# Author: ZYMO # # Description: # # Hardened version of vAuthenticate 3.0.1 to address exploits # and update deprecated database functions on PHP v5.5 servers. # */ // Check if the cookies are set // This removes some notices (undefined index) if (isset($_COOKIE['USERNAME']) && isset($_COOKIE['PASSWORD'])) { // Get values from superglobal variables $USERNAME = $_COOKIE['USERNAME']; $PASSWORD = $_COOKIE['PASSWORD']; $CheckSecurity = new auth(); $check = $CheckSecurity->page_check($USERNAME, $PASSWORD); } else { $check = false; } if ($check == false) { // Feel free to change the error message below. Just make sure you put a "\" before // any double quote. print "<b>Illegal Access</b>"; print "<br>"; print "<b>You do not have permission to view this page.</b>"; // REDIRECT BACK TO LOGIN PAGE // REMOVE BLOCK IF NOT BEING USED print "<br>"; print "You will be redirected back to the login page in a short while."; ?> <HEAD>
} $this->Priority = $this->priority; } } if (!$limitedStartup) { if ($config['softdebug'] == 1) { $starttime = microtime(); $data->reset_counter(); } $cookievalue = md5(time() . 'um'); $expire = time() + $config['session_length']; if ($config['gzip'] == 1) { $tpl->load_filter('output', 'gzip'); } if (!$skipUser) { $check = $Auth->page_check(); $user_page_auths = get_user_auths(); $user_groups = user_groups_id_key_array($check['id']); $onlineUserList = get_online_users_array(); $userIdList = get_user_id_list_array(); } $censorWords = get_censor(); $scoutlanguage = read_scout_language(); $tpl->assign("scoutlang", $scoutlanguage); } $timestamp = time(); } else { require_once "config.php"; require_once "includes/db.php"; require_once "includes/functions.php"; $data = new database($dbname, $dbhost, $dbusername, $dbpassword, $dbprefix, $dbport);