Changing Length of Admin Security Code

registered · Worker Joined: Oct 06, 2003 Posts: 108

Other than changing the necessary code below:

Around:

Code:

Line 109 MAXLENGTH=\"6





Line 126 - $code = substr($rcode, 2, 10);





Line 130 - ImageString ($image, 5, 6, 2, $code, $text_color);

from the admin.php

Code:




    OpenTable();


    echo "<form action=\"admin.php\" method=\"post\">"


        ."<table border=\"0\">"


   ."<tr><td>"._ADMINID."</td>"


   ."<td><input type=\"text\" NAME=\"aid\" SIZE=\"20\" MAXLENGTH=\"25\"></td></tr>"


   ."<tr><td>"._PASSWORD."</td>"


   ."<td><input type=\"password\" NAME=\"pwd\" SIZE=\"20\" MAXLENGTH=\"18\"></td></tr>";


    if (extension_loaded("gd")) {


   echo "<tr><td colspan='2'>"._SECURITYCODE.": <img src='admin.php?op=gfx&random_num=$random_num' border='1' alt='"._SECURITYCODE."' title='"._SECURITYCODE."'></td></tr>"


       ."<tr><td colspan='2'>"._TYPESECCODE.": <input type=\"text\" NAME=\"gfx_check\" SIZE=\"7\" MAXLENGTH=\"6\"></td></tr>";


    }


    echo "<tr><td>"


   ."<input type=\"hidden\" NAME=\"random_num\" value=\"$random_num\">"


   ."<input type=\"hidden\" NAME=\"op\" value=\"login\">"


   ."<input type=\"submit\" VALUE=\""._LOGIN."\">"


   ."</td></tr></table>"


   ."</form>";


    CloseTable();


    include ("footer.php");


}





function gfx($random_num) {


    global $prefix, $db;


    require("config.php");


    $datekey = date("F j");


    $rcode = hexdec(md5($_SERVER[HTTP_USER_AGENT] . $sitekey . $random_num . $datekey));


    $code = substr($rcode, 2, 10);


    $image = ImageCreateFromJPEG("images/admin/code_bg.jpg");


    $text_color = ImageColorAllocate($image, 80, 80, 80);


    Header("Content-type: image/jpeg");


    ImageString ($image, 5, 6, 2, $code, $text_color);


    ImageJPEG($image, '', 100);


    ImageDestroy($image);


    die();

are there other references and/or files with the GFX code changes necessary to enable the increase - of the size of the security code.

I changed the 3 lines referenced above, increased the width of the code_bg.jpg (in my case: code_bg.png)

and although the security code was displayed and accepted with the increased length, . . . admin login was rejected.

In my case, as a test I increased the security code to 12 characters. When entering the code the status bar displays a 6 digit code, so that tells me there is another reference somewhere......but......doh!, I can't find it.

Site Admin/Owner Joined: Aug 27, 2002 Posts: 17088

You need to also change it in auth.php Smile

Posted: Wed Oct 29, 2003 9:41 am

ThanX. Works great!

Now, you don't need to answer this publicly 'cause I know there is a security reason, but....

When the page loads, and in the source of the page, a 6 digit security code is still generated.

I take it that is generated to help thwart a possible security problem?

Posted: Wed Oct 29, 2003 9:46 am

That is just a pointer reference Smile