web security in suse linux environment

web security in suse linux environment

i've developed a system where only registered user can access it. I use session to control the user login process and also for system security which means any unregistered user can't log on the system and the system should cannot bypass the next url without login first.


I've run this system on windows and it's working.But when i run on OES(open enterprise server), a warning error come out on every page after login.The system also can accessed without login. It pass all the url after login page.

***********************************************************
WARNING ERROR ON OES(open enterprise server):

Warning: Cannot modify header information - headers already sent by (output started at /srv/www/htdocs/epantau/index.php:13) in /srv/www/htdocs/epantau/incSession.php on line 4


***********************************************************
Can anyone help me..Sad



Here's the code::


Login.php
**********************************************************
<html>
<head>
<title>Login</title>
<meta http-equiv="Content-Type" content="text/html; charset=gb2312">
<script>


function changeScrollbarColor(C){
if (document.all){
document.body.style.scrollbarBaseColor = C
}
}

</script>
<style>
body{
scrollbar-base-color:#F0D9A4
}
</style>

<style type="text/css">
<!--
-->

body {
margin-top:100px;

}
</style>
</head>

<body bgcolor="#FAEDCF">
<form action="dblogin.php" method="post">
<div align="center">
<table width="545" border="2" bgcolor="#FFFFFF">
<tr bgcolor="#F0D9A4">
<td colspan="2"><div align="center"><font color="#000000" size="4" face="Arial, Helvetica, sans-serif">
<strong>LOGIN</strong></font></div></td>
</tr>
<tr>
<td colspan="2">
<div align="right">
<table width="100%" border="0"bgcolor="#F8E3B8">
<tr>
<td colspan="2">
</tr>
<tr>
<td>&nbsp;</td>
<td>&nbsp;</td>
</tr>
<tr>
<td width="46%">&nbsp;</td>
<td width="54%"></td>
</tr>
<tr>
<td><div align="right"><strong><font size="2" face="Arial, Helvetica, sans-serif">User Id:</font></strong></div></td>
<td><strong><font size="2" face="Arial, Helvetica, sans-serif">
<input type="text" name="email">
</font></strong></td>
</tr>
<tr>
<td><div align="right"><strong><font size="2" face="Arial, Helvetica, sans-serif">Password:</font></strong></div></td>
<td><strong><font size="2" face="Arial, Helvetica, sans-serif">
<input type="password" name="password">
</font></strong></td>
</tr>
<tr>
<td>&nbsp;</td>
<td>&nbsp;</td>
</tr>
<tr>
<td>&nbsp;</td>
<td><input type="submit" name="submit" value="Login"> <input type="submit" name="reset" value="Batal"></td>
</tr>
<tr>
<td>&nbsp;</td>
<td>&nbsp;</td>
</tr>
<tr>
<td>&nbsp;</td>
<td><input type="hidden" name="psRefer" value="<? echo($refer) ?>">
<font size="2" face="Arial, Helvetica, sans-serif"><strong></strong></font></td>
</tr>
</table>
</div>
</td>
</tr>
</table>
</div>
</body>
</html>
********************************************************



dblogin.php
*********************************************************
<?
$db="upentrg";
$table="login";


if($email == '' || $password == '')
{
header('Location:login.php?refer='.urlencode($psRefer));
}
else
{
$con=mysql_connect("localhost","root","");
mysql_select_db($db,$con);


$q="select id, MD5(UNIX_TIMESTAMP() + id + RAND(UNIX_TIMESTAMP())) GUID from $table where email='$email' AND password='$password'";

$rslt=mysql_query($q,$con);

if(mysql_num_rows($rslt))
{
$prslt=mysql_fetch_row($rslt);

$q="update $table set GUID='$prslt[1]'
WHERE id = $prslt[0]";
mysql_query($q,$con);

setcookie("session_id",$prslt[1]);

if(!$psRefer)
$psRefer='index.php';
header('Location:'.$psRefer);
}
else
{
header('Location:login.php?refer='.urlencode($psRefer));
}
}

?>

***********************************************************



incSession.php
***********************************************************
<?php
// Check for a cookie, if none got to login page
if(!isset($HTTP_COOKIE_VARS['session_id'])) {
header('Location:login.php?refer='.urlencode($PHP_SELF.'?'.$HTTP_SERVER_VARS['QUERY_STRING']));
}

$expirationtime=time()-12000;

// Try to find a match in the database
$GUID = $HTTP_COOKIE_VARS['session_id'];
$hDB = mysql_connect("localhost","root","");
mysql_select_db('upentrg', $hDB);

$sQuery = "
Select id,masa
From login
Where GUID = '$GUID' OR masa < '$expirationtime'";

$hResult = mysql_query($sQuery, $hDB);

if(!mysql_num_rows($hResult)) {
// No match for guid
header('Location:login.php?refer='.urlencode($PHP_SELF.'?'.$HTTP_SERVER_VARS['QUERY_STRING']));
}
?>
******************************************************


index.php
*******************************************************
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html><head><!-- Provided by MyFreeTemplates.com -->
<title>ePantau</title>

<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">

<meta name="keywords" content="Keywords here">

<meta name="description" content="Description here">

<meta name="Author" content="MyFreeTemplates.com">

<meta name="robots" content="index, follow">
<!-- (Robot commands: All, None, Index, No Index, Follow, No Follow) -->
<meta name="revisit-after" content="30 days">

<meta name="distribution" content="global">

<meta name="rating" content="general">

<meta name="Content-Language" content="english">

<script language="JavaScript" type="text/JavaScript" src="images/myfreetemplates.js"></script>
<script language="JavaScript" src="images/menu.js" type="text/JavaScript"></script>
<link href="images/myfreetemplates.css" rel="stylesheet" type="text/css">

<script language="JavaScript" src="images/mm_menu.js"></script>
<style type="text/css">
A.linka:link{font-family: "Trebuchet MS", Arial, Verdana;font-size: 8pt;font-weight: normal;color: #006699;text-decoration: none;}
A.linka:visited{font-family: "Trebuchet MS", Arial, Verdana;font-size: 8pt;font-weight: normal;color: #006699;text-decoration: none;}
A.linka:hover{font-family: "Trebuchet MS", Arial, Verdana;font-size: 8pt;font-weight: normal;color: #ff6600;text-decoration: underline;}
A.toplink:link {font-family: "Trebuchet MS", Arial, Verdana;font-size: 8pt;font-weight: normal;color: #FFFFFF;letter-spacing: 1px;text-decoration: none;}
A.toplink:visited {font-family: "Trebuchet MS", Arial, Verdana;font-size: 8pt;font-weight: normal;color: #FFFFFF;letter-spacing: 1px;text-decoration: none;}
A.toplink:hover {font-family: "Trebuchet MS", Arial, Verdana;font-size: 8pt;font-weight: bold;color: #FFCC0C;letter-spacing: 1px;text-decoration: none;}
A.tmaroon:link {font-family: "Trebuchet MS", Arial, Verdana;font-size: 8pt;font-weight: bold;color: #000000;text-decoration: none;}
A.tmaroon:visited {font-family: "Trebuchet MS", Arial, Verdana;font-size: 8pt;font-weight: bold;color: #000000;text-decoration: none;}
A.tmaroon:hover {font-family: "Trebuchet MS", Arial, Verdana;font-size: 8pt;font-weight: bold;color: red;text-decoration: underline;}
</style></head>
<?
require('incSession.php');
?>
<body leftmargin="0" topmargin="0" onload="MM_preloadImages('images/btn_main_dn.gif','images/btn_aboutus_dn.gif','images/btn_contact_dn.gif','images/btn_services_dn.gif')" marginheight="0" marginwidth="0">
<script language="JavaScript1.2">mmLoadMenus();</script>
<img src="images/spacer.gif" height="1" width="589">
<table align="center" border="0" cellpadding="0" cellspacing="0" height="100%" width="934">

<tbody>
<tr>
<td height="62" width="186">
<a href="http://www.myfreetemplates.com"><img src="images/toplogo.gif" alt="" border="0" height="62" width="186"></a></td>
<td colspan="3" background="images/topbg.gif" height="62" width="1006">&nbsp; </td>
</tr>
<tr>
<td colspan="4" background="images/base2.gif" height="24">
<table border="0" cellpadding="0" cellspacing="0" width="775">
<tbody>
<tr>
<td height="37">&nbsp;</td>
<td>&nbsp;</td>
<td>&nbsp;</td>
<td> </td>
<td>&nbsp;</td>
<td>&nbsp;</td>
<td>&nbsp;</td>
<td>
</td><td></td>
<td colspan="2" align="center">
<strong><font color="#ffffff"><a href="usermenu.php?" class="toplink">Penyelenggaraan Pengguna</a></font></strong> </td>
</tr>
</tbody>
</table>
</td>
</tr>
<tr>
<td height="114" width="186"><table border="0" cellpadding="0" cellspacing="0" width="136">
<tbody>
<tr>
<td style="border-top: 1px dotted rgb(166, 189, 242); padding-top: 4px; padding-bottom: 14px;"><strong> <a href="eis/index.php" class="sidetable">ePantau EIS</a></strong></td>
</tr>
<tr>
<td style="border-top: 1px dotted rgb(166, 189, 242); padding-top: 4px; padding-bottom: 14px;"><strong> <a href="pms/home.php" class="sidetable">ePantau PMS</a></strong></td>
</tr>
<tr>
<td style="border-top: 1px dotted rgb(166, 189, 242); padding-top: 4px; padding-bottom: 14px;"><strong> <a href="#" class="sidetable"><br>
</a></strong></td>
</tr>
<tr>
<td style="border-top: 1px dotted rgb(166, 189, 242); padding-top: 4px; padding-bottom: 14px;"><strong> <a href="#" class="sidetable"><br>
</a></strong></td>
</tr>
</tbody>
</table>
<p class="link"><a href="logout.php">Logout</a></p></td>
<td colspan="3" height="114"><table border="0" height="77" width="125">
<tbody><tr>
<td><div align="right"><img src="images/pemandangan740baru.jpg" height="289" width="741"></div></td>
</tr>
</tbody></table></td>
</tr>
<tr valign="top">
<td style="border-right: 1px dotted; padding-left: 19px;" height="233" width="186">&nbsp; </td>
<td colspan="3" style="padding-left: 12px; padding-top: 7px;">
<h1 style="margin: 0pt;">::
Selamat Datang ::</h1>
<br>
<span style="font-family: Arial;"><big>Sistem
ePantau adalah sebuah sistem yang memantau Projek-projek yang
dijalankan di negeri terengganu. Di samping itu, sistem ini juga
memantau sistem-sistem yang terdapat di Pejabat-pejabat Kerajaan negeri
Terengganu.</big></span>
<p><big>&nbsp;</big></p>
<table border="0" height="117" width="732">
<tbody><tr>
<td height="24"><div align="center">Diilhamkan oleh: </div></td>
<td> <div align="center">Diselenggarakan oleh:</div></td>
<td><div align="center">Dibangunkan oleh: </div></td>
<td><div align="center">Powered by:</div></td>
<td>&nbsp;</td>
<td>&nbsp;</td>
</tr>
<tr>
<td height="87" width="141"><div align="center"><img src="images/mb.jpg" height="85" width="68"></div></td>
<td width="179"><div align="center"><img src="images/logoupmn.gif" height="50" width="82"></div></td>
<td width="144"><div align="center"><img src="images/logo_cerdasvest1.jpg" height="51" width="63"></div></td>
<td width="79"><img src="images/suse_91_welcome.jpg" height="82" width="72"></td>
<td width="69"><img src="images/dell_logo.jpg" height="42" width="58"></td>
<td width="94"><img src="images/novell_logo.gif" height="42" width="39"> </td>
</tr>
</tbody></table></td>
</tr>
<tr>
<td colspan="4" height="18">&nbsp;</td>
</tr>
<tr>
<td colspan="4" background="images/base2.gif" height="22">&nbsp;</td>
</tr>
</tbody>
</table>

</body></html>














































































































































































































































































































































        New to M365 Manager Plus?
        New to M365 Manager Plus?
          New to RecoveryManager Plus?
          New to RecoveryManager Plus?
            New to Exchange Reporter Plus?
            New to Exchange Reporter Plus?
              New to SharePoint Manager Plus?
              New to SharePoint Manager Plus?
                See all integrations
                New to ADManager Plus?
                See all integrations
                New to ADManager Plus?

                  New to ADSelfService Plus?

                  Start your free trial
                  Start your free trial

                        Related Products