Login Security Hole Information:
I recently hired a developer to code a joomla 1.5 / dolphin 7 login bridge so that the user could join on the dolphin (community) side of the website and could login on either the dolphin or joomla side of the website. However, the developer left a major security hole in the two websites. Here is the problem:
Here is the major security hole: you can use ANY password with one of the website's usernames to gain access to the dolphin community side of the website -- this EVEN works as admin! If you try to login to joomla and get the wrong password (you get an error message). Then, click on the Profile link at the top of the page and you will be redirected and logged in to the dolphin community side of the website as the user -- this EVEN works as admin where serious damage could be done to the website!
So, I need the above problem fixed on two joomla 1.5 / dolphin 7 websites. The positive thing about this is that the developer used great HTML comments to comment his work so we know which files were newly created and which ones, including database table, were modified! Please see below:
A. bridge table
The following information should help inform you what the previous web developer did to bridge the joomla and dolphin login. I will give you all of information that I can think of. Please ask any questions that you may have.
Here is the only database entry, it is the table dedicated to the joomla / dolphin bridge and it is named “bridge”. The “which” field can contain either the word joomla or dolphin. The “username” field contains an IP address. The “data” field contains the username:password:* (* means it can be blank, have a 0, or have a 1 after the colon). The “id” field is empty.
B. login files
There are several login-related files that I will list below and send via a .zip file which contains the login-related files (Of course, you will be given whatever permissions you need to do the job, e.g. FTP, etc). However, the main file is [login to view URL] which is located in the root directory of the website. As for the other files, I did a search for all files that were commented on via the former web developer. The list can be found below along with the comments:
• [login to view URL], main bridge file
• /community/[login to view URL], start / end reset password bridge
• /community/[login to view URL], start / end login bridge
• /community/[login to view URL], start / end login bridge
• /community/[login to view URL], start / end reset password bridge
• /community/inc/[login to view URL], register and log-in on joomla bridge
• /components/com_user/[login to view URL], bridge log-in
• /components/com_user/models/[login to view URL], bridge reset password
• /libraries/joomla/user/[login to view URL], bridge log-in
• /libraries/joomla/user/[login to view URL], bridge change password
Please let me know if you have any questions. I look forward to hearing from you!
Hi,
I have gone through your project requirement and found we can do this task easily. We have highly experienced in joomla & Dolphin Boonex.
Kindly send the project details so we can start.
Thanks,
webmask