-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
I created this piece of code to enforce the security of admin section in
PHPNuke web portals and I realized it works well: just put it in
admin.php above require_once("mainfile.php"); and only logged in users
who are in authors table can access the page, the others will be
redirected to index.php.The code:
$grant_access = FALSE;
cookiedecode($user);
$sql = $db->sql_query("SELECT aid FROM ".$prefix."_authors");
while($record = $db->sql_fetchrow($sql)) {
~ if($cookie[1]==$record[aid])
~ $grant_access = TRUE;
}
if(!$grant_access) {
~ Header("Location: index.php");
~ die();
}
unset($cookie);
unset($result);
unset($sql);
unset($grant_access);If this trick doesn't work properly, please contact me at [EMAIL PROTECTED]
Luca Falavigna
-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iQEVAwUBQJfJL/TtdJayrm9xAQJCxAf+Nto0pa4qlzU8OXnY9EgnbnzFsQDLl9Pj EwFAayhy0szOfOGR3VMLn57UAPIuEJt0jflohcwu0TENH0Qdth3Oye7VmMeaBG6X cdt20+F93IAdnjrAMlP71su+vVT3Rg48AxGZ/oHg3nBTbJ+SeSL9KOHuwoDybIyN DXU/pTvDOivAq1lqlVVc80E3ze8McAHPmgre3jF+QQ35qDqxC0msbmpWEpJsLW70 9CVqZ+3G9QYOAu7LZc4EWWM1xrTvuHkV5B8bcZH9jHHF0TseluLdIo+Bh6AYdsJ/ KgdI50TgQTm1InzoDcFeH5y8O+bB2dfveKoRst3PivnaprTNNSWNAA== =Cnop -----END PGP SIGNATURE-----
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
