...

View Full Version : Problem with auth session.



xxcorrosionxx
09-16-2011, 03:18 PM
I am having some trouble with my session. I am trying to stop people from gaining access to cpanel.php from the web browser. I did it before and now it's giving me problems. I got it to where when you try and view cpanel.php it directs the user to denied.php and if they enter in there details wrong it will bring them to a failed.php page. But my problem is, i think my code is wrong, if i could get some help verifying what error is the problem and a solution i will be grateful! I am updating the milw0rm script, i found a source online and the files are well messed up, and i had to use a google translator to translate the turkish language. So i added some thing's to it but yeah. I have a problem with my session. Thanks in advanced!

login-exec.php:


<?php
//Start session
session_start();

//Include database connection details
require_once('config.php');

//Array to store validation errors
$errmsg_arr = array();

//Validation error flag
$errflag = false;


//Function to sanitize values received from the form. Prevents SQL injection
function clean($str) {
$str = @trim($str);
if(get_magic_quotes_gpc()) {
$str = stripslashes($str);
}
return mysql_real_escape_string($str);
}

//Sanitize the POST values
$login = clean($_POST['login']);
$password = clean($_POST['password']);
$code = ($_POST['code']);

//Input Validations
if($login == '') {
$errmsg_arr[] = 'Login ID missing';
$errflag = true;
}
if($password == '') {
$errmsg_arr[] = 'Password missing';
$errflag = true;
}
if($code == '') {
$errmsg_arr[] = 'Incorrect captcha Code';
$errflag = true;
}

//If there are input validations, redirect back to the login form
if($errflag) {
$_SESSION['ERRMSG_ARR'] = $errmsg_arr;
session_write_close();
header("location: index.php");
exit();
}

//Create query
$qry="SELECT * FROM members WHERE login='$login' AND passwd='".md5($_POST['password'])."'";
$result=mysql_query($qry);

//Check whether the query was successful or not
if($result) {
if(mysql_num_rows($result) == 1) {
//Login Successful
session_regenerate_id();
$members = mysql_fetch_assoc($result);
$_SESSION['SESS_MEMBER_ID'] = $members['member_id'];
session_write_close();
header("location: cpanel.php");
exit();
}else {
//Login failed
header("location: failed.php");
exit();
}
}else {
die("Query failed");
}
?>

Auth.php:


<?php
if(!isset($_SESSION['SESS_MEMBER_ID']) || (trim($_SESSION['SESS_MEMBER_ID']) == '')) {
header("location: denied.php");
exit();
}
?>


cpanel.php:



<SCRIPT LANGUAGE='JAVASCRIPT' TYPE='TEXT/JAVASCRIPT'>
var win=null;
function NewWindow(mypage,myname,w,h,pos,infocus){
if(pos=="random"){myleft=(screen.width)?Math.floor(Math.random()*(screen.width-w)):100;mytop=(screen.height)?Math.floor(Math.random()*((screen.height-h)-75)):100;}
if(pos=="center"){myleft=(screen.width)?(screen.width-w)/2:100;mytop=(screen.height)?(screen.height-h)/2:100;}
else if((pos!='center' && pos!="random") || pos==null){myleft=0;mytop=20}
settings="width=" + w + ",height=" + h + ",top=" + mytop + ",left=" + myleft + ",scrollbars=no,location=no,directories=no,status=no,menubar=no,toolbar=no,resizable=no";win=window.open(mypage,myname,settings);
win.focus();}
// -->
</script>
<html>
<head>
<title>Milworm - Cpanel</title>
<meta name="description" content="milw0rm exploits and 0day exploits database">
<meta name="keywords" content="exploits code, exploit code, exploits, 0-day, 0day, 0days, exploit, zero day, poc, exploit, local exploits, remote exploits, root exploits, windows, linux, new exploits, latest exploits, shellcode, Zero-day, zeroday, security articles, ezines, zines, security papers">
<link type="text/css" rel="stylesheet" href="../b0x.css">
<link rel="alternate" type="text/xml" title="milw0rm - RSS Feed" href="http://milw0rm.com/rss.php">
<link rel="Shortcut Icon" href="favicon.ico" type="image/x-icon">
<style type="text/css">
<!--
.style17 {font-weight: bold}
.style18 {
color: #00C000;
font-weight: bold;
}
.style19 {
color: #008000;
font-weight: bold;
}
.style21 {
color: #000000;
font-weight: bold;
}
-->
</style>
</head>

<body dir="ltr" alink="#00ff00" background="dot.gif" bgcolor="#000000" link="#00c000" text="#008000" vlink="#00c000">

<center>
<table width="668" border="0" cellpadding="3" cellspacing="3" class="main">
<tbody><tr><td><img src="banner.jpg" alt="milw0rm"></td></tr>
<tr>
<td> <?php
require_once('auth.php');
?>
<div align="left">
<table width="98%" border="0" cellspacing="0" cellpadding="0">
<tr>
<td width="350">&nbsp;</td>
<td width="289">&nbsp;</td>
</tr>
<tr>
<td><div align="center" class="submit"><strong>CONTROL CENTER </strong></div></td>
<td><div align="center" class="submit"><strong>ADMIN REFERENCE </strong></div></td>
</tr>
<tr>
<td height="469" valign="top"><div align="left">
<table width="349">
<tr>
<td><p align="center">&nbsp;</p></td>
<td>&nbsp;</td>
<td>&nbsp;</td>
<tr>
<td width="99" height="33"><div align="center"><a href="admin.php"><img src="admin_img/home.gif" alt="asdasdasd" width="31" height="31" border="0"></a></div></td>
<td width="121"><div align="center"><a href="javascript:NewWindow('haber','title','686','555','custom','front');"><img src="admin_img/duyuru.gif" width="31" height="31" border="0" /></a></div></td>
<td width="113"><div align="center"><a href="javascript:NewWindow('webapps','title','686','555','custom','front');"><img src="admin_img/scriptler.gif" width="31" height="31" border="0" /></a></div></td>
</tr>
<tr>
<td><p align="center"><strong>[</strong> <span class="style17"><a href="./cpanel.php">Home</a> ]</span></p></td>
<td><p align="center"><strong>[ <a href="javascript:NewWindow('haber','title','686','555','custom','front');">Videos</a> ]</strong></p></td>
<td><div align="center"><strong>[ <a href="javascript:NewWindow('webapps','title','686','555','custom','front');">exploit</a> ]</strong></div></td>
</tr>
</table>
<table width="350">
<tr>
<td><p align="center">&nbsp;</p></td>
<td>&nbsp;</td>
<td>&nbsp;</td>
</tr>
<tr>
<td width="100" height="33"><div align="center"><a href="javascript:NewWindow('local','title','686','555','custom','front');"><img src="admin_img/cserial.gif" width="31" height="31" border="0" /></a></div></td>
<td width="121"><div align="center"><a href="video"><img src="admin_img/download.gif" width="31" height="31" border="0" /></a></div></td>
<td width="113"><div align="center"><a href="shellcode"><img src="admin_img/reklam.gif" border="0" /></a><a href="exploit_a.php"></a></div></td>
</tr>
<tr>
<td><p align="center"><strong>[<a href="javascript:NewWindow('local','title','686','555','custom','front');">local</a>]</strong></p></td>
<td><p align="center"><strong>[ <a href="video">video</a> ]</strong></p></td>
<td><div align="center"><strong>[ <a href="javascript:NewWindow('shellcode','title','686','555','custom','front');">shellcode</a> ]</strong></div></td>
</tr>
</table>
<table width="349">
<tr>
<td><p align="center">&nbsp;</p></td>
<td>&nbsp;</td>
<td>&nbsp;</td>
<tr>
<td width="99" height="33"><div align="center"><a href="javascript:NewWindow('dokuman','title','686','555','custom','front');"><img src="admin_img/dokuman.gif" width="31" height="31" border="0" /></a></div></td>
<td width="121"><div align="center"><strong><a href="index_admin.php"></a></strong><a href="gelen"><img src="admin_img/mail.gif" width="31" height="31" border="0" /></a></div></td>
<td width="113"><div align="center"><a href="ban"><img src="admin_img/yasak.gif" width="31" height="31" border="0" /></a></div></td>
</tr>
<tr>
<td><div align="center"><strong>[ <a href="javascript:NewWindow('dokuman','title','686','555','custom','front');">dokuman</a></strong> <strong>]</strong></div></td>
<td><div align="center"><strong>[ <a href="gelen">gelenler</a> ]</strong></div></td>
<td><div align="center"><strong>[ <a href="ban">ipban</a> ]</strong></div></td>
</tr>
</table>
</div>
<table width="349">
<tr>
<td><p align="center">&nbsp;</p></td>
<td>&nbsp;</td>
<td>&nbsp;</td>
<tr>
<td width="99" height="33"><div align="center"><a href="lamerler"><img src="admin_img/cikis.gif" width="31" height="31" border="0"></a></div></td>
<td width="121"><div align="center"><strong><a href="indexadmin" target="_blank"><img src="admin_img/setting.gif" width="31" height="31" border="0"></a></strong></div></td>
<td width="113"><div align="center"><a href="yonetim.php" target="_blank"><img src="admin_img/uyeler.gif" width="31" height="31" border="0"></a></div></td>
</tr>
<tr>
<td><div align="center"><span class="style18">[ <a href="lamerler">lamerler</a> ]</span></div></td>
<td><div align="center"><strong>[ <a href="indexadmin" target="_blank">indexadmin</a> ]</strong></div></td>
<td><div align="center"><span class="style19">[ <a href="yonetim.php" target="_blank">y&ouml;neticiler</a> ]</span></div></td>
</tr>
</table>
<table width="349">
<tr>
<td><p align="center">&nbsp;</p></td>
<td>&nbsp;</td>
<td>&nbsp;</td>
<tr>
<td width="99" height="33"><div align="center"><a href="yoneticiekle.php"><img src="admin_img/yorumlar.gif" width="31" height="31" border="0"></a></div></td>
<td width="121"><div align="center"><a href="cikis.php"><img src="admin_img/engelli.gif" width="31" height="31" border="0"></a></div></td>
<td width="113">&nbsp;</td>
</tr>
<tr>
<td><div align="center"><span class="style18">[ <a href="yoneticiekle.php">yonetici ekle </a>]</span></div></td>
<td><div align="center"><span class="style18">[ <a href="cikis.php">&ccedil;ıkış </a>]</span></div></td>
<td>&nbsp;</td>
</tr>
</table>
</td>
<td valign="top"><p>&nbsp;</p>
<p align="center" class="submit"><span lang="en">Admin</span></p>
<p align="center"><span lang="en">home page of the panel.</span></p>
<p align="center" class="submit"><span id="result_box" lang="en"><span title="[news] add a new edit news">News</span></span></p>
<p align="center"><span lang="en"><span title="[news] add a new edit news">add a new edit news</span></span></p>
<p align="center" class="submit"><span id="result_box" lang="en">Exploits </span></p>
<p align="center"><span lang="en">add a new exploit, edit</span></p>
<p align="center" class="submit"><span id="result_box" lang="en">Local </span></p>
<p align="center"><span lang="en">Add a new local exploit, edit</span></p>
<p align="center" class="submit"><span id="result_box" lang="en">video </span></p>
<p align="center"><span lang="en">add a new video edit</span></p>
<p align="center" class="submit"><span id="result_box" lang="en">Shell codes </span></p>
<p align="center"><span lang="en">Add a new shell, edit the code</span></p>
<p align="center" class="submit"><span id="result_box" lang="en">Documentation </span></p>
<p align="center"><span lang="en">Add new, edit a document</span></p>
<p align="center" class="submit"><span id="result_box" lang="en">New Comers </span></p>
<p align="center"><span lang="en"> submitterlardan leaders confirm, edit</span></p>
<p align="center" class="submit"><span id="result_box" lang="en">Ip Ban </span></p>
<p align="center"><span lang="en">mahlukatları banlayın harmful to the system you do not want.</span></p>
<p align="center" class="submit"><span id="result_box" lang="en">Lamer </span></p>
<p align="center"><span lang="en"> trying to connect to the site admin tried k.adı Lamer, passwords and more. (funny:))</span></p>
<p align="center" class="submit"><span id="result_box" lang="en">Index Admin</span></p>
<p align="center"><span lang="en">See the site admin's perspective;)</span></p>
<p align="center" class="submit">Managers </p>
<p align="center"><span id="result_box" lang="en">who is the manager on the site information to friends.</span></p></td>
</tr>
<tr></tr>
<tr></tr>
</table>
</div>
</table>
</center>

</body>
</html>


</body>
</html>

mlseim
09-16-2011, 03:57 PM
What is the error you are getting?
I guess I don't know what is NOT working correctly.


.

xxcorrosionxx
09-16-2011, 10:21 PM
Im not a very advanced php coder. But when the user logs in to the cpanel it brings them to the denied page. It's something with the session, its not reading properly.

Inigoesdr
09-16-2011, 10:28 PM
You need to have session_start() (http://php.net/session_start) above where you try to access $_SESSION somewhere.

xxcorrosionxx
09-16-2011, 10:39 PM
You need to have session_start() (http://php.net/session_start) above where you try to access $_SESSION somewhere.

my name is inigo montoya you killed my father prepare to die! Haha, where do i add it :(

Inci
09-16-2011, 11:04 PM
Just add session_start() to auth.php



<?php
session_start()
if(!isset($_SESSION['SESS_MEMBER_ID']) || (trim($_SESSION['SESS_MEMBER_ID']) == '')) {
header("location: denied.php");
exit();
}
?>


Everytime you use sessions or sessions variables you must initialize the sessions firstly. so there you go by session_start().

xxcorrosionxx
09-17-2011, 12:06 AM
Error:

( ! ) Parse error: syntax error, unexpected T_IF in C:\wamp\www\milworm\admin\auth.php on line 3

That is what happends when i added a session where you told me. Lol, i take it out it works :| I have a session in the login-exec.php

Inci
09-17-2011, 12:22 AM
whoopsss, sorry my bad, forgot ";"

change session_start() to session_start();

xxcorrosionxx
09-17-2011, 12:31 AM
Still not working grrrr! When the user accesses cpanel.php like this

http://71.62.39.150/milworm/admin/cpanel.php

It will not allow them, but when they sign up and login it still brings them to denied.php. Ugh !

Inci
09-17-2011, 12:48 AM
hmmm, that's very strange. did ya tried to start from login-exec.php page or you trying from cpanel.php ? login-exec.php must be visited firstly to authorize user firstly.

BluePanther
09-18-2011, 11:12 AM
I'm pretty sure that session_start() shouldn't be in the auth.php page, it should in fact be at the VERY top of cpanel.php - above any HTML and above your script tag above the html tag.
example:


<?php session_start(); ?>
<script type......

xxcorrosionxx
10-14-2011, 04:53 AM
lol i already figured this out. thanks though!



EZ Archive Ads Plugin for vBulletin Copyright 2006 Computer Help Forum