Ravens PHP Scripts: Forums
 

 

View next topic
View previous topic
Post new topic   Reply to topic    Ravens PHP Scripts And Web Hosting Forum Index -> Security - PHP Nuke
Author Message
blith
Client


Joined: Jul 18, 2003
Posts: 977

PostPosted: Fri Nov 19, 2004 11:20 am Reply with quote

This is at the beginning and I want to be sure it is secure. admin.php:
Code:


require_once("mainfile.php");
//$checkurl = $_SERVER['REQUEST_URI'];
//if((stripos_clone($_SERVER["QUERY_STRING"],'AddAuthor')) || (stripos_clone($_SERVER["QUERY_STRING"],'UpdateAuthor')) || (preg_match("/\?admin/", "$checkurl")) || (preg_match("/\&admin/", "$checkurl"))) {
//die("Illegal Operation");
//}
get_lang(admin);

function create_first($name, $url, $email, $pwd, $user_new) {
    global $prefix, $db, $user_prefix;
    $first = $db->sql_numrows($db->sql_query("SELECT * FROM ".$prefix."_authors"));
    if ($first == 0) {
   $pwd = md5($pwd);
   $the_adm = "God";
   $db->sql_query("INSERT INTO ".$prefix."_authors VALUES ('$name', '$the_adm', '$url', '$email', '$pwd', '0', '0', '0', '0', '0', '0', '0', '0', '0', '0', '0', '0', '0', '1', '')");
   if ($user_new == 1) {
       $user_regdate = date("M d, Y");
       $user_avatar = "gallery/blank.gif";
       $commentlimit = 4096;
       if ($url == "http://") { $url = ""; }
            $db->sql_query("INSERT INTO ".$user_prefix."_users (user_id, username, user_email, user_website, user_avatar, user_regdate, user_password, theme, commentmax, user_level, user_lang, user_dateformat) VALUES (NULL,'$name','$email','$url','$user_avatar','$user_regdate','$pwd','$Default_Theme','$commentlimit', '2', 'english','D M d, Y g:i a')");
   }
   login();
    }
}

$the_first = $db->sql_numrows($db->sql_query("SELECT * FROM ".$prefix."_authors"));
if ($the_first == 0) {
    if (!$name) {
    include("header.php");
    title("$sitename: "._ADMINISTRATION."");
    OpenTable();
    echo "<center><b>"._NOADMINYET."</b></center><br><br>"
   ."<form action=\"admin.php\" method=\"post\">"
   ."<table border=\"0\">"
   ."<tr><td><b>"._NICKNAME.":</b></td><td><input type=\"text\" name=\"name\" size=\"30\" maxlength=\"25\"></td></tr>"
   ."<tr><td><b>"._HOMEPAGE.":</b></td><td><input type=\"text\" name=\"url\" size=\"30\" maxlength=\"255\" value=\"http://\"></td></tr>"
   ."<tr><td><b>"._EMAIL.":</b></td><td><input type=\"text\" name=\"email\" size=\"30\" maxlength=\"255\"></td></tr>"
   ."<tr><td><b>"._PASSWORD.":</b></td><td><input type=\"password\" name=\"pwd\" size=\"11\" maxlength=\"10\"></td></tr>"
   ."<tr><td colspan=\"2\">"._CREATEUSERDATA."  <input type=\"radio\" name=\"user_new\" value=\"1\" checked>"._YES."&nbsp;&nbsp;<input type=\"radio\" name=\"user_new\" value=\"0\">"._NO."</td></tr>"
   ."<tr><td><input type=\"hidden\" name=\"fop\" value=\"create_first\">"
   ."<input type=\"submit\" value=\""._SUBMIT."\">"
   ."</td></tr></table></form>";
    CloseTable();
    include("footer.php");
    }
    switch($fop) {
   case "create_first":
   create_first($name, $url, $email, $pwd, $user_new);
   break;
    }
    die();
}

require("auth.php");

if(!isset($op)) { $op = "adminMain"; }
$pagetitle = "- "._ADMINMENU."";
 
View user's profile Send private message Visit poster's website
Raven
Site Admin/Owner


Joined: Aug 27, 2002
Posts: 17077

PostPosted: Fri Nov 19, 2004 11:28 am Reply with quote

If you only commented what I told you, everything is fine. This looks fine.
 
View user's profile Send private message
blith
PostPosted: Fri Nov 19, 2004 11:39 am Reply with quote

I did but it differs so much from my other admin.php I am not sure which one is right.. Thanks.
 
Display posts from previous:       
Post new topic   Reply to topic    Ravens PHP Scripts And Web Hosting Forum Index -> Security - PHP Nuke

View next topic
View previous topic
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You can attach files in this forum
You can download files in this forum


Powered by phpBB © 2001-2007 phpBB Group
All times are GMT - 6 Hours
 
Forums ©