Need help fixing security hole in my cms admin (index.php)

I've been tinkering around with a script called Entertainment CMS for some radio station websites.  It's a lightweight, My SQL-driven cms tha's perfect for such an application (radio station websites).  However, it's been documented quite frequently that there is a glaring security vulnerabilty in the admin section. (Entertainment CMS AdminLogged Cookie Parameter Authentication Bypass Vulnerability: http://securityreason.com/securityalert/2878)  Can someone please help me derive a simple fix to this bug?  I really like the simplicity and ease of use and editability of this particular script but need to address this issue before putting it onto a LIVE site.  I'm not a PHP programmer so any assistance your could render would be greatly appreciated. I have also attached the offending file (index.php) from my admin section

Her is the vulnerable code snippet:
Entertainment CMS Admin Login Bypass

$adminOK=0;

if (isset($_POST["adminUser"])) {
if (($_POST["adminUser"]==$adminUser)
&& ($_POST["adminPass"]==$adminPass)) {

setcookie("adminLogged","Administrator",
NULL, "/");
$adminOK=1;
}
}

if ((isset($_COOKIE["adminLogged"])) &&
($_COOKIE["adminLogged"]=="Administrator"))
{
$adminOK=1;
}
index.php from my admin section
 
<?
	include ("config.php");
	include ("functions.php");
	include ("../globals.php");
	
	$adminOK=0;
	
	if (isset($_POST["adminUser"])) {
		if (($_POST["adminUser"]==$adminUser) && ($_POST["adminPass"]==$adminPass)) {
			setcookie("adminLogged","Administrator", NULL, "/");
			$adminOK=1;
		}
	}
	
	if ((isset($_COOKIE["adminLogged"])) && ($_COOKIE["adminLogged"]=="Administrator")) {
		$adminOK=1;
	}
	
	if ($adminOK==0) {
		include("loginform.php");
		exit;
	}
	
	include("../dbsetts.php");
	
	
if (isset($_GET["action"]))
 
	switch ($_GET["action"]) {
 
	case "logout":
		setcookie("adminLogged", NULL, mktime() - 3600,"/");
		header("Location: /admin");
		exit;
	break;
 
	case "approvingmedia":
		$conn=mysql_connect($dbhost, $dbuser, $dbpass);
		mysql_select_db($dbname) or die ('Could not connect: ' . mysql_error());
		// print "Connected to MySQL"; 
		
		if ($_POST["radApprove"]=="A") {		
			$query="UPDATE t_media SET m_submapproved='Y' WHERE m_id=".$_POST['hidAppMedID']." LIMIT 1";
		}
		else { // "D" - delete
			$query="DELETE FROM t_media WHERE m_id=".$_POST['hidAppMedID']." LIMIT 1";
		}
		
 
		
		//echo $query;
		$qresult = mysql_query($query);
		mysql_close($conn);
 
		include("rss_allmedia.php");
		
		header("Location: index.php?action=approvemedia");
		exit;
	break;
	
	case "doeditmedia":
		$conn=mysql_connect($dbhost, $dbuser, $dbpass);
		mysql_select_db($dbname) or die ('Could not connect: ' . mysql_error());
		// print "Connected to MySQL"; 
		
		$query="UPDATE t_media SET m_type=\"".$_POST["radMediaType"]."\", m_title=\"".$_POST["txtMediaTitle"]."\", m_url=\"".$_POST["txtMediaUrl"]."\", m_description=\"".$_POST["txtMediaDescription"]."\", m_tags=\"".$_POST["txtMediaTags"]."\" WHERE m_id=".$_POST['hidMediaID']." LIMIT 1";	
 
 
		//echo $query;
		$qresult = mysql_query($query) or die ("error");
 
 
 
		mysql_close($conn);	
 
		include("rss_allmedia.php");
	
		header("Location: index.php?action=editmedia&mediatype=".$_POST['hidMediaType']."&mediaid=".$_POST['hidMediaID']);
		exit;
	break;
 
	case "deleteuser":
		$conn=mysql_connect($dbhost, $dbuser, $dbpass);
		mysql_select_db($dbname) or die ('Could not connect: ' . mysql_error());
		// print "Connected to MySQL"; 
		
		$query="DELETE FROM t_users WHERE u_id=".$_GET["userid"]." LIMIT 1";
		$qresult = mysql_query($query);
		
		$query="DELETE FROM t_favs WHERE u_id=".$_GET["userid"];
		$qresult = mysql_query($query);	
		
		$query="SELECT * FROM t_comments WHERE c_uid=".$_GET["userid"];
		$qresult = mysql_query($query);
 
	while ($line = mysql_fetch_assoc($qresult)){		
		$query2="UPDATE t_media SET m_nrcomments=m_nrcomments-1 WHERE m_id=".$line["c_mid"];
		$qresult2 = mysql_query($query2);
	}
		$query="DELETE FROM t_comments WHERE c_uid=".$_GET["userid"];
		$qresult = mysql_query($query);
 
		mysql_close($conn);	
		
		header("Location: index.php?action=listusers");
		exit;
	break;
	
	case "deletecomment":
		$conn=mysql_connect($dbhost, $dbuser, $dbpass);
		mysql_select_db($dbname) or die ('Could not connect: ' . mysql_error());
		// print "Connected to MySQL"; 
		
		$query="SELECT * FROM t_comments WHERE c_id=".$_GET["commid"]." LIMIT 1";
		$qresult = mysql_query($query);
 
	while ($line = mysql_fetch_assoc($qresult)){		
		$query2="UPDATE t_media SET m_nrcomments=m_nrcomments-1 WHERE m_id=".$line["c_mid"];
		$qresult2 = mysql_query($query2);
	}
		
		$query="DELETE FROM t_comments WHERE c_id=".$_GET["commid"]." LIMIT 1";
		$qresult = mysql_query($query);
		
		mysql_close($conn);	
		
		header("Location: index.php?action=listcomments");
		exit;
		
	break;
	
	case "deletemedia":
		$conn=mysql_connect($dbhost, $dbuser, $dbpass);
		mysql_select_db($dbname) or die ('Could not connect: ' . mysql_error());
		// print "Connected to MySQL"; 
		
		$query="DELETE FROM t_media WHERE m_id=".$_GET["mediaid"]." LIMIT 1";
		$qresult = mysql_query($query);
		
		$query="DELETE FROM t_ratings WHERE r_mid=".$_GET["mediaid"];
		$qresult = mysql_query($query);
		
		$query="DELETE FROM t_comments WHERE c_mid=".$_GET["mediaid"];
		$qresult = mysql_query($query);
		
		$query="DELETE FROM t_favs WHERE m_id=".$_GET["mediaid"];
		$qresult = mysql_query($query);		
				
		mysql_close($conn);
		
		include("rss_allmedia.php");
		
		header("Location: index.php?action=listmedia&listtype=".$_GET["mediatype"]); 
		exit;
	break;
 
	}
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
<title>Admin area</title>
<style type="text/css">
<!--
html,body {
	height: 100%;
}
body,td,th {
	font-family: Arial, Helvetica, sans-serif;
	font-size: 12px;
}
body {
	margin-left: 0px;
	margin-top: 0px;
	margin-right: 0px;
	margin-bottom: 0px;
}
a:link {
	color: #003366;
}
a:visited {
	color: #003366;
}
a:hover {
	color: #003366;
}
a:active {
	color: #003366;
}
-->
</style></head>
 
<body>
<table width="100%" height="100%" border="1" cellpadding="2" cellspacing="0" bgcolor="#FFFFFF">
  <tr>
    <td width="200" valign="top" nowrap>
     <? include("adminmenu.php");?></td>
    <td align="left" valign="top">
		 <? if (isset($_GET["action"])) include ("m_".$_GET["action"].".php"); else echo "<p>ADMIN HOME</p>";?>
		</td>
  </tr>
</table>
<? include("../stats.php");?>
</body>
</html>

Open in new window

gpmediaAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

nplibCommented:
make sure session_start() is at the absolute top of the page and then try this
$adminOK=0;
 
if (isset($_POST["adminUser"])) {
if (($_POST["adminUser"]==$adminUser)
&& ($_POST["adminPass"]==$adminPass)) {
 
$_SESSION["adminLogged"] = "Administrator";
$adminOK=1;
}
}
 
if ((isset($_SESSION["adminLogged"])) &&
($_SESSION["adminLogged"]=="Administrator"))
{
$adminOK=1;
}

Open in new window

0
Vel EousResearch & Development ManagerCommented:
You should remove the $_POST vars from the script and perform validation and cleaning on them.  For example:
<?PHP
 
$adminUser = $_POST['adminUser'];
$adminPass = $_POST['adminPass'];
$error = 0;
$adminOK = 0;
 
function check_name($adminUser) {
  /* search regular expersion for alphabetical characters only
  * ensure first character is NOT white space (/^)
  * allow alphabetical characters and white space to follow
  * ensure last character is not numeric or white space */
  if(preg_match("/^[a-z]+[a-z\ ]*[^0-9\ ]$/i", $name)) {
    return TRUE;
  } else {
    return FALSE;
  }
}
 
function check_password($adminPass) {
  if(preg_match("/^[a-z]+[a-z0-9]{8,12}/i", $adminPass)) {
    return TRUE;
  } else {
    return FALSE;
  }
}
 
if(!check_name($adminUser)) {
  echo "admin failed";
  $error++;
}
 
if(!chec_password($adminPass)) {
  echo "password failed";
  $error++;
}
 
if($error == 0) {
  if(setcookie("adminLogged","Administrator", NULL, "/") == TRUE) {
    $adminOK = 1;
  }
}
 
?>

Open in new window

0
gpmediaAuthor Commented:
OK, I took the code above and named it as my new "index.php" within my admin directory on my test site but am gettitting the following error:

admin failed
Fatal error: Call to undefined function: chec_password() in /usr/home/twi/webfxonline-com/admin/index.php on line 33
0
Newly released Acronis True Image 2019

In announcing the release of the 15th Anniversary Edition of Acronis True Image 2019, the company revealed that its artificial intelligence-based anti-ransomware technology – stopped more than 200,000 ransomware attacks on 150,000 customers last year.

nplibCommented:
@Tchuki:

how does that make it more secure?

@gpmedia,

just because a solution is more complicated, doesn't make it more right.

all his solution is checking for is if there are numbers and letters typed into the variable.

which wouldn't stop someone trying to hack the site from the browser.
0
Vel EousResearch & Development ManagerCommented:
Heh, I spelt check wrong:

if(!chec_password($adminPass)) should be if(!check_password($adminPass))

Sorry about that.
0
Vel EousResearch & Development ManagerCommented:
@ nplib

That is just meant as an example of checking input.  Performing other checks and cleaning is advisable.

Validating input always increases security.
0
nplibCommented:
only if your are validating actual data. how does checking if the variable contains alphanumeric character more secure.

especially for the password.

you've just limited the password to only use alphanumeric characters, instead of any character.

that just lowered the security on a site.

the problem is they are using cookies for validation.

cookies are very easy to bypass if you know what the cookie value needs to be.

using session variables is almost impossible to get around. they would direct access to the server to hack the site.
0
gpmediaAuthor Commented:
nplib: So, with your solution, my index.php should look like this?

<?
    session_start()
      include ("config.php");
      include ("functions.php");
      include ("../globals.php");
      
$adminOK=0;
 
if (isset($_POST["adminUser"])) {
if (($_POST["adminUser"]==$adminUser)
&& ($_POST["adminPass"]==$adminPass)) {
 
$_SESSION["adminLogged"] = "Administrator";
$adminOK=1;
}
}
 
if ((isset($_SESSION["adminLogged"])) &&
($_SESSION["adminLogged"]=="Administrator"))
{
$adminOK=1;
}

      }
      
      if ((isset($_COOKIE["adminLogged"])) && ($_COOKIE["adminLogged"]=="Administrator")) {
            $adminOK=1;
      }
      
      if ($adminOK==0) {
            include("loginform.php");
            exit;
      }
      
      include("../dbsetts.php");
      
      
if (isset($_GET["action"]))

      switch ($_GET["action"]) {

      case "logout":
            setcookie("adminLogged", NULL, mktime() - 3600,"/");
            header("Location: /admin");
            exit;
      break;

      case "approvingmedia":
            $conn=mysql_connect($dbhost, $dbuser, $dbpass);
            mysql_select_db($dbname) or die ('Could not connect: ' . mysql_error());
            // print "Connected to MySQL";
            
            if ($_POST["radApprove"]=="A") {            
                  $query="UPDATE t_media SET m_submapproved='Y' WHERE m_id=".$_POST['hidAppMedID']." LIMIT 1";
            }
            else { // "D" - delete
                  $query="DELETE FROM t_media WHERE m_id=".$_POST['hidAppMedID']." LIMIT 1";
            }
            

            
            //echo $query;
            $qresult = mysql_query($query);
            mysql_close($conn);

            include("rss_allmedia.php");
            
            header("Location: index.php?action=approvemedia");
            exit;
      break;
      
      case "doeditmedia":
            $conn=mysql_connect($dbhost, $dbuser, $dbpass);
            mysql_select_db($dbname) or die ('Could not connect: ' . mysql_error());
            // print "Connected to MySQL";
            
            $query="UPDATE t_media SET m_type=\"".$_POST["radMediaType"]."\", m_title=\"".$_POST["txtMediaTitle"]."\", m_url=\"".$_POST["txtMediaUrl"]."\", m_description=\"".$_POST["txtMediaDescription"]."\", m_tags=\"".$_POST["txtMediaTags"]."\" WHERE m_id=".$_POST['hidMediaID']." LIMIT 1";      


            //echo $query;
            $qresult = mysql_query($query) or die ("error");



            mysql_close($conn);      

            include("rss_allmedia.php");
      
            header("Location: index.php?action=editmedia&mediatype=".$_POST['hidMediaType']."&mediaid=".$_POST['hidMediaID']);
            exit;
      break;

      case "deleteuser":
            $conn=mysql_connect($dbhost, $dbuser, $dbpass);
            mysql_select_db($dbname) or die ('Could not connect: ' . mysql_error());
            // print "Connected to MySQL";
            
            $query="DELETE FROM t_users WHERE u_id=".$_GET["userid"]." LIMIT 1";
            $qresult = mysql_query($query);
            
            $query="DELETE FROM t_favs WHERE u_id=".$_GET["userid"];
            $qresult = mysql_query($query);      
            
            $query="SELECT * FROM t_comments WHERE c_uid=".$_GET["userid"];
            $qresult = mysql_query($query);

      while ($line = mysql_fetch_assoc($qresult)){            
            $query2="UPDATE t_media SET m_nrcomments=m_nrcomments-1 WHERE m_id=".$line["c_mid"];
            $qresult2 = mysql_query($query2);
      }
            $query="DELETE FROM t_comments WHERE c_uid=".$_GET["userid"];
            $qresult = mysql_query($query);

            mysql_close($conn);      
            
            header("Location: index.php?action=listusers");
            exit;
      break;
      
      case "deletecomment":
            $conn=mysql_connect($dbhost, $dbuser, $dbpass);
            mysql_select_db($dbname) or die ('Could not connect: ' . mysql_error());
            // print "Connected to MySQL";
            
            $query="SELECT * FROM t_comments WHERE c_id=".$_GET["commid"]." LIMIT 1";
            $qresult = mysql_query($query);

      while ($line = mysql_fetch_assoc($qresult)){            
            $query2="UPDATE t_media SET m_nrcomments=m_nrcomments-1 WHERE m_id=".$line["c_mid"];
            $qresult2 = mysql_query($query2);
      }
            
            $query="DELETE FROM t_comments WHERE c_id=".$_GET["commid"]." LIMIT 1";
            $qresult = mysql_query($query);
            
            mysql_close($conn);      
            
            header("Location: index.php?action=listcomments");
            exit;
            
      break;
      
      case "deletemedia":
            $conn=mysql_connect($dbhost, $dbuser, $dbpass);
            mysql_select_db($dbname) or die ('Could not connect: ' . mysql_error());
            // print "Connected to MySQL";
            
            $query="DELETE FROM t_media WHERE m_id=".$_GET["mediaid"]." LIMIT 1";
            $qresult = mysql_query($query);
            
            $query="DELETE FROM t_ratings WHERE r_mid=".$_GET["mediaid"];
            $qresult = mysql_query($query);
            
            $query="DELETE FROM t_comments WHERE c_mid=".$_GET["mediaid"];
            $qresult = mysql_query($query);
            
            $query="DELETE FROM t_favs WHERE m_id=".$_GET["mediaid"];
            $qresult = mysql_query($query);            
                        
            mysql_close($conn);
            
            include("rss_allmedia.php");
            
            header("Location: index.php?action=listmedia&listtype=".$_GET["mediatype"]);
            exit;
      break;

      }
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
<title>Admin area</title>
<style type="text/css">
<!--
html,body {
      height: 100%;
}
body,td,th {
      font-family: Arial, Helvetica, sans-serif;
      font-size: 12px;
}
body {
      margin-left: 0px;
      margin-top: 0px;
      margin-right: 0px;
      margin-bottom: 0px;
}
a:link {
      color: #003366;
}
a:visited {
      color: #003366;
}
a:hover {
      color: #003366;
}
a:active {
      color: #003366;
}
-->
</style></head>

<body>
<table width="100%" height="100%" border="1" cellpadding="2" cellspacing="0" bgcolor="#FFFFFF">
  <tr>
    <td width="200" valign="top" nowrap>
     <? include("adminmenu.php");?></td>
    <td align="left" valign="top">
             <? if (isset($_GET["action"])) include ("m_".$_GET["action"].".php"); else echo "<p>ADMIN HOME</p>";?>
            </td>
  </tr>
</table>
<? include("../stats.php");?>
</body>
</html>
0
nplibCommented:
close,

you need to replace all your cookie references to sessions like this
<?
session_start();
include ("config.php");
include ("functions.php");
include ("../globals.php");
      
$adminOK=0;
 
if (isset($_POST["adminUser"])) {
	if (($_POST["adminUser"]==$adminUser) && ($_POST["adminPass"]==$adminPass)) {
		$_SESSION["adminLogged"] = "Administrator";
		$adminOK=1;
	}
}
 
if ((isset($_SESSION["adminLogged"])) && ($_SESSION["adminLogged"]=="Administrator")) {
	$adminOK=1;
}
 
if ($adminOK==0) {
	include("loginform.php");
	exit;
}
 
include("../dbsetts.php");
 
 
if (isset($_GET["action"]))
 
      switch ($_GET["action"]) {
 
      case "logout":
            session_unset();
			$_SESSION = array();
            header("Location: /admin");
            exit;
      break;
 
      case "approvingmedia":
            $conn=mysql_connect($dbhost, $dbuser, $dbpass);
            mysql_select_db($dbname) or die ('Could not connect: ' . mysql_error());
            // print "Connected to MySQL";
            
            if ($_POST["radApprove"]=="A") {            
                  $query="UPDATE t_media SET m_submapproved='Y' WHERE m_id=".$_POST['hidAppMedID']." LIMIT 1";
            }
            else { // "D" - delete
                  $query="DELETE FROM t_media WHERE m_id=".$_POST['hidAppMedID']." LIMIT 1";
            }
            
 
            
            //echo $query;
            $qresult = mysql_query($query);
            mysql_close($conn);
 
            include("rss_allmedia.php");
            
            header("Location: index.php?action=approvemedia");
            exit;
      break;
      
      case "doeditmedia":
            $conn=mysql_connect($dbhost, $dbuser, $dbpass);
            mysql_select_db($dbname) or die ('Could not connect: ' . mysql_error());
            // print "Connected to MySQL";
            
            $query="UPDATE t_media SET m_type=\"".$_POST["radMediaType"]."\", m_title=\"".$_POST["txtMediaTitle"]."\", m_url=\"".$_POST["txtMediaUrl"]."\", m_description=\"".$_POST["txtMediaDescription"]."\", m_tags=\"".$_POST["txtMediaTags"]."\" WHERE m_id=".$_POST['hidMediaID']." LIMIT 1";      
 
 
            //echo $query;
            $qresult = mysql_query($query) or die ("error");
 
 
 
            mysql_close($conn);      
 
            include("rss_allmedia.php");
      
            header("Location: index.php?action=editmedia&mediatype=".$_POST['hidMediaType']."&mediaid=".$_POST['hidMediaID']);
            exit;
      break;
 
      case "deleteuser":
            $conn=mysql_connect($dbhost, $dbuser, $dbpass);
            mysql_select_db($dbname) or die ('Could not connect: ' . mysql_error());
            // print "Connected to MySQL";
            
            $query="DELETE FROM t_users WHERE u_id=".$_GET["userid"]." LIMIT 1";
            $qresult = mysql_query($query);
            
            $query="DELETE FROM t_favs WHERE u_id=".$_GET["userid"];
            $qresult = mysql_query($query);      
            
            $query="SELECT * FROM t_comments WHERE c_uid=".$_GET["userid"];
            $qresult = mysql_query($query);
 
      while ($line = mysql_fetch_assoc($qresult)){            
            $query2="UPDATE t_media SET m_nrcomments=m_nrcomments-1 WHERE m_id=".$line["c_mid"];
            $qresult2 = mysql_query($query2);
      }
            $query="DELETE FROM t_comments WHERE c_uid=".$_GET["userid"];
            $qresult = mysql_query($query);
 
            mysql_close($conn);      
            
            header("Location: index.php?action=listusers");
            exit;
      break;
      
      case "deletecomment":
            $conn=mysql_connect($dbhost, $dbuser, $dbpass);
            mysql_select_db($dbname) or die ('Could not connect: ' . mysql_error());
            // print "Connected to MySQL";
            
            $query="SELECT * FROM t_comments WHERE c_id=".$_GET["commid"]." LIMIT 1";
            $qresult = mysql_query($query);
 
      while ($line = mysql_fetch_assoc($qresult)){            
            $query2="UPDATE t_media SET m_nrcomments=m_nrcomments-1 WHERE m_id=".$line["c_mid"];
            $qresult2 = mysql_query($query2);
      }
            
            $query="DELETE FROM t_comments WHERE c_id=".$_GET["commid"]." LIMIT 1";
            $qresult = mysql_query($query);
            
            mysql_close($conn);      
            
            header("Location: index.php?action=listcomments");
            exit;
            
      break;
      
      case "deletemedia":
            $conn=mysql_connect($dbhost, $dbuser, $dbpass);
            mysql_select_db($dbname) or die ('Could not connect: ' . mysql_error());
            // print "Connected to MySQL";
            
            $query="DELETE FROM t_media WHERE m_id=".$_GET["mediaid"]." LIMIT 1";
            $qresult = mysql_query($query);
            
            $query="DELETE FROM t_ratings WHERE r_mid=".$_GET["mediaid"];
            $qresult = mysql_query($query);
            
            $query="DELETE FROM t_comments WHERE c_mid=".$_GET["mediaid"];
            $qresult = mysql_query($query);
            
            $query="DELETE FROM t_favs WHERE m_id=".$_GET["mediaid"];
            $qresult = mysql_query($query);            
                        
            mysql_close($conn);
            
            include("rss_allmedia.php");
            
            header("Location: index.php?action=listmedia&listtype=".$_GET["mediatype"]);
            exit;
      break;
 
      }
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
<title>Admin area</title>
<style type="text/css">
<!--
html,body {
      height: 100%;
}
body,td,th {
      font-family: Arial, Helvetica, sans-serif;
      font-size: 12px;
}
body {
      margin-left: 0px;
      margin-top: 0px;
      margin-right: 0px;
      margin-bottom: 0px;
}
a:link {
      color: #003366;
}
a:visited {
      color: #003366;
}
a:hover {
      color: #003366;
}
a:active {
      color: #003366;
}
-->
</style></head>
 
<body>
<table width="100%" height="100%" border="1" cellpadding="2" cellspacing="0" bgcolor="#FFFFFF">
  <tr>
    <td width="200" valign="top" nowrap>
     <? include("adminmenu.php");?></td>
    <td align="left" valign="top">
             <? if (isset($_GET["action"])) include ("m_".$_GET["action"].".php"); else echo "<p>ADMIN HOME</p>";?>
            </td>
  </tr>
</table>
<? include("../stats.php");?>
</body>
</html>

Open in new window

0
gpmediaAuthor Commented:
THANK YOU!!!!  And that should plug the above-mentioned security hole adequately?
0
nplibCommented:
it should.
it would make all actions for authentication local to the sever and the client will only be able to provide user name and password.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
gpmediaAuthor Commented:
Thanks again!  Can you think of any other secondary protection I could easily add to beef it up even more?
0
nplibCommented:
you could the login page on a ssl channel and use the base64_encode and base64_decode to encode and decode your passwords, so they are stored in the db encoded.

http://ca.php.net/base64_encode

http://ca.php.net/manual/en/function.base64-decode.php
0
gpmediaAuthor Commented:
Cool, thanks!
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
PHP

From novice to tech pro — start learning today.