| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <4097C936.4030707@libero.it>
From: fala83 at libero.it (Luca Falavigna)
Subject: PHPNuke admin.php protection code
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
I created this piece of code to enforce the security of admin section in
PHPNuke web portals and I realized it works well: just put it in
admin.php above require_once("mainfile.php"); and only logged in users
who are in authors table can access the page, the others will be
redirected to index.php.
The code:
$grant_access = FALSE;
cookiedecode($user);
$sql = $db->sql_query("SELECT aid FROM ".$prefix."_authors");
while($record = $db->sql_fetchrow($sql)) {
~ if($cookie[1]==$record[aid])
~ $grant_access = TRUE;
}
if(!$grant_access) {
~ Header("Location: index.php");
~ die();
}
unset($cookie);
unset($result);
unset($sql);
unset($grant_access);
If this trick doesn't work properly, please contact me at fala83@...ero.it.
Luca Falavigna
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iQEVAwUBQJfJL/TtdJayrm9xAQJCxAf+Nto0pa4qlzU8OXnY9EgnbnzFsQDLl9Pj
EwFAayhy0szOfOGR3VMLn57UAPIuEJt0jflohcwu0TENH0Qdth3Oye7VmMeaBG6X
cdt20+F93IAdnjrAMlP71su+vVT3Rg48AxGZ/oHg3nBTbJ+SeSL9KOHuwoDybIyN
DXU/pTvDOivAq1lqlVVc80E3ze8McAHPmgre3jF+QQ35qDqxC0msbmpWEpJsLW70
9CVqZ+3G9QYOAu7LZc4EWWM1xrTvuHkV5B8bcZH9jHHF0TseluLdIo+Bh6AYdsJ/
KgdI50TgQTm1InzoDcFeH5y8O+bB2dfveKoRst3PivnaprTNNSWNAA==
=Cnop
-----END PGP SIGNATURE-----
Powered by blists - more mailing lists