Problem with auth session.

[xxcorrosionxx]

I am having some trouble with my session. I am trying to stop people from gaining access to cpanel.php from the web browser. I did it before and now it's giving me problems. I got it to where when you try and view cpanel.php it directs the user to denied.php and if they enter in there details wrong it will bring them to a failed.php page. But my problem is, i think my code is wrong, if i could get some help verifying what error is the problem and a solution i will be grateful! I am updating the milw0rm script, i found a source online and the files are well messed up, and i had to use a google translator to translate the turkish language. So i added some thing's to it but yeah. I have a problem with my session. Thanks in advanced!

login-exec.php:

PHP Code:

<?php
    //Start session
    session_start();

    //Include database connection details
    require_once('config.php');
    
    //Array to store validation errors
    $errmsg_arr = array();
    
    //Validation error flag
    $errflag = false;
    
    
    //Function to sanitize values received from the form. Prevents SQL injection
    function clean($str) {
        $str = @trim($str);
        if(get_magic_quotes_gpc()) {
            $str = stripslashes($str);
        }
        return mysql_real_escape_string($str);
    }
    
    //Sanitize the POST values
    $login = clean($_POST['login']);
    $password = clean($_POST['password']);
    $code = ($_POST['code']);
    
    //Input Validations
    if($login == '') {
        $errmsg_arr[] = 'Login ID missing';
        $errflag = true;
    }
    if($password == '') {
        $errmsg_arr[] = 'Password missing';
        $errflag = true;
    }
    if($code == '') {
        $errmsg_arr[] = 'Incorrect captcha Code';
        $errflag = true;
    }
    
    //If there are input validations, redirect back to the login form
    if($errflag) {
        $_SESSION['ERRMSG_ARR'] = $errmsg_arr;
        session_write_close();
        header("location: index.php");
        exit();
    }
    
    //Create query
    $qry="SELECT * FROM members WHERE login='$login' AND passwd='".md5($_POST['password'])."'";
    $result=mysql_query($qry);
    
    //Check whether the query was successful or not
    if($result) {
        if(mysql_num_rows($result) == 1) {
            //Login Successful
            session_regenerate_id();
            $members = mysql_fetch_assoc($result);
            $_SESSION['SESS_MEMBER_ID'] = $members['member_id'];
            session_write_close();
            header("location: cpanel.php");
            exit();
        }else {
            //Login failed
            header("location: failed.php");
            exit();
        }
    }else {
        die("Query failed");
    }
?>

Auth.php:

PHP Code:

<?php
    if(!isset($_SESSION['SESS_MEMBER_ID']) || (trim($_SESSION['SESS_MEMBER_ID']) == '')) {
        header("location: denied.php");
        exit();
    }
?>

cpanel.php:

PHP Code:

<SCRIPT LANGUAGE='JAVASCRIPT' TYPE='TEXT/JAVASCRIPT'>
var win=null;
function NewWindow(mypage,myname,w,h,pos,infocus){
if(pos=="random"){myleft=(screen.width)?Math.floor(Math.random()*(screen.width-w)):100;mytop=(screen.height)?Math.floor(Math.random()*((screen.height-h)-75)):100;}
if(pos=="center"){myleft=(screen.width)?(screen.width-w)/2:100;mytop=(screen.height)?(screen.height-h)/2:100;}
else if((pos!='center' && pos!="random") || pos==null){myleft=0;mytop=20}
settings="width=" + w + ",height=" + h + ",top=" + mytop + ",left=" + myleft + ",scrollbars=no,location=no,directories=no,status=no,menubar=no,toolbar=no,resizable=no";win=window.open(mypage,myname,settings);
win.focus();}
// -->
</script>
<html>
<head>
<title>Milworm - Cpanel</title>
<meta name="description" content="milw0rm exploits and 0day exploits database">
<meta name="keywords" content="exploits code, exploit code, exploits, 0-day, 0day, 0days, exploit, zero day, poc, exploit, local exploits, remote exploits, root exploits, windows, linux, new exploits, latest exploits, shellcode, Zero-day, zeroday, security articles, ezines, zines, security papers">
<link type="text/css" rel="stylesheet" href="../b0x.css">
<link rel="alternate" type="text/xml" title="milw0rm - RSS Feed" href="http://milw0rm.com/rss.php">
<link rel="Shortcut Icon" href="favicon.ico" type="image/x-icon">
<style type="text/css">
<!--
.style17 {font-weight: bold}
.style18 {
    color: #00C000;
    font-weight: bold;
}
.style19 {
    color: #008000;
    font-weight: bold;
}
.style21 {
    color: #000000;
    font-weight: bold;
}
-->
</style>
</head>

<body dir="ltr" alink="#00ff00" background="dot.gif" bgcolor="#000000" link="#00c000" text="#008000" vlink="#00c000">

<center>
  <table width="668" border="0" cellpadding="3" cellspacing="3" class="main">
  <tbody><tr><td><img src="banner.jpg" alt="milw0rm"></td></tr>
  <tr>
  <td> <?php
    require_once('auth.php');
?>
    <div align="left">
      <table width="98%"  border="0" cellspacing="0" cellpadding="0">
        <tr>
          <td width="350">&nbsp;</td>
          <td width="289">&nbsp;</td>
        </tr>
        <tr>
          <td><div align="center" class="submit"><strong>CONTROL CENTER </strong></div></td>
          <td><div align="center" class="submit"><strong>ADMIN REFERENCE </strong></div></td>
        </tr>
        <tr>
          <td height="469" valign="top"><div align="left">
              <table width="349">
                <tr>
                  <td><p align="center">&nbsp;</p></td>
                  <td>&nbsp;</td>
                  <td>&nbsp;</td>
                <tr>
                  <td width="99" height="33"><div align="center"><a href="admin.php"><img src="admin_img/home.gif" alt="asdasdasd" width="31" height="31" border="0"></a></div></td>
                  <td width="121"><div align="center"><a href="javascript:NewWindow('haber','title','686','555','custom','front');"><img src="admin_img/duyuru.gif" width="31" height="31" border="0" /></a></div></td>
                  <td width="113"><div align="center"><a href="javascript:NewWindow('webapps','title','686','555','custom','front');"><img src="admin_img/scriptler.gif" width="31" height="31" border="0" /></a></div></td>
                </tr>
                <tr>
                  <td><p align="center"><strong>[</strong> <span class="style17"><a href="./cpanel.php">Home</a> ]</span></p></td>
                  <td><p align="center"><strong>[ <a href="javascript:NewWindow('haber','title','686','555','custom','front');">Videos</a> ]</strong></p></td>
                  <td><div align="center"><strong>[ <a href="javascript:NewWindow('webapps','title','686','555','custom','front');">exploit</a> ]</strong></div></td>
                </tr>
              </table>
            <table width="350">
                <tr>
                  <td><p align="center">&nbsp;</p></td>
                  <td>&nbsp;</td>
                  <td>&nbsp;</td>
                </tr>
                <tr>
                  <td width="100" height="33"><div align="center"><a href="javascript:NewWindow('local','title','686','555','custom','front');"><img src="admin_img/cserial.gif" width="31" height="31" border="0" /></a></div></td>
                  <td width="121"><div align="center"><a href="video"><img src="admin_img/download.gif" width="31" height="31" border="0" /></a></div></td>
                  <td width="113"><div align="center"><a href="shellcode"><img src="admin_img/reklam.gif" border="0" /></a><a href="exploit_a.php"></a></div></td>
                </tr>
                <tr>
                  <td><p align="center"><strong>[<a href="javascript:NewWindow('local','title','686','555','custom','front');">local</a>]</strong></p></td>
                  <td><p align="center"><strong>[ <a href="video">video</a> ]</strong></p></td>
                  <td><div align="center"><strong>[ <a href="javascript:NewWindow('shellcode','title','686','555','custom','front');">shellcode</a> ]</strong></div></td>
                </tr>
              </table>
            <table width="349">
                <tr>
                  <td><p align="center">&nbsp;</p></td>
                  <td>&nbsp;</td>
                  <td>&nbsp;</td>
                <tr>
                  <td width="99" height="33"><div align="center"><a href="javascript:NewWindow('dokuman','title','686','555','custom','front');"><img src="admin_img/dokuman.gif" width="31" height="31" border="0" /></a></div></td>
                  <td width="121"><div align="center"><strong><a href="index_admin.php"></a></strong><a href="gelen"><img src="admin_img/mail.gif" width="31" height="31" border="0" /></a></div></td>
                  <td width="113"><div align="center"><a href="ban"><img src="admin_img/yasak.gif" width="31" height="31" border="0" /></a></div></td>
                </tr>
                <tr>
                  <td><div align="center"><strong>[ <a href="javascript:NewWindow('dokuman','title','686','555','custom','front');">dokuman</a></strong> <strong>]</strong></div></td>
                  <td><div align="center"><strong>[ <a href="gelen">gelenler</a> ]</strong></div></td>
                  <td><div align="center"><strong>[ <a href="ban">ipban</a> ]</strong></div></td>
                </tr>
              </table>
          </div>
              <table width="349">
                <tr>
                  <td><p align="center">&nbsp;</p></td>
                  <td>&nbsp;</td>
                  <td>&nbsp;</td>
                <tr>
                  <td width="99" height="33"><div align="center"><a href="lamerler"><img src="admin_img/cikis.gif" width="31" height="31" border="0"></a></div></td>
                  <td width="121"><div align="center"><strong><a href="indexadmin" target="_blank"><img src="admin_img/setting.gif" width="31" height="31" border="0"></a></strong></div></td>
                  <td width="113"><div align="center"><a href="yonetim.php" target="_blank"><img src="admin_img/uyeler.gif" width="31" height="31" border="0"></a></div></td>
                </tr>
                <tr>
                  <td><div align="center"><span class="style18">[ <a href="lamerler">lamerler</a> ]</span></div></td>
                  <td><div align="center"><strong>[ <a href="indexadmin" target="_blank">indexadmin</a> ]</strong></div></td>
                  <td><div align="center"><span class="style19">[ <a href="yonetim.php" target="_blank">y&ouml;neticiler</a> ]</span></div></td>
                </tr>
              </table>
              <table width="349">
                <tr>
                  <td><p align="center">&nbsp;</p></td>
                  <td>&nbsp;</td>
                  <td>&nbsp;</td>
                <tr>
                  <td width="99" height="33"><div align="center"><a href="yoneticiekle.php"><img src="admin_img/yorumlar.gif" width="31" height="31" border="0"></a></div></td>
                  <td width="121"><div align="center"><a href="cikis.php"><img src="admin_img/engelli.gif" width="31" height="31" border="0"></a></div></td>
                  <td width="113">&nbsp;</td>
                </tr>
                <tr>
                  <td><div align="center"><span class="style18">[ <a href="yoneticiekle.php">yonetici ekle  </a>]</span></div></td>
                  <td><div align="center"><span class="style18">[ <a href="cikis.php">&ccedil;ıkış </a>]</span></div></td>
                  <td>&nbsp;</td>
                </tr>
              </table>              
              </td>
          <td valign="top"><p>&nbsp;</p>
            <p align="center" class="submit"><span lang="en">Admin</span></p>
            <p align="center"><span lang="en">home page of the panel.</span></p>
            <p align="center" class="submit"><span id="result_box" lang="en"><span title="[news] add a new edit news">News</span></span></p>
            <p align="center"><span lang="en"><span title="[news] add a new edit news">add a new edit news</span></span></p>
            <p align="center" class="submit"><span id="result_box" lang="en">Exploits </span></p>
            <p align="center"><span lang="en">add a new exploit, edit</span></p>
            <p align="center" class="submit"><span id="result_box" lang="en">Local </span></p>
            <p align="center"><span lang="en">Add a new local exploit, edit</span></p>
            <p align="center" class="submit"><span id="result_box" lang="en">video </span></p>
            <p align="center"><span lang="en">add a new video edit</span></p>
            <p align="center" class="submit"><span id="result_box" lang="en">Shell codes </span></p>
            <p align="center"><span lang="en">Add a new shell, edit the code</span></p>
            <p align="center" class="submit"><span id="result_box" lang="en">Documentation </span></p>
            <p align="center"><span lang="en">Add new, edit a document</span></p>
            <p align="center" class="submit"><span id="result_box" lang="en">New Comers </span></p>
            <p align="center"><span lang="en"> submitterlardan leaders confirm, edit</span></p>
            <p align="center" class="submit"><span id="result_box" lang="en">Ip Ban </span></p>
            <p align="center"><span lang="en">mahlukatları banlayın harmful to the system you do not want.</span></p>
            <p align="center" class="submit"><span id="result_box" lang="en">Lamer </span></p>
            <p align="center"><span lang="en"> trying to connect to the site admin tried k.adı Lamer, passwords and more. (funny:))</span></p>
            <p align="center" class="submit"><span id="result_box" lang="en">Index Admin</span></p>
            <p align="center"><span lang="en">See the site admin's perspective;)</span></p>
            <p align="center" class="submit">Managers </p>
            <p align="center"><span id="result_box" lang="en">who is the manager on the site information to friends.</span></p></td>
        </tr>
        <tr></tr>
        <tr></tr>
      </table>
    </div>
  </table>
</center>

</body>
</html>
 

</body>
</html>

[mlseim]

What is the error you are getting?
I guess I don't know what is NOT working correctly.


.

[xxcorrosionxx]

Im not a very advanced php coder. But when the user logs in to the cpanel it brings them to the denied page. It's something with the session, its not reading properly.

[Inigoesdr]

You need to have session_start() above where you try to access $_SESSION somewhere.

[xxcorrosionxx]

Quote:

Originally Posted by Inigoesdr

You need to have session_start() above where you try to access $_SESSION somewhere.

my name is inigo montoya you killed my father prepare to die! Haha, where do i add it

[Inci]

Just add session_start() to auth.php

Code:

<?php
    session_start()
    if(!isset($_SESSION['SESS_MEMBER_ID']) || (trim($_SESSION['SESS_MEMBER_ID']) == '')) {
        header("location: denied.php");
        exit();
    }
?>

Everytime you use sessions or sessions variables you must initialize the sessions firstly. so there you go by session_start().

[xxcorrosionxx]

Error:

Code:

( ! ) Parse error: syntax error, unexpected T_IF in C:\wamp\www\milworm\admin\auth.php on line 3

That is what happends when i added a session where you told me. Lol, i take it out it works :| I have a session in the login-exec.php

[Inci]

whoopsss, sorry my bad, forgot ";"

change session_start() to session_start();

[xxcorrosionxx]

Still not working grrrr! When the user accesses cpanel.php like this

http://71.62.39.150/milworm/admin/cpanel.php

It will not allow them, but when they sign up and login it still brings them to denied.php. Ugh !

[Inci]

hmmm, that's very strange. did ya tried to start from login-exec.php page or you trying from cpanel.php ? login-exec.php must be visited firstly to authorize user firstly.

[BluePanther]

I'm pretty sure that session_start() shouldn't be in the auth.php page, it should in fact be at the VERY top of cpanel.php - above any HTML and above your script tag above the html tag.
example:

PHP Code:

<?php session_start(); ?>
<script type......

[xxcorrosionxx]

lol i already figured this out. thanks though!