API tools faq
paste
Advertisement
Guest User

Untitled

a guest
Sep 11th, 2017
109
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 14.22 KB | None | 0 0
raw download clone embed print report
  1. <?php
  2. error_reporting(E_ALL);
  3. session_name('admin');
  4. $cookieParams = session_get_cookie_params();
  5. session_set_cookie_params($cookieParams["lifetime"],$cookieParams["path"], $cookieParams["domain"], true,true);
  6. session_start();
  7. session_regenerate_id(true);
  8.  
  9. $mysqli = new mysqli("212.1.208.130", "ijosh_collegesys", "qhBX_fo69VVX", "ijosh_collegesystem");
  10. if(isset($_POST["username"]) && isset($_POST["password"]) && !empty($_POST["username"]) && !empty($_POST["password"]) && !isset($_SESSION["username"]))
  11. {
  12. $stmt = $mysqli->stmt_init();
  13. $stmt = $mysqli->prepare('
  14. SELECT expirey FROM users
  15. WHERE username = ?
  16. AND password = ?
  17. AND admin = 1');
  18. $password = md5($_POST["password"]);
  19. $stmt->bind_param('ss', $_POST["username"], $password);
  20. $stmt->execute();
  21. $result = $stmt->get_result();
  22. if($result->num_rows == 1)
  23. {
  24. if(time() < $result->fetch_array(MYSQLI_NUM)[0])
  25. {
  26. $_SESSION["username"] = $_POST["username"];
  27. header('Location: admin.php');
  28. die();
  29. }
  30. else
  31. {
  32. $message = "Account is expired";
  33. }
  34. } else {
  35. $message = "Invalid Username Or Password! / Or Not an Administrator";
  36. }
  37. }
  38. elseif(isset($_GET["logout"]))
  39. {
  40. unset($_SESSION["username"]);
  41. }
  42. ?>
  43. <html>
  44. <head>
  45. <meta http-equiv="refresh" content="30" >
  46. <title>Admin Panel</title>
  47. <link rel="stylesheet" href="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/css/bootstrap.min.css" integrity="sha384-BVYiiSIFeK1dGmJRAkycuHAHRg32OmUcww7on3RYdg4Va+PmSTsz/K68vbdEjh4u" crossorigin="anonymous">
  48. <link rel="stylesheet" href="/css/style.css"/>
  49. <link rel="stylesheet" href="https://maxcdn.bootstrapcdn.com/font-awesome/4.7.0/css/font-awesome.min.css"/>
  50. <link href="/css/flag-icon.min.css" rel="stylesheet">
  51. </head>
  52. <body>
  53. <?php
  54. if(isset($_SESSION["username"]))
  55. {
  56. if(isset($_GET['ban']))
  57. {
  58. // BAN USER by ID
  59. $stmt = $mysqli->stmt_init();
  60. $stmt = $mysqli->prepare("UPDATE users SET status = '1' WHERE `id` = ? AND `id` != '1'");
  61. $stmt->bind_param('i', $_GET['ban']);
  62. $stmt->execute();
  63. }
  64. elseif(isset($_GET['unban']))
  65. {
  66. // Forgive USER by ID
  67. $stmt = $mysqli->stmt_init();
  68. $stmt = $mysqli->prepare("UPDATE users SET status = '0' WHERE `id` = ? AND `id` != '1'");
  69. $stmt->bind_param('i', $_GET['unban']);
  70. $stmt->execute();
  71. }
  72. if(isset($_POST['username']) && isset($_POST['password']) && !empty($_POST['username']) && !empty($_POST['password']))
  73. {
  74. // Make User a user
  75. $stmt = $mysqli->stmt_init();
  76. $stmt = $mysqli->prepare("INSERT INTO users (username, password, expirey, admin, status) VALUES (?, ?, ?, '0', '0')");
  77. $stmt->bind_param('sss', $_POST['username'], md5($_POST['password']), strtotime("+1 year", time()));
  78. $stmt->execute();
  79. }
  80. if(isset($_GET['mkadmin']))
  81. {
  82. // Make a user an Administrator by ID
  83. $stmt = $mysqli->stmt_init();
  84. $stmt = $mysqli->prepare("UPDATE users SET admin = '1' WHERE `id` = ?");
  85. $stmt->bind_param('i', $_GET['mkadmin']);
  86. $stmt->execute();
  87. }
  88. elseif(isset($_GET['mkuser']))
  89. {
  90. // Make a User no longer an Administrator by ID
  91. $stmt = $mysqli->stmt_init();
  92. $stmt = $mysqli->prepare("UPDATE users SET admin = '0' WHERE `id` = ?");
  93. $stmt->bind_param('i', $_GET['mkuser']);
  94. $stmt->execute();
  95. }elseif(isset($_GET['rmuser']))
  96. {
  97. $stmt = $mysqli->stmt_init();
  98. $stmt = $mysqli->prepare("DELETE FROM users WHERE id = ?");
  99. $stmt->bind_param('i', $_GET['rmuser']);
  100. $stmt->execute();
  101. }
  102. elseif(isset($_GET['setbypasstimer']))
  103. {
  104. // Set Timerlimt Bypass
  105. $stmt = $mysqli->stmt_init();
  106. $stmt = $mysqli->prepare("UPDATE users SET bypass_timer = '1' WHERE `id` = ?");
  107. $stmt->bind_param('i', $_GET['setbypasstimer']);
  108. $stmt->execute();
  109. }
  110. elseif(isset($_GET['unsetbypasstimer']))
  111. {
  112. // Unset Timerlimt Bypass
  113. $stmt = $mysqli->stmt_init();
  114. $stmt = $mysqli->prepare("UPDATE users SET bypass_timer = '0' WHERE `id` = ?");
  115. $stmt->bind_param('i', $_GET['unsetbypasstimer']);
  116. $stmt->execute();
  117. }
  118. elseif(isset($_GET['setbypassblacklist']))
  119. {
  120. // Set Blacklist Bypass
  121. $stmt = $mysqli->stmt_init();
  122. $stmt = $mysqli->prepare("UPDATE users SET bypass_blacklist = '1' WHERE `id` = ?");
  123. $stmt->bind_param('i', $_GET['setbypassblacklist']);
  124. $stmt->execute();
  125. }
  126. elseif(isset($_GET['unsetbypassblacklist']))
  127. {
  128. // Unset bypass Blacklist
  129. $stmt = $mysqli->stmt_init();
  130. $stmt = $mysqli->prepare("UPDATE users SET bypass_blacklist = '0' WHERE `id` = ?");
  131. $stmt->bind_param('i', $_GET['unsetbypassblacklist']);
  132. $stmt->execute();
  133. }
  134. elseif(isset($_GET['banddos']))
  135. {
  136. // Ban DDOS Access
  137. $stmt = $mysqli->stmt_init();
  138. $stmt = $mysqli->prepare("UPDATE users SET ddos_ban = '1' WHERE `id` = ?");
  139. $stmt->bind_param('i', $_GET['banddos']);
  140. $stmt->execute();
  141. }
  142. elseif(isset($_GET['unbanddos']))
  143. {
  144. // Unban DDOS Access
  145. $stmt = $mysqli->stmt_init();
  146. $stmt = $mysqli->prepare("UPDATE users SET ddos_ban = '0' WHERE `id` = ?");
  147. $stmt->bind_param('i', $_GET['unbanddos']);
  148. $stmt->execute();
  149. }
  150.  
  151. ?>
  152. <div class="wrapper">
  153. <div class="container">
  154. <h1>Welcome back Administrator, <?php echo htmlentities($_SESSION["username"]); ?></h1>
  155.  
  156. <table class="table">
  157. <thead>
  158. <tr>
  159. <th>Username</th>
  160. <th>Expiry</th>
  161. <th>Rights</th>
  162. <th>Status</th>
  163. <th>Bypass Blacklist</th>
  164. <th>Bypass Timerlimt</th>
  165. <th>DDOS ban</th>
  166. <th>Actions</th>
  167. </tr>
  168. </thead>
  169. <tbody>
  170. <?php
  171. $result = $mysqli->query('SELECT * FROM users');
  172. while ($row = $result->fetch_assoc()) {
  173. ?>
  174. <tr>
  175. <td><?php echo htmlentities($row['username']); ?></td>
  176. <td><?php echo ($row['expirey'] < time()) ? 'Expired' : gmdate("d-m-Y H:i:s", $row['expirey']);?></td>
  177. <td><?php echo ($row['admin'] == 0) ? '<a href="admin.php?mkadmin='.$row['id'].'">User</a>' : '<a href="admin.php?mkuser='.$row['id'].'">Admin</a>';?></td>
  178. <td><?php echo ($row['status'] == 1) ? '<a href="admin.php?unban='.$row['id'].'"><i style="color:red" class="fa fa-power-off" aria-hidden="true"></i></a>' : '<a href="admin.php?ban='.$row['id'].'"><i style="color:#88ff88" class="fa fa-power-off" aria-hidden="true"></i></a>';?></td>
  179. <td><?php echo ($row['bypass_blacklist'] == 1) ? '<a href="admin.php?unsetbypassblacklist='.$row['id'].'"><i style="color:green" class="fa fa-check" aria-hidden="true"></i>' : '<a href="admin.php?setbypassblacklist='.$row['id'].'"><i style="color:red" class="fa fa-times" aria-hidden="true"></i></a>';?></td>
  180. <td><?php echo ($row['bypass_timer'] == 1) ? '<a href="admin.php?unsetbypasstimer='.$row['id'].'"><i style="color:green" class="fa fa-clock-o" aria-hidden="true"></i></a></a>' : '<a href="admin.php?setbypasstimer='.$row['id'].'"><i style="color:red" class="fa fa-clock-o" aria-hidden="true"></i></a></a>';?></td>
  181. <td><?php echo ($row['ddos_ban'] == 1) ? '<a href="admin.php?unbanddos='.$row['id'].'"><i style="color:green" class="fa fa-check" aria-hidden="true"></i>' : '<a href="admin.php?banddos='.$row['id'].'"><i style="color:red" class="fa fa-times" aria-hidden="true"></i></a>';?></td>
  182. <td><a href="admin.php?rmuser=<?php echo $row['id']; ?>">Delete</a><select>
  183. </tr>
  184. <?php
  185. }
  186. ?>
  187. </tbody>
  188. </table>
  189. <h1>Add a User</h1>
  190. <form class="form-inline" method="post" name="create">
  191. <input name="username" type="text" placeholder="Username" class="form form-control"/>
  192. <input name="password" type="password" class="form form-control"/>
  193. <button type="submit" class="form form-control">Submit</button>
  194. </form>
  195. <h3>Logs</h3>
  196.  
  197. <table class="table">
  198. <thead>
  199. <tr>
  200. <th>Username</th>
  201. <th>IP</th>
  202. <th>INPUT</th>
  203. <th>OUTPUT</th>
  204. <th>Action</th>
  205. </tr>
  206. </thead>
  207. <tbody>
  208. <?php
  209. $gi = geoip_open("/var/www/iJosh/public/GeoIP.dat", GEOIP_STANDARD);
  210. $result = $mysqli->query('SELECT * FROM `logs` ORDER BY `id` DESC;');
  211. while ($row = $result->fetch_assoc()) {
  212. $code = geoip_country_code_by_addr($gi, $row['customerip']);
  213. ?>
  214. <tr>
  215. <td><?php echo htmlentities($row['Customer']); ?></td>
  216. <td><?php echo htmlentities($row['customerip']) . '<span class="label label-default"><span class="flag-icon flag-icon-'.strtolower($code).'"></span> '.$code.'</span>'; ?></td>
  217. <td><?php echo htmlentities($row['inputed']); ?></td>
  218. <td><?php echo htmlentities($row['Resolved']); ?></td>
  219. <td><?php echo htmlentities($row['action']); ?></td>
  220. </tr>
  221. <?php
  222. }
  223. geoip_close($gi);
  224. ?>
  225. </tbody>
  226.  
  227. <table class="table">
  228. <thead>
  229. <tr>
  230. <th>Username</th>
  231. <th>Attacks</th>
  232. <th>IP PORT</th>
  233. <th>Time</th>
  234. </tr>
  235. </thead>
  236. <tbody>
  237. <?php
  238. $result = $mysqli->query('SELECT * FROM users');
  239. while ($row = $result->fetch_assoc()) {
  240. ?>
  241. <tr>
  242. <td><?php echo htmlentities($row['username']); ?></td>
  243. <td><?php echo ($row['expirey'] < time()) ? 'Expired' : gmdate("d-m-Y H:i:s", $row['expirey']);?></td>
  244. <td><?php echo ($row['admin'] == 0) ? '<a href="admin.php?mkadmin='.$row['id'].'">User</a>' : '<a href="admin.php?mkuser='.$row['id'].'">Admin</a>';?></td>
  245. <td><?php echo ($row['status'] == 1) ? '<a href="admin.php?unban='.$row['id'].'"><i style="color:red" class="fa fa-power-off" aria-hidden="true"></i></a>' : '<a href="admin.php?ban='.$row['id'].'"><i style="color:#88ff88" class="fa fa-power-off" aria-hidden="true"></i></a>';?></td>
  246. <td><?php echo ($row['bypass_blacklist'] == 1) ? '<a href="admin.php?unsetbypassblacklist='.$row['id'].'"><i style="color:green" class="fa fa-check" aria-hidden="true"></i>' : '<a href="admin.php?setbypassblacklist='.$row['id'].'"><i style="color:red" class="fa fa-times" aria-hidden="true"></i></a>';?></td>
  247. <td><?php echo ($row['bypass_timer'] == 1) ? '<a href="admin.php?unsetbypasstimer='.$row['id'].'"><i style="color:green" class="fa fa-clock-o" aria-hidden="true"></i></a></a>' : '<a href="admin.php?setbypasstimer='.$row['id'].'"><i style="color:red" class="fa fa-clock-o" aria-hidden="true"></i></a></a>';?></td>
  248. <td><?php echo ($row['ddos_ban'] == 1) ? '<a href="admin.php?unbanddos='.$row['id'].'"><i style="color:green" class="fa fa-check" aria-hidden="true"></i>' : '<a href="admin.php?banddos='.$row['id'].'"><i style="color:red" class="fa fa-times" aria-hidden="true"></i></a>';?></td>
  249. <td><a href="admin.php?rmuser=<?php echo $row['id']; ?>">Delete</a><select>
  250. </tr>
  251. <?php
  252. }
  253. ?>
  254. </tbody>
  255. </table>
  256.  
  257. </table>
  258. </div>
  259. </div>
  260. <?php
  261. }
  262. else
  263. {
  264. ?>
  265. <div class="wrapper">
  266. <div class="container">
  267. <h1>Welcome</h1>
  268.  
  269. <form class="form" method="post">
  270. <input type="text" placeholder="Username" name="username">
  271. <input type="password" placeholder="Password" name="password">
  272. <button type="submit" id="login-button">Login</button>
  273. {!! csrf_field() !!}
  274. <?php
  275. if(isset($message))
  276. {
  277. echo "<span color='red'>".htmlentities($message)."</span>";
  278. }
  279. ?>
  280. </form>
  281. </div>
  282.  
  283. <ul class="bg-bubbles">
  284. <li></li>
  285. <li></li>
  286. <li></li>
  287. <li></li>
  288. <li></li>
  289. <li></li>
  290. <li></li>
  291. <li></li>
  292. <li></li>
  293. <li></li>
  294. </ul>
  295. </div>
  296. <script src="//cdnjs.cloudflare.com/ajax/libs/jquery/2.1.3/jquery.min.js"></script>
  297. <script>
  298. $(document).ready(function(){
  299. function updatethisshitmaxddostime(this, id)
  300. {
  301. $.get("admin.php?updatemaxddostime=
  302. }
  303.  
  304.  
  305. $("#login-button").click(function(event){
  306. // event.preventDefault();
  307. $('form').fadeOut(500);
  308. $('.wrapper').addClass('form-success');
  309. });
  310. });
  311. </script>
  312. <?php
  313. }
  314.  
  315. ?>
  316. </body>
  317. </html>
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!