Go Back   vb.org Archive > vBulletin 3 Discussion > vB3 General Discussions
  #1  
Old 04-04-2004, 08:42 PM
MeTaL_oRgY MeTaL_oRgY is offline
 
Join Date: Jul 2003
Posts: 64
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default Help with vB hack...

Hey dudes, wuzup!?... well, I need some help with a Hack someone helped me with.. It?s a login hack for my website so ppl have to login before being able to see some pages on my site. I wnated it to share the db with the forums so ppl didin?t had to register twice.

ok, here are the files I have:

other.php
PHP Code:
<?php 
// Other.php 
//############################### start logout ############################### 
if ($action=="logout") { 
  include(
"foro/global.php"); 
  
vbsetcookie("bbuserid","",1); 
  
vbsetcookie("bbpassword","",1); 
  
vbsetcookie("bbstyleid","",1); 

  if (
$bbuserinfo[userid] > 0) { 
    
$DB_site->query("UPDATE user SET lastactivity='".(time()-$cookietimeout)."',lastvisit='".time()."' WHERE userid='$bbuserinfo[userid]'"); 
  } 


  
//$DB_site->query("UPDATE session SET userid=0 WHERE sessionhash='".addslashes($session[sessionhash])."'"); 
  
$DB_site->query("DELETE FROM session WHERE sessionhash='".addslashes($session[dbsessionhash])."'"); 

  if (
$bbuserinfo[userid] > 0) { 
    
// make sure any other of this user's sessions are deleted (incase they ended up with more than one) 
    
$DB_site->query("DELETE FROM session WHERE userid='$bbuserinfo[userid]'"); 
  } 

  
$session['sessionhash']=md5(uniqid(microtime())); 
   
$session['dbsessionhash']=$session['sessionhash'];

  
$DB_site->query("INSERT INTO session  (sessionhash,userid,host,useragent,lastactivity,styleid) VALUES ('".addslashes($session['sessionhash'])."','0','".addslashes($session['host'])."','".addslashes($session['useragent'])."','".time()."','0')"); 
  
vbsetcookie("sessionhash",$session['sessionhash'],0); 

  
//header("Location: $url"); set this to the page to go back to 



// ############################### start login ############################### 
if ($action=="login") { 
  include(
"foro/global.php"); 
  
$userid 0
  if (isset(
$username)) { 
    
// get userid for given username 
    
if ($user=$DB_site->query_first("SELECT userid,username,password,cookieuser FROM user WHERE username='".addslashes(htmlspecialchars($username))."'")) { 
      if (
$user['password']!=md5($password)) {  // check password 
        
print("Incorrect Password/Contrase?a incorrecta."); 
        exit; 
      } 
      
$userid=$user[userid]; 
    } else { 
// invalid username entered 
      
print("Incorrect Username/Nombre de usuario incorrecto"); 
      exit; 
    } 

    if (
$user['cookieuser']==1) { 
      
vbsetcookie("bbuserid",$user['userid']); 
      
vbsetcookie("bbpassword",$user['password']); 
    } 

    
$DB_site->query("DELETE FROM session WHERE sessionhash='".addslashes($session[dbsessionhash])."'"); 

    
$session['sessionhash']=md5(uniqid(microtime())); 
     
$session['dbsessionhash']=$session['sessionhash'];

    
$DB_site->query("INSERT INTO session  (sessionhash,userid,host,useragent,lastactivity,styleid) VALUES ('".addslashes($session['sessionhash'])."','".intval($userid)."','".addslashes($session['host'])."','".addslashes($session['useragent'])."','".time()."','$session[styleid]')"); 
    
vbsetcookie("sessionhash",$session['sessionhash'],0); 
    
$username $user['username']; 
  } 

  
$url=ereg_replace("sessionhash=[a-z0-9]{32}&","",$url); 
  
$url=ereg_replace("\?sessionhash=[a-z0-9]{32}","",$url); 
  
$url=ereg_replace("s=[a-z0-9]{32}&","",$url); 
  
$url=ereg_replace("\?s=[a-z0-9]{32}","",$url); 

  if (
$url!="" and $url!="foro/index.php" and $url!=$HTTP_REFERER) { 

    if (
strpos($url,"?")>0) { 
      
$url.="&s=$session[dbsessionhash]"
    } else { 
      
$url.="?s=$session[dbsessionhash]"
    } 
     
    
//header("Location: $url"); set this to the page to go back to 
  
} else { 
    
$bbuserinfo=getuserinfo($userid);//header("Location: $url"); set this to the page to go back to 



?>
moa.php
PHP Code:
<?php 
include("foro/global.php"); 
if(
$bbuserinfo['userid']==0){ 
///Means they are not logged in 
//so it prints login box 
print(
    <form action=other.php method=post> 
    <tr> 
    <td nowrap><font face=\"verdana,arial,helvetica\" size=1 >Login with username and password:</font></td><br>
    </tr><tr> 
    <td nowrap> 
    <input type=hidden name=action value=login> 
    <input type=text class=bginput name=username size=7> 
    <input type=password class=bginput name=password size=7> 
    <input type=submit class=bginput value=Login!></td> 
    </tr> 
    </form> 
"
); 
}else{ 
///they are logged in so it let's 
//them log out, you can put "protected" 
//stuff here 
include("emulacion/roms2.htm");
     


?>
They work right when u do not include em to the home.php page:
( http://zelda.wi3k.net/moa.php )
excepting that after login in they redirect u to the other.php file instead of the moa.php page, but this is a small problem...

the problem comes when I include the moa.php file with the home.php file...
demo: http://zelda.wi3k.net/home2.php?id=moa.php

though it works (the login box appears if someone isn?t logged in and if they are logged in then prints the "emulacion/roms.hmt" page.... ) It gave this error:

loged in it gaves me this error:
PHP Code:
WarningCannot modify header information headers already sent by (output started at /usr/home/wi3knet/public_html/zelda/home.php:8in /usr/home/wi3knet/public_html/zelda/foro/admin/functions.php on line 2020 
Not logged gaves this:
PHP Code:
WarningCannot modify header information headers already sent by (output started at /usr/home/wi3knet/public_html/zelda/home.php:8in /usr/home/wi3knet/public_html/zelda/foro/admin/functions.php on line 2020

Warning
Cannot modify header information headers already sent by (output started at /usr/home/wi3knet/public_html/zelda/home.php:8in /usr/home/wi3knet/public_html/zelda/foro/admin/functions.php on line 2020 
my question is, is there a way of fixing this WITHOUT using frames? I really don?t like frames XD... so, is there a way?.... someone plz help T_T

P.S. If someone could help with the redirection problem also, it would be AWSOME!!
P.S. 2: as u can see, I?m totally newbie at programming, this scripts were NOT written by me... I?m just asking for some suggestions here....
Reply With Quote
  #2  
Old 04-05-2004, 04:18 PM
MeTaL_oRgY MeTaL_oRgY is offline
 
Join Date: Jul 2003
Posts: 64
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

I managed to have the login box on the menu in a iframe, I really dont care about it :P excepting that when someone logs-in the iframe turns white cuz it goes to other.php instead of moa.php.....

but I still can´t get rid of the header error, PLZ hELP!! T____T
Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT. The time now is 12:10 PM.


Powered by vBulletin® Version 3.8.12 by vBS
Copyright ©2000 - 2024, vBulletin Solutions Inc.
X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.05922 seconds
  • Memory Usage 2,220KB
  • Queries Executed 11 (?)
More Information
Template Usage:
  • (1)SHOWTHREAD
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (1)ad_showthread_beforeqr
  • (1)ad_showthread_firstpost
  • (1)ad_showthread_firstpost_sig
  • (1)ad_showthread_firstpost_start
  • (4)bbcode_php
  • (1)footer
  • (1)forumjump
  • (1)forumrules
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (1)navbar
  • (3)navbar_link
  • (120)option
  • (2)post_thanks_box
  • (2)post_thanks_button
  • (1)post_thanks_javascript
  • (1)post_thanks_navbar_search
  • (2)post_thanks_postbit_info
  • (2)postbit
  • (2)postbit_onlinestatus
  • (2)postbit_wrapper
  • (1)spacer_close
  • (1)spacer_open
  • (1)tagbit_wrapper 

Phrase Groups Available:
  • global
  • inlinemod
  • postbit
  • posting
  • reputationlevel
  • showthread
Included Files:
  • ./showthread.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/functions_bigthree.php
  • ./includes/class_postbit.php
  • ./includes/class_bbcode.php
  • ./includes/functions_reputation.php
  • ./includes/functions_post_thanks.php 

Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • showthread_start
  • showthread_getinfo
  • forumjump
  • showthread_post_start
  • showthread_query_postids
  • showthread_query
  • bbcode_fetch_tags
  • bbcode_create
  • showthread_postbit_create
  • postbit_factory
  • postbit_display_start
  • post_thanks_function_post_thanks_off_start
  • post_thanks_function_post_thanks_off_end
  • post_thanks_function_fetch_thanks_start
  • post_thanks_function_fetch_thanks_end
  • post_thanks_function_thanked_already_start
  • post_thanks_function_thanked_already_end
  • fetch_musername
  • postbit_imicons
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • postbit_display_complete
  • post_thanks_function_can_thank_this_post_start
  • tag_fetchbit_complete
  • forumrules
  • navbits
  • navbits_complete
  • showthread_complete