Devam Ediyor

502038 Solve user name password cgi problem

Hi,

This is a survey script.

Explain to me what this CODE does and also if there is anything

IN this code GETS a user name and password that is being passed

to it.

Your deliverable:

1. An explanation of the code, what it's basically doing,

why it's setting the cookie, etc.

2. Any reason you can spot that the user and pass isn't

being sent to or received by [url removed, login to view]

You'll notice that the cookie being set expires in 2009.

Is there any reason for that or do we need to update it?

The problem we're having is that the script at the bottom

called [url removed, login to view] is SUPPOSED to sends the user name and

pass to [url removed, login to view] but either it isn't POSTING it

or [url removed, login to view] isn't GETTING it.

Your deliverable is a a basic explanation in English of

what the code is doing and any reason the user and pass

isn't being passed

===================================

HERE IS THE [url removed, login to view] CODE

===================================

#!/usr/bin/perl

use strict;

use CGI::Carp qw(fatalsToBrowser);

use CGI qw/:standard/;

use CGI::Cookie;

my($query) = new CGI;

my($u) = $query->param('u');

my($p) = $query->param('p');

my($keys) = '232528182326292229173019272228232225213020182630';

my($newpass) = '';

my($l) = length($p);

my($c, $k, $i);

for($i=0 ; $i<$l ; $i++)

{

$c = substr($p, $i, 1);

$k = substr($keys, $i*2, 2);

$k = int($k);

$newpass .= chr(ord($c)-$k);

}

#use URI::Escape;

#$newpass = uri_escape($newpass);

print "Set-Cookie: user_name=".$u."; expires=Wednesday, 09-Nov-09 23:12:40 GMT\n";

print "Set-Cookie: passwd=".$newpass."; expires=Wednesday, 09-Nov-09 23:12:40 GMT\n";

print redirect('[url removed, login to view]');

========================================================

HERE IS THE CODE THAT PASSES THE USER NAME AND PASSWORD

TO THE ABOVE SCRIPT

========================================================

<?php

include_once('[url removed, login to view]');

include_once('[url removed, login to view]');

if(!empty($_POST['user']) && !empty($_POST['pass']))

{

$user = $_POST['user'];

$pass = $_POST['pass'];

$db = open_db();

$sql = "SELECT * FROM a47_mm_password WHERE member_login='$user' AND member_password='$pass' AND product_path='$PRODUCT_PATH'";

$result = mysql_query($sql, $db);

if($data = mysql_fetch_array($result))

{

$pswrd = md5($data['member_password'] . $SECRET_KEY);

$checksum = md5($data['id'] . $data['member_login'] . $data['member_level'] . $pswrd . $SECRET_KEY);

/*

setcookie('userid', $data['id'], time()+$LOGIN_TIME);

setcookie('loginname', $data['member_login'], time()+$LOGIN_TIME);

setcookie('password', $pswrd, time()+$LOGIN_TIME);

setcookie('privs', $data['member_level'], time()+$LOGIN_TIME);

setcookie('checksum', $checksum, time()+$LOGIN_TIME); */

mysql_close($db);

$keys = '232528182326292229173019272228232225213020182630';

$password = $_POST['pass'];

$newpass = '';

$l = strlen($password);

for($i=0 ; $i<$l ; $i++)

{

$c = $password[$i];

$k = $keys[$i*2] . $keys[$i*2+1];

$k = (int)($k);

$newpass .= chr(ord($c)+$k);

}

$newpass = urlencode($newpass);

$_POST['user'] = substr($_POST['user'], 0, 24);

header('Location: [url removed, login to view]'.$_POST['user'].'&p='.$pass);

exit();

}

else

{

$TEMPLATE_VARS['errors'][] = 'Invalid username or password. Please try again.';

/*setcookie('userid', '', time()+$LOGIN_TIME);

setcookie('loginname', '', time()+$LOGIN_TIME);

setcookie('password', '', time()+$LOGIN_TIME);

setcookie('privs', '', time()+$LOGIN_TIME);

setcookie('checksum', '', time()+$LOGIN_TIME); */

header('Location: [url removed, login to view]');

}

mysql_close($db);

}

$tpl = getTemplate('login');

?>

=================================

MY NOTE ON THE ABOVE CODE

=================================

The relevant part where it's PASSING the user name and password

variables TO [url removed, login to view] is:

$c = $password[$i];

$k = $keys[$i*2] . $keys[$i*2+1];

$k = (int)($k);

$newpass .= chr(ord($c)+$k);

}

$newpass = urlencode($newpass);

$_POST['user'] = substr($_POST['user'], 0, 24);

header('Location: [url removed, login to view]'.$_POST['user'].'&p='.$pass);

Beceriler: Her şey Kabul, MySQL, Perl, PHP, SQL, Şablonlar

Daha fazlasını görün: uri k, part problem, problem part, common query, p sql, survey part, sql l, solve problem, poller, php solve, ord, name please, md5, escape, chr, perl cgi redirect, name empty, script exit redirect, redirect tpl, sql problem, php header set cookie, sql script data set, code md5, exit redirect script, select name

İşveren Hakkında:
( 20 değerlendirme ) helotes, United States

Proje NO: #2247959

Seçilen:

WanderingWizard

Quite straightforward. Ready to begin.

0 gün içinde 75$ USD
(0 Değerlendirme)
0.0