Resend Email Activation Module

diabolikul · New Member Joined: Feb 18, 2006 Posts: 4

I LOVE this module! Best admin tool ever.

I'm having a bit of an issue at the moment tho. My site was hacked a couple of weeks ago. I've since patched Nuke, installed Nuke Sentinel.

Anyway, have a small issue with the Resend_Email module now.

The activation link in this module has my domain name twice, so the link doesn't work. It's like this:

Only registered users can see links on this board!
Get registered or login to the forums!

I'm sure this is just a configuration issue somewhere, but I can't figure out where that would be.

Can someone please help this PHPN00b?

Thanks!

Susann · Posted: Tue Mar 28, 2006 11:39 am

Check your settings in preferences for site url

ethana · Posted: Tue Mar 28, 2006 11:51 am

I hacked this module and the Your Account module to make a little tool so that only admins can approve memberships...it sends out emails as well to notify both the admin when a new user has asked for membership as well as to the user when they have been approved...Susann is right, first check your preferences and then if thats not it, post the code.

diabolikul · New Member Joined: Feb 18, 2006 Posts: 4

The prefs are the first thing I checked.

It says "Site URL:

Only registered users can see links on this board!
Get registered or login to the forums!

"

Which I assume to be correct. There is no duplication there. I checked config.php, nothing in there at all.

Not sure where else to look. Which code would you like me to post?

ethana · Posted: Tue Mar 28, 2006 12:38 pm

the actual module code...so it'd be in modules/Resend_Email/index.php or something similar

ethana · Posted: Tue Mar 28, 2006 12:39 pm

you can try also to change your domain name to

Only registered users can see links on this board!
Get registered or login to the forums!

in your preferences.

diabolikul · New Member Joined: Feb 18, 2006 Posts: 4

Here is the index.php from the resend_email module folder:

Code:

<?php
/************************************************************************/
/* PHP-NUKE: Web Portal System */
/* =========================== */
/* */
/* Copyright (c) 2002 by Francisco Burzi */
/* http://phpnuke.org */
/* */
/* This program is free software. You can redistribute it and/or modify */
/* it under the terms of the GNU General Public License as published by */
/* the Free Software Foundation; either version 2 of the License. */
/************************************************************************/
/************************************************************************/
/* Module by Gaylen Fraley */
/* http://ravenphpscripts.com */
/* http://ravenwebhosting.com */
/* For use with nuke 6.5+ . */
/* Change History */
/* 06/25/2005 - Version 2.0.2 Released */
/* - Fixed bug: the resend password was empty */
/* 06/24/2005 - Version 2.0.1 Released */
/* - Fixed bug: the buttons were not language independent */
/* - German language translation added (Susan) */
/* Thanks to Susann for discovering the bug! */
/* 06/12/2005 - Version 2.0.0 Released */
/* - Converted to new sql layer */
/* - Converted & to & where appropriate */
/* - Efficiency modifications */
/* - Added auto-refresh code to redirect where appropriate */
/* - Added date and timestamp added to the Waiting screen */
/* - Added language defines */
/* - Miscellaneous other tweaks */
/* 05/19/2003 - Added Modification facility to allow the Admin to make */
/* selected modifications to the temporary record. */
/* 05/18/2003 - Fixed password display in email and added hyperlink */
/* to the display to allow the Admin to activate the user */
/* right from the module. The password will now be changed */
/* when resending the email. */
/* 05/09/2003 - Released */
/************************************************************************/

require_once("mainfile.php");
include("header.php");
$module_name = basename(dirname(__FILE__));
get_lang($module_name);
$userpage = 1;
OpenTable();
title("$sitename:<br />"._PENDINGREGISTRATIONS);

if(!defined('MODULE_FILE') AND !eregi("modules.php", $_SERVER['PHP_SELF'])) {
echo '<center><b>'._NOACCESS._SPACE1._RDHOME._SPACE1._TWO._SPACE1._SECONDS.'</b></center><br />';
CloseTable();
header("Refresh: "._TWO."; URL=index.php");
include("footer.php");
exit();
}

if (!is_admin($admin)) {
echo (_ACCESSDENIED);
CloseTable();
include("footer.php");
exit();
}

if ($db->sql_numrows($db->sql_query("select * from ".$user_prefix."_users_temp"))==0) {
echo '<center><b>'._NOWAITING._SPACE1._RDHOME._SPACE1._TWO._SPACE1._SECONDS.'</b></center><br />';
CloseTable();
header("Refresh: "._TWO."; URL=index.php");
include("footer.php");
exit();
}

extract($HTTP_POST_VARS);
if (isset($submit) && htmlentities($submit) == _LBLBTNRESEND) {
for ($x=0; $x < 6; $x++) {
   mt_srand ((double) microtime() * 1000000);
   $con[$x] = substr(_CONS, mt_rand(0, strlen(_CONS)-1), 1);
   $voc[$x] = substr(_VOWELS, mt_rand(0, strlen(_VOWELS)-1), 1);
}
$makepass = $con[0] . $voc[0] .$con[2] . $con[1] . $voc[1] . $con[3] . $voc[3] . $con[4];
$result = $db->sql_query("select * from ".$user_prefix."_users_temp where user_id=".$rsid);
if(!$result) {
   echo _ERROR."<br>";
   CloseTable();
   include("footer.php");
   exit();
}
list($user_id, $username, $user_email, $user_password, $user_regdate, $check_num, $time) = $db->sql_fetchrow($result);
$finishlink = "$nukeurl/modules.php?name=Your_Account&op=activate&username=$username&check_num=$check_num";
$message = ""._WELCOMETO." $sitename!\n\n"._YOUUSEDEMAIL." ($user_email) "._TOREGISTER." $sitename.\n\n "._TOFINISHUSER."\n\n $finishlink\n\n "._FOLLOWINGMEM."\n\n"._UNICKNAME." $username\n"._UPASSWORD." $makepass";
$subject = ""._ACTIVATIONSUB."";
$from = "$adminmail";
$rc_email = mail($user_email, $subject, $message, "From: $from\nX-Mailer: PHP/" . phpversion());
if (FALSE!==$rc_email) {
   echo _ACTMSGSENTLEFT._SPACE1.$username._SPACE1._ACTMSGSENTRIGHT;
   $result = $db->sql_query("update ".$user_prefix."_users_temp set user_password='".md5($makepass)."' where user_id=".$rsid);
   echo "<form method=\"post\" action=\"modules.php?name=".$module_name."\"><input type=\"submit\" value=\""._LBLBTNBACK."\"></form>";
}
else echo _SENDMAILERROR;
}
elseif (isset($delete) && htmlentities($delete) == _LBLBTNDELETE) {
$result = $db->sql_query("delete from ".$user_prefix."_users_temp where user_id=".$rsid);
if(!$result) {
   echo _ERROR."<br>";
   CloseTable();
   include("footer.php");
   exit();
}
echo '<center><b>'._TEMPRECDELRD._SPACE1._TWO._SPACE1._SECONDS.'</b></center><br />';
CloseTable();
header("Refresh: "._TWO."; URL=modules.php?name=".$module_name);
include("footer.php");
exit();
}
elseif (isset($update) && htmlentities($update) == _LBLBTNUPDATE) {
$result = $db->sql_query("update ".$user_prefix."_users_temp set username='".$username."', user_email='".$user_email."', user_regdate='".$user_regdate."', check_num='".$check_num."', time='".$time."' where user_id=".$rsid);
if(!$result) {
   echo _ERROR."<br>";
   CloseTable();
   include("footer.php");
   exit();
}
echo '<center><b>'._TEMPRECMODRD._SPACE1._TWO._SPACE1._SECONDS.'</b></center><br />';
CloseTable();
header("Refresh: "._TWO."; URL=modules.php?name=".$module_name);
include("footer.php");
exit();
}
elseif (isset($modify) && htmlentities($modify) == _LBLBTNMODIFY) {
$result = $db->sql_query("select * from ".$user_prefix."_users_temp where user_id=".$rsid);
if(!$result) {
   echo _ERROR."<br>";
   CloseTable();
   include("footer.php");
   exit();
}
list($user_id, $username, $user_email, $user_password, $user_regdate, $check_num, $time) = $db->sql_fetchrow($result);
echo "<form method=\"post\" action=\"modules.php?name=$module_name&file=index&action=modify&rsid=$user_id\" name=\"modifyform$rsid\">";
echo '<table width="50%">';
echo '<tr><td align="right">'._LBLUSERID.'</td><td>'.$user_id.'</td></tr>';
echo '<tr><td align="right">'._LBLUSERNAME.'</td><td><input name="username" value="'.$username.'"></td></tr>';
echo '<tr><td align="right">'._LBLUSEREMAIL.'</td><td><input name="user_email" value="'.$user_email.'"></td></tr>';
echo '<tr><td align="right">'._LBLUSERPASSWORD.'</td><td>'.$user_password.'</td></tr>';
echo '<tr><td align="right">'._LBLUSERREGDATE.'</td><td><input name="user_regdate" value="'.$user_regdate.'"></td></tr>';
echo '<tr><td align="right">'._LBLUSERCHECKNUM.'</td><td><input name="check_num" value="'.$check_num.'"></td></tr>';
echo '<tr><td align="right">'._LBLUSERTIME.'</td><td><input name="time" value="'.$time.'"></td></tr>';
echo '<tr><td colspan="2"><input type="submit" name="update" value="'._LBLBTNUPDATE.'"></td></tr>';
echo '</table></form>';
}
else {
$result = $db->sql_query("select * from ".$user_prefix."_users_temp");
if(!$result) {
   echo _ERROR."<br>";
   CloseTable();
   include("footer.php");
   exit();
}

while (list($user_id, $username, $user_email, $user_password, $user_regdate, $check_num, $time, $requestor) = $db->sql_fetchrow($result)) {
   $req = explode(":",$requestor);
   $requestor = "<a href=\"http://dnsstuff.com/tools/whois.ch?ip=".$req[0]."\" title=\"".$req[0]."\" target=\"_new_\">$requestor</a>";
   $finishlink = "<a href=\"$nukeurl/modules.php?name=Your_Account&op=activate&username=$username&check_num=$check_num\" target=\"_blank\">$nukeurl/modules.php?name=Your_Account&op=activate&username=$username&check_num=$check_num</a>";
   echo "<form method=\"post\" action=\"modules.php?name=$module_name&file=index&action=resend&rsid=$user_id\" name=\"resendform$rsid\">";
   echo "<table width=\"100%\"><tr><td>"._LBLUSERNAME."</td><td>".$username."</td></tr><tr><td>"._LBLUSEREMAIL."</td><td>".$user_email."</td></tr><tr><td>"._LBLUSERREGDATE."</td><td>".date("F d, Y h:i:s A",$time)."</td></tr><tr><td>"._REQUESTOR."</td><td>".$requestor."</td></tr><tr><td>"._ACTLINK."</td><td>".$finishlink."</td></tr><tr><td colspan=\"3\"><input type=\"submit\" name=\"submit\" value=\""._LBLBTNRESEND."\">  <input type=\"submit\" name=\"modify\" value=\""._LBLBTNMODIFY."\">  <input type=\"submit\" name=\"delete\" value=\""._LBLBTNDELETE."\"></td></tr></table>";
   echo "</form>";
}
}
CloseTable();
include("footer.php");
?>

Thanks for the help! I'm a total PHP Noob!

ethana · Posted: Tue Mar 28, 2006 1:31 pm

i totally spaced...that activation link sent out has nothing to do with this module, thats generated in your Your_Account module. Somethings going on there...when you recovered from your site being hacked...did you just do a complete reinstall and then restored the db or what? You might want to consider this is you havent done so or at least copy over the current Your_Account module with a unaffected copy for the same version. Let us know.

diabolikul · New Member Joined: Feb 18, 2006 Posts: 4

Well, the hack was amateur.

Somehow they gained access as an admin, deactivated all the modules except news. Deleted all the news and put up a javascript defacement.

They actually didn't alter any files. I was able to recover the site in minutes, patch it, install Nuke Sentinel and get back on with life.

All I had to do was add myself as a user, alter the DB to show me as an admin and then delete their news item. It was a kiddie hack.

So, the Your_Account Module was never touched. No files were altered, I checked all the dates.

Not sure what else could be the matter here. I'll try to swap in an unaltered Your_Account, but I dont think that is the problem.