Welcome Guest. Please Login or Register  


You are here: Index > Softaculous Auto Installer > General Support > Topic : Auto login WordPress



Threaded Mode | Print  

 Auto login WordPress, File found as malware by Imunify (1 Replies, Read 668 times)
Floffy
Group: Member
Post Group: Newbie
Posts: 20
Status:
Hello,

Imunify360 found a file from you that was marked as malware. The content of the file:

Code
<?php
@unlink(__FILE__);

// Validate if the request is from Softaculous
if($_REQUEST['pass'] != 'hsniaemokfj7tzvmdge2mphcterbbsne'){
    die("Unauthorized Access");
}

require('wp-blog-header.php');
require('wp-includes/pluggable.php');
$user_info = get_userdata(1);
// Automatic login //
$username = $user_info->user_login;
$user = get_user_by('login', $username );
// Redirect URL //
if ( !is_wp_error( $user ) )
{
    wp_clear_auth_cookie();
    wp_set_current_user ( $user->ID );
    wp_set_auth_cookie  ( $user->ID );

    $redirect_to = user_admin_url();
    wp_safe_redirect( $redirect_to );

    exit();
}


If I remove WP install from softaculous records and import it again it does create a file with name:
sapp-wp-signon.php

With this content:
Code
<?php
@unlink(__FILE__);

// Validate if the request is from Softaculous
if($_REQUEST['pass'] != 'sxuvrczvqqgxyubpnyo1amg8uqvgnwkv'){
    die("Unauthorized Access");
}

require('wp-blog-header.php');
require('wp-includes/pluggable.php');

$signon_user = '';

//Backword compatibility ($__setting['signon_username'] won't be there in previous versions <= 5.2.3)
if(!empty($signon_user) && !preg_match('/^\[\[(.*?)\]\]$/is', $signon_user)){
    $user = get_user_by('login', $signon_user);
}else{
    $user_info = get_userdata(1);
    // Automatic login //
    $username = $user_info->user_login;
    $user = get_user_by('login', $username);
}

// Redirect URL //
if ( !is_wp_error( $user ) )
{
    wp_clear_auth_cookie();
    wp_set_current_user ( $user->ID );
    wp_set_auth_cookie  ( $user->ID );

    $redirect_to = user_admin_url();
    wp_safe_redirect( $redirect_to );

    exit();
}


I was not able to auto login to the site after the import. I also tried a couple of other sites/customers and auto login is not working anymore?!

I also found this:
https://gist.github.com/bi0xid/60803a9cca862888b15d94bf46774fb3

Please check this asap.
IP: --   

Auto login WordPress
salman
Group: Softaculous Team
Post Group: Working Newbie
Posts: 52
Status:
Hi,

Can you please open support ticket with us so we can check the issue for you:
https://softaculous.deskuss.com

Edited by salman : July 5, 2019, 11:52 am
IP: --   

« Previous    Next »

Threaded Mode | Print  



Jump To :


Users viewing this topic
1 guests, 0 users.


All times are GMT. The time now is October 14, 2019, 6:00 pm.

  Powered By AEF 1.0.8 © 2007-2008 Electron Inc.Queries: 10  |  Page Created In:1.274