NO LOGIN Required

New Member Joined: Sep 15, 2009 Posts: 5

Afternoon all,

I hope this is in the right spot to get some feedback or advice on. I did try searching for an answer but found none. If this is not in the proper area, could I please request it to be moved to the proper area.

I have a site that was built with some nuke modules, CMS etc. I do not have an actual admin panel to control things with the way the site was made up.

I wish to NO LONGER require a LOGIN to use and access the tools created by me.
[ Only registered users can see links on this board! Get registered or login! ]

Problem:

How can I make this so through code edits, since I have no "persay" control panel.

It seems when clicking on any of the tools, it first takes you to and through the "modules.php and checks for "login". Then it directs you either to login or to the appropriate chosen module.

I would like it to be seen as everyone is logged in or NO LOGIN is required.

Could someone look at this modules.php code and tell me if my answer is in there anywhere's, for I keep trying to edit bits and pieces out but am getting no where's

Thanks for any asistance in trying to resolve this Wink

Code:

<?php


include("header.php");


global $config, $account, $security, $theme, $sql, $content;


if($account->logged_in || ($security->get['mod'] == "bans" && substr($security->get['function'],0,5) == "mbldl") || $security->get['mod'] == "register")


{


   include("includes/classes/class_account_module.php");


   if(!isset($security->get['mod']))


   {


      header("Location: index.php");


      die();


   }


   else if(file_exists("modules/".$security->get['mod'].".php"))


   {


      $thisMod = new AccountMod("modules/".$security->get['mod'].".php", $account->user_data['access']);


      $theme->page_title = $thisMod->Name;


      if($thisMod->AccessLevel <= $account->user_data['access'])


      {


         Main($security->get['function']);


      }


      else


      {


         $theme->_CenterBlock("<center>You do not have permission to access this module.</center>");


      }


   }


   else


   {


      $sql->Query("SELECT * FROM `modules` WHERE `module_id` = '".$security->get['mod']."' LIMIT 0,1");


      if($sql->NumRows())


      {


         $result = $sql->FetchRow();


         $theme->page_title = $result['module_name'];


         $theme->_CenterBlock("<center>".stripslashes($result['module_html'])."</center>");


      }


      else


      {


         header("Location: index.php");


         die();


      }


   }


}


else


{


   header("Location: account.php");


   die();


}


$theme->_Header();


include("footer.php");


?>

I tried removing this snippett

Code:

else


{


   header("Location: account.php");


   die();


}

And that stops the redirecting to the account/login page, AND sets the addy to what/where it should be going, but its just not going their. My guess is there is still some code within the modules.php that is still stopping it.
[ Only registered users can see links on this board! Get registered or login! ]

Question

Posted: Tue Sep 15, 2009 9:47 am

I think it might be more productive to talk to whoever set this up. The program is accessing a whole bunch of stuff that we don't have access to nor time to diagnose if we did. Looking quickly at the program it looks to me like you should be able to take the whole section starting with "if($account->logged_in ... " But I don't know what you are passing in that $theme variable to the Header() function at the bottom. Probably could just hard code that to pass the name of theme and bypass the security checking entirely.

Posted: Tue Sep 15, 2009 9:57 am

Unfortunately that party is no where to be found or I would have definately gone that route.

That's what I am hoping to do, bypass the checkin/requirement for user to be logged, and instead forward them directly to the mod. I am just stumped atm on what to edit and or add to get the proper result.

As I stated I removed a small snippet and it stopped redirecting to the account.php/LOGIN page, but still wont load the specific mod as it still seems to be looking for something.

Can I ask for some tries at what to take out or add, that I would gladly implement to see if it works.

What else could I offer to make this more feasible to resolve by 3rd party coders.?

Thanks Question

Involved Joined: Jul 03, 2006 Posts: 273

I am sort of stabbing in the dark here without looking fully into your code but I would try adding the following lines to the top of that file and see if it works

Code:

$account->logged_in = true;


$account->user_data['access'] = 2;

Or you could try 1 first

I would place em right before

Code:

if($account->logged_in || ($security->get['mod'] == "bans" && substr($security->get['function'],0,5) == "mbldl") || $security->get['mod'] == "register")

But be forewarned I have no idea what vulnerabilities this will open up to any admin sections you may have but as you say you don't seem to have any.

Posted: Tue Sep 15, 2009 10:15 am

I have no admin sections persay, as I think this site is pieced together

I will try and report back

Thanks

Posted: Tue Sep 15, 2009 10:38 am

When those edits are made, it gives and error referring to line #20 of the modules.php

Code:

$account->logged_in = true;


$account->user_data['access'] = 2;


if($account->logged_in || ($security->get['mod'] == "bans" && substr($security->get['function'],0,5) == "mbldl") || $security->get['mod'] == "register")

gives me..

Quote:

Fatal error: Call to undefined function Main() in /home/content/a/i/r/airborne1223/html/repo/modules.php on line 20

line#20

Code:

 if($thisMod->AccessLevel <= $account->user_data['access'])

Posted: Tue Sep 15, 2009 11:04 am

if you wanna send FTP details to WhomKnows((AT))gmail((DOT))com

I can take a quick look for you. I imagine this wont take that long to rectify.

Posted: Tue Sep 15, 2009 11:11 am

sent via email

Thanks for any assistance