vb.org Archive
Page 2 of 3 1 2 3
Show 40 post(s) from this thread on one page

vb.org Archive (https://vborg.vbsupport.ru/index.php)
-   vBulletin 4.x Add-ons (https://vborg.vbsupport.ru/forumdisplay.php?f=245)
-   -   End-User Options - Second Level Login by liamwli (https://vborg.vbsupport.ru/showthread.php?t=289412)

liamwli 10-21-2012 05:00 PM
Quote:
Originally Posted by Nirjonadda (Post 2374836)
Yes ! I think when login with 1st password we get Second Level Login page but cannot 1st login with main password !
Right, when you login with the main system on the homepage, where does it take you?

Please could you screenshot. It should take you a plain page with only a text box and some text, asking you to enter the second code sent to your email address.

Nirjonadda 10-21-2012 05:04 PM
when i login with the main system on the homepage get error page,
vBulletin Message
You have entered an invalid username or password.

liamwli 10-21-2012 05:11 PM
Quote:
Originally Posted by Nirjonadda (Post 2374839)
when i login with the main system on the homepage get error page,
vBulletin Message
You have entered an invalid username or password.
Just like you would with an invalid username or password really?

Please could you delete all your cookies first (could be a browser issue, I got this only once).

After that, reinstall the mod.

Nirjonadda 10-21-2012 05:22 PM
Does not fixed this issue , uninstalled this mod , reason it make high server load with use many more RAM memory !

liamwli 10-21-2012 05:24 PM
Quote:
Originally Posted by Nirjonadda (Post 2374844)
Does not fixed this issue , uninstalled this mod , reason it make high server load with use many more RAM memory !
These types of mods do generally cause a small increase in server load.

I will attempt to fix all issues and optimize code in a future version

MegaManSec 10-22-2012 02:46 AM
it has an sql injection in it. (probably more than just one)

Code:
        $vbulletin->input->clean_array_gpc('p', array(
                'vb_login_username'        => TYPE_STR,
                'vb_login_password'        => TYPE_STR,
                'vb_login_md5password'    => TYPE_STR,
                'vb_login_md5password_utf' => TYPE_STR,
                'postvars'                => TYPE_BINARY,
                'cookieuser'              => TYPE_BOOL,
                'logintype'                => TYPE_STR,
                'cssprefs'                => TYPE_STR,
                'inlineverify'            => TYPE_BOOL,
                'redirect'                => TYPE_NOHTML));

        //get userinfo
        $userinfo = $vbulletin->db->query_first("SELECT * FROM " . TABLE_PREFIX . "user WHERE username='" . $vbulletin->GPC['vb_login_username'] . "'");

liamwli 10-22-2012 10:55 AM
Quote:
Originally Posted by MegaManSec (Post 2374943)
it has an sql injection in it. (probably more than just one)

Code:
        $vbulletin->input->clean_array_gpc('p', array(
                'vb_login_username'        => TYPE_STR,
                'vb_login_password'        => TYPE_STR,
                'vb_login_md5password'    => TYPE_STR,
                'vb_login_md5password_utf' => TYPE_STR,
                'postvars'                => TYPE_BINARY,
                'cookieuser'              => TYPE_BOOL,
                'logintype'                => TYPE_STR,
                'cssprefs'                => TYPE_STR,
                'inlineverify'            => TYPE_BOOL,
                'redirect'                => TYPE_NOHTML));

        //get userinfo
        $userinfo = $vbulletin->db->query_first("SELECT * FROM " . TABLE_PREFIX . "user WHERE username='" . $vbulletin->GPC['vb_login_username'] . "'");
No, it doesn't. That code is only run if the username and password are correct.

Check the if statement at the top.

For this to work, someone would have to have a username that contained the SQLi.

MegaManSec 10-23-2012 12:39 AM
Quote:
Originally Posted by liamwli (Post 2375020)
No, it doesn't. That code is only run if the username and password are correct.

Check the if statement at the top.

For this to work, someone would have to have a username that contained the SQLi.
????

go directly to liam_sll.php
if (($_POST['do'] == 'login') && ($vbulletin->options['liam_dualauth_onoff']))

set post 'do' to login

BirdOPrey5 10-24-2012 04:54 PM
Mod restored from Quarantine.

Skyrider 10-26-2012 04:48 PM
Awesome mod, but for now I've disabled it. For some odd reasons after too many code submissions and testing the plugin, I was unable to log in on my own account saying I've entered an incorrect username/password. by disabling the mod, everything ran fine again and I was able to login normally.


All times are GMT. The time now is 01:43 PM.
Page 2 of 3 1 2 3
Show 40 post(s) from this thread on one page

Powered by vBulletin® Version 3.8.12 by vBS
Copyright ©2000 - 2025, vBulletin Solutions Inc.

X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.01019 seconds
  • Memory Usage 1,744KB
  • Queries Executed 10 (?)
More Information
Template Usage:
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (2)bbcode_code_printable
  • (5)bbcode_quote_printable
  • (1)footer
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (6)option
  • (1)pagenav
  • (1)pagenav_curpage
  • (2)pagenav_pagelink
  • (1)post_thanks_navbar_search
  • (1)printthread
  • (10)printthreadbit
  • (1)spacer_close
  • (1)spacer_open 
Phrase Groups Available:
  • global
  • postbit
  • showthread
Included Files:
  • ./printthread.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/class_bbcode_alt.php
  • ./includes/class_bbcode.php
  • ./includes/functions_bigthree.php 
Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • printthread_start
  • pagenav_page
  • pagenav_complete
  • bbcode_fetch_tags
  • bbcode_create
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • printthread_post
  • printthread_complete