| strik9 |
| Resource Seeker |
 |
| |
| Joined: May 22, 2005 |
| Posts: 14 |
|
|
|
 |
|
 |
|
I am thinking about using the NSN your account 760_330 build, but looking through the index.php in this module. I cannot edit it to work with nuke sentinel. None of the code i have to alter is in the index.php. How can i secure the new module if i decide to use it ? Heres what im working with to edit.
| Code: | <?php
/********************************************************/
/* NSN Your Account */
/* By: NukeScripts Network (webmaster@nukescripts.net) */
/* http://www.nukescripts.fr */
/* Original Script www.nukescripst.net */
/* Copyright © 2000-2004 by NukeScripts Network */
/* ==================================================== */
/* Based from: */
/* PHP-NUKE: Web Portal System */
/********************************************************/
if (!stristr($_SERVER['PHP_SELF'], "modules.php")) {
header("Location: ../../../index.php");
die (); }
$module_name = basename(dirname(__FILE__));
require_once("modules/Your_Account/includes/functions.php");
$ya_config = ya_get_configs();
get_lang("Your_Account");
$userpage = 1;
$index = 0;
include("modules/Your_Account/navbar.php");
switch($op) {
case "activate":
include("modules/Your_Account/public/activate.php");
break;
case "avatarlist":
if (is_user($user)) {
include("modules/Your_Account/public/avatarlist.php");
} else {
notuser();
}
break;
case "avatarsave":
if (is_user($user)) {
include("modules/Your_Account/public/avatarsave.php");
} else {
notuser();
}
break;
case "avatarlinksave":
if (is_user($user)) {
include("modules/Your_Account/public/avatarlinksave.php");
} else {
notuser();
}
break;
case "broadcast":
if ($broadcast_msg == 1) {
include("modules/Your_Account/public/broadcast.php");
} else {
disabled();
}
break;
case "delete":
if ($ya_config['allowuserdelete'] == 1) {
include("modules/Your_Account/public/delete.php");
} else {
disabled();
}
break;
case "deleteconfirm":
if ($ya_config['allowuserdelete'] == 1) {
include("modules/Your_Account/public/deleteconfirm.php");
} else {
disabled();
}
break;
case "editcomm":
include("modules/Your_Account/public/editcomm.php");
break;
case "edithome":
include("modules/Your_Account/public/edithome.php");
break;
case "edittheme":
case "chgtheme":
if ($ya_config['allowusertheme']==0) {
include("modules/Your_Account/public/chngtheme.php");
} else {
disabled();
}
break;
case "edituser":
include("modules/Your_Account/public/edituser.php");
break;
case "gfx":
$ThemeSel = get_theme();
$secimg = "images/code_bg.png";
if (file_exists("themes/$ThemeSel/images/code_bg.png")) { $secimg = "themes/$ThemeSel/images/code_bg.png"; }
$datekey = date("F j");
$rcode = hexdec(md5($_SERVER[HTTP_USER_AGENT] . $sitekey . $random_num . $datekey));
$code = substr($rcode, 2, 8);
$image = ImageCreateFromPNG($secimg);
$text_color = ImageColorAllocate($image, 0, 0, 0);
Header("Content-type: image/png");
ImageString ($image, 5, 5, 2, $code, $text_color);
ImagePNG($image, '', 75);
ImageDestroy($image);
die();
break;
case "login":
$result = $db->sql_query("SELECT * FROM ".$user_prefix."_users WHERE username='$username'");
$setinfo = $db->sql_fetchrow($result);
$forward = ereg_replace("redirect=", "", "$redirect");
if (ereg("privmsg", $forward)) { $pm_login = "active"; }
if (($db->sql_numrows($result)==1) AND ($setinfo['user_id'] != 1) AND ($setinfo['user_password'] != "") AND ($setinfo['user_active'] > 0 ) AND ($setinfo['user_level'] > 0)) {
$dbpass=$setinfo[user_password];
$non_crypt_pass = $user_password;
$old_crypt_pass = crypt($user_password,substr($dbpass,0,2));
$new_pass = md5($user_password);
if (($dbpass == $non_crypt_pass) OR ($dbpass == $old_crypt_pass)) {
$db->sql_query("UPDATE ".$user_prefix."_users SET user_password='$new_pass' WHERE username='$username'");
$result = $db->sql_query("SELECT user_password FROM ".$user_prefix."_users WHERE username='$username'");
list($dbpass) = $db->sql_fetchrow($result);
}
if ($dbpass != $new_pass) {
Header("Location: modules.php?name=Your_Account&stop=1");
return;
}
$datekey = date("F j");
$rcode = hexdec(md5($_SERVER['HTTP_USER_AGENT'] . $sitekey . $random_num . $datekey));
$code = substr($rcode, 2, 8);
if (extension_loaded("gd") AND $code != $gfx_check AND ($ya_config['usegfxcheck'] == 2 OR $ya_config['usegfxcheck'] == 3)) {
Header("Location: modules.php?name=Your_Account&stop=1");
die();
} else {
yacookie($setinfo[user_id], $setinfo[username], $new_pass, $setinfo[storynum], $setinfo[umode], $setinfo[uorder], $setinfo[thold], $setinfo[noscore], $setinfo[ublockon], $setinfo[theme], $setinfo[commentmax]);
$uname = $_SERVER["REMOTE_ADDR"];
$db->sql_query("DELETE FROM ".$prefix."_session WHERE uname='$uname' AND guest='1'");
}
if ($pm_login != "") {
Header("Location: modules.php?name=Private_Messages&file=index&folder=inbox");
} else if ($redirect == "" ) {
Header("Location: modules.php?name=Your_Account&op=userinfo&bypass=1&username=$username");
} else if ($mode == "") {
Header("Location: modules.php?name=Forums&file=$forward");
} else if ($t !="") {
Header("Location: modules.php?name=Forums&file=$forward&mode=$mode&t=$t");
} else {
Header("Location: modules.php?name=Forums&file=$forward&mode=$mode&f=$f");
}
} else {
if (($db->sql_numrows($result)==1) AND ($setinfo['user_level'] < 1) OR ($setinfo['user_active'] < 1)) {
include("header.php");
title(_USERREGLOGIN);
OpenTable();
if ($setinfo['user_level'] == 0) {
echo "<center><font class=\"title\"><b>"._ACCSUSPENDED."</b></font></center>\n";
}
if ($setinfo['user_level'] == -1) {
echo "<center><font class=\"title\"><b>"._ACCDELETED."</b></font></center>\n";
}
CloseTable();
include("footer.php");
} else {
Header("Location: modules.php?name=Your_Account&stop=1");
}
}
break;
case "logout":
cookiedecode($user);
$r_uid = $cookie[0];
$r_username = $cookie[1];
setcookie("user");
//$nukeurl = str_replace("http://", "", $nukeurl);
//$nukeurl = "http://".$nukeurl;
$db->sql_query("DELETE FROM ".$prefix."_session WHERE uname='$r_username'");
$db->sql_query("OPTIMIZE TABLE ".$prefix."_session");
$db->sql_query("DELETE FROM ".$prefix."_bbsessions WHERE session_user_id='$r_uid'");
$db->sql_query("OPTIMIZE TABLE ".$prefix."_bbsessions");
$user = "";
include("header.php");
if ($redirect != "") {
echo "<META HTTP-EQUIV=\"refresh\" content=\"2;URL=modules.php?name=$redirect\">";
} else {
echo "<META HTTP-EQUIV=\"refresh\" content=\"2;URL=$nukeurl\">";
}
title(_YOUARELOGGEDOUT);
include("footer.php");
break;
case "mailpasswd":
include("modules/Your_Account/public/mailpass.php");
break;
case "my_headlines":
include("modules/Your_Account/public/headlines.php");
break;
case "new_user":
if (is_user($user)) {
mmain($user);
} else {
if ($ya_config['allowuserreg']==0) {
if ($ya_config['requireadmin'] == 1) {
include("modules/Your_Account/public/new_user1.php");
} elseif ($ya_config['requireadmin'] == 0 AND $ya_config['useactivate'] == 0) {
include("modules/Your_Account/public/new_user2.php");
} elseif ($ya_config['requireadmin'] == 0 AND $ya_config['useactivate'] == 1) {
include("modules/Your_Account/public/new_user3.php");
}
} else {
disabled();
}
}
break;
case "new_confirm":
if (is_user($user)) {
mmain($user);
} else {
if ($ya_config['allowuserreg']==0) {
if ($ya_config['requireadmin'] == 1) {
include("modules/Your_Account/public/new_confirm1.php");
} elseif ($ya_config['requireadmin'] == 0 AND $ya_config['useactivate'] == 0) {
include("modules/Your_Account/public/new_confirm2.php");
} elseif ($ya_config['requireadmin'] == 0 AND $ya_config['useactivate'] == 1) {
include("modules/Your_Account/public/new_confirm3.php");
}
} else {
disabled();
}
}
break;
case "new_finish":
if (is_user($user)) {
mmain($user);
} else {
if ($ya_config['allowuserreg']==0) {
if ($ya_config['requireadmin'] == 1) {
include("modules/Your_Account/public/new_finish1.php");
} elseif ($ya_config['requireadmin'] == 0 AND $ya_config['useactivate'] == 0) {
include("modules/Your_Account/public/new_finish2.php");
} elseif ($ya_config['requireadmin'] == 0 AND $ya_config['useactivate'] == 1) {
include("modules/Your_Account/public/new_finish3.php");
}
} else {
disabled();
}
}
break;
case "pass_lost":
include("modules/Your_Account/public/passlost.php");
break;
case "saveactivate":
include("modules/Your_Account/public/saveactivate.php");
break;
case "savecomm":
if (is_user($user)) {
include("modules/Your_Account/public/savecomm.php");
} else {
notuser();
}
break;
case "savehome":
if (is_user($user)) {
include("modules/Your_Account/public/savehome.php");
} else {
notuser();
}
break;
case "savetheme":
if (is_user($user)) {
if ($ya_config['allowusertheme']==0) {
include("modules/Your_Account/public/savetheme.php");
} else {
disabled();
}
} else {
notuser();
}
break;
case "saveuser":
if (is_user($user)) {
include("modules/Your_Account/public/saveuser.php");
} else {
notuser();
}
break;
case "userinfo":
include("modules/Your_Account/public/userinfo.php");
break;
default:
mmain($user);
break;
}
?> |
any ideas at all. I dont want to have my cms compromised by this after all of the time getting it secure. Is there a solution besides not using it ? |
|
Latest: 
Visitation: 
