live site problem

Nuke Soldier Joined: Oct 23, 2003 Posts: 24

On my leve site I can't get in with my own god password

get this message when trying:

Quote:

Warning: base64_decode() expects parameter 1 to be string, array given in /home/tonydg1/public_html/auth.php on line 46

Get Out!

here is cod efor auth.file mods

Code:

<?php

/************************************************************************/
/* PHP-NUKE: Advanced Content Management System */
/* ============================================ */
/* */
/* Copyright (c) 2002 by Francisco Burzi */
/* http://phpnuke.org */
/* */
/* This program is free software. You can redistribute it and/or modify */
/* it under the terms of the GNU General Public License as published by */
/* the Free Software Foundation; either version 2 of the License. */
/************************************************************************/

require_once("mainfile.php");

if (eregi("auth.php",$_SERVER['PHP_SELF'])) {
Header("Location: index.php");
die();
}

if ((isset($aid)) && (isset($pwd)) && ($op == "login")) {
$datekey = date("F j");
$rcode = hexdec(md5($_SERVER[HTTP_USER_AGENT] . $sitekey . $_POST[random_num] . $datekey));
$code = substr($rcode, 2, 6);
if (extension_loaded("gd") AND $code != $_POST[gfx_check]) {
Header("Location: admin.php");
die();
}
if($aid!="" AND $pwd!="") {
$pwd = md5($pwd);
$sql = "SELECT pwd, admlanguage FROM ".$prefix."_authors WHERE aid='$aid'";
$result = $db->sql_query($sql);
$row = $db->sql_fetchrow($result);
if($row[pwd] == $pwd) {
 $admin = base64_encode("$aid:$pwd:$row[admlanguage]");
 setcookie("admin","$admin",time()+2592000);
 unset($op);
}
}
}

$admintest = 0;

if(isset($admin) && $admin != "") {
$admin = base64_decode($admin);
$admin = explode(":", $admin);
$aid = "$admin[0]";
$pwd = "$admin[1]";
$admlanguage = "$admin[2]";
if ($aid=="" || $pwd=="") {
$admintest=0;
echo "<html>\n";
echo "<title>INTRUDER ALERT!!!</title>\n";
echo "<body bgcolor=\"#FFFFFF\" text=\"#000000\">\n\n \n\n";
echo "<center><img src=\"images/eyes.gif\" border=\"0\"> \n";
echo "Get Out!</center>\n";
echo "</body>\n";
echo "</html>\n";
exit;
}
$sql = "SELECT pwd FROM ".$prefix."_authors WHERE aid='$aid'";
if (!($result = $db->sql_query($sql))) {
echo "Selection from database failed!";
exit;
} else {
$row = $db->sql_fetchrow($result);
if($row[pwd] == $pwd && $row[pwd] != "") {
$admintest = 1;
}
}
}

?>

Help please.

Support Mod Joined: Feb 15, 2004 Posts: 806

Not sure if this related to your other problem (incorrect code modification) or $admin variable has been altered prior execution of auth.php file. But you can add some code to perform the $admin validation even better. This is a modified code (I cut the leading and remaining lines), notice two new lines with $_COOKIE global variable:

Code:

:
:
if($row[pwd] == $pwd) {
$admin = base64_encode("$aid:$pwd:$row[admlanguage]");
setcookie("admin","$admin",time()+2592000);
unset($op);
$_COOKIE['admin'] = $admin;
}
}
}

$admintest = 0;
$admin = (isset($_COOKIE['admin'])) ? $_COOKIE['admin'] : '';

if(isset($admin) && $admin != "") {
$admin = base64_decode($admin);
$admin = explode(":", $admin);
$aid = "$admin[0]";
$pwd = "$admin[1]";
$admlanguage = "$admin[2]";
:
: