Quote:
Originally Posted by BamBam0077
PHP Code:
<?php
require_once("include/bittorrent.php");
if (!mkglobal("username:password")) die();
dbconn();
function bark($text = "Username or password incorrect") { stderr("<center>Login failed !</center>", $text); }
$res = mysql_query("SELECT id, passhash, secret, enabled FROM users WHERE username = " . sqlesc($username) . " AND status = 'confirmed'"); $row = mysql_fetch_array($res);
if (!$row) bark();
if ($row["passhash"] != md5($row["secret"] . $password . $row["secret"])) bark();
if ($row["enabled"] == "no") bark("<center>This account has been disabled.</center>");
// ADN MOD PERMANENT LOGIN $expires = (int) $_POST["expires"];
if (!$expires or $expires <= 0 or $expires > 31556926) { $expires = 0x7fffffff; } else { $expires = time() + $expires; }
logincookie($row["id"], $row["passhash"], 1, $expires); // END MOD PERMANENT LOGIN
/// and mod login return if (!empty($_POST["returnto"])) { header("Location: $BASEURL$_POST[returnto]"); } else { $successful = true; if($successful === true){ echo "<div style='background-color: #353939;border: 1px solid #666;color:green;'> <text>Successful Message</text> </div> <div style='padding: 0.1em;'></div> <text>Thank You!, Accessing Account </text> <script> setTimeout(function () { window.location.href= 'my.php'; // the redirect goes here },5000); // 5 seconds </script>"; } else { header("Location: $BASEURL/my.php"); } ///* end mod login return ?>
https://www.bvlist.com/showthread.php?t=9784
|
That code is not secure. On older versions of PHP a header injection will be possible e.g:
%0DLocation:%20http://google.com/%0D