Go Back   vb.org Archive > vBulletin 3 Discussion > vB3 Programming Discussions
FAQ Community Calendar Today's Posts Search

Reply
 
Thread Tools Display Modes
  #1  
Old 04-21-2002, 08:05 PM
voogru's Avatar
voogru voogru is offline
 
Join Date: Dec 2001
Location: Miami, FL
Posts: 104
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default trying to mod download.php

trying to mod this download.php to reject members who havent been authed by the email.

heres what i got:

PHP Code:
<?
############################################
# Hack by: GameZilla                       #
# E-mail: [email]gamezilla@socal.rr.com[/email]           #
# Forum: [url]http://www.otakuforums.com[/url]        #
############################################

$file_name = "".basename($file);
include("config.inc");
$mysql['user']   = "voogru";
$mysql['pass']   = "password";
$mysql['db']     = "voogru_website";
$mysql['table']  = "user";

$link = mysql_connect("localhost",$mysql['user'],$mysql['pass']);
mysql_select_db($mysql['db']);

$user = ($HTTP_COOKIE_VARS['user']) ? $HTTP_COOKIE_VARS['user'] : $HTTP_POST_VARS['user'];
$pass = ($HTTP_COOKIE_VARS['pass']) ? $HTTP_COOKIE_VARS['pass'] : $HTTP_POST_VARS['pass'];

$r  = mysql_query("SELECT userid,username,password,usergroupid FROM $mysql[table] WHERE username='$user'");
while ($row = mysql_fetch_array($r))
{
    if(strtolower($user) == strtolower($row['username']) && md5($pass) == $row['password'])
    {

    if ($usergroupid == '3') {
    exit;
 }

    else
        setcookie("user","$user",time() + (120 * 120));
        setcookie("pass","$pass",time() + (120 * 120));
        header("location: $file");
        exit();
    }

}
$data = addslashes(implode("",file("http://www.voogru.com/files/login.phtml")));
eval("echo stripslashes(\"$data\");");
exit();
?>
however when i do that i did a test user and i was still able to download the file.

any ideas?
Reply With Quote
Reply


Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT. The time now is 07:26 AM.


Powered by vBulletin® Version 3.8.12 by vBS
Copyright ©2000 - 2024, vBulletin Solutions Inc.
X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.03321 seconds
  • Memory Usage 2,199KB
  • Queries Executed 11 (?)
More Information
Template Usage:
  • (1)SHOWTHREAD
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (1)ad_showthread_beforeqr
  • (1)bbcode_php
  • (1)footer
  • (1)forumjump
  • (1)forumrules
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (1)navbar
  • (3)navbar_link
  • (120)option
  • (1)post_thanks_box
  • (1)post_thanks_button
  • (1)post_thanks_javascript
  • (1)post_thanks_navbar_search
  • (1)post_thanks_postbit_info
  • (1)postbit
  • (1)postbit_onlinestatus
  • (1)postbit_wrapper
  • (1)showthread_list
  • (1)spacer_close
  • (1)spacer_open
  • (1)tagbit_wrapper 

Phrase Groups Available:
  • global
  • inlinemod
  • postbit
  • posting
  • reputationlevel
  • showthread
Included Files:
  • ./showthread.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/functions_bigthree.php
  • ./includes/class_postbit.php
  • ./includes/class_bbcode.php
  • ./includes/functions_reputation.php
  • ./includes/functions_threadedmode.php
  • ./includes/functions_post_thanks.php 

Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • showthread_start
  • showthread_getinfo
  • forumjump
  • showthread_post_start
  • showthread_query_postids_threaded
  • showthread_threaded_construct_link
  • showthread_query
  • bbcode_fetch_tags
  • bbcode_create
  • showthread_postbit_create
  • postbit_factory
  • postbit_display_start
  • post_thanks_function_post_thanks_off_start
  • post_thanks_function_post_thanks_off_end
  • post_thanks_function_fetch_thanks_start
  • post_thanks_function_fetch_thanks_end
  • post_thanks_function_thanked_already_start
  • post_thanks_function_thanked_already_end
  • fetch_musername
  • postbit_imicons
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • postbit_display_complete
  • post_thanks_function_can_thank_this_post_start
  • tag_fetchbit_complete
  • forumrules
  • navbits
  • navbits_complete
  • showthread_complete