Parašė BloodKiller· 2007 Rugp. 4 18:08:57
#1
Is neturejimo ka veikti sugalvojau siokia tokia apsauga
PHP-Fusion. Zinoma ne visi ja gales pasinaudoti, bet kas sugebes, tikrai nesigailes. Tai skirta apsaugoti administratoriu vartotojus. :D :D
Redaguojami failai: config.php, maincore.php
Kuriami failai: sesijos_patvirtinimas.php (sis failas turi buti laikomas toje pacioje direktorijoje, kur pagrindiniai failai).
Pirmiausia sukurkime sesijos_patvirtinimas.php faila ir i ji rasykime toki koda.
<?php
include "maincore.php";
include "subheader.php";
include "side_left.php";
dbquery("DELETE FROM ".$db_prefix."vcode WHERE vcode_datestamp < ".time());
if (dbcount("(*)","vcode","") > 10) dbquery("TRUNCATE TABLE ".$db_prefix."vcode");
srand((double)microtime()*1000000);
$temp_num = md5(rand(0,9999));
$vcode_1 = substr($temp_num, 17, 5);
$vcode_2 = md5($vcode_1);
unset($temp_num);
dbquery("INSERT INTO ".$db_prefix."vcode (vcode_datestamp,vcode_1,vcode_2) VALUES ('".(time()+60)."','$vcode_1','$vcode_2');");
opentable("Sesijos patvirtinimas administracijai");
if (!isset($_SESSION['sess_number'])) $_SESSION['sess_number'] = mt_rand(1,30);
if (isset($_POST['get_session'])) {
if (dbcount("(*)","users","user_password = '".md5($_POST['admin_pass'])."'") == 1) {
$data = dbarray(dbquery("SELECT * FROM ".$db_prefix."users WHERE user_password = '".md5($_POST['admin_pass'])."'"));
if ($data['user_level'] > 101) {
$_SESSION['auth'] = sha1($data['user_password']);
echo "Autorizacija jungtis <b>".htmlspecialchars($data['user_name'])."</b> vartotojui gauta<br>\n";
}
}
}
if (isset($_POST['auth_user']) && dbcount("(*)","vcode","vcode_1 = '".$_POST['kodas']."' AND vcode_2 = '".md5($_POST['kodas'])."'")) {
if (sha1($sess_pass[($_SESSION['sess_number'])]) == sha1($_POST['sess_pass'])) {
echo "<form method='post' action='".FUSION_SELF."'>
<table align='center'>
<tr><td>Įveskite bet kurio administratoriaus slaptažodį:</td><td><input type='password' name='admin_pass' class='textbox' style='width:250px;'></td></tr>
<tr><td></td><td><input type='submit' name='get_session' value='Gauti sesiją' class='button'></td></tr>
</table>
</form>\n";
}
}
echo "<form method='post' action='".FUSION_SELF."'>
<table align='center'>
<tr><td>Sesijos slaptažodis <b>".$_SESSION['sess_number']."</b>:</td><td><input name='sess_pass' class='textbox' style='width:250px;'></td></tr>
<tr><td></td><td><input type='submit' name='auth_user' class='button' value='Patvirtinti savo vartotoją'></td></tr>
<input type='hidden' name='kodas' value='$vcode_1'>
</table>
</form>\n";
closetable();
include "side_right.php";
include "footer.php";
?>
Dabar atsidarykime maincore.php ir po
<?php eilute irasykite
session_start();. dabar susiraskite...
if (isset($_POST['login'])) {
$user_pass = md5($_POST['user_pass']);
$user_name = preg_replace(array("/\=/","/\#/","/\sOR\s/"), "", stripinput($_POST['user_name']));
$result = dbquery("SELECT * FROM ".$db_prefix."users WHERE user_name='$user_name' AND user_password='$user_pass'");
if (dbrows($result) != 0) {
$data = dbarray($result);
$cookie_value = $data['user_id'].".".$data['user_password'];
if ($data['user_status'] == 0) {
$cookie_exp = isset($_POST['remember_me']) ? time() + 3600*24*30 : time() + 3600*3;
header("P3P: CP='NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM'");
setcookie("fusion_user", $cookie_value, $cookie_exp, "/", "", "0");
redirect(BASEDIR."setuser.php?user=".$data['user_name'], "script");
} elseif ($data['user_status'] == 1) {
redirect(BASEDIR."setuser.php?error=1", "script");
} elseif ($data['user_status'] == 2) {
redirect(BASEDIR."setuser.php?error=2", "script");
}
} else {
redirect(BASEDIR."setuser.php?error=3");
}
}
...keiskite i...
if (isset($_POST['login'])) {
$user_pass = md5($_POST['user_pass']);
$user_name = preg_replace(array("/\=/","/\#/","/\sOR\s/"), "", stripinput($_POST['user_name']));
$result = dbquery("SELECT * FROM ".$db_prefix."users WHERE user_name='$user_name' AND user_password='$user_pass'");
if (dbrows($result) != 0) {
$data = dbarray($result);
$cookie_value = $data['user_id'].".".$data['user_password'];
if ($data['user_status'] == 0) {
if ($data['user_level'] > 101) {
if (isset($_SESSION['auth'])) {
if (sha1($data['user_password']) == $_SESSION['auth']) {
$cookie_exp = isset($_POST['remember_me']) ? time() + 3600*24*30 : time() + 3600*3;
header("P3P: CP='NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM'");
setcookie("fusion_user", $cookie_value, $cookie_exp, "/", "", "0");
redirect(BASEDIR."setuser.php?user=".$data['user_name'], "script");
} else {
redirect(BASEDIR."setuser.php?error=3");
}
} else {
redirect(BASEDIR."setuser.php?error=3");
}
} else {
$cookie_exp = isset($_POST['remember_me']) ? time() + 3600*24*30 : time() + 3600*3;
header("P3P: CP='NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM'");
setcookie("fusion_user", $cookie_value, $cookie_exp, "/", "", "0");
redirect(BASEDIR."setuser.php?user=".$data['user_name'], "script");
}
} elseif ($data['user_status'] == 1) {
redirect(BASEDIR."setuser.php?error=1", "script");
} elseif ($data['user_status'] == 2) {
redirect(BASEDIR."setuser.php?error=2", "script");
}
} else {
redirect(BASEDIR."setuser.php?error=3");
}
}
Ieskokite...
if (isset($_COOKIE['fusion_user'])) {
$cookie_vars = explode(".", $_COOKIE['fusion_user']);
$cookie_1 = isNum($cookie_vars['0']) ? $cookie_vars['0'] : "0";
$cookie_2 = (preg_match("/^[0-9a-z]{32}$/", $cookie_vars['1']) ? $cookie_vars['1'] : "");
$result = dbquery("SELECT * FROM ".$db_prefix."users WHERE user_id='$cookie_1' AND user_password='$cookie_2'");
unset($cookie_vars,$cookie_1,$cookie_2);
if (dbrows($result) != 0) {
$userdata = dbarray($result);
if ($userdata['user_status'] == 0) {
if ($userdata['user_theme'] != "Default" && file_exists(THEMES.$userdata['user_theme']."/theme.php")) {
define("THEME", THEMES.$userdata['user_theme']."/");
} else {
define("THEME", THEMES.$settings['theme']."/");
}
if ($userdata['user_offset'] <> 0) {
$settings['timeoffset'] = $settings['timeoffset'] + $userdata['user_offset'];
}
if (empty($_COOKIE['fusion_lastvisit'])) {
setcookie("fusion_lastvisit", $userdata['user_lastvisit'], time() + 3600, "/", "", "0");
$lastvisited = $userdata['user_lastvisit'];
} else {
$lastvisited = $_COOKIE['fusion_lastvisit'];
}
} else {
header("P3P: CP='NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM'");
setcookie("fusion_user", "", time() - 7200, "/", "", "0");
setcookie("fusion_lastvisit", "", time() - 7200, "/", "", "0");
redirect(BASEDIR."index.php", "script");
}
} else {
header("P3P: CP='NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM'");
setcookie("fusion_user", "", time() - 7200, "/", "", "0");
setcookie("fusion_lastvisit", "", time() - 7200, "/", "", "0");
redirect(BASEDIR."index.php", "script");
}
} else {
define("THEME", THEMES.$settings['theme']."/");
$userdata = ""; $userdata['user_level'] = 0; $userdata['user_rights'] = ""; $userdata['user_groups'] = "";
}
...keiskite i...
if (isset($_COOKIE['fusion_user'])) {
$cookie_vars = explode(".", $_COOKIE['fusion_user']);
$cookie_1 = isNum($cookie_vars['0']) ? $cookie_vars['0'] : "0";
$cookie_2 = (preg_match("/^[0-9a-z]{32}$/", $cookie_vars['1']) ? $cookie_vars['1'] : "");
$result = dbquery("SELECT * FROM ".$db_prefix."users WHERE user_id='$cookie_1' AND user_password='$cookie_2'");
unset($cookie_vars,$cookie_1,$cookie_2);
if (dbrows($result) != 0) {
$userdata = dbarray($result);
if ($userdata['user_status'] == 0) {
if ($userdata['user_level'] > 101) {
if (sha1($userdata['user_password']) != $_SESSION['auth']) {
header("P3P: CP='NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM'");
setcookie("fusion_user", "", time() - 7200, "/", "", "0");
setcookie("fusion_lastvisit", "", time() - 7200, "/", "", "0");
redirect(BASEDIR."index.php", "script");
}
}
if ($userdata['user_theme'] != "Default" && file_exists(THEMES.$userdata['user_theme']."/theme.php")) {
define("THEME", THEMES.$userdata['user_theme']."/");
} else {
define("THEME", THEMES.$settings['theme']."/");
}
if ($userdata['user_offset'] <> 0) {
$settings['timeoffset'] = $settings['timeoffset'] + $userdata['user_offset'];
}
if (empty($_COOKIE['fusion_lastvisit'])) {
setcookie("fusion_lastvisit", $userdata['user_lastvisit'], time() + 3600, "/", "", "0");
$lastvisited = $userdata['user_lastvisit'];
} else {
$lastvisited = $_COOKIE['fusion_lastvisit'];
}
} else {
header("P3P: CP='NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM'");
setcookie("fusion_user", "", time() - 7200, "/", "", "0");
setcookie("fusion_lastvisit", "", time() - 7200, "/", "", "0");
redirect(BASEDIR."index.php", "script");
}
} else {
header("P3P: CP='NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM'");
setcookie("fusion_user", "", time() - 7200, "/", "", "0");
setcookie("fusion_lastvisit", "", time() - 7200, "/", "", "0");
redirect(BASEDIR."index.php", "script");
}
} else {
define("THEME", THEMES.$settings['theme']."/");
$userdata = ""; $userdata['user_level'] = 0; $userdata['user_rights'] = ""; $userdata['user_groups'] = "";
}
Nu va, 2 trecdaliai darbo jau atlikta. dabar atsidarykite config.php faila ir irasykite stai toki koda...
$sess_pass = array(
1 => "873d2aad2f88378495",
"82abd10aa0e127a",
"9e03af998fcbf8e9fb2239ad1a6",
"bdcdfbef42a632b498a",
"3bc61d71b9a6fcf2cd70adae8645ce",
"65f4debf4c0ca223b970",
"dbb3d4926171df04272470279f191b95ddd",
"b75641f96a7945ca93277c716b4c",
"ca99ce3e3de8ecd5489a7f931410",
"1f4b6042c9462fa",
"e8b8ad049f4db4a0f9a19c0f00f1",
"938ef80e221e5f6f24a8c9d440d1",
"2f7b5d2f166d43fef05c89467b4b4b5",
"7c8a7111990bdf8af36a6d7c21a9584181",
"c403c40c683c3f2c9f64d32385a59c4aca177",
"27c44675eef89d87a67a2db8881b2e48c4b1",
"88498ca98a5d2f93bf0294",
"8a586eefcd4153ed3d85adbc",
"22b7eca41574532b3f3036031f2f57e9a33a",
"3ff80086181fdf06435645333edff4",
"c3169f09d228de96736f8c",
"0216f3e35f5587b7c68",
"9f5de4a5f7481fae010103dc5",
"1e823101cfdd0ff6cc9e149c393f026",
"ccb39a50ee77a6619529660195d1e8025",
"06b9c62d9179bad1c52d712c",
"19cc6020b94f8a15f9f2ed7b542",
"a32ff2b5a02bc080f6a44d024ffb4d8",
"d1ead03cfa66a81bd32bab8567",
"75e0ee77bd97b01e0eabed566b2150d04"
);
Tas kas nuspalvinta raudonai, butinai keiskite, nes kitu atveju si apsauga nebus veiksminga.
P.S. Rytoj galbut pristatysiu dar viena naudinga apsauga nuo bruteforce ataku.
Redagavo BloodKiller· 2007 Rugp. 4 20:08:38