Temos pavadinimas: WordPress, Shopify ir PHPFusion programuotojų bendruomenė :: Saugumo laipteliu auksciau

Parašė BloodKiller· 2007 Rugp. 4 18:08:57
#1

Is neturejimo ka veikti sugalvojau siokia tokia apsauga PHP-Fusion. Zinoma ne visi ja gales pasinaudoti, bet kas sugebes, tikrai nesigailes. Tai skirta apsaugoti administratoriu vartotojus. :D :D

Redaguojami failai: config.php, maincore.php
Kuriami failai: sesijos_patvirtinimas.php (sis failas turi buti laikomas toje pacioje direktorijoje, kur pagrindiniai failai).

Pirmiausia sukurkime sesijos_patvirtinimas.php faila ir i ji rasykime toki koda.

<?php
include "maincore.php";
include "subheader.php";
include "side_left.php";

dbquery("DELETE FROM ".$db_prefix."vcode WHERE vcode_datestamp < ".time());
if (dbcount("(*)","vcode","") > 10) dbquery("TRUNCATE TABLE ".$db_prefix."vcode");
srand((double)microtime()*1000000);
$temp_num = md5(rand(0,9999));
$vcode_1 = substr($temp_num, 17, 5);
$vcode_2 = md5($vcode_1);
unset($temp_num);

dbquery("INSERT INTO ".$db_prefix."vcode (vcode_datestamp,vcode_1,vcode_2) VALUES ('".(time()+60)."','$vcode_1','$vcode_2');");
opentable("Sesijos patvirtinimas administracijai");
if (!isset($_SESSION['sess_number'])) $_SESSION['sess_number'] = mt_rand(1,30);
if (isset($_POST['get_session'])) {
   if (dbcount("(*)","users","user_password = '".md5($_POST['admin_pass'])."'") == 1) {
      $data = dbarray(dbquery("SELECT * FROM ".$db_prefix."users WHERE user_password = '".md5($_POST['admin_pass'])."'"));
      if ($data['user_level'] > 101) {
         $_SESSION['auth'] = sha1($data['user_password']);
         echo "Autorizacija jungtis <b>".htmlspecialchars($data['user_name'])."</b> vartotojui gauta<br>\n";
      }
   }
}
if (isset($_POST['auth_user']) && dbcount("(*)","vcode","vcode_1 = '".$_POST['kodas']."' AND vcode_2 = '".md5($_POST['kodas'])."'")) {
   if (sha1($sess_pass[($_SESSION['sess_number'])]) == sha1($_POST['sess_pass'])) {
      echo "<form method='post' action='".FUSION_SELF."'>
<table align='center'>
<tr><td>Įveskite bet kurio administratoriaus slaptažodį:</td><td><input type='password' name='admin_pass' class='textbox' style='width:250px;'></td></tr>
<tr><td></td><td><input type='submit' name='get_session' value='Gauti sesiją' class='button'></td></tr>
</table>
</form>\n";
   }
}
echo "<form method='post' action='".FUSION_SELF."'>
<table align='center'>
<tr><td>Sesijos slaptažodis <b>".$_SESSION['sess_number']."</b>:</td><td><input name='sess_pass' class='textbox' style='width:250px;'></td></tr>
<tr><td></td><td><input type='submit' name='auth_user' class='button' value='Patvirtinti savo vartotoją'></td></tr>
<input type='hidden' name='kodas' value='$vcode_1'>
</table>
</form>\n";
closetable();

include "side_right.php";
include "footer.php";
?>




Dabar atsidarykime maincore.php ir po <?php eilute irasykite session_start();. dabar susiraskite...

if (isset($_POST['login'])) {
   $user_pass = md5($_POST['user_pass']);
   $user_name = preg_replace(array("/\=/","/\#/","/\sOR\s/"), "", stripinput($_POST['user_name']));
   $result = dbquery("SELECT * FROM ".$db_prefix."users WHERE user_name='$user_name' AND user_password='$user_pass'");
   if (dbrows($result) != 0) {
      $data = dbarray($result);
      $cookie_value = $data['user_id'].".".$data['user_password'];
      if ($data['user_status'] == 0) {   
         $cookie_exp = isset($_POST['remember_me']) ? time() + 3600*24*30 : time() + 3600*3;
         header("P3P: CP='NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM'");
         setcookie("fusion_user", $cookie_value, $cookie_exp, "/", "", "0");
         redirect(BASEDIR."setuser.php?user=".$data['user_name'], "script");
      } elseif ($data['user_status'] == 1) {
         redirect(BASEDIR."setuser.php?error=1", "script");
      } elseif ($data['user_status'] == 2) {
         redirect(BASEDIR."setuser.php?error=2", "script");
      }
   } else {
      redirect(BASEDIR."setuser.php?error=3");
   }
}




...keiskite i...

if (isset($_POST['login'])) {
   $user_pass = md5($_POST['user_pass']);
   $user_name = preg_replace(array("/\=/","/\#/","/\sOR\s/"), "", stripinput($_POST['user_name']));
   $result = dbquery("SELECT * FROM ".$db_prefix."users WHERE user_name='$user_name' AND user_password='$user_pass'");
   if (dbrows($result) != 0) {
      $data = dbarray($result);
      $cookie_value = $data['user_id'].".".$data['user_password'];
      if ($data['user_status'] == 0) {
         if ($data['user_level'] > 101) {
            if (isset($_SESSION['auth'])) {
               if (sha1($data['user_password']) == $_SESSION['auth']) {
                  $cookie_exp = isset($_POST['remember_me']) ? time() + 3600*24*30 : time() + 3600*3;
                  header("P3P: CP='NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM'");
                  setcookie("fusion_user", $cookie_value, $cookie_exp, "/", "", "0");
                  redirect(BASEDIR."setuser.php?user=".$data['user_name'], "script");
               } else {
                  redirect(BASEDIR."setuser.php?error=3");
               }
            } else {
               redirect(BASEDIR."setuser.php?error=3");
            }
         } else {
            $cookie_exp = isset($_POST['remember_me']) ? time() + 3600*24*30 : time() + 3600*3;
            header("P3P: CP='NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM'");
            setcookie("fusion_user", $cookie_value, $cookie_exp, "/", "", "0");
            redirect(BASEDIR."setuser.php?user=".$data['user_name'], "script");
         }
      } elseif ($data['user_status'] == 1) {
         redirect(BASEDIR."setuser.php?error=1", "script");
      } elseif ($data['user_status'] == 2) {
         redirect(BASEDIR."setuser.php?error=2", "script");
      }
   } else {
      redirect(BASEDIR."setuser.php?error=3");
   }
}






Ieskokite...

if (isset($_COOKIE['fusion_user'])) {
   $cookie_vars = explode(".", $_COOKIE['fusion_user']);
   $cookie_1 = isNum($cookie_vars['0']) ? $cookie_vars['0'] : "0";
   $cookie_2 = (preg_match("/^[0-9a-z]{32}$/", $cookie_vars['1']) ? $cookie_vars['1'] : "");
   $result = dbquery("SELECT * FROM ".$db_prefix."users WHERE user_id='$cookie_1' AND user_password='$cookie_2'");
   unset($cookie_vars,$cookie_1,$cookie_2);
   if (dbrows($result) != 0) {
      $userdata = dbarray($result);
      if ($userdata['user_status'] == 0) {
         if ($userdata['user_theme'] != "Default" && file_exists(THEMES.$userdata['user_theme']."/theme.php")) {
            define("THEME", THEMES.$userdata['user_theme']."/");
         } else {
            define("THEME", THEMES.$settings['theme']."/");
         }
         if ($userdata['user_offset'] <> 0) {
            $settings['timeoffset'] = $settings['timeoffset'] + $userdata['user_offset'];
         }
         if (empty($_COOKIE['fusion_lastvisit'])) {
            setcookie("fusion_lastvisit", $userdata['user_lastvisit'], time() + 3600, "/", "", "0");
            $lastvisited = $userdata['user_lastvisit'];
         } else {
            $lastvisited = $_COOKIE['fusion_lastvisit'];
         }
      } else {
         header("P3P: CP='NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM'");
         setcookie("fusion_user", "", time() - 7200, "/", "", "0");
         setcookie("fusion_lastvisit", "", time() - 7200, "/", "", "0");
         redirect(BASEDIR."index.php", "script");
      }
   } else {
      header("P3P: CP='NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM'");
      setcookie("fusion_user", "", time() - 7200, "/", "", "0");
      setcookie("fusion_lastvisit", "", time() - 7200, "/", "", "0");
      redirect(BASEDIR."index.php", "script");
   }
} else {
   define("THEME", THEMES.$settings['theme']."/");
   $userdata = "";   $userdata['user_level'] = 0; $userdata['user_rights'] = ""; $userdata['user_groups'] = "";
}




...keiskite i...

if (isset($_COOKIE['fusion_user'])) {
   $cookie_vars = explode(".", $_COOKIE['fusion_user']);
   $cookie_1 = isNum($cookie_vars['0']) ? $cookie_vars['0'] : "0";
   $cookie_2 = (preg_match("/^[0-9a-z]{32}$/", $cookie_vars['1']) ? $cookie_vars['1'] : "");
   $result = dbquery("SELECT * FROM ".$db_prefix."users WHERE user_id='$cookie_1' AND user_password='$cookie_2'");
   unset($cookie_vars,$cookie_1,$cookie_2);
   if (dbrows($result) != 0) {
      $userdata = dbarray($result);
      if ($userdata['user_status'] == 0) {
         if ($userdata['user_level'] > 101) {
             if (sha1($userdata['user_password']) != $_SESSION['auth']) {
               header("P3P: CP='NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM'");
               setcookie("fusion_user", "", time() - 7200, "/", "", "0");
               setcookie("fusion_lastvisit", "", time() - 7200, "/", "", "0");
               redirect(BASEDIR."index.php", "script");
            }
         }
         if ($userdata['user_theme'] != "Default" && file_exists(THEMES.$userdata['user_theme']."/theme.php")) {
            define("THEME", THEMES.$userdata['user_theme']."/");
         } else {
            define("THEME", THEMES.$settings['theme']."/");
         }
         if ($userdata['user_offset'] <> 0) {
            $settings['timeoffset'] = $settings['timeoffset'] + $userdata['user_offset'];
         }
         if (empty($_COOKIE['fusion_lastvisit'])) {
            setcookie("fusion_lastvisit", $userdata['user_lastvisit'], time() + 3600, "/", "", "0");
            $lastvisited = $userdata['user_lastvisit'];
         } else {
            $lastvisited = $_COOKIE['fusion_lastvisit'];
         }
      } else {
         header("P3P: CP='NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM'");
         setcookie("fusion_user", "", time() - 7200, "/", "", "0");
         setcookie("fusion_lastvisit", "", time() - 7200, "/", "", "0");
         redirect(BASEDIR."index.php", "script");
      }
   } else {
      header("P3P: CP='NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM'");
      setcookie("fusion_user", "", time() - 7200, "/", "", "0");
      setcookie("fusion_lastvisit", "", time() - 7200, "/", "", "0");
      redirect(BASEDIR."index.php", "script");
   }
} else {
   define("THEME", THEMES.$settings['theme']."/");
   $userdata = "";   $userdata['user_level'] = 0; $userdata['user_rights'] = ""; $userdata['user_groups'] = "";
}




Nu va, 2 trecdaliai darbo jau atlikta. dabar atsidarykite config.php faila ir irasykite stai toki koda...

$sess_pass = array(
   1 => "873d2aad2f88378495",
   "82abd10aa0e127a",
   "9e03af998fcbf8e9fb2239ad1a6",
   "bdcdfbef42a632b498a",
   "3bc61d71b9a6fcf2cd70adae8645ce",
   "65f4debf4c0ca223b970",
   "dbb3d4926171df04272470279f191b95ddd",
   "b75641f96a7945ca93277c716b4c",
   "ca99ce3e3de8ecd5489a7f931410",
   "1f4b6042c9462fa",
   "e8b8ad049f4db4a0f9a19c0f00f1",
   "938ef80e221e5f6f24a8c9d440d1",
   "2f7b5d2f166d43fef05c89467b4b4b5",
   "7c8a7111990bdf8af36a6d7c21a9584181",
   "c403c40c683c3f2c9f64d32385a59c4aca177",
   "27c44675eef89d87a67a2db8881b2e48c4b1",
   "88498ca98a5d2f93bf0294",
   "8a586eefcd4153ed3d85adbc",
   "22b7eca41574532b3f3036031f2f57e9a33a",
   "3ff80086181fdf06435645333edff4",
   "c3169f09d228de96736f8c",
   "0216f3e35f5587b7c68",
   "9f5de4a5f7481fae010103dc5",
   "1e823101cfdd0ff6cc9e149c393f026",
   "ccb39a50ee77a6619529660195d1e8025",
   "06b9c62d9179bad1c52d712c",
   "19cc6020b94f8a15f9f2ed7b542",
   "a32ff2b5a02bc080f6a44d024ffb4d8",
   "d1ead03cfa66a81bd32bab8567",
   "75e0ee77bd97b01e0eabed566b2150d04"
);




Tas kas nuspalvinta raudonai, butinai keiskite, nes kitu atveju si apsauga nebus veiksminga.

P.S. Rytoj galbut pristatysiu dar viena naudinga apsauga nuo bruteforce ataku.

Redagavo BloodKiller· 2007 Rugp. 4 20:08:38

Parašė becik· 2007 Rugp. 4 18:08:45
#2

geras bet tingiu rasyt

Parašė MAnjack· 2007 Rugp. 4 18:08:18
#3

Aš pasidarysiu :) Šauniai padirbėjai ;)

Parašė Rytis· 2007 Rugp. 4 18:08:32
#4

Šaunu, gal į straipsnius?

Parašė Demonas· 2007 Rugp. 4 18:08:54
#5

gerai sugalvota;) pasinaudosiu butinai :)

Parašė BloodKiller· 2007 Rugp. 4 18:08:05
#6

rtz parašė:
Šaunu, gal į straipsnius?


Galima. :)

Parašė kiskiss· 2007 Rugp. 4 19:08:01
#7

Mldc blood ;) taip ir toliau

Parašė souL· 2007 Rugp. 4 19:08:53
#8

o kur raudonai nuspalvinta as biski nesupratau i ka keisti ? ?|

Parašė MAnjack· 2007 Rugp. 4 19:08:28
#9

į ką nori, ten tavo slaptažodžiai kaip supratau :)

Parašė Qrmiz· 2007 Rugp. 4 20:08:47
#10

Padariau viską pagal nurodymus, bet man neveikia. Bandau prisijungti su savo login ir pass, bet visada rašo, kad neteisingas slaptažodis

Parašė Lordcraft· 2007 Rugp. 4 22:08:56
#11

o rimciau ten kur tas raudonas ten irgi turi buti tokie 9e03af998fcbf8e9fb2239ad1a6 kodai? neuztektu jai as pakeisciau pora skaitmenu ar jie issivercia ir reishkia kokius tai zodzius?

Parašė N3PST3R· 2007 Rugp. 4 23:08:46
#12

Lordcraft parašė:
o rimciau ten kur tas raudonas ten irgi turi buti tokie 9e03af998fcbf8e9fb2239ad1a6 kodai? neuztektu jai as pakeisciau pora skaitmenu ar jie issivercia ir reishkia kokius tai zodzius?


Iskodavau ten parasyta "lordcraft idiotas"

keisk i md5("lordcraft debilas");

Parašė MAnjack· 2007 Rugp. 7 14:08:46
#13

Man irgi būna tas pats kaip ir Qrmiui.:|

Redagavo Toonis· 2007 Rugp. 7 14:08:55

Parašė DvB· 2007 Rugs. 30 09:09:53
#14

Qrmiz parašė:
Padariau viską pagal nurodymus, bet man neveikia. Bandau prisijungti su savo login ir pass, bet visada rašo, kad neteisingas slaptažodis


Man ir tas pats :[

Parašė newlifeboy· 2007 Rugs. 30 10:09:43
#15

nedaeina man su tais skaiciais i ka keist :|

Parašė Fanio· 2007 Rugs. 30 22:09:53
#16

Reiks išbandyt, bet manau turėtu veikt.

Parašė Rasmitas· 2007 Spa. 27 11:10:46
#17

Man irgi tas pats, negaliu uzeit ...

Parašė GangStah· 2007 Spa. 27 12:10:36
#18

tai gal bandykit vesti tuos paswordus kur vietoi raudonu tada gal injunks as pabandysiu :)