Hello and welcome to our community! Is this your first visit?
Register
Enjoy an ad free experience by logging in. Not a member yet? Register.
Results 1 to 12 of 12
  1. #1
    Regular Coder
    Join Date
    Jan 2011
    Posts
    117
    Thanks
    27
    Thanked 0 Times in 0 Posts

    Post Problem with auth session.

    I am having some trouble with my session. I am trying to stop people from gaining access to cpanel.php from the web browser. I did it before and now it's giving me problems. I got it to where when you try and view cpanel.php it directs the user to denied.php and if they enter in there details wrong it will bring them to a failed.php page. But my problem is, i think my code is wrong, if i could get some help verifying what error is the problem and a solution i will be grateful! I am updating the milw0rm script, i found a source online and the files are well messed up, and i had to use a google translator to translate the turkish language. So i added some thing's to it but yeah. I have a problem with my session. Thanks in advanced!

    login-exec.php:

    PHP Code:
    <?php
        
    //Start session
        
    session_start();

        
    //Include database connection details
        
    require_once('config.php');
        
        
    //Array to store validation errors
        
    $errmsg_arr = array();
        
        
    //Validation error flag
        
    $errflag false;
        
        
        
    //Function to sanitize values received from the form. Prevents SQL injection
        
    function clean($str) {
            
    $str = @trim($str);
            if(
    get_magic_quotes_gpc()) {
                
    $str stripslashes($str);
            }
            return 
    mysql_real_escape_string($str);
        }
        
        
    //Sanitize the POST values
        
    $login clean($_POST['login']);
        
    $password clean($_POST['password']);
        
    $code = ($_POST['code']);
        
        
    //Input Validations
        
    if($login == '') {
            
    $errmsg_arr[] = 'Login ID missing';
            
    $errflag true;
        }
        if(
    $password == '') {
            
    $errmsg_arr[] = 'Password missing';
            
    $errflag true;
        }
        if(
    $code == '') {
            
    $errmsg_arr[] = 'Incorrect captcha Code';
            
    $errflag true;
        }
        
        
    //If there are input validations, redirect back to the login form
        
    if($errflag) {
            
    $_SESSION['ERRMSG_ARR'] = $errmsg_arr;
            
    session_write_close();
            
    header("location: index.php");
            exit();
        }
        
        
    //Create query
        
    $qry="SELECT * FROM members WHERE login='$login' AND passwd='".md5($_POST['password'])."'";
        
    $result=mysql_query($qry);
        
        
    //Check whether the query was successful or not
        
    if($result) {
            if(
    mysql_num_rows($result) == 1) {
                
    //Login Successful
                
    session_regenerate_id();
                
    $members mysql_fetch_assoc($result);
                
    $_SESSION['SESS_MEMBER_ID'] = $members['member_id'];
                
    session_write_close();
                
    header("location: cpanel.php");
                exit();
            }else {
                
    //Login failed
                
    header("location: failed.php");
                exit();
            }
        }else {
            die(
    "Query failed");
        }
    ?>
    Auth.php:

    PHP Code:
    <?php
        
    if(!isset($_SESSION['SESS_MEMBER_ID']) || (trim($_SESSION['SESS_MEMBER_ID']) == '')) {
            
    header("location: denied.php");
            exit();
        }
    ?>
    cpanel.php:

    PHP Code:
    <SCRIPT LANGUAGE='JAVASCRIPT' TYPE='TEXT/JAVASCRIPT'>
    var win=null;
    function NewWindow(mypage,myname,w,h,pos,infocus){
    if(pos=="random"){myleft=(screen.width)?Math.floor(Math.random()*(screen.width-w)):100;mytop=(screen.height)?Math.floor(Math.random()*((screen.height-h)-75)):100;}
    if(pos=="center"){myleft=(screen.width)?(screen.width-w)/2:100;mytop=(screen.height)?(screen.height-h)/2:100;}
    else if((pos!='center' && pos!="random") || pos==null){myleft=0;mytop=20}
    settings="width=" + w + ",height=" + h + ",top=" + mytop + ",left=" + myleft + ",scrollbars=no,location=no,directories=no,status=no,menubar=no,toolbar=no,resizable=no";win=window.open(mypage,myname,settings);
    win.focus();}
    // -->
    </script>
    <html>
    <head>
    <title>Milworm - Cpanel</title>
    <meta name="description" content="milw0rm exploits and 0day exploits database">
    <meta name="keywords" content="exploits code, exploit code, exploits, 0-day, 0day, 0days, exploit, zero day, poc, exploit, local exploits, remote exploits, root exploits, windows, linux, new exploits, latest exploits, shellcode, Zero-day, zeroday, security articles, ezines, zines, security papers">
    <link type="text/css" rel="stylesheet" href="../b0x.css">
    <link rel="alternate" type="text/xml" title="milw0rm - RSS Feed" href="http://milw0rm.com/rss.php">
    <link rel="Shortcut Icon" href="favicon.ico" type="image/x-icon">
    <style type="text/css">
    <!--
    .style17 {font-weight: bold}
    .style18 {
        color: #00C000;
        font-weight: bold;
    }
    .style19 {
        color: #008000;
        font-weight: bold;
    }
    .style21 {
        color: #000000;
        font-weight: bold;
    }
    -->
    </style>
    </head>

    <body dir="ltr" alink="#00ff00" background="dot.gif" bgcolor="#000000" link="#00c000" text="#008000" vlink="#00c000">

    <center>
      <table width="668" border="0" cellpadding="3" cellspacing="3" class="main">
      <tbody><tr><td><img src="banner.jpg" alt="milw0rm"></td></tr>
      <tr>
      <td> <?php
        
    require_once('auth.php');
    ?>
        <div align="left">
          <table width="98%"  border="0" cellspacing="0" cellpadding="0">
            <tr>
              <td width="350">&nbsp;</td>
              <td width="289">&nbsp;</td>
            </tr>
            <tr>
              <td><div align="center" class="submit"><strong>CONTROL CENTER </strong></div></td>
              <td><div align="center" class="submit"><strong>ADMIN REFERENCE </strong></div></td>
            </tr>
            <tr>
              <td height="469" valign="top"><div align="left">
                  <table width="349">
                    <tr>
                      <td><p align="center">&nbsp;</p></td>
                      <td>&nbsp;</td>
                      <td>&nbsp;</td>
                    <tr>
                      <td width="99" height="33"><div align="center"><a href="admin.php"><img src="admin_img/home.gif" alt="asdasdasd" width="31" height="31" border="0"></a></div></td>
                      <td width="121"><div align="center"><a href="javascript:NewWindow('haber','title','686','555','custom','front');"><img src="admin_img/duyuru.gif" width="31" height="31" border="0" /></a></div></td>
                      <td width="113"><div align="center"><a href="javascript:NewWindow('webapps','title','686','555','custom','front');"><img src="admin_img/scriptler.gif" width="31" height="31" border="0" /></a></div></td>
                    </tr>
                    <tr>
                      <td><p align="center"><strong>[</strong> <span class="style17"><a href="./cpanel.php">Home</a> ]</span></p></td>
                      <td><p align="center"><strong>[ <a href="javascript:NewWindow('haber','title','686','555','custom','front');">Videos</a> ]</strong></p></td>
                      <td><div align="center"><strong>[ <a href="javascript:NewWindow('webapps','title','686','555','custom','front');">exploit</a> ]</strong></div></td>
                    </tr>
                  </table>
                <table width="350">
                    <tr>
                      <td><p align="center">&nbsp;</p></td>
                      <td>&nbsp;</td>
                      <td>&nbsp;</td>
                    </tr>
                    <tr>
                      <td width="100" height="33"><div align="center"><a href="javascript:NewWindow('local','title','686','555','custom','front');"><img src="admin_img/cserial.gif" width="31" height="31" border="0" /></a></div></td>
                      <td width="121"><div align="center"><a href="video"><img src="admin_img/download.gif" width="31" height="31" border="0" /></a></div></td>
                      <td width="113"><div align="center"><a href="shellcode"><img src="admin_img/reklam.gif" border="0" /></a><a href="exploit_a.php"></a></div></td>
                    </tr>
                    <tr>
                      <td><p align="center"><strong>[<a href="javascript:NewWindow('local','title','686','555','custom','front');">local</a>]</strong></p></td>
                      <td><p align="center"><strong>[ <a href="video">video</a> ]</strong></p></td>
                      <td><div align="center"><strong>[ <a href="javascript:NewWindow('shellcode','title','686','555','custom','front');">shellcode</a> ]</strong></div></td>
                    </tr>
                  </table>
                <table width="349">
                    <tr>
                      <td><p align="center">&nbsp;</p></td>
                      <td>&nbsp;</td>
                      <td>&nbsp;</td>
                    <tr>
                      <td width="99" height="33"><div align="center"><a href="javascript:NewWindow('dokuman','title','686','555','custom','front');"><img src="admin_img/dokuman.gif" width="31" height="31" border="0" /></a></div></td>
                      <td width="121"><div align="center"><strong><a href="index_admin.php"></a></strong><a href="gelen"><img src="admin_img/mail.gif" width="31" height="31" border="0" /></a></div></td>
                      <td width="113"><div align="center"><a href="ban"><img src="admin_img/yasak.gif" width="31" height="31" border="0" /></a></div></td>
                    </tr>
                    <tr>
                      <td><div align="center"><strong>[ <a href="javascript:NewWindow('dokuman','title','686','555','custom','front');">dokuman</a></strong> <strong>]</strong></div></td>
                      <td><div align="center"><strong>[ <a href="gelen">gelenler</a> ]</strong></div></td>
                      <td><div align="center"><strong>[ <a href="ban">ipban</a> ]</strong></div></td>
                    </tr>
                  </table>
              </div>
                  <table width="349">
                    <tr>
                      <td><p align="center">&nbsp;</p></td>
                      <td>&nbsp;</td>
                      <td>&nbsp;</td>
                    <tr>
                      <td width="99" height="33"><div align="center"><a href="lamerler"><img src="admin_img/cikis.gif" width="31" height="31" border="0"></a></div></td>
                      <td width="121"><div align="center"><strong><a href="indexadmin" target="_blank"><img src="admin_img/setting.gif" width="31" height="31" border="0"></a></strong></div></td>
                      <td width="113"><div align="center"><a href="yonetim.php" target="_blank"><img src="admin_img/uyeler.gif" width="31" height="31" border="0"></a></div></td>
                    </tr>
                    <tr>
                      <td><div align="center"><span class="style18">[ <a href="lamerler">lamerler</a> ]</span></div></td>
                      <td><div align="center"><strong>[ <a href="indexadmin" target="_blank">indexadmin</a> ]</strong></div></td>
                      <td><div align="center"><span class="style19">[ <a href="yonetim.php" target="_blank">y&ouml;neticiler</a> ]</span></div></td>
                    </tr>
                  </table>
                  <table width="349">
                    <tr>
                      <td><p align="center">&nbsp;</p></td>
                      <td>&nbsp;</td>
                      <td>&nbsp;</td>
                    <tr>
                      <td width="99" height="33"><div align="center"><a href="yoneticiekle.php"><img src="admin_img/yorumlar.gif" width="31" height="31" border="0"></a></div></td>
                      <td width="121"><div align="center"><a href="cikis.php"><img src="admin_img/engelli.gif" width="31" height="31" border="0"></a></div></td>
                      <td width="113">&nbsp;</td>
                    </tr>
                    <tr>
                      <td><div align="center"><span class="style18">[ <a href="yoneticiekle.php">yonetici ekle  </a>]</span></div></td>
                      <td><div align="center"><span class="style18">[ <a href="cikis.php">&ccedil;ıkış </a>]</span></div></td>
                      <td>&nbsp;</td>
                    </tr>
                  </table>              
                  </td>
              <td valign="top"><p>&nbsp;</p>
                <p align="center" class="submit"><span lang="en">Admin</span></p>
                <p align="center"><span lang="en">home page of the panel.</span></p>
                <p align="center" class="submit"><span id="result_box" lang="en"><span title="[news] add a new edit news">News</span></span></p>
                <p align="center"><span lang="en"><span title="[news] add a new edit news">add a new edit news</span></span></p>
                <p align="center" class="submit"><span id="result_box" lang="en">Exploits </span></p>
                <p align="center"><span lang="en">add a new exploit, edit</span></p>
                <p align="center" class="submit"><span id="result_box" lang="en">Local </span></p>
                <p align="center"><span lang="en">Add a new local exploit, edit</span></p>
                <p align="center" class="submit"><span id="result_box" lang="en">video </span></p>
                <p align="center"><span lang="en">add a new video edit</span></p>
                <p align="center" class="submit"><span id="result_box" lang="en">Shell codes </span></p>
                <p align="center"><span lang="en">Add a new shell, edit the code</span></p>
                <p align="center" class="submit"><span id="result_box" lang="en">Documentation </span></p>
                <p align="center"><span lang="en">Add new, edit a document</span></p>
                <p align="center" class="submit"><span id="result_box" lang="en">New Comers </span></p>
                <p align="center"><span lang="en"> submitterlardan leaders confirm, edit</span></p>
                <p align="center" class="submit"><span id="result_box" lang="en">Ip Ban </span></p>
                <p align="center"><span lang="en">mahlukatları banlayın harmful to the system you do not want.</span></p>
                <p align="center" class="submit"><span id="result_box" lang="en">Lamer </span></p>
                <p align="center"><span lang="en"> trying to connect to the site admin tried k.adı Lamer, passwords and more. (funny:))</span></p>
                <p align="center" class="submit"><span id="result_box" lang="en">Index Admin</span></p>
                <p align="center"><span lang="en">See the site admin's perspective;)</span></p>
                <p align="center" class="submit">Managers </p>
                <p align="center"><span id="result_box" lang="en">who is the manager on the site information to friends.</span></p></td>
            </tr>
            <tr></tr>
            <tr></tr>
          </table>
        </div>
      </table>
    </center>

    </body>
    </html>
     

    </body>
    </html>

  • #2
    Master Coder
    Join Date
    Jun 2003
    Location
    Cottage Grove, Minnesota
    Posts
    9,472
    Thanks
    8
    Thanked 1,085 Times in 1,076 Posts
    What is the error you are getting?
    I guess I don't know what is NOT working correctly.


    .

  • #3
    Regular Coder
    Join Date
    Jan 2011
    Posts
    117
    Thanks
    27
    Thanked 0 Times in 0 Posts
    Im not a very advanced php coder. But when the user logs in to the cpanel it brings them to the denied page. It's something with the session, its not reading properly.

  • #4
    Super Moderator Inigoesdr's Avatar
    Join Date
    Mar 2007
    Location
    Florida, USA
    Posts
    3,642
    Thanks
    2
    Thanked 405 Times in 397 Posts
    You need to have session_start() above where you try to access $_SESSION somewhere.

  • #5
    Regular Coder
    Join Date
    Jan 2011
    Posts
    117
    Thanks
    27
    Thanked 0 Times in 0 Posts
    Quote Originally Posted by Inigoesdr View Post
    You need to have session_start() above where you try to access $_SESSION somewhere.
    my name is inigo montoya you killed my father prepare to die! Haha, where do i add it

  • #6
    New Coder
    Join Date
    Aug 2002
    Location
    Moscow, RU
    Posts
    23
    Thanks
    0
    Thanked 1 Time in 1 Post
    Just add session_start() to auth.php

    Code:
    <?php
        session_start()
        if(!isset($_SESSION['SESS_MEMBER_ID']) || (trim($_SESSION['SESS_MEMBER_ID']) == '')) {
            header("location: denied.php");
            exit();
        }
    ?>
    Everytime you use sessions or sessions variables you must initialize the sessions firstly. so there you go by session_start().
    Last edited by Inci; 09-16-2011 at 11:07 PM.

  • #7
    Regular Coder
    Join Date
    Jan 2011
    Posts
    117
    Thanks
    27
    Thanked 0 Times in 0 Posts
    Error:
    Code:
    ( ! ) Parse error: syntax error, unexpected T_IF in C:\wamp\www\milworm\admin\auth.php on line 3
    That is what happends when i added a session where you told me. Lol, i take it out it works :| I have a session in the login-exec.php

  • #8
    New Coder
    Join Date
    Aug 2002
    Location
    Moscow, RU
    Posts
    23
    Thanks
    0
    Thanked 1 Time in 1 Post
    whoopsss, sorry my bad, forgot ";"

    change session_start() to session_start();

  • #9
    Regular Coder
    Join Date
    Jan 2011
    Posts
    117
    Thanks
    27
    Thanked 0 Times in 0 Posts
    Still not working grrrr! When the user accesses cpanel.php like this

    http://71.62.39.150/milworm/admin/cpanel.php

    It will not allow them, but when they sign up and login it still brings them to denied.php. Ugh !

  • #10
    New Coder
    Join Date
    Aug 2002
    Location
    Moscow, RU
    Posts
    23
    Thanks
    0
    Thanked 1 Time in 1 Post
    hmmm, that's very strange. did ya tried to start from login-exec.php page or you trying from cpanel.php ? login-exec.php must be visited firstly to authorize user firstly.

  • #11
    Senior Coder
    Join Date
    Jul 2011
    Posts
    1,226
    Thanks
    3
    Thanked 171 Times in 171 Posts
    I'm pretty sure that session_start() shouldn't be in the auth.php page, it should in fact be at the VERY top of cpanel.php - above any HTML and above your script tag above the html tag.
    example:
    PHP Code:
    <?php session_start(); ?>
    <script type......

  • Users who have thanked BluePanther for this post:

    xxcorrosionxx (10-14-2011)

  • #12
    Regular Coder
    Join Date
    Jan 2011
    Posts
    117
    Thanks
    27
    Thanked 0 Times in 0 Posts
    lol i already figured this out. thanks though!


  •  

    Posting Permissions

    • You may not post new threads
    • You may not post replies
    • You may not post attachments
    • You may not edit your posts
    •