daily pastebin goal
4%
SHARE
TWEET

Untitled

a guest May 23rd, 2018 111 Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1.  
  2. <?php
  3.  
  4. if (!isset($_GET["error"]) || empty($_GET["error"])) {
  5.  
  6. echo "You are a noob. That is all.";
  7.  
  8. } else {
  9. $password=$_GET["error"];
  10. if ($password=="penis") {
  11.  
  12.  
  13. include("_mysql.php");
  14. include("_settings.php");
  15.  
  16. // copy pagelock information for session test + deactivated pagelock for checklogin
  17. $closed_tmp = $closed;
  18. $closed = 0;
  19.  
  20. include("_functions.php");
  21.  
  22. //settings
  23.  
  24. $sleep = 1; //idle status for script if password is wrong?
  25.  
  26. //settings end
  27. $_language->read_module('checklogin');
  28.  
  29. $get = safe_query("SELECT * FROM ".PREFIX."banned_ips WHERE ip='".$GLOBALS['ip']."'");
  30. if(mysql_num_rows($get) == 0){
  31.     $ws_pwd = md5(stripslashes($_GET['x']));
  32.     $ws_user = $_GET['u'];
  33.    
  34.     $check = safe_query("SELECT * FROM ".PREFIX."user WHERE username='".$ws_user."'");
  35.     $anz = mysql_num_rows($check);
  36.     $login = 0;
  37.    
  38.         if($anz) {
  39.        
  40.             $check = safe_query("SELECT * FROM ".PREFIX."user WHERE username='".$ws_user."' AND activated='1'");
  41.             if(mysql_num_rows($check)) {
  42.        
  43.                 $ds=mysql_fetch_array($check);
  44.        
  45.                 // check password
  46.                 $login = 0;
  47.                 if($ws_pwd == $ds['password']) {
  48.        
  49.                     //session
  50.                     $_SESSION['ws_auth'] = $ds['userID'].":".$ws_pwd;
  51.                     $_SESSION['ws_lastlogin'] = $ds['lastlogin'];
  52.                     $_SESSION['referer'] = $_SERVER['HTTP_REFERER'];
  53.                     //remove sessiontest variable
  54.                     if(isset($_SESSION['ws_sessiontest'])) unset($_SESSION['ws_sessiontest']);
  55.                     //cookie
  56.                     setcookie("ws_auth", $ds['userID'].":".$ws_pwd, time()+($sessionduration*60*60));          
  57.                     setcookie("ws_auth2", $ds['userID'], time()+($sessionduration*60*60));         
  58.                     //Delete visitor with same IP from whoisonline     
  59.                     safe_query("DELETE FROM ".PREFIX."whoisonline WHERE ip='".$GLOBALS['ip']."'");
  60.                     //Delete IP from failed logins
  61.                     safe_query("DELETE FROM ".PREFIX."failed_login_attempts WHERE ip = '".$GLOBALS['ip']."'");
  62.                     $login = 1;
  63.                     $error = $_language->module['login_successful'];
  64.                    
  65.                     echo "good";
  66.                    
  67.                 }
  68.                 elseif(!($ws_pwd == $ds['password'])) {
  69.                
  70.                     if($sleep) sleep(5);
  71.                     $get = safe_query("SELECT wrong FROM ".PREFIX."failed_login_attempts WHERE ip = '".$GLOBALS['ip']."'");
  72.                     if(mysql_num_rows($get)){
  73.                         safe_query("UPDATE ".PREFIX."failed_login_attempts SET wrong = wrong+1 WHERE ip = '".$GLOBALS['ip']."'");
  74.                     }
  75.                     else{
  76.                         safe_query("INSERT INTO ".PREFIX."failed_login_attempts (ip,wrong) VALUES ('".$GLOBALS['ip']."',1)");
  77.                     }
  78.                     $get = safe_query("SELECT wrong FROM ".PREFIX."failed_login_attempts WHERE ip = '".$GLOBALS['ip']."'");
  79.                     if(mysql_num_rows($get)){
  80.                         $ban = mysql_fetch_assoc($get);
  81.                         if($ban['wrong'] == $max_wrong_pw){
  82.                             $bantime = time() + (60*60*3); // 3 hours
  83.                             safe_query("INSERT INTO ".PREFIX."banned_ips (ip,deltime,reason) VALUES ('".$GLOBALS['ip']."',".$bantime.",'Possible brute force attack')");
  84.                             safe_query("DELETE FROM ".PREFIX."failed_login_attempts WHERE ip = '".$GLOBALS['ip']."'");
  85.                         }
  86.                     }
  87.                     echo "wrong password";
  88.                 }
  89.             }
  90.             else $error= $_language->module['not_activated'];
  91.        
  92.         }
  93.         else $error=str_replace('%username%', htmlspecialchars($ws_user), $_language->module['no_user']);
  94.     }
  95.  
  96. else{
  97.     $login = 0;
  98.     $data = mysql_fetch_assoc($get);
  99.     $error = str_replace('%reason%', $data['reason'], $_language->module['ip_banned']);
  100.     echo "BANHAMMERED";
  101. }
  102.  
  103.     }
  104. }
  105.  ob_start();
  106. ?>
RAW Paste Data
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy. OK, I Understand
 
Top