SMF and Raidninja

[swaxx]

Hey Folks

found a nice Tool which is based on phpbb2, it decodes the cookie from phpbb2. It needs a previous login to the Message Board and then decodes the cookie to grant access to the user, together with a mysql query. Here's the code:

Code Select Expand


// Get the user's ID and password, then check to see that they match
// $valid_user is set to 1 if the user is a valid administrator
// $member_id and $pass_hash will need to be changed to the location of your cookie's id and password
$cookiearray = unserialize(stripslashes(urldecode($_COOKIE['phpbb2mysql_data'])));
$member_id = $cookiearray['userid'];
//$pass_hash = $_COOKIE['pass_hash'];
$sql_pm = mysql_query("SELECT * FROM phpbb_users WHERE phpbb_users.user_id = ".$member_id) or die('cannot get members');
$pm = mysql_fetch_array($sql_pm);
// Put the ID #s here for allowed admins
if ($member_id == '2')
{
$valid_user = 1;
}
else
{
// If not an admin, redirect to front page of your site
header("Location: http://www.aegisorder.com/"); /* Redirect browser */
// In case re-direct doesn't work, display message
echo 'You aren\'t an admin.';
exit;
}


Do you know how to get the code right to decode the SMF cookie accordingly?

Got that from hxxp:www.raidninja.com [nonactive]...

Thanks in advance 

Mike

[wffurr]

I was hoping this one would have an answer to it, but alas.  I'll dig into the code myself and if I actually get anywhere I'll post it here.  Complicated PHP scripts like SMF stretch my abilities pretty far, though.  Flow of control is just mind boggling in an unstructure scripting language.