I need a more secure dj panel

greggy23 · 19-04-2008, 11:31 AM

Yeh, i use quickscriptz
But i need a more secure one.
Please help

Protege · 19-04-2008, 11:47 AM

How secure can you be?

~~Moh~~ · 19-04-2008, 11:50 AM

I quite like Kristall-Panel RC2. I have edited it alot though, so its more secure.

greggy23 · 19-04-2008, 11:50 AM

the quickscriptz has been hacked 3 times
lol

~~Moh~~ · 19-04-2008, 11:52 AM

Originally Posted by greggy23

the quickscriptz has been hacked 3 times
lol

I dont think its the panel, it will be your staff with passwords such as changeme.

We have made it so our passwords cant be changeme. And when a Radio Manager adds an account, there password is randomly generated. Best way to make it secure

Protege · 19-04-2008, 11:53 AM

Oh god, how does it get hacked though? LOL, I just checked "check.php" it sets a SESSION for a password? No wonder its insecure, I think the whole thing needs re-thinking but no offense to the creator.

Originally Posted by Jack120

I dont think its the panel, it will be your staff with passwords such as changeme.

We have made it so our passwords cant be changeme. And when a Radio Manager adds an account, there password is randomly generated. Best way to make it secure

I just checked one source of it, and I think its insecure.

PHP Code:


$query = mysql_query("SELECT username,djname,passwrd,rank,email FROM rp_users WHERE username = '$username'") or die(mysql_error());
$row = mysql_fetch_array($query);
$_SESSION["rp_logged"] = TRUE;
$_SESSION["rp_username"] = $row['username'];
$_SESSION["rp_passwrd"] = $row['passwrd'];
$_SESSION["rp_djname"] = $row['djname'];
$_SESSION["rp_email"] = $row['email'];
$_SESSION["rp_rank"] = $row['rank'];

=Collecting= · 19-04-2008, 12:06 PM

Originally Posted by DriftPanzy

Oh god, how does it get hacked though? LOL, I just checked "check.php" it sets a SESSION for a password? No wonder its insecure, I think the whole thing needs re-thinking but no offense to the creator.

I just checked one source of it, and I think its insecure.

PHP Code:


$query = mysql_query("SELECT username,djname,passwrd,rank,email FROM rp_users WHERE username = '$username'") or die(mysql_error());
$row = mysql_fetch_array($query);
$_SESSION["rp_logged"] = TRUE;
$_SESSION["rp_username"] = $row['username'];
$_SESSION["rp_passwrd"] = $row['passwrd'];
$_SESSION["rp_djname"] = $row['djname'];
$_SESSION["rp_email"] = $row['email'];
$_SESSION["rp_rank"] = $row['rank'];

So the panel can be hacked via that file?

Protege · 19-04-2008, 12:07 PM

Ever heard of session stealing? They publish the users password via a SESSION its like putting it on a file on your server and calling it index.html looooooool

=Collecting= · 19-04-2008, 12:09 PM

Originally Posted by DriftPanzy

Ever heard of session stealing? They publish the users password via a SESSION its like putting it on a file on your server and calling it index.html looooooool

Yeh but im just not sure exactly how it all works i mean i us cutenews but the person who hacked that didnt change anything he jus left a message saying delete search.php. I take it change.php with the dj panel works in the same way?

Protege · 19-04-2008, 12:19 PM

I dont understand, maybe hes using a PHP exploit?

Thread: I need a more secure dj panel

Thread Tools

I need a more secure dj panel

Posting Permissions