Create an account

Very important

  • To access the important data of the forums, you must be active in each forum and especially in the leaks and database leaks section, send data and after sending the data and activity, data and important content will be opened and visible for you.
  • You will only see chat messages from people who are at or below your level.
  • More than 500,000 database leaks and millions of account leaks are waiting for you, so access and view with more activity.
  • Many important data are inactive and inaccessible for you, so open them with activity. (This will be done automatically)

0Day Forums Coding PHP [PHP]Secure page password protection

Thread Rating:
  • 816 Vote(s) - 3.51 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Options
[PHP]Secure page password protection

Offline tyrocidines441379


Valued member
***
Valued member
Posts: 0
Threads: 0
Joined: Mar 2018
Reputation: 0
Level: inf [Level]
Total Points: inf
Rank nan / 1
100% to upload Level
Rank
Activity inf / 1
99% to upload your Rank
Activity
Experience nan
100% to upload Experience
Experience

Points: 50
#1
07-24-2011, 02:33 AM
PHP Code:
<?php
echo "<body bgcolor=black>";

session_start(); //starts the session. you will get a PHPSESSID cookie

$admin_user_name "root"//Change this with the username you want
$admin_password "toor"//Change this with the password you want

if (!isset($HTTP_SESSION_VARS['user'])) { //If user is not blank

    if(isset($HTTP_POST_VARS['u_name']))  //If user is not blank

        $u_name $HTTP_POST_VARS['u_name']; //Set $u_name

    
    if(isset($HTTP_POST_VARS['u_password']))  //If password is not blank

        $u_password $HTTP_POST_VARS['u_password']; // Set Password

    
    if(!isset($u_name)) {

        ?>

        <HTML>

        <HEAD>

        <TITLE><?php echo $HTTP_SERVER_VARS['HTTP_HOST']; ?> : Authentication Required</TITLE>

        </HEAD>

        <BODY bgcolor=#ffffff>

        <table border=0 cellspacing=0 cellpadding=0 width=100%>

             <TR><TD>

             <font face=verdana size=2><B> </b> </font></td>

             </tr></table>

        <P></P>

        <font face=verdana size=2>

        <center>

        <?php

        $form_to "http://$HTTP_SERVER_VARS[HTTP_HOST]$HTTP_SERVER_VARS[PHP_SELF]";

        
        if(isset($HTTP_SERVER_VARS["QUERY_STRING"]))

        $form_to $form_to ."?"$HTTP_SERVER_VARS["QUERY_STRING"];

        
        ?>

        <form method=post action=<?php echo $form_to?>>

        <table border=0 width=350>

        <TR>

        <TD><font face=verdana size=2><B><font color=white>User Name</font></B></font></TD>

        <TD><font face=verdana size=2><input type=text name=u_name size=20></font></TD></TR>

        <TR>

        <TD><font face=verdana size=2><B><font color=white>Password</font></B></font></TD>

        <TD><font face=verdana size=2><input type=password name=u_password size=20></font></TD>

        </TR>

        </table>

        <input type=submit value=Login></form>

        </center>

        </font>

        </BODY>

        </HTML>

        <?php

        exit;

    }

    else {

        
        function login_error($host,$php_self) { //function for returning error page

            echo "<HTML><HEAD>

            <TITLE>$host :  Login</TITLE>

            </HEAD><BODY bgcolor=white>

            <table border=0 cellspacing=0 cellpadding=0 width=100%>

                 <TR><TD align=left>

                 <font color=white><font face=verdana size=2><B>  You Need to login to view this page. </b> </font></font></td>

                 </tr></table>

            <P></P>

            <font face=verdana size=2>

            <center>";

                        

            echo "Error: You are not Logged in!

            <font color=white><B><a href=$php_self>Click here</a></b> to login again.<P></font>

            </center>

            </font>

            </BODY>

            </HTML>";

            session_unregister("adb_password"); //Unregister's the password you entered from the session since its invalid

            session_unregister("user"); //Unregister's the username you entered from the session since its invalid

            exit;

        }

        

        $user_checked_passed false;

        

        

        if(isset($HTTP_SESSION_VARS['adb_password'])) { //if password is not blank

            

            $adb_session_password $HTTP_SESSION_VARS['adb_password'];

            $adb_session_user $HTTP_SESSION_VARS['user'];

            

        

            if($admin_password != $adb_session_password//if entered password not equal to the page password then

                login_error($HTTP_SERVER_VARS['HTTP_HOST'],$HTTP_SERVER_VARS['PHP_SELF']); //calls the login_error function

            else {

                $user_checked_passed true;

            }

        }

        

        

        if($user_checked_passed == false) {

            

            if(strlen($u_name)< 2

                login_error($HTTP_SERVER_VARS['HTTP_HOST'],$HTTP_SERVER_VARS['PHP_SELF']);

            

            if(isset($admin_password)) {

                

                if($admin_password == $u_password) {

                    

                    session_register("adb_password");

                    session_register("user");

                    

                    $adb_password $admin_password;

                    $user $u_name;

                }

                else { 

                    login_error($HTTP_SERVER_VARS['HTTP_HOST'],$HTTP_SERVER_VARS['PHP_SELF']);

                                //logs ip to iplog.txt for more security of who wanted to access the page
                                $fp fopen('IPLog.txt''a');
                                fwrite($fp$_SERVER['REMOTE_ADDR']." Accessed at ".date("j F, Y, g:i a")."\n"); 
                                fclose($fp);

                }

            }

            else {

                login_error($HTTP_SERVER_VARS['HTTP_HOST'],$HTTP_SERVER_VARS['PHP_SELF']);

                                //logs ip to iplog.txt for more security of who wanted to access the page
                                $fp fopen('IPLog.txt''a');
                                fwrite($fp$_SERVER['REMOTE_ADDR']." Accessed at ".date("j F, Y, g:i a")."\n"); 
                                fclose($fp);
            }

                
            $page_location $HTTP_SERVER_VARS['PHP_SELF'];

            if(isset($HTTP_SERVER_VARS["QUERY_STRING"]))

            $page_location $page_location ."?"$HTTP_SERVER_VARS["QUERY_STRING"];

            header ("Location: "$page_location);

        }
    }
}

?>

Which was also used in PHP keylogger v5.


Enjoy
Reply

Offline ganoidei201731


Member
*
Member
Posts: 0
Threads: 0
Joined: Sep 2021
Reputation: 0
Level: inf [Level]
Total Points: inf
Rank nan / 1
100% to upload Level
Rank
Activity inf / 1
99% to upload your Rank
Activity
Experience nan
100% to upload Experience
Experience

Points: 50
#2
07-24-2011, 03:24 AM
this is aloso like istealer php
Reply

Offline elgar585


Luxury
*****
Luxury
Posts: 0
Threads: 0
Joined: Oct 2016
Reputation: 0
Level: inf [Level]
Total Points: inf
Rank nan / 1
100% to upload Level
Rank
Activity inf / 1
99% to upload your Rank
Activity
Experience nan
100% to upload Experience
Experience

Points: 50
#3
08-06-2011, 06:15 AM
A few things I have noticed...

The long names for superglobals are depricated. Short names were introduced early in PHP4 and the long names were disabled by default in PHP5 and will be removed completely in PHP6... so $HTTP_SESSION_VARS should be $_SESSION and $HTTP_POST_VARS should be $_POST... etc...

PHP Code:
if (!isset($HTTP_SESSION_VARS['user'])) { //If user is not blank 
I'm assuming that comment is incorrect.

session_register and session_unregister have been depricated in place of the $_SESSION[] superglobal.

PHP Code:
else { 

                    login_error($HTTP_SERVER_VARS['HTTP_HOST'],$HTTP_SERVER_VARS['PHP_SELF']);

                                //logs ip to iplog.txt for more security of who wanted to access the page
                                $fp fopen('IPLog.txt''a');
                                fwrite($fp$_SERVER['REMOTE_ADDR']." Accessed at ".date("j F, Y, g:i a")."\n"); 
                                fclose($fp);

                } 
This is used twice consecutively. It will only be to your benefit to move that to a function and replace those blocks with the function call.
Reply

Offline strammer747404


Valued member
***
Valued member
Posts: 0
Threads: 0
Joined: Jan 2023
Reputation: 0
Level: inf [Level]
Total Points: inf
Rank nan / 1
100% to upload Level
Rank
Activity inf / 1
99% to upload your Rank
Activity
Experience nan
100% to upload Experience
Experience

Points: 50
#4
08-26-2011, 05:21 PM
thanks bro got this uploaded
Reply

« Next Oldest
Next Newest »


Forum Jump:


Users browsing this thread:
1 Guest(s)

©0Day  2016 - 2023 | All Rights Reserved.  Made with    for the community. Connected through