Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- <?php
- error_reporting(E_ALL);
- session_name('admin');
- $cookieParams = session_get_cookie_params();
- session_set_cookie_params($cookieParams["lifetime"],$cookieParams["path"], $cookieParams["domain"], true,true);
- session_start();
- session_regenerate_id(true);
- $mysqli = new mysqli("212.1.208.130", "ijosh_collegesys", "qhBX_fo69VVX", "ijosh_collegesystem");
- if(isset($_POST["username"]) && isset($_POST["password"]) && !empty($_POST["username"]) && !empty($_POST["password"]) && !isset($_SESSION["username"]))
- {
- $stmt = $mysqli->stmt_init();
- $stmt = $mysqli->prepare('
- SELECT expirey FROM users
- WHERE username = ?
- AND password = ?
- AND admin = 1');
- $password = md5($_POST["password"]);
- $stmt->bind_param('ss', $_POST["username"], $password);
- $stmt->execute();
- $result = $stmt->get_result();
- if($result->num_rows == 1)
- {
- if(time() < $result->fetch_array(MYSQLI_NUM)[0])
- {
- $_SESSION["username"] = $_POST["username"];
- header('Location: admin.php');
- die();
- }
- else
- {
- $message = "Account is expired";
- }
- } else {
- $message = "Invalid Username Or Password! / Or Not an Administrator";
- }
- }
- elseif(isset($_GET["logout"]))
- {
- unset($_SESSION["username"]);
- }
- ?>
- <html>
- <head>
- <meta http-equiv="refresh" content="30" >
- <title>Admin Panel</title>
- <link rel="stylesheet" href="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/css/bootstrap.min.css" integrity="sha384-BVYiiSIFeK1dGmJRAkycuHAHRg32OmUcww7on3RYdg4Va+PmSTsz/K68vbdEjh4u" crossorigin="anonymous">
- <link rel="stylesheet" href="/css/style.css"/>
- <link rel="stylesheet" href="https://maxcdn.bootstrapcdn.com/font-awesome/4.7.0/css/font-awesome.min.css"/>
- <link href="/css/flag-icon.min.css" rel="stylesheet">
- </head>
- <body>
- <?php
- if(isset($_SESSION["username"]))
- {
- if(isset($_GET['ban']))
- {
- // BAN USER by ID
- $stmt = $mysqli->stmt_init();
- $stmt = $mysqli->prepare("UPDATE users SET status = '1' WHERE `id` = ? AND `id` != '1'");
- $stmt->bind_param('i', $_GET['ban']);
- $stmt->execute();
- }
- elseif(isset($_GET['unban']))
- {
- // Forgive USER by ID
- $stmt = $mysqli->stmt_init();
- $stmt = $mysqli->prepare("UPDATE users SET status = '0' WHERE `id` = ? AND `id` != '1'");
- $stmt->bind_param('i', $_GET['unban']);
- $stmt->execute();
- }
- if(isset($_POST['username']) && isset($_POST['password']) && !empty($_POST['username']) && !empty($_POST['password']))
- {
- // Make User a user
- $stmt = $mysqli->stmt_init();
- $stmt = $mysqli->prepare("INSERT INTO users (username, password, expirey, admin, status) VALUES (?, ?, ?, '0', '0')");
- $stmt->bind_param('sss', $_POST['username'], md5($_POST['password']), strtotime("+1 year", time()));
- $stmt->execute();
- }
- if(isset($_GET['mkadmin']))
- {
- // Make a user an Administrator by ID
- $stmt = $mysqli->stmt_init();
- $stmt = $mysqli->prepare("UPDATE users SET admin = '1' WHERE `id` = ?");
- $stmt->bind_param('i', $_GET['mkadmin']);
- $stmt->execute();
- }
- elseif(isset($_GET['mkuser']))
- {
- // Make a User no longer an Administrator by ID
- $stmt = $mysqli->stmt_init();
- $stmt = $mysqli->prepare("UPDATE users SET admin = '0' WHERE `id` = ?");
- $stmt->bind_param('i', $_GET['mkuser']);
- $stmt->execute();
- }elseif(isset($_GET['rmuser']))
- {
- $stmt = $mysqli->stmt_init();
- $stmt = $mysqli->prepare("DELETE FROM users WHERE id = ?");
- $stmt->bind_param('i', $_GET['rmuser']);
- $stmt->execute();
- }
- elseif(isset($_GET['setbypasstimer']))
- {
- // Set Timerlimt Bypass
- $stmt = $mysqli->stmt_init();
- $stmt = $mysqli->prepare("UPDATE users SET bypass_timer = '1' WHERE `id` = ?");
- $stmt->bind_param('i', $_GET['setbypasstimer']);
- $stmt->execute();
- }
- elseif(isset($_GET['unsetbypasstimer']))
- {
- // Unset Timerlimt Bypass
- $stmt = $mysqli->stmt_init();
- $stmt = $mysqli->prepare("UPDATE users SET bypass_timer = '0' WHERE `id` = ?");
- $stmt->bind_param('i', $_GET['unsetbypasstimer']);
- $stmt->execute();
- }
- elseif(isset($_GET['setbypassblacklist']))
- {
- // Set Blacklist Bypass
- $stmt = $mysqli->stmt_init();
- $stmt = $mysqli->prepare("UPDATE users SET bypass_blacklist = '1' WHERE `id` = ?");
- $stmt->bind_param('i', $_GET['setbypassblacklist']);
- $stmt->execute();
- }
- elseif(isset($_GET['unsetbypassblacklist']))
- {
- // Unset bypass Blacklist
- $stmt = $mysqli->stmt_init();
- $stmt = $mysqli->prepare("UPDATE users SET bypass_blacklist = '0' WHERE `id` = ?");
- $stmt->bind_param('i', $_GET['unsetbypassblacklist']);
- $stmt->execute();
- }
- elseif(isset($_GET['banddos']))
- {
- // Ban DDOS Access
- $stmt = $mysqli->stmt_init();
- $stmt = $mysqli->prepare("UPDATE users SET ddos_ban = '1' WHERE `id` = ?");
- $stmt->bind_param('i', $_GET['banddos']);
- $stmt->execute();
- }
- elseif(isset($_GET['unbanddos']))
- {
- // Unban DDOS Access
- $stmt = $mysqli->stmt_init();
- $stmt = $mysqli->prepare("UPDATE users SET ddos_ban = '0' WHERE `id` = ?");
- $stmt->bind_param('i', $_GET['unbanddos']);
- $stmt->execute();
- }
- ?>
- <div class="wrapper">
- <div class="container">
- <h1>Welcome back Administrator, <?php echo htmlentities($_SESSION["username"]); ?></h1>
- <table class="table">
- <thead>
- <tr>
- <th>Username</th>
- <th>Expiry</th>
- <th>Rights</th>
- <th>Status</th>
- <th>Bypass Blacklist</th>
- <th>Bypass Timerlimt</th>
- <th>DDOS ban</th>
- <th>Actions</th>
- </tr>
- </thead>
- <tbody>
- <?php
- $result = $mysqli->query('SELECT * FROM users');
- while ($row = $result->fetch_assoc()) {
- ?>
- <tr>
- <td><?php echo htmlentities($row['username']); ?></td>
- <td><?php echo ($row['expirey'] < time()) ? 'Expired' : gmdate("d-m-Y H:i:s", $row['expirey']);?></td>
- <td><?php echo ($row['admin'] == 0) ? '<a href="admin.php?mkadmin='.$row['id'].'">User</a>' : '<a href="admin.php?mkuser='.$row['id'].'">Admin</a>';?></td>
- <td><?php echo ($row['status'] == 1) ? '<a href="admin.php?unban='.$row['id'].'"><i style="color:red" class="fa fa-power-off" aria-hidden="true"></i></a>' : '<a href="admin.php?ban='.$row['id'].'"><i style="color:#88ff88" class="fa fa-power-off" aria-hidden="true"></i></a>';?></td>
- <td><?php echo ($row['bypass_blacklist'] == 1) ? '<a href="admin.php?unsetbypassblacklist='.$row['id'].'"><i style="color:green" class="fa fa-check" aria-hidden="true"></i>' : '<a href="admin.php?setbypassblacklist='.$row['id'].'"><i style="color:red" class="fa fa-times" aria-hidden="true"></i></a>';?></td>
- <td><?php echo ($row['bypass_timer'] == 1) ? '<a href="admin.php?unsetbypasstimer='.$row['id'].'"><i style="color:green" class="fa fa-clock-o" aria-hidden="true"></i></a></a>' : '<a href="admin.php?setbypasstimer='.$row['id'].'"><i style="color:red" class="fa fa-clock-o" aria-hidden="true"></i></a></a>';?></td>
- <td><?php echo ($row['ddos_ban'] == 1) ? '<a href="admin.php?unbanddos='.$row['id'].'"><i style="color:green" class="fa fa-check" aria-hidden="true"></i>' : '<a href="admin.php?banddos='.$row['id'].'"><i style="color:red" class="fa fa-times" aria-hidden="true"></i></a>';?></td>
- <td><a href="admin.php?rmuser=<?php echo $row['id']; ?>">Delete</a><select>
- </tr>
- <?php
- }
- ?>
- </tbody>
- </table>
- <h1>Add a User</h1>
- <form class="form-inline" method="post" name="create">
- <input name="username" type="text" placeholder="Username" class="form form-control"/>
- <input name="password" type="password" class="form form-control"/>
- <button type="submit" class="form form-control">Submit</button>
- </form>
- <h3>Logs</h3>
- <table class="table">
- <thead>
- <tr>
- <th>Username</th>
- <th>IP</th>
- <th>INPUT</th>
- <th>OUTPUT</th>
- <th>Action</th>
- </tr>
- </thead>
- <tbody>
- <?php
- $gi = geoip_open("/var/www/iJosh/public/GeoIP.dat", GEOIP_STANDARD);
- $result = $mysqli->query('SELECT * FROM `logs` ORDER BY `id` DESC;');
- while ($row = $result->fetch_assoc()) {
- $code = geoip_country_code_by_addr($gi, $row['customerip']);
- ?>
- <tr>
- <td><?php echo htmlentities($row['Customer']); ?></td>
- <td><?php echo htmlentities($row['customerip']) . '<span class="label label-default"><span class="flag-icon flag-icon-'.strtolower($code).'"></span> '.$code.'</span>'; ?></td>
- <td><?php echo htmlentities($row['inputed']); ?></td>
- <td><?php echo htmlentities($row['Resolved']); ?></td>
- <td><?php echo htmlentities($row['action']); ?></td>
- </tr>
- <?php
- }
- geoip_close($gi);
- ?>
- </tbody>
- <table class="table">
- <thead>
- <tr>
- <th>Username</th>
- <th>Attacks</th>
- <th>IP PORT</th>
- <th>Time</th>
- </tr>
- </thead>
- <tbody>
- <?php
- $result = $mysqli->query('SELECT * FROM users');
- while ($row = $result->fetch_assoc()) {
- ?>
- <tr>
- <td><?php echo htmlentities($row['username']); ?></td>
- <td><?php echo ($row['expirey'] < time()) ? 'Expired' : gmdate("d-m-Y H:i:s", $row['expirey']);?></td>
- <td><?php echo ($row['admin'] == 0) ? '<a href="admin.php?mkadmin='.$row['id'].'">User</a>' : '<a href="admin.php?mkuser='.$row['id'].'">Admin</a>';?></td>
- <td><?php echo ($row['status'] == 1) ? '<a href="admin.php?unban='.$row['id'].'"><i style="color:red" class="fa fa-power-off" aria-hidden="true"></i></a>' : '<a href="admin.php?ban='.$row['id'].'"><i style="color:#88ff88" class="fa fa-power-off" aria-hidden="true"></i></a>';?></td>
- <td><?php echo ($row['bypass_blacklist'] == 1) ? '<a href="admin.php?unsetbypassblacklist='.$row['id'].'"><i style="color:green" class="fa fa-check" aria-hidden="true"></i>' : '<a href="admin.php?setbypassblacklist='.$row['id'].'"><i style="color:red" class="fa fa-times" aria-hidden="true"></i></a>';?></td>
- <td><?php echo ($row['bypass_timer'] == 1) ? '<a href="admin.php?unsetbypasstimer='.$row['id'].'"><i style="color:green" class="fa fa-clock-o" aria-hidden="true"></i></a></a>' : '<a href="admin.php?setbypasstimer='.$row['id'].'"><i style="color:red" class="fa fa-clock-o" aria-hidden="true"></i></a></a>';?></td>
- <td><?php echo ($row['ddos_ban'] == 1) ? '<a href="admin.php?unbanddos='.$row['id'].'"><i style="color:green" class="fa fa-check" aria-hidden="true"></i>' : '<a href="admin.php?banddos='.$row['id'].'"><i style="color:red" class="fa fa-times" aria-hidden="true"></i></a>';?></td>
- <td><a href="admin.php?rmuser=<?php echo $row['id']; ?>">Delete</a><select>
- </tr>
- <?php
- }
- ?>
- </tbody>
- </table>
- </table>
- </div>
- </div>
- <?php
- }
- else
- {
- ?>
- <div class="wrapper">
- <div class="container">
- <h1>Welcome</h1>
- <form class="form" method="post">
- <input type="text" placeholder="Username" name="username">
- <input type="password" placeholder="Password" name="password">
- <button type="submit" id="login-button">Login</button>
- {!! csrf_field() !!}
- <?php
- if(isset($message))
- {
- echo "<span color='red'>".htmlentities($message)."</span>";
- }
- ?>
- </form>
- </div>
- <ul class="bg-bubbles">
- <li></li>
- <li></li>
- <li></li>
- <li></li>
- <li></li>
- <li></li>
- <li></li>
- <li></li>
- <li></li>
- <li></li>
- </ul>
- </div>
- <script src="//cdnjs.cloudflare.com/ajax/libs/jquery/2.1.3/jquery.min.js"></script>
- <script>
- $(document).ready(function(){
- function updatethisshitmaxddostime(this, id)
- {
- $.get("admin.php?updatemaxddostime=
- }
- $("#login-button").click(function(event){
- // event.preventDefault();
- $('form').fadeOut(500);
- $('.wrapper').addClass('form-success');
- });
- });
- </script>
- <?php
- }
- ?>
- </body>
- </html>
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement