vb.org Archive
Page 1 of 2 1 2
Show 40 post(s) from this thread on one page

vb.org Archive (https://vborg.vbsupport.ru/index.php)
-   Member Archives (https://vborg.vbsupport.ru/forumdisplay.php?f=202)
-   -   Finally, a non-vb Hack...but... (https://vborg.vbsupport.ru/showthread.php?t=15822)

MoJo85 05-01-2001 06:50 PM
Ok....I found that there is alot of demand saying that they want a non-vb login hack (including me). So meaning it will integrate vb's usernames and passwords with non-vb website. So that people access parts(other than the vbb) of a website using there login and pass.
So I will launch this hack soon but I stumbled upon a problem which I can't solve...
ok here is my code(attached below)..What I'm making is that If the action is a login then it would verify for pass and username. Put when I test this and type a fake pass and username it would not show the website where is says wrong pass or wrong username. If I type the right pass and username it would forward me to the topsecret website. There is no error showing except a 404 error saying that THIS(the file that this code is in) code is not found.(i'm darn sure its there because when u type the right pass word is will forward u to the right spot) I know that there is somthing wrong with the eval statements below...so can some one point it out...
help would be appreciated and thanks in advance.

PHP Code:
// ############################### start login ############################### 
if ($action=="login") { 
include("./global.php"); 
if (isset($username)) { 
// get userid for given username 
if ($user=$DB_site->query_first("SELECT userid,username,password,cookieuser FROM user WHERE username='".addslashes(htmlspecialchars($username))."'")) { 
if ($user[password]!=$password) { // check password 
eval (header("Location: [url]http://www.YourHostName.com/chat_forums/forums/Inccorectpass.php[/url]")); 
exit; 

$userid=$user[userid]; 
} else { // invalid username entered 
eval (header("Location: [url]http://www.YourHostName.com/chat_forums/forums/InncorrectUsername.php[/url]")); 
exit; 


if ($user['cookieuser']==1) { 
vbsetcookie("bbuserid",$user['userid']); 
vbsetcookie("bbpassword",md5($user['password'])); 


$DB_site->query("DELETE FROM session WHERE sessionhash='".addslashes($session[dbsessionhash])."'"); 

$session['sessionhash']=md5(uniqid(microtime())); 
$session['dbsessionhash']=$session['sessionhash']; 
$DB_site->query("INSERT INTO session (sessionhash,userid,host,useragent,lastactivity,styleid) VALUES ('".addslashes($session['sessionhash'])."','$userid','".addslashes($session['host'])."','".addslashes($session['useragent'])."','".time()."','$session[styleid]')"); 
vbsetcookie("sessionhash",$session['sessionhash'],0); 
$username $user['username']; 


$url=ereg_replace("sessionhash=[a-z0-9]{32}&","",$url); 
$url=ereg_replace("\\?sessionhash=[a-z0-9]{32}","",$url); 
$url=ereg_replace("s=[a-z0-9]{32}&","",$url); 
$url=ereg_replace("\\?s=[a-z0-9]{32}","",$url); 

if ($url!="" and $url!="index.php" and $url!=$HTTP_REFERER) { 

if (strpos($url,"?")>0) { 
$url.="&s=$session[dbsessionhash]"
} else { 
$url.="?s=$session[dbsessionhash]"

//header("Location: $url"); 

$url str_replace("\""""$url); 
eval("standardredirect(\"".gettemplate("redirect_login")."\",\"$url\");"); 
} else { 
$bbuserinfo=getuserinfo($userid); 
header("Location: [url]http://www.YourHostName.com/chat_forums/forums/topsecret.php[/url]"); 



btw: This is part of a code so don't worry about <?php...
Once I finish this hopfully I will launch the hack
Thank you

MoJo85 05-02-2001 02:07 AM
I never seen such a big bunch of losers ever. You guys have no spirit of helping each other.....all you want is hacks that you wait for....The problem has a simpile solution that I can't solve because simply its my first time coding php....so why not take a minute a post something for gods sakes...

btw thanks to all the ppl who accutly do something...I know you might not have time to see all the post regarding help....

tubedogg 05-02-2001 02:41 AM
Dude, for lack of a better term, f--- off! It's been 7 hours since your first post. Do you know how many people only visit once every 24 hours or longer? The polite thing to do is bump after 24 hours. You're sure not going to get any help calling us losers.

Have you looked at these forums at all? Have you seen how many requests have been answered and people helped in the other areas (questions, installation, etc.)? Give it a rest.

conan 05-02-2001 08:11 PM
I must agree with tubedogg when he told you to f*ck off!
You are the loser, cause not only you can't solve your problem, but you can't be patient like everyone else and wait for your damn reply.

Well congratulations, cause now the "losers" will sure help you out!

lol kids

MoJo85 05-02-2001 10:12 PM
after 7 hours there was 50 views and not a single post...plus I might add that after that time my post was down 20 spots because of no post...but now since u guys posted..its back up..my point was this is the worst board that I ever seen for helping (my opinion). Also before I posted this I did search and did find some info about a different problem..but suprizingly 75%(an estimate) of the posts regarding this matter were not answered. Also I wasn't just doing this for me..I did say that I was willing to do a hack once a solution to this is found. Also, when u say F*** off, you don't know what that really means because its just have nothing to do with this. So F*** your self some where else.

tubedogg 05-03-2001 12:02 AM
You decided to start a new thread to b***h about it? That's gonna win you friends. :rolleyes:

conan 05-03-2001 04:08 PM
You sure have a way with people don't you?

I think the mods should close this thread, it's going no where!

JohnM 05-03-2001 05:54 PM
MoJo85, instead of calling us losers, the polite thing to do would be to BUMP it.

JohnM 05-03-2001 05:55 PM
And BTW - hint:

eval (header("Location: <a href="http://www.YourHostName.com/chat_forums/forums/Inccorectpass.php" target="_blank">http://www.YourHostName.com/chat_fo...ccorectpass.php</a>"));

no no.

header("Location: <a href="http://www.YourHostName.com/chat_forums/forums/Inccorectpass.php" target="_blank">http://www.YourHostName.com/chat_fo...ccorectpass.php</a>");
exit;

MoJo85 05-03-2001 06:36 PM
I'm sorry for that incorect post...I didn't mean to post a new thread. That was supposed to be a replly, anyways...thanks John M for the replly.


All times are GMT. The time now is 03:47 PM.
Page 1 of 2 1 2
Show 40 post(s) from this thread on one page

Powered by vBulletin® Version 3.8.12 by vBS
Copyright ©2000 - 2025, vBulletin Solutions Inc.

X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.01019 seconds
  • Memory Usage 1,764KB
  • Queries Executed 10 (?)
More Information
Template Usage:
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (1)bbcode_php_printable
  • (1)footer
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (6)option
  • (1)pagenav
  • (1)pagenav_curpage
  • (1)pagenav_pagelink
  • (1)post_thanks_navbar_search
  • (1)printthread
  • (10)printthreadbit
  • (1)spacer_close
  • (1)spacer_open 
Phrase Groups Available:
  • global
  • postbit
  • showthread
Included Files:
  • ./printthread.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/class_bbcode_alt.php
  • ./includes/class_bbcode.php
  • ./includes/functions_bigthree.php 
Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • printthread_start
  • pagenav_page
  • pagenav_complete
  • bbcode_fetch_tags
  • bbcode_create
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • printthread_post
  • printthread_complete