vb.org Archive - View Single Post - Log-in on non-vb page...cookies?

Kathy · #3 11-11-2002, 10:06 PM

Thanks Erwin,

Just so that you know...i'm not a hacker.

But I'll tell you what my log-in has...

I've used a log-in that is an include and then the log-in script that the include calls....
chdir("/usr/local/apache/sites/hystersisters.com/httpdocs/vb2/");
require("global.php");

I'm assuming that is calling global.php since it is included?

I've dumped my cookies and made sure that the admin control panel shows:

/ for path

and .hystersisters.com for cookie domain.

Now interesting...

I dumped my cookies and logged in via my forum home page. I checked my cookies:

hystersisters.com

I then went into my admin control panel...and after logging into my admin control panel I have extra cookies:

www.hystersisters.com bbadmin

I go to my test login (non-vb page) and yes it is all php

It doesn't recognize me. It does allow me to log in...and the log-in produces more cookies for:

hystersisters.com

And when I return to that page...it still doesn't recognize me as a registered member.

Here is the log-in hack I used once you call the "login code" through an include:

Code:

<?

// File:  Homepage Login
// Version: 1.0
// By:  RobAC
// Date:  7/24/01
// Source:  Original VB Homepage Login by Demolition
// Reference: http://www.vbulletin.com/forum/showt...threadid=22192

chdir("/usr/local/apache/sites/hystersisters.com/httpdocs/vb2/");
require("global.php");

if ($bbuserinfo['userid']!=0) {
$username=$bbuserinfo['username'];
  
print("<p align='center'>Welcome back,<br /> <b>$username!</b></p>");
print("<p align='center'><b>[ <a href='vb2/index.php'>Enter</a> ]</b></p>");

} else {

?>
<form action="http://www.hystersisters.com/vb2/member.php" method="post" />
<input type="hidden" name="s" value="$session[sessionhash]" />
<input type="hidden" name="action" value="login" />
<table width="100%" cellpadding="0" cellspacing="0" border="0">
  <tr>
    <td align="left"><font class="verdana, arial, helvetica" size="1"><b>Username:</b></font></td>
    <td align="left"><input type="text" name="username" size="7" /></td>
  </tr>
  <tr>
    <td align="left"><font class="verdana, arial, helvetica" size="1"><b>Password:</b></font></td>
    <td align="left"><input type="password" name="password" size="7" /></td>
  </tr>
  <tr>
    <td align="center" colspan="2"><input type="submit" value="Login!" /></td>
  </tr>
</table>
</form>
<?

}

?>

thanks for your help!

X vBulletin 3.8.12 by vBS Debug Information
Page Generation 0.01198 seconds Memory Usage 1,771KB Queries Executed 11 (?)
More Information
Template Usage: (1)SHOWTHREAD_SHOWPOST (1)ad_footer_end (1)ad_footer_start (1)ad_header_end (1)ad_header_logo (1)ad_navbar_below (1)bbcode_code (1)footer (1)gobutton (1)header (1)headinclude (6)option (1)post_thanks_box (1)post_thanks_button (1)post_thanks_javascript (1)post_thanks_navbar_search (1)post_thanks_postbit_info (1)postbit (1)postbit_onlinestatus (1)postbit_wrapper (1)spacer_close (1)spacer_open Phrase Groups Available: global postbit reputationlevel showthread	Included Files: ./showpost.php ./global.php ./includes/init.php ./includes/class_core.php ./includes/config.php ./includes/functions.php ./includes/class_hook.php ./includes/modsystem_functions.php ./includes/functions_bigthree.php ./includes/class_postbit.php ./includes/class_bbcode.php ./includes/functions_reputation.php ./includes/functions_post_thanks.php Hooks Called: init_startup init_startup_session_setup_start init_startup_session_setup_complete cache_permissions fetch_postinfo_query fetch_postinfo fetch_threadinfo_query fetch_threadinfo fetch_foruminfo style_fetch cache_templates global_start parse_templates global_setup_complete showpost_start bbcode_fetch_tags bbcode_create postbit_factory showpost_post postbit_display_start post_thanks_function_post_thanks_off_start post_thanks_function_post_thanks_off_end post_thanks_function_fetch_thanks_start post_thanks_function_fetch_thanks_end post_thanks_function_thanked_already_start post_thanks_function_thanked_already_end fetch_musername postbit_imicons bbcode_parse_start bbcode_parse_complete_precache bbcode_parse_complete postbit_display_complete post_thanks_function_can_thank_this_post_start showpost_complete
Messages: