Yeah, I've fixed a lot of exploits in it.
To the one that coded it:
It's really noobish, I'm sorry. Some places it selects everything from the database and then count the number of results. That's a fucking load for a simple number. Just select the AID only, that should be enough.
Also, a COOKIE can be edited and a SESSION can be spoofed. So at both ways we'll need to apply the antisql function.
About the antisql function, it was copy/pasted from the web, but you forgot the UPDATE and the WHERE. Both SQL commands can be used together in a malicious way.
Let's hope you're doing better after >.>.
P.S. It's also required to add a check that checks if both SESSION['UserID'] and SESSION['Password'] are actually matching. Spoofing, remind?
Also, things like:
Should be:PHP Code:$hash = rand(10000,60000);
$hash = md5($hash);
//Oopsie.
$user = antisql($_SESSION['UserID']);
$ip = $_SERVER['REMOTE_ADDR'];
mssql_query("INSERT INTO SessionHash ([HashString], [User], [IP], [Used])VALUES('$hash','$user', '$ip', '0')");
For the username/password check use the following code (Copied from the GunZ CMS I'm working on):PHP Code:$hash = rand(10000,60000);
$hash = md5($hash);
mssql_query("INSERT INTO SessionHash (HashString, User, IP, Used)VALUES('$hash','" . antisql($_SESSION['UserID']) . "', '" . $_SERVER['REMOTE_ADDR'] . "', '0')");
Same for the sessions, session_destroy is good enough, no need to destroy every single SESSION.PHP Code://Let's have a look at the SESSIONS and kill some people if needed.
//Note that this is extra secutity.
if (isset($_SESSION['UserID']) || isset($_SESSION['Password']))
{
$query = odbc_exec($connect,"SELECT AID FROM Login WHERE UserID = '" . antisql($_SESSION['UserID']) . "' AND Password = '" . antisql($_SESSION['Password']) . "'");
$count = num_rows($query);
//If some weird guy got a SESSION spoofed.
if ($count == 0)
{
session_destroy();
gtfo("That was funny. Sessions cleared though <3.");
}
}
This fix only includes a fixed antisql function and the antisql function used over each SESSION and the COOKIE check. Any other bugs or parts of bad coding are NOT fixed. You'll need to do it yourself or just switch back to a simple regpage.
Also, it's true that I'm working on a GunZ CMS that'll have the following features:
1) Great layout (Griever FTW?)
2) Itemshop. You create sets and add any ItemID's with it.
3) AdminCP.
4) UserCP.
5) ClanCP.
And more. The good news is also that it's going to be written with the connectiontype ODBC, with almost each line commented so you can learn a bit of PHP.
Please note that you can't expect any release date, if I even have the time to finish it.
Downloadlinks: (Attachments are great, as long as they allow files bigger than 1 Mb)
http://rapidshare.de/files/41001131/..._MPOG.rar.html
http://www.megaupload.com/?d=KZCYIS8H
There's no need to cry about the mirrors. If you do, you can cry about everything.
