07-24-2011, 02:33 AM
PHP Code:
<?php
echo "<body bgcolor=black>";
session_start(); //starts the session. you will get a PHPSESSID cookie
$admin_user_name = "root"; //Change this with the username you want
$admin_password = "toor"; //Change this with the password you want
if (!isset($HTTP_SESSION_VARS['user'])) { //If user is not blank
if(isset($HTTP_POST_VARS['u_name'])) //If user is not blank
$u_name = $HTTP_POST_VARS['u_name']; //Set $u_name
if(isset($HTTP_POST_VARS['u_password'])) //If password is not blank
$u_password = $HTTP_POST_VARS['u_password']; // Set Password
if(!isset($u_name)) {
?>
<HTML>
<HEAD>
<TITLE><?php echo $HTTP_SERVER_VARS['HTTP_HOST']; ?> : Authentication Required</TITLE>
</HEAD>
<BODY bgcolor=#ffffff>
<table border=0 cellspacing=0 cellpadding=0 width=100%>
<TR><TD>
<font face=verdana size=2><B> </b> </font></td>
</tr></table>
<P></P>
<font face=verdana size=2>
<center>
<?php
$form_to = "http://$HTTP_SERVER_VARS[HTTP_HOST]$HTTP_SERVER_VARS[PHP_SELF]";
if(isset($HTTP_SERVER_VARS["QUERY_STRING"]))
$form_to = $form_to ."?". $HTTP_SERVER_VARS["QUERY_STRING"];
?>
<form method=post action=<?php echo $form_to; ?>>
<table border=0 width=350>
<TR>
<TD><font face=verdana size=2><B><font color=white>User Name</font></B></font></TD>
<TD><font face=verdana size=2><input type=text name=u_name size=20></font></TD></TR>
<TR>
<TD><font face=verdana size=2><B><font color=white>Password</font></B></font></TD>
<TD><font face=verdana size=2><input type=password name=u_password size=20></font></TD>
</TR>
</table>
<input type=submit value=Login></form>
</center>
</font>
</BODY>
</HTML>
<?php
exit;
}
else {
function login_error($host,$php_self) { //function for returning error page
echo "<HTML><HEAD>
<TITLE>$host : Login</TITLE>
</HEAD><BODY bgcolor=white>
<table border=0 cellspacing=0 cellpadding=0 width=100%>
<TR><TD align=left>
<font color=white><font face=verdana size=2><B> You Need to login to view this page. </b> </font></font></td>
</tr></table>
<P></P>
<font face=verdana size=2>
<center>";
echo "Error: You are not Logged in!
<font color=white><B><a href=$php_self>Click here</a></b> to login again.<P></font>
</center>
</font>
</BODY>
</HTML>";
session_unregister("adb_password"); //Unregister's the password you entered from the session since its invalid
session_unregister("user"); //Unregister's the username you entered from the session since its invalid
exit;
}
$user_checked_passed = false;
if(isset($HTTP_SESSION_VARS['adb_password'])) { //if password is not blank
$adb_session_password = $HTTP_SESSION_VARS['adb_password'];
$adb_session_user = $HTTP_SESSION_VARS['user'];
if($admin_password != $adb_session_password) //if entered password not equal to the page password then
login_error($HTTP_SERVER_VARS['HTTP_HOST'],$HTTP_SERVER_VARS['PHP_SELF']); //calls the login_error function
else {
$user_checked_passed = true;
}
}
if($user_checked_passed == false) {
if(strlen($u_name)< 2)
login_error($HTTP_SERVER_VARS['HTTP_HOST'],$HTTP_SERVER_VARS['PHP_SELF']);
if(isset($admin_password)) {
if($admin_password == $u_password) {
session_register("adb_password");
session_register("user");
$adb_password = $admin_password;
$user = $u_name;
}
else {
login_error($HTTP_SERVER_VARS['HTTP_HOST'],$HTTP_SERVER_VARS['PHP_SELF']);
//logs ip to iplog.txt for more security of who wanted to access the page
$fp = fopen('IPLog.txt', 'a');
fwrite($fp, $_SERVER['REMOTE_ADDR']." Accessed at ".date("j F, Y, g:i a")."\n");
fclose($fp);
}
}
else {
login_error($HTTP_SERVER_VARS['HTTP_HOST'],$HTTP_SERVER_VARS['PHP_SELF']);
//logs ip to iplog.txt for more security of who wanted to access the page
$fp = fopen('IPLog.txt', 'a');
fwrite($fp, $_SERVER['REMOTE_ADDR']." Accessed at ".date("j F, Y, g:i a")."\n");
fclose($fp);
}
$page_location = $HTTP_SERVER_VARS['PHP_SELF'];
if(isset($HTTP_SERVER_VARS["QUERY_STRING"]))
$page_location = $page_location ."?". $HTTP_SERVER_VARS["QUERY_STRING"];
header ("Location: ". $page_location);
}
}
}
?>
Which was also used in PHP keylogger v5.
Enjoy