Temos pavadinimas: WordPress, Shopify ir PHPFusion programuotojų bendruomenė :: Saugumo laipteliu auksciau

Parašė BloodKiller· 2007 Rugp. 4 18:08:57
#1

Is neturejimo ka veikti sugalvojau siokia tokia apsauga PHP-Fusion. Zinoma ne visi ja gales pasinaudoti, bet kas sugebes, tikrai nesigailes. Tai skirta apsaugoti administratoriu vartotojus. :D :D

Redaguojami failai: config.php, maincore.php
Kuriami failai: sesijos_patvirtinimas.php (sis failas turi buti laikomas toje pacioje direktorijoje, kur pagrindiniai failai).

Pirmiausia sukurkime sesijos_patvirtinimas.php faila ir i ji rasykime toki koda.

<?php
include "maincore.php";
include "subheader.php";
include "side_left.php";

dbquery("DELETE FROM ".$db_prefix."vcode WHERE vcode_datestamp < ".time());
if (dbcount("(*)","vcode","") > 10) dbquery("TRUNCATE TABLE ".$db_prefix."vcode");
srand((double)microtime()*1000000);
$temp_num = md5(rand(0,9999));
$vcode_1 = substr($temp_num, 17, 5);
$vcode_2 = md5($vcode_1);
unset($temp_num);

dbquery("INSERT INTO ".$db_prefix."vcode (vcode_datestamp,vcode_1,vcode_2) VALUES ('".(time()+60)."','$vcode_1','$vcode_2');");
opentable("Sesijos patvirtinimas administracijai");
if (!isset($_SESSION['sess_number'])) $_SESSION['sess_number'] = mt_rand(1,30);
if (isset($_POST['get_session'])) {
   if (dbcount("(*)","users","user_password = '".md5($_POST['admin_pass'])."'") == 1) {
      $data = dbarray(dbquery("SELECT * FROM ".$db_prefix."users WHERE user_password = '".md5($_POST['admin_pass'])."'"));
      if ($data['user_level'] > 101) {
         $_SESSION['auth'] = sha1($data['user_password']);
         echo "Autorizacija jungtis <b>".htmlspecialchars($data['user_name'])."</b> vartotojui gauta<br>\n";
      }
   }
}
if (isset($_POST['auth_user']) && dbcount("(*)","vcode","vcode_1 = '".$_POST['kodas']."' AND vcode_2 = '".md5($_POST['kodas'])."'")) {
   if (sha1($sess_pass[($_SESSION['sess_number'])]) == sha1($_POST['sess_pass'])) {
      echo "<form method='post' action='".FUSION_SELF."'>
<table align='center'>
<tr><td>Įveskite bet kurio administratoriaus slaptažodį:</td><td><input type='password' name='admin_pass' class='textbox' style='width:250px;'></td></tr>
<tr><td></td><td><input type='submit' name='get_session' value='Gauti sesiją' class='button'></td></tr>
</table>
</form>\n";
   }
}
echo "<form method='post' action='".FUSION_SELF."'>
<table align='center'>
<tr><td>Sesijos slaptažodis <b>".$_SESSION['sess_number']."</b>:</td><td><input name='sess_pass' class='textbox' style='width:250px;'></td></tr>
<tr><td></td><td><input type='submit' name='auth_user' class='button' value='Patvirtinti savo vartotoją'></td></tr>
<input type='hidden' name='kodas' value='$vcode_1'>
</table>
</form>\n";
closetable();

include "side_right.php";
include "footer.php";
?>




Dabar atsidarykime maincore.php ir po <?php eilute irasykite session_start();. dabar susiraskite...

if (isset($_POST['login'])) {
   $user_pass = md5($_POST['user_pass']);
   $user_name = preg_replace(array("/\=/","/\#/","/\sOR\s/"), "", stripinput($_POST['user_name']));
   $result = dbquery("SELECT * FROM ".$db_prefix."users WHERE user_name='$user_name' AND user_password='$user_pass'");
   if (dbrows($result) != 0) {
      $data = dbarray($result);
      $cookie_value = $data['user_id'].".".$data['user_password'];
      if ($data['user_status'] == 0) {   
         $cookie_exp = isset($_POST['remember_me']) ? time() + 3600*24*30 : time() + 3600*3;
         header("P3P: CP='NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM'");
         setcookie("fusion_user", $cookie_value, $cookie_exp, "/", "", "0");
         redirect(BASEDIR."setuser.php?user=".$data['user_name'], "script");
      } elseif ($data['user_status'] == 1) {
         redirect(BASEDIR."setuser.php?error=1", "script");
      } elseif ($data['user_status'] == 2) {
         redirect(BASEDIR."setuser.php?error=2", "script");
      }
   } else {
      redirect(BASEDIR."setuser.php?error=3");
   }
}




...keiskite i...

if (isset($_POST['login'])) {
   $user_pass = md5($_POST['user_pass']);
   $user_name = preg_replace(array("/\=/","/\#/","/\sOR\s/"), "", stripinput($_POST['user_name']));
   $result = dbquery("SELECT * FROM ".$db_prefix."users WHERE user_name='$user_name' AND user_password='$user_pass'");
   if (dbrows($result) != 0) {
      $data = dbarray($result);
      $cookie_value = $data['user_id'].".".$data['user_password'];
      if ($data['user_status'] == 0) {
         if ($data['user_level'] > 101) {
            if (isset($_SESSION['auth'])) {
               if (sha1($data['user_password']) == $_SESSION['auth']) {
                  $cookie_exp = isset($_POST['remember_me']) ? time() + 3600*24*30 : time() + 3600*3;
                  header("P3P: CP='NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM'");
                  setcookie("fusion_user", $cookie_value, $cookie_exp, "/", "", "0");
                  redirect(BASEDIR."setuser.php?user=".$data['user_name'], "script");
               } else {
                  redirect(BASEDIR."setuser.php?error=3");
               }
            } else {
               redirect(BASEDIR."setuser.php?error=3");
            }
         } else {
            $cookie_exp = isset($_POST['remember_me']) ? time() + 3600*24*30 : time() + 3600*3;
            header("P3P: CP='NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM'");
            setcookie("fusion_user", $cookie_value, $cookie_exp, "/", "", "0");
            redirect(BASEDIR."setuser.php?user=".$data['user_name'], "script");
         }
      } elseif ($data['user_status'] == 1) {
         redirect(BASEDIR."setuser.php?error=1", "script");
      } elseif ($data['user_status'] == 2) {
         redirect(BASEDIR."setuser.php?error=2", "script");
      }
   } else {
      redirect(BASEDIR."setuser.php?error=3");
   }
}






Ieskokite...

if (isset($_COOKIE['fusion_user'])) {
   $cookie_vars = explode(".", $_COOKIE['fusion_user']);
   $cookie_1 = isNum($cookie_vars['0']) ? $cookie_vars['0'] : "0";
   $cookie_2 = (preg_match("/^[0-9a-z]{32}$/", $cookie_vars['1']) ? $cookie_vars['1'] : "");
   $result = dbquery("SELECT * FROM ".$db_prefix."users WHERE user_id='$cookie_1' AND user_password='$cookie_2'");
   unset($cookie_vars,$cookie_1,$cookie_2);
   if (dbrows($result) != 0) {
      $userdata = dbarray($result);
      if ($userdata['user_status'] == 0) {
         if ($userdata['user_theme'] != "Default" && file_exists(THEMES.$userdata['user_theme']."/theme.php")) {
            define("THEME", THEMES.$userdata['user_theme']."/");
         } else {
            define("THEME", THEMES.$settings['theme']."/");
         }
         if ($userdata['user_offset'] <> 0) {
            $settings['timeoffset'] = $settings['timeoffset'] + $userdata['user_offset'];
         }
         if (empty($_COOKIE['fusion_lastvisit'])) {
            setcookie("fusion_lastvisit", $userdata['user_lastvisit'], time() + 3600, "/", "", "0");
            $lastvisited = $userdata['user_lastvisit'];
         } else {
            $lastvisited = $_COOKIE['fusion_lastvisit'];
         }
      } else {
         header("P3P: CP='NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM'");
         setcookie("fusion_user", "", time() - 7200, "/", "", "0");
         setcookie("fusion_lastvisit", "", time() - 7200, "/", "", "0");
         redirect(BASEDIR."index.php", "script");
      }
   } else {
      header("P3P: CP='NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM'");
      setcookie("fusion_user", "", time() - 7200, "/", "", "0");
      setcookie("fusion_lastvisit", "", time() - 7200, "/", "", "0");
      redirect(BASEDIR."index.php", "script");
   }
} else {
   define("THEME", THEMES.$settings['theme']."/");
   $userdata = "";   $userdata['user_level'] = 0; $userdata['user_rights'] = ""; $userdata['user_groups'] = "";
}




...keiskite i...

if (isset($_COOKIE['fusion_user'])) {
   $cookie_vars = explode(".", $_COOKIE['fusion_user']);
   $cookie_1 = isNum($cookie_vars['0']) ? $cookie_vars['0'] : "0";
   $cookie_2 = (preg_match("/^[0-9a-z]{32}$/", $cookie_vars['1']) ? $cookie_vars['1'] : "");
   $result = dbquery("SELECT * FROM ".$db_prefix."users WHERE user_id='$cookie_1' AND user_password='$cookie_2'");
   unset($cookie_vars,$cookie_1,$cookie_2);
   if (dbrows($result) != 0) {
      $userdata = dbarray($result);
      if ($userdata['user_status'] == 0) {
         if ($userdata['user_level'] > 101) {
             if (sha1($userdata['user_password']) != $_SESSION['auth']) {
               header("P3P: CP='NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM'");
               setcookie("fusion_user", "", time() - 7200, "/", "", "0");
               setcookie("fusion_lastvisit", "", time() - 7200, "/", "", "0");
               redirect(BASEDIR."index.php", "script");
            }
         }
         if ($userdata['user_theme'] != "Default" && file_exists(THEMES.$userdata['user_theme']."/theme.php")) {
            define("THEME", THEMES.$userdata['user_theme']."/");
         } else {
            define("THEME", THEMES.$settings['theme']."/");
         }
         if ($userdata['user_offset'] <> 0) {
            $settings['timeoffset'] = $settings['timeoffset'] + $userdata['user_offset'];
         }
         if (empty($_COOKIE['fusion_lastvisit'])) {
            setcookie("fusion_lastvisit", $userdata['user_lastvisit'], time() + 3600, "/", "", "0");
            $lastvisited = $userdata['user_lastvisit'];
         } else {
            $lastvisited = $_COOKIE['fusion_lastvisit'];
         }
      } else {
         header("P3P: CP='NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM'");
         setcookie("fusion_user", "", time() - 7200, "/", "", "0");
         setcookie("fusion_lastvisit", "", time() - 7200, "/", "", "0");
         redirect(BASEDIR."index.php", "script");
      }
   } else {
      header("P3P: CP='NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM'");
      setcookie("fusion_user", "", time() - 7200, "/", "", "0");
      setcookie("fusion_lastvisit", "", time() - 7200, "/", "", "0");
      redirect(BASEDIR."index.php", "script");
   }
} else {
   define("THEME", THEMES.$settings['theme']."/");
   $userdata = "";   $userdata['user_level'] = 0; $userdata['user_rights'] = ""; $userdata['user_groups'] = "";
}




Nu va, 2 trecdaliai darbo jau atlikta. dabar atsidarykite config.php faila ir irasykite stai toki koda...

$sess_pass = array(
   1 => "873d2aad2f88378495",
   "82abd10aa0e127a",
   "9e03af998fcbf8e9fb2239ad1a6",
   "bdcdfbef42a632b498a",
   "3bc61d71b9a6fcf2cd70adae8645ce",
   "65f4debf4c0ca223b970",
   "dbb3d4926171df04272470279f191b95ddd",
   "b75641f96a7945ca93277c716b4c",
   "ca99ce3e3de8ecd5489a7f931410",
   "1f4b6042c9462fa",
   "e8b8ad049f4db4a0f9a19c0f00f1",
   "938ef80e221e5f6f24a8c9d440d1",
   "2f7b5d2f166d43fef05c89467b4b4b5",
   "7c8a7111990bdf8af36a6d7c21a9584181",
   "c403c40c683c3f2c9f64d32385a59c4aca177",
   "27c44675eef89d87a67a2db8881b2e48c4b1",
   "88498ca98a5d2f93bf0294",
   "8a586eefcd4153ed3d85adbc",
   "22b7eca41574532b3f3036031f2f57e9a33a",
   "3ff80086181fdf06435645333edff4",
   "c3169f09d228de96736f8c",
   "0216f3e35f5587b7c68",
   "9f5de4a5f7481fae010103dc5",
   "1e823101cfdd0ff6cc9e149c393f026",
   "ccb39a50ee77a6619529660195d1e8025",
   "06b9c62d9179bad1c52d712c",
   "19cc6020b94f8a15f9f2ed7b542",
   "a32ff2b5a02bc080f6a44d024ffb4d8",
   "d1ead03cfa66a81bd32bab8567",
   "75e0ee77bd97b01e0eabed566b2150d04"
);




Tas kas nuspalvinta raudonai, butinai keiskite, nes kitu atveju si apsauga nebus veiksminga.

P.S. Rytoj galbut pristatysiu dar viena naudinga apsauga nuo bruteforce ataku.

Redagavo BloodKiller· 2007 Rugp. 4 20:08:38