lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Tue, 04 May 2004 18:47:50 +0200 From: Luca Falavigna <fala83@...ero.it> To: bugtraq@...urityfocus.com, full-disclosure@...ts.netsys.com Subject: PHPNuke admin.php protection code -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 I created this piece of code to enforce the security of admin section in PHPNuke web portals and I realized it works well: just put it in admin.php above require_once("mainfile.php"); and only logged in users who are in authors table can access the page, the others will be redirected to index.php. The code: $grant_access = FALSE; cookiedecode($user); $sql = $db->sql_query("SELECT aid FROM ".$prefix."_authors"); while($record = $db->sql_fetchrow($sql)) { ~ if($cookie[1]==$record[aid]) ~ $grant_access = TRUE; } if(!$grant_access) { ~ Header("Location: index.php"); ~ die(); } unset($cookie); unset($result); unset($sql); unset($grant_access); If this trick doesn't work properly, please contact me at fala83@...ero.it. Luca Falavigna -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iQEVAwUBQJfJL/TtdJayrm9xAQJCxAf+Nto0pa4qlzU8OXnY9EgnbnzFsQDLl9Pj EwFAayhy0szOfOGR3VMLn57UAPIuEJt0jflohcwu0TENH0Qdth3Oye7VmMeaBG6X cdt20+F93IAdnjrAMlP71su+vVT3Rg48AxGZ/oHg3nBTbJ+SeSL9KOHuwoDybIyN DXU/pTvDOivAq1lqlVVc80E3ze8McAHPmgre3jF+QQ35qDqxC0msbmpWEpJsLW70 9CVqZ+3G9QYOAu7LZc4EWWM1xrTvuHkV5B8bcZH9jHHF0TseluLdIo+Bh6AYdsJ/ KgdI50TgQTm1InzoDcFeH5y8O+bB2dfveKoRst3PivnaprTNNSWNAA== =Cnop -----END PGP SIGNATURE----- _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Powered by blists - more mailing lists