Ravens PHP Scripts: Forums
 

 

View next topic
View previous topic
Post new topic   Reply to topic    Ravens PHP Scripts And Web Hosting Forum Index -> Security - PHP Nuke
Author Message
TG
New Member
New Member


Joined: Aug 24, 2004
Posts: 4

PostPosted: Tue Aug 24, 2004 4:03 pm Reply with quote

Hello I'm pretty new to all this php and phpnuke stuff
I been trying to figure out if and how this would be done

I only want registered users to be able to access the admin.php
so the admins would have to log in as user before they can log on as admins.

can this be done or done easily ?

I'm lacking in the knowlege of how to confirm that a user is logged in.

I was thinking that if it did this by checking the user_id
admins could be assigned a specific user_id range so only those users
could access the admin.php to log in as Admins

also if this can be done can it also be set to redirect non users ?
 
View user's profile Send private message
GanjaUK
Life Cycles Becoming CPU Cycles


Joined: Feb 14, 2004
Posts: 633
Location: England

PostPosted: Tue Aug 24, 2004 4:07 pm Reply with quote

You might want to use the admin auth in Sentinel so admins have to login http before they can see admin.php

_________________
Only registered users can see links on this board! Get registered or login! 
View user's profile Send private message Visit poster's website
sixonetonoffun
Spouse Contemplates Divorce


Joined: Jan 02, 2003
Posts: 2496

PostPosted: Tue Aug 24, 2004 5:05 pm Reply with quote

Wrap everything from get_lang() down in this:


if(is_user($user)) {
// Rest of admin.php here
get_lang(admin);

function create_first($name, $url, $email, $pwd, $user_new) {
// blah blah blah

}else{
Header("Location: index.php");
exit;
}

Its not a bad post install approach to some mild security really. It could even be limited to a specific user or array of users with a little tweak.

_________________
[b][size=5]openSUSE 11.4-x86 | Linux 2.6.37.1-1.2desktop i686 | KDE: 4.6.41>=4.7 | XFCE 4.8 | AMD Athlon(tm) XP 3000+ | MSI K7N2 Delta-L | 3GB Black Diamond DDR
| GeForce 6200@433Mhz 512MB | Xorg 1.9.3 | NVIDIA 270.30[/size:2b8 
View user's profile Send private message
TG
PostPosted: Tue Aug 24, 2004 5:25 pm Reply with quote

GanjaUK wrote:
You might want to use the admin auth in Sentinel so admins have to login http before they can see admin.php


thanks for your quick response
that looks interesting but it's a more than I wanted
I just wanted it so it might appear that the admin.php was maybe not even there.

I find myself logging in anyway as a user for forum and posting purposes
so I figured maybe there would be a way to do it like that

I also was thinking of maybe even having different user levels where pages are restricted or limited.

thanks sixonetonoffun I'll have a look at that

another thought I just had if it would be possible to setup a virtual treasure hunt on php where different pages would look differently depending on where you've been on the website or answers to questions

ok maybe I'm biting of more than I can chew

But any way thanks you guys
 
sixonetonoffun
PostPosted: Tue Aug 24, 2004 5:27 pm Reply with quote

Here is the beginning part with an allowed users array I like this better yet.

if(is_user($user)) {
$allowed_user = array(
"Peter",
"admin");

$userinfo = getusrinfo($user);
$username = $userinfo[username];
while(list($key,$value) = each($allowed_user)) {
if (!$username==$value) {
Header("Location: index.php");
exit;
}
}

Now we get rid of all but our own scum on the admin page lol!
 
sixonetonoffun
PostPosted: Tue Aug 24, 2004 5:37 pm Reply with quote

I could do a treasure hunt like that but its not on my list of to do's at this time. If your interested in a quote try posting in the for hire forum.
 
TG
PostPosted: Tue Aug 24, 2004 5:52 pm Reply with quote

well right now I'm most likely not going to
I just thought it might be kind of cool
I suppose if it was done correctly and it was fun, you'd get people coming to the website.

Right now I'm just trying to learn the basics, and will be spending my time just doing that

thanks again
 
Raven
Site Admin/Owner


Joined: Aug 27, 2002
Posts: 17086

PostPosted: Thu Aug 26, 2004 6:00 pm Reply with quote

In admin.php add this code after the require_once("mainfile.php"); line
Code:
if (!is_user($user)) {

   header("Location: index.php");
   die();
}
 
View user's profile Send private message
TG
PostPosted: Sat Aug 28, 2004 3:11 pm Reply with quote

hey, thanks that one is pretty to the point

I've been trying

header("HTTP/1.0 404 Not Found");

but I guess it just prints the error since it doesn't seem to direct to the .htaccess.

so now I'm just using

Header("Location: admn.php");

which get the error 404 and then redirects to the index
that way when I'm looking in my logs at the 404 it will show up there
 
Display posts from previous:       
Post new topic   Reply to topic    Ravens PHP Scripts And Web Hosting Forum Index -> Security - PHP Nuke

View next topic
View previous topic
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You can attach files in this forum
You can download files in this forum


Powered by phpBB © 2001-2007 phpBB Group
All times are GMT - 6 Hours
 
Forums ©