Quote:
Originally Posted by LeetDonkey
The latest security addition that salts the passwords breaks the donation addon - it is impossible to login on the admin page.
I've tried looking into it, but I have absolutely no idea how to fix it.
I was hoping that one of the sourcebans developers with some insight into the added security mechanisms would be able to fix the donations addon:
https://github.com/nineteeneleven/Donations-Control
I don't know if it's an easy fix, but I figured that there's no harm in asking.
Thanks.
|
I have the same problem. No idea also can be the part "
Salt"
- "Config"
PHP Code:
///////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
define('SB_DB', true); //ONLY SET TRUE IF SOURCEBANS IS ON A DIFFERENT MYSQL SERVER
define('SB_SV_HOST', 'localhost'); //set MySQL host ONLY NEEDED IF SOURCEBANS IS ON A DIFFERENT MYSQL SERVER
define('SB_SV_USER', 'sourcebans'); //MySQL username ONLY NEEDED IF SOURCEBANS IS ON A DIFFERENT MYSQL SERVER
define('SB_SV_PASS', 'xxxXXxx'); //MySQL password ONLY NEEDED IF SOURCEBANS IS ON A DIFFERENT MYSQL SERVER
///////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
define('SOURCEBANS_DB', 'sourcebans'); // sourcebans database, this is needed.
define('SB_PREFIX', 'sb'); //Sourcebans database prefix. Only change this value if you changed your database prefix when setting up SourceBans.
define('SB_SALT', 'SourceBans'); //dont change this unless you changed your salt in sourcebans (if you dont know what salt is, you didnt change it)
define('SB_ADMINS', 'Leader'); //name of admin group in sourcebans which has access to the donor panel
///////////////////////////////////////////////////////////////////////////////////////////
"Index"
PHP Code:
<?php
if (isset($_POST['loginSubmit'])) {
define('NineteenEleven', TRUE);
require_once '../includes/config.php';
require_once ABSDIR . 'includes/LoggerClass.php';
$log = new log;
$user_name = $_POST['user_name'];
$password = sha1(sha1(SB_SALT . $_POST['password']));
try {
$db = new PDO('mysql:host=' . DB_HOST . ';dbname=' . SOURCEBANS_DB . ';charset=utf8mb4', SB_USER, SB_PASS);
$db->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
$db->setAttribute(PDO::ATTR_EMULATE_PREPARES, false);
} catch (Exception $e) {
die('Unable to open connection to MySQL server.');
}
try {
$stmt = $db->prepare("SELECT * FROM " . SB_PREFIX . "_admins WHERE user=? and password=? and srv_group = '" . SB_ADMINS . "';");
$stmt->execute(array($user_name, $password));
$row = $stmt->fetchAll(PDO::FETCH_ASSOC);
} catch (Exception $e) {
echo "<h3>Something went wrong with our system.</h3>";
$log->logError($ex->getMessage(), $ex->getFile(), $ex->getLine());
}
$count = count($row);
if ($count === 1) {
$email = $row[0]['email'];
session_start();
$_SESSION['username'] = $user_name;
$_SESSION['email'] = $email;
$_SESSION['table'] = false;
ini_set('default_socket_timeout', 10);
$json = @json_decode(@file_get_contents('http://1911.expert/dc-version/version.php'));
if (!empty($json) && VERSION_NEW != $json->version) {
$_SESSION['message'] = "<div class='alert alert-warning' role='alert'>There is an update available. ";
if (isset($json->msg)) {
$_SESSION['message'] .= $json->msg;
}
$_SESSION['message'] .= "</div>";
}
print("<center><h1 class = 'success'> Welcome back $user_name </h1></center>");
$log->logAction("$user_name logged in from " . $_SERVER['REMOTE_ADDR']);
print("<script type = 'text/javascript'> setTimeout('reload()', 1000)
function reload(){
window.location = 'show_donations.php'
}</script>");
exit();
} else {
print "<center><h1 class='error'>Wrong Username or Password</h1></center>";
$log->logAction("Failed login attempt for user name: $user_name from " . $_SERVER['REMOTE_ADDR']);
}
}
?>
<div id='login'>
<table width="300" border="0" align="center" cellpadding="0" cellspacing="1" bgcolor="#CCCCCC">
<tr>
<form id="loginSubmit" method="POST" action="index.php">
<td>
<table width="100%" border="0" cellpadding="3" cellspacing="1" bgcolor="#FFFFFF">
<tr>
<td colspan="3"><strong>Admin Login </strong></td>
</tr>
<tr>
<td width="78">Username</td>
<td width="6">:</td>
<td width="294"><input name="user_name" type="text" id="user_name"></td>
</tr>
<tr>
<td>Password</td>
<td>:</td>
<td><input name="password" type="password" id="password"></td>
</tr>
<tr>
<td> </td>
<td> </td>
<td><input type="submit" name="loginSubmit" value="Login" form='loginSubmit' /><input type='button' id='hideLogin' value='Cancel' /></td>
</tr>
</table>
</td>
</form>
</tr>
</table>
</div>