Hey dudes, wuzup!?... well, I need some help with a Hack someone helped me with.. It?s a login hack for my website so ppl have to login before being able to see some pages on my site. I wnated it to share the db with the forums so ppl didin?t had to register twice.
ok, here are the files I have:
other.php
PHP Code:
<?php
// Other.php
//############################### start logout ###############################
if ($action=="logout") {
include("foro/global.php");
vbsetcookie("bbuserid","",1);
vbsetcookie("bbpassword","",1);
vbsetcookie("bbstyleid","",1);
if ($bbuserinfo[userid] > 0) {
$DB_site->query("UPDATE user SET lastactivity='".(time()-$cookietimeout)."',lastvisit='".time()."' WHERE userid='$bbuserinfo[userid]'");
}
//$DB_site->query("UPDATE session SET userid=0 WHERE sessionhash='".addslashes($session[sessionhash])."'");
$DB_site->query("DELETE FROM session WHERE sessionhash='".addslashes($session[dbsessionhash])."'");
if ($bbuserinfo[userid] > 0) {
// make sure any other of this user's sessions are deleted (incase they ended up with more than one)
$DB_site->query("DELETE FROM session WHERE userid='$bbuserinfo[userid]'");
}
$session['sessionhash']=md5(uniqid(microtime()));
$session['dbsessionhash']=$session['sessionhash'];
$DB_site->query("INSERT INTO session (sessionhash,userid,host,useragent,lastactivity,styleid) VALUES ('".addslashes($session['sessionhash'])."','0','".addslashes($session['host'])."','".addslashes($session['useragent'])."','".time()."','0')");
vbsetcookie("sessionhash",$session['sessionhash'],0);
//header("Location: $url"); set this to the page to go back to
}
// ############################### start login ###############################
if ($action=="login") {
include("foro/global.php");
$userid = 0;
if (isset($username)) {
// get userid for given username
if ($user=$DB_site->query_first("SELECT userid,username,password,cookieuser FROM user WHERE username='".addslashes(htmlspecialchars($username))."'")) {
if ($user['password']!=md5($password)) { // check password
print("Incorrect Password/Contrase?a incorrecta.");
exit;
}
$userid=$user[userid];
} else { // invalid username entered
print("Incorrect Username/Nombre de usuario incorrecto");
exit;
}
if ($user['cookieuser']==1) {
vbsetcookie("bbuserid",$user['userid']);
vbsetcookie("bbpassword",$user['password']);
}
$DB_site->query("DELETE FROM session WHERE sessionhash='".addslashes($session[dbsessionhash])."'");
$session['sessionhash']=md5(uniqid(microtime()));
$session['dbsessionhash']=$session['sessionhash'];
$DB_site->query("INSERT INTO session (sessionhash,userid,host,useragent,lastactivity,styleid) VALUES ('".addslashes($session['sessionhash'])."','".intval($userid)."','".addslashes($session['host'])."','".addslashes($session['useragent'])."','".time()."','$session[styleid]')");
vbsetcookie("sessionhash",$session['sessionhash'],0);
$username = $user['username'];
}
$url=ereg_replace("sessionhash=[a-z0-9]{32}&","",$url);
$url=ereg_replace("\?sessionhash=[a-z0-9]{32}","",$url);
$url=ereg_replace("s=[a-z0-9]{32}&","",$url);
$url=ereg_replace("\?s=[a-z0-9]{32}","",$url);
if ($url!="" and $url!="foro/index.php" and $url!=$HTTP_REFERER) {
if (strpos($url,"?")>0) {
$url.="&s=$session[dbsessionhash]";
} else {
$url.="?s=$session[dbsessionhash]";
}
//header("Location: $url"); set this to the page to go back to
} else {
$bbuserinfo=getuserinfo($userid);//header("Location: $url"); set this to the page to go back to
}
}
?>
moa.php
PHP Code:
<?php
include("foro/global.php");
if($bbuserinfo['userid']==0){
///Means they are not logged in
//so it prints login box
print("
<form action=other.php method=post>
<tr>
<td nowrap><font face=\"verdana,arial,helvetica\" size=1 >Login with username and password:</font></td><br>
</tr><tr>
<td nowrap>
<input type=hidden name=action value=login>
<input type=text class=bginput name=username size=7>
<input type=password class=bginput name=password size=7>
<input type=submit class=bginput value=Login!></td>
</tr>
</form>
");
}else{
///they are logged in so it let's
//them log out, you can put "protected"
//stuff here
include("emulacion/roms2.htm");
}
?>
They work right when u do not include em to the home.php page:
(
http://zelda.wi3k.net/moa.php )
excepting that after login in they redirect u to the other.php file instead of the moa.php page, but this is a small problem...
the problem comes when I include the moa.php file with the home.php file...
demo:
http://zelda.wi3k.net/home2.php?id=moa.php
though it works (the login box appears if someone isn?t logged in and if they are logged in then prints the "emulacion/roms.hmt" page.... ) It gave this error:
loged in it gaves me this error:
PHP Code:
Warning: Cannot modify header information - headers already sent by (output started at /usr/home/wi3knet/public_html/zelda/home.php:8) in /usr/home/wi3knet/public_html/zelda/foro/admin/functions.php on line 2020
Not logged gaves this:
PHP Code:
Warning: Cannot modify header information - headers already sent by (output started at /usr/home/wi3knet/public_html/zelda/home.php:8) in /usr/home/wi3knet/public_html/zelda/foro/admin/functions.php on line 2020
Warning: Cannot modify header information - headers already sent by (output started at /usr/home/wi3knet/public_html/zelda/home.php:8) in /usr/home/wi3knet/public_html/zelda/foro/admin/functions.php on line 2020
my question is, is there a way of fixing this WITHOUT using frames? I really don?t like frames XD... so, is there a way?.... someone plz help T_T
P.S. If someone could help with the redirection problem also, it would be AWSOME!!
P.S. 2: as u can see, I?m totally newbie at programming, this scripts were NOT written by me... I?m just asking for some suggestions here....