Ravens PHP Scripts: Forums
 

 

View next topic
View previous topic
Post new topic   Reply to topic    Ravens PHP Scripts And Web Hosting Forum Index -> Modules
Author Message
airborne
New Member
New Member


Joined: Sep 15, 2009
Posts: 5

PostPosted: Tue Sep 15, 2009 9:03 am Reply with quote

Afternoon all,

I hope this is in the right spot to get some feedback or advice on. I did try searching for an answer but found none. If this is not in the proper area, could I please request it to be moved to the proper area.

I have a site that was built with some nuke modules, CMS etc. I do not have an actual admin panel to control things with the way the site was made up.

I wish to NO LONGER require a LOGIN to use and access the tools created by me.
Only registered users can see links on this board! Get registered or login!

Problem:

How can I make this so through code edits, since I have no "persay" control panel.

It seems when clicking on any of the tools, it first takes you to and through the "modules.php and checks for "login". Then it directs you either to login or to the appropriate chosen module.

I would like it to be seen as everyone is logged in or NO LOGIN is required.

Could someone look at this modules.php code and tell me if my answer is in there anywhere's, for I keep trying to edit bits and pieces out but am getting no where's

Thanks for any asistance in trying to resolve this Wink


Code:
<?php

include("header.php");
global $config, $account, $security, $theme, $sql, $content;
if($account->logged_in || ($security->get['mod'] == "bans" && substr($security->get['function'],0,5) == "mbldl") || $security->get['mod'] == "register")
{
   include("includes/classes/class_account_module.php");
   if(!isset($security->get['mod']))
   {
      header("Location: index.php");
      die();
   }
   else if(file_exists("modules/".$security->get['mod'].".php"))
   {
      $thisMod = new AccountMod("modules/".$security->get['mod'].".php", $account->user_data['access']);
      $theme->page_title = $thisMod->Name;
      if($thisMod->AccessLevel <= $account->user_data['access'])
      {
         Main($security->get['function']);
      }
      else
      {
         $theme->_CenterBlock("<center>You do not have permission to access this module.</center>");
      }
   }
   else
   {
      $sql->Query("SELECT * FROM `modules` WHERE `module_id` = '".$security->get['mod']."' LIMIT 0,1");
      if($sql->NumRows())
      {
         $result = $sql->FetchRow();
         $theme->page_title = $result['module_name'];
         $theme->_CenterBlock("<center>".stripslashes($result['module_html'])."</center>");
      }
      else
      {
         header("Location: index.php");
         die();
      }
   }
}
else
{
   header("Location: account.php");
   die();
}
$theme->_Header();
include("footer.php");
?>


I tried removing this snippett

Code:
else

{
   header("Location: account.php");
   die();
}


And that stops the redirecting to the account/login page, AND sets the addy to what/where it should be going, but its just not going their. My guess is there is still some code within the modules.php that is still stopping it.
Only registered users can see links on this board! Get registered or login!

Question
 
View user's profile Send private message
fkelly
Former Moderator in Good Standing


Joined: Aug 30, 2005
Posts: 3312
Location: near Albany NY

PostPosted: Tue Sep 15, 2009 9:47 am Reply with quote

I think it might be more productive to talk to whoever set this up. The program is accessing a whole bunch of stuff that we don't have access to nor time to diagnose if we did. Looking quickly at the program it looks to me like you should be able to take the whole section starting with "if($account->logged_in ... " But I don't know what you are passing in that $theme variable to the Header() function at the bottom. Probably could just hard code that to pass the name of theme and bypass the security checking entirely.
 
View user's profile Send private message Visit poster's website
airborne
PostPosted: Tue Sep 15, 2009 9:57 am Reply with quote

Unfortunately that party is no where to be found or I would have definately gone that route.

That's what I am hoping to do, bypass the checkin/requirement for user to be logged, and instead forward them directly to the mod. I am just stumped atm on what to edit and or add to get the proper result.

As I stated I removed a small snippet and it stopped redirecting to the account.php/LOGIN page, but still wont load the specific mod as it still seems to be looking for something.

Can I ask for some tries at what to take out or add, that I would gladly implement to see if it works.

What else could I offer to make this more feasible to resolve by 3rd party coders.?


Thanks Question
 
duck
Involved
Involved


Joined: Jul 03, 2006
Posts: 273

PostPosted: Tue Sep 15, 2009 10:14 am Reply with quote

I am sort of stabbing in the dark here without looking fully into your code but I would try adding the following lines to the top of that file and see if it works

Code:
$account->logged_in = true;

$account->user_data['access'] = 2;
Or you could try 1 first

I would place em right before

Code:
if($account->logged_in || ($security->get['mod'] == "bans" && substr($security->get['function'],0,5) == "mbldl") || $security->get['mod'] == "register") 



But be forewarned I have no idea what vulnerabilities this will open up to any admin sections you may have but as you say you don't seem to have any.
 
View user's profile Send private message
airborne
PostPosted: Tue Sep 15, 2009 10:15 am Reply with quote

I have no admin sections persay, as I think this site is pieced together

I will try and report back

Thanks
 
airborne
PostPosted: Tue Sep 15, 2009 10:38 am Reply with quote

When those edits are made, it gives and error referring to line #20 of the modules.php

Code:
$account->logged_in = true;

$account->user_data['access'] = 2;
if($account->logged_in || ($security->get['mod'] == "bans" && substr($security->get['function'],0,5) == "mbldl") || $security->get['mod'] == "register")


gives me..
Quote:

Fatal error: Call to undefined function Main() in /home/content/a/i/r/airborne1223/html/repo/modules.php on line 20



line#20
Code:
 if($thisMod->AccessLevel <= $account->user_data['access'])
 
duck
PostPosted: Tue Sep 15, 2009 11:04 am Reply with quote

if you wanna send FTP details to WhomKnows((AT))gmail((DOT))com

I can take a quick look for you. I imagine this wont take that long to rectify.
 
airborne
PostPosted: Tue Sep 15, 2009 11:11 am Reply with quote

sent via email

Thanks for any assistance
 
Display posts from previous:       
Post new topic   Reply to topic    Ravens PHP Scripts And Web Hosting Forum Index -> Modules

View next topic
View previous topic
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You can attach files in this forum
You can download files in this forum


Powered by phpBB © 2001-2007 phpBB Group
All times are GMT - 6 Hours
 
Forums ©