process isn't still good. this is my solution. you have to add "user_new_pass" in users table
next file maincore.php change
on this
Code Download source
$result = dbquery("ALTER TABLE ".$db_prefix."users ADD user_new_pass SMALLINT(1) UNSIGNED NOT NULL DEFAULT '0'");next file maincore.php change
Code Download source
if (isset($_POST['login'])) {
$user_pass = md5($_POST['user_pass']);
$user_name = preg_replace(array("/\=/","/\#/","/\sOR\s/"), "", stripinput($_POST['user_name']));
$result = dbquery("SELECT * FROM ".$db_prefix."users WHERE user_name='$user_name' AND (user_password='".md5($user_pass)."' OR user_password='$user_pass')");
if (dbrows($result) != 0) {
$data = dbarray($result);
if ($data['user_password'] == $user_pass) {
$result = dbquery("UPDATE ".$db_prefix."users SET user_password='".md5($user_pass)."' WHERE user_id='".$data['user_id']."'");
}
$cookie_value = $data['user_id'].".".$user_pass;
if ($data['user_status'] == 0) {
$cookie_exp = isset($_POST['remember_me']) ? time() + 3600*24*30 : time() + 3600*3;
header("P3P: CP='NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM'");
setcookie("fusion_user", $cookie_value, $cookie_exp, "/", "", "0");
redirect(BASEDIR."setuser.php?user=".$data['user_name'], "script");
} elseif ($data['user_status'] == 1) {
redirect(BASEDIR."setuser.php?error=1", "script");
} elseif ($data['user_status'] == 2) {
redirect(BASEDIR."setuser.php?error=2", "script");
}
} else {
redirect(BASEDIR."setuser.php?error=3");
}
}
if (isset($_COOKIE['fusion_user'])) {
$cookie_vars = explode(".", $_COOKIE['fusion_user']);
$cookie_1 = isNum($cookie_vars['0']) ? $cookie_vars['0'] : "0";
$cookie_2 = (preg_match("/^[0-9a-z]{32}$/", $cookie_vars['1']) ? $cookie_vars['1'] : "");
$result = dbquery("SELECT * FROM ".$db_prefix."users WHERE user_id='$cookie_1' AND user_password='".md5($cookie_2)."'");
unset($cookie_vars,$cookie_1,$cookie_2);
if (dbrows($result) != 0) {
$userdata = dbarray($result);
if ($userdata['user_status'] == 0) {
if ($userdata['user_theme'] != "Default" && file_exists(THEMES.$userdata['user_theme']."/theme.php")) {
define("THEME", THEMES.$userdata['user_theme']."/");
} else {
define("THEME", THEMES.$settings['theme']."/");
}
if ($userdata['user_offset'] <> 0) {
$settings['timeoffset'] = $settings['timeoffset'] + $userdata['user_offset'];
}
if (empty($_COOKIE['fusion_lastvisit'])) {
setcookie("fusion_lastvisit", $userdata['user_lastvisit'], time() + 3600, "/", "", "0");
$lastvisited = $userdata['user_lastvisit'];
} else {
$lastvisited = $_COOKIE['fusion_lastvisit'];
}
} else {
header("P3P: CP='NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM'");
setcookie("fusion_user", "", time() - 7200, "/", "", "0");
setcookie("fusion_lastvisit", "", time() - 7200, "/", "", "0");
redirect(BASEDIR."index.php", "script");
}
} else {
header("P3P: CP='NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM'");
setcookie("fusion_user", "", time() - 7200, "/", "", "0");
setcookie("fusion_lastvisit", "", time() - 7200, "/", "", "0");
redirect(BASEDIR."index.php", "script");
}
} else {
define("THEME", THEMES.$settings['theme']."/");
$userdata = ""; $userdata['user_level'] = 0; $userdata['user_rights'] = ""; $userdata['user_groups'] = "";
}on this
Code Download source
if (isset($_POST['login']) ) {
$user_pass = md5($_POST['user_pass']);
[b]//add by slawekneo
$user_pass2 = md5($user_pass);[/b]
$user_name = preg_replace(array("/\=/","/\#/","/\sOR\s/"), "", stripinput($_POST['user_name']));
$result = dbquery("SELECT * FROM ".$db_prefix."users WHERE user_name='$user_name' AND (user_password='".md5($user_pass)."' OR user_password='$user_pass')");
if (dbrows($result) != 0) {
$data = dbarray($result);
[b]//edit by slawekneo
if ($data['user_password'] == $user_pass && $data['user_new_pass'] == 0) {
$result = dbquery("UPDATE ".$db_prefix."users SET user_password='".md5($user_pass)."', user_new_pass=1 WHERE user_id='".$data['user_id']."'");
} else if ($data['user_password'] == $user_pass && $data['user_new_pass'] == 1) {
redirect(BASEDIR."setuser.php?error=3", "script");
} else if ($data['user_password'] == $user_pass2 && $data['user_new_pass'] == 0) {
$result = dbquery("UPDATE ".$db_prefix."users SET user_new_pass=1 WHERE user_id='".$data['user_id']."'");
}
//end edit
//edit by slawekneo
if ($data['user_status'] == 0 && $data['user_password'] == $user_pass2) {
//add by slawekneo
$result = dbquery("UPDATE ".$db_prefix."users SET user_ip='".USER_IP."' WHERE user_id='".$data['user_id']."'");[/b]
$cookie_value = $data['user_id'].".".$user_pass;
$cookie_exp = isset($_POST['remember_me']) ? time() + 3600*24*30 : time() + 3600*3;
header("P3P: CP='NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM'");
setcookie("fusion_user", $cookie_value, $cookie_exp, "/", "", "0");
redirect(BASEDIR."setuser.php?user=".$data['user_name'], "script");
} elseif ($data['user_status'] == 1) {
redirect(BASEDIR."setuser.php?error=1", "script");
} elseif ($data['user_status'] == 2) {
redirect(BASEDIR."setuser.php?error=2", "script");
}
} else {
redirect(BASEDIR."setuser.php?error=3");
}
}
if (isset($_COOKIE['fusion_user'])) {
$cookie_vars = explode(".", $_COOKIE['fusion_user']);
$cookie_1 = isNum($cookie_vars['0']) ? $cookie_vars['0'] : "0";
$cookie_2 = (preg_match("/^[0-9a-z]{32}$/", $cookie_vars['1']) ? $cookie_vars['1'] : "");
[b]//edit by slawekneo
$result = dbquery("SELECT * FROM ".$db_prefix."users WHERE user_id='$cookie_1' AND user_password='".md5($cookie_2)."' AND user_ip='".USER_IP."'");[/b]
unset($cookie_vars,$cookie_1,$cookie_2);
if (dbrows($result) != 0) {
$userdata = dbarray($result);
if ($userdata['user_status'] == 0) {
if ($userdata['user_theme'] != "Default" && file_exists(THEMES.$userdata['user_theme']."/theme.php")) {
define("THEME", THEMES.$userdata['user_theme']."/");
} else {
define("THEME", THEMES.$settings['theme']."/");
}
if ($userdata['user_offset'] <> 0) {
$settings['timeoffset'] = $settings['timeoffset'] + $userdata['user_offset'];
}
if (empty($_COOKIE['fusion_lastvisit'])) {
setcookie("fusion_lastvisit", $userdata['user_lastvisit'], time() + 3600, "/", "", "0");
$lastvisited = $userdata['user_lastvisit'];
} else {
$lastvisited = $_COOKIE['fusion_lastvisit'];
}
} else {
header("P3P: CP='NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM'");
setcookie("fusion_user", "", time() - 7200, "/", "", "0");
setcookie("fusion_lastvisit", "", time() - 7200, "/", "", "0");
redirect(BASEDIR."index.php", "script");
}
} else {
header("P3P: CP='NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM'");
setcookie("fusion_user", "", time() - 7200, "/", "", "0");
setcookie("fusion_lastvisit", "", time() - 7200, "/", "", "0");
redirect(BASEDIR."index.php", "script");
}
} else {
define("THEME", THEMES.$settings['theme']."/");
$userdata = ""; $userdata['user_level'] = 0; $userdata['user_rights'] = ""; $userdata['user_groups'] = "";
} answered
What does it help a hack attempt or makes it work better?
answered
hmm.. collisions for md5 xD
In Polish lang. nie umiem tego przetlumaczyc na angielski wiec pisze po polsku moze ktos bedzie taki dobry i przetlumaczy o co mi chodzi...
Chodzi o to ze gdy ktos wyciagnie haslo superadmina poprzez luke moze je rorkodowac z podwujnego md5 na pojedyncze za pomoca kolizji md5 i moze zalogowac sie wypelniajac form logowania wpisujac nazwe admina i rozkodowane haslo w postaci pojedynczego md5; kod z pierwszego postu zabezpiecza przed tym.
In Polish lang. nie umiem tego przetlumaczyc na angielski wiec pisze po polsku moze ktos bedzie taki dobry i przetlumaczy o co mi chodzi...
Chodzi o to ze gdy ktos wyciagnie haslo superadmina poprzez luke moze je rorkodowac z podwujnego md5 na pojedyncze za pomoca kolizji md5 i moze zalogowac sie wypelniajac form logowania wpisujac nazwe admina i rozkodowane haslo w postaci pojedynczego md5; kod z pierwszego postu zabezpiecza przed tym.
Edited by slawekneo on 14-12-2007 02:53,
answered
Below I've translated what slawekneo wrote in Polish and asked to translate :)
"It is about the thing when someone draws out superadmin's password through the hole in security. After that he is able to decode it from double md5 into single one with the use of md5 collision. Next, he can log in through login form using superadmin's username and the decoded password in md5 single form. Code from the first post makes it secure from such attack."
"It is about the thing when someone draws out superadmin's password through the hole in security. After that he is able to decode it from double md5 into single one with the use of md5 collision. Next, he can log in through login form using superadmin's username and the decoded password in md5 single form. Code from the first post makes it secure from such attack."
Edited by myrcin on 14-12-2007 03:37,
answered
@myrcin - dziekowa stary ;)
Other proposal
Other proposal
Code Download source
if (isset($_POST['login'])) {
[b]//Edit by slawekneo
$user_pass = strlen($_POST['user_pass']) == 32 ? "" : md5($_POST['user_pass']);[/b]
$user_name = preg_replace(array("/\=/","/\#/","/\sOR\s/"), "", stripinput($_POST['user_name']));
$result = dbquery("SELECT * FROM ".$db_prefix."users WHERE user_name='$user_name' AND (user_password='".md5($user_pass)."' OR user_password='$user_pass')");
if (dbrows($result) != 0) {
$data = dbarray($result);
if ($data['user_password'] == $user_pass) {
$result = dbquery("UPDATE ".$db_prefix."users SET user_password='".md5($user_pass)."' WHERE user_id='".$data['user_id']."'");
}
$cookie_value = $data['user_id'].".".$user_pass;
if ($data['user_status'] == 0) {
[b]//Add by slawekneo
$result = dbquery("UPDATE ".$db_prefix."users SET user_ip='".USER_IP."' WHERE user_id='".$data['user_id']."'");[/b]
$cookie_exp = isset($_POST['remember_me']) ? time() + 3600*24*30 : time() + 3600*3;
header("P3P: CP='NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM'");
setcookie("fusion_user", $cookie_value, $cookie_exp, "/", "", "0");
redirect(BASEDIR."setuser.php?user=".$data['user_name'], "script");
} elseif ($data['user_status'] == 1) {
redirect(BASEDIR."setuser.php?error=1", "script");
} elseif ($data['user_status'] == 2) {
redirect(BASEDIR."setuser.php?error=2", "script");
}
} else {
redirect(BASEDIR."setuser.php?error=3");
}
}
if (isset($_COOKIE['fusion_user'])) {
$cookie_vars = explode(".", $_COOKIE['fusion_user']);
$cookie_1 = isNum($cookie_vars['0']) ? $cookie_vars['0'] : "0";
$cookie_2 = (preg_match("/^[0-9a-z]{32}$/", $cookie_vars['1']) ? $cookie_vars['1'] : "");
[b]//edit by slawekneo
$result = dbquery("SELECT * FROM ".$db_prefix."users WHERE user_id='$cookie_1' AND user_password='".md5($cookie_2)."' AND user_ip='".USER_IP."'");[/b]
unset($cookie_vars,$cookie_1,$cookie_2);
if (dbrows($result) != 0) {
$userdata = dbarray($result);
if ($userdata['user_status'] == 0) {
if ($userdata['user_theme'] != "Default" && file_exists(THEMES.$userdata['user_theme']."/theme.php")) {
define("THEME", THEMES.$userdata['user_theme']."/");
} else {
define("THEME", THEMES.$settings['theme']."/");
}
if ($userdata['user_offset'] <> 0) {
$settings['timeoffset'] = $settings['timeoffset'] + $userdata['user_offset'];
}
if (empty($_COOKIE['fusion_lastvisit'])) {
setcookie("fusion_lastvisit", $userdata['user_lastvisit'], time() + 3600, "/", "", "0");
$lastvisited = $userdata['user_lastvisit'];
} else {
$lastvisited = $_COOKIE['fusion_lastvisit'];
}
} else {
header("P3P: CP='NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM'");
setcookie("fusion_user", "", time() - 7200, "/", "", "0");
setcookie("fusion_lastvisit", "", time() - 7200, "/", "", "0");
redirect(BASEDIR."index.php", "script");
}
} else {
header("P3P: CP='NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM'");
setcookie("fusion_user", "", time() - 7200, "/", "", "0");
setcookie("fusion_lastvisit", "", time() - 7200, "/", "", "0");
redirect(BASEDIR."index.php", "script");
}
} else {
define("THEME", THEMES.$settings['theme']."/");
$userdata = ""; $userdata['user_level'] = 0; $userdata['user_rights'] = ""; $userdata['user_groups'] = "";
}Category Forum
Bugs and Errors - 6Labels
None yet
Statistics
- Views 0 views
- Posts 4 posts
- Votes 0 votes
- Topic users 3 members
0 participants
Notifications
Track thread
You are not receiving notifications from this thread.
Related Questions