[MeTaL_oRgY]

Hey dudes, wuzup!?... well, I need some help with a Hack someone helped me with.. It?s a login hack for my website so ppl have to login before being able to see some pages on my site. I wnated it to share the db with the forums so ppl didin?t had to register twice.

ok, here are the files I have:

other.php

PHP Code:

<?php 
// Other.php 
//############################### start logout ############################### 
if ($action=="logout") { 
  include("foro/global.php"); 
  vbsetcookie("bbuserid","",1); 
  vbsetcookie("bbpassword","",1); 
  vbsetcookie("bbstyleid","",1); 

  if ($bbuserinfo[userid] > 0) { 
    $DB_site->query("UPDATE user SET lastactivity='".(time()-$cookietimeout)."',lastvisit='".time()."' WHERE userid='$bbuserinfo[userid]'"); 
  } 


  //$DB_site->query("UPDATE session SET userid=0 WHERE sessionhash='".addslashes($session[sessionhash])."'"); 
  $DB_site->query("DELETE FROM session WHERE sessionhash='".addslashes($session[dbsessionhash])."'"); 

  if ($bbuserinfo[userid] > 0) { 
    // make sure any other of this user's sessions are deleted (incase they ended up with more than one) 
    $DB_site->query("DELETE FROM session WHERE userid='$bbuserinfo[userid]'"); 
  } 

  $session['sessionhash']=md5(uniqid(microtime())); 
   $session['dbsessionhash']=$session['sessionhash'];

  $DB_site->query("INSERT INTO session  (sessionhash,userid,host,useragent,lastactivity,styleid) VALUES ('".addslashes($session['sessionhash'])."','0','".addslashes($session['host'])."','".addslashes($session['useragent'])."','".time()."','0')"); 
  vbsetcookie("sessionhash",$session['sessionhash'],0); 

  //header("Location: $url"); set this to the page to go back to 

} 

// ############################### start login ############################### 
if ($action=="login") { 
  include("foro/global.php"); 
  $userid = 0; 
  if (isset($username)) { 
    // get userid for given username 
    if ($user=$DB_site->query_first("SELECT userid,username,password,cookieuser FROM user WHERE username='".addslashes(htmlspecialchars($username))."'")) { 
      if ($user['password']!=md5($password)) {  // check password 
        print("Incorrect Password/Contrase?a incorrecta."); 
        exit; 
      } 
      $userid=$user[userid]; 
    } else { // invalid username entered 
      print("Incorrect Username/Nombre de usuario incorrecto"); 
      exit; 
    } 

    if ($user['cookieuser']==1) { 
      vbsetcookie("bbuserid",$user['userid']); 
      vbsetcookie("bbpassword",$user['password']); 
    } 

    $DB_site->query("DELETE FROM session WHERE sessionhash='".addslashes($session[dbsessionhash])."'"); 

    $session['sessionhash']=md5(uniqid(microtime())); 
     $session['dbsessionhash']=$session['sessionhash'];

    $DB_site->query("INSERT INTO session  (sessionhash,userid,host,useragent,lastactivity,styleid) VALUES ('".addslashes($session['sessionhash'])."','".intval($userid)."','".addslashes($session['host'])."','".addslashes($session['useragent'])."','".time()."','$session[styleid]')"); 
    vbsetcookie("sessionhash",$session['sessionhash'],0); 
    $username = $user['username']; 
  } 

  $url=ereg_replace("sessionhash=[a-z0-9]{32}&","",$url); 
  $url=ereg_replace("\?sessionhash=[a-z0-9]{32}","",$url); 
  $url=ereg_replace("s=[a-z0-9]{32}&","",$url); 
  $url=ereg_replace("\?s=[a-z0-9]{32}","",$url); 

  if ($url!="" and $url!="foro/index.php" and $url!=$HTTP_REFERER) { 

    if (strpos($url,"?")>0) { 
      $url.="&s=$session[dbsessionhash]"; 
    } else { 
      $url.="?s=$session[dbsessionhash]"; 
    } 
     
    //header("Location: $url"); set this to the page to go back to 
  } else { 
    $bbuserinfo=getuserinfo($userid);//header("Location: $url"); set this to the page to go back to 
} 

} 
?>

moa.php

PHP Code:

<?php 
include("foro/global.php"); 
if($bbuserinfo['userid']==0){ 
///Means they are not logged in 
//so it prints login box 
print(" 
    <form action=other.php method=post> 
    <tr> 
    <td nowrap><font face=\"verdana,arial,helvetica\" size=1 >Login with username and password:</font></td><br>
    </tr><tr> 
    <td nowrap> 
    <input type=hidden name=action value=login> 
    <input type=text class=bginput name=username size=7> 
    <input type=password class=bginput name=password size=7> 
    <input type=submit class=bginput value=Login!></td> 
    </tr> 
    </form> 
"); 
}else{ 
///they are logged in so it let's 
//them log out, you can put "protected" 
//stuff here 
include("emulacion/roms2.htm");
     
} 

?>

They work right when u do not include em to the home.php page:
( http://zelda.wi3k.net/moa.php )
excepting that after login in they redirect u to the other.php file instead of the moa.php page, but this is a small problem...

the problem comes when I include the moa.php file with the home.php file...
demo: http://zelda.wi3k.net/home2.php?id=moa.php

though it works (the login box appears if someone isn?t logged in and if they are logged in then prints the "emulacion/roms.hmt" page.... ) It gave this error:

loged in it gaves me this error:

PHP Code:

Warning: Cannot modify header information - headers already sent by (output started at /usr/home/wi3knet/public_html/zelda/home.php:8) in /usr/home/wi3knet/public_html/zelda/foro/admin/functions.php on line 2020 


Not logged gaves this:

PHP Code:

Warning: Cannot modify header information - headers already sent by (output started at /usr/home/wi3knet/public_html/zelda/home.php:8) in /usr/home/wi3knet/public_html/zelda/foro/admin/functions.php on line 2020

Warning: Cannot modify header information - headers already sent by (output started at /usr/home/wi3knet/public_html/zelda/home.php:8) in /usr/home/wi3knet/public_html/zelda/foro/admin/functions.php on line 2020 


my question is, is there a way of fixing this WITHOUT using frames? I really don?t like frames XD... so, is there a way?.... someone plz help T_T

P.S. If someone could help with the redirection problem also, it would be AWSOME!!
P.S. 2: as u can see, I?m totally newbie at programming, this scripts were NOT written by me... I?m just asking for some suggestions here....