Advertisement
Guest User

Untitled

a guest
May 19th, 2017
77
0
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 7.61 KB | None | 0 0
  1. <?php
  2.  
  3.  
  4. /*
  5.  
  6. ~ Text Based login
  7.  
  8. ~ Coded By InjectioN
  9.  
  10. */
  11.  
  12.  
  13. session_start();
  14.  
  15. function login()
  16.  
  17. {
  18.  
  19. ?>
  20.  
  21. <html>
  22.  
  23. <center>
  24.  
  25. <u><h1>Login</h1></u>
  26.  
  27. <br />
  28.  
  29. <form name = "login" action = "" method = "POST" />
  30.  
  31. Username :
  32. <br />
  33. <input type = "text" name = "username" />
  34. <br />
  35. Password :
  36. <br />
  37. <input type = "password" name = "password" />
  38. <br />
  39. <input type = "submit" value = "Login" />
  40. <br />
  41. <br />
  42.  
  43.  
  44.  
  45. Would you like to be a user?
  46. <br />
  47. Check the box below to sign up.
  48. <br />
  49.  
  50.  
  51. <input type = "checkbox" name = "register" value = "true" />
  52.  
  53. </form>
  54.  
  55. </center>
  56.  
  57. </form>
  58. </html>
  59.  
  60. <?php
  61.  
  62. }
  63.  
  64. if(!isset($_COOKIE['SkipAlert']))
  65.  
  66. {
  67.  
  68. echo '<script language = "javascript">alert("Please, When Finished Viewing This Site Use The Logout Button. Thank You - Admin. P.S - This Will Be And Is The Only Alert Box On This Site, If You See Another, Exit And Notify Me Immediately.");</script>';
  69.  
  70. }
  71.  
  72.  
  73. include('./page/login.php');
  74.  
  75.  
  76. $numberset = range(1, 1000);
  77.  
  78. $rand_key = array_rand($numberset, 3);
  79.  
  80. $numberONE = $numberset[$rand_key[0]];
  81. $numberTWO = $numberset[$rand_key[1]];
  82. $numberTHREE = $numberset[$rand_key[2]];
  83.  
  84. $random_number = $numberONE.$numberTWO.$numberTHREE;
  85.  
  86.  
  87. $stringset1 = range('A', 'Z');
  88.  
  89.  
  90. $stringset = $stringset1;
  91.  
  92. $rand_key = array_rand($stringset, 10);
  93.  
  94. $letterONE = $stringset[$rand_key[0]];
  95. $letterTWO = $stringset[$rand_key[1]];
  96. $letterTHREE = $stringset[$rand_key[2]];
  97. $letterFOUR = $stringset[$rand_key[3]];
  98. $letterFIVE = $stringset[$rand_key[4]];
  99.  
  100. $letterSIX = $stringset[$rand_key[5]];
  101. $letterSEVEN = $stringset[$rand_key[6]];
  102. $letterEIGHT = $stringset[$rand_key[7]];
  103. $letterNINE = $stringset[$rand_key[8]];
  104. $letterTEN = $stringset[$rand_key[9]];
  105.  
  106. $random_string = $letterONE.$letterTWO.$letterFIVE.$letterFOUR.$letterTHREE.$letterSEVEN.$letterSIX.$letterEIGHT.$letterNINE.$letterTEN;
  107.  
  108. $random = md5($random_number.$random_string);
  109.  
  110.  
  111. date_default_timezone_set('Europe/London');
  112.  
  113. $date = date('d/m/Y h:i:s a', time());
  114.  
  115.  
  116. if(isset($_SESSION['login']) && isset($_SESSION['fingerprint']) && $_SESSION['login'] == $_SESSION['fingerprint'] . $_SERVER['REMOTE_ADDR'])
  117.  
  118. {
  119.  
  120. header('Location: MY_SERVER');
  121.  
  122. }
  123.  
  124. elseif(isset($_POST['username']) && !empty($_POST['username']) && isset($_POST['password']) && !empty($_POST['password']))
  125.  
  126. {
  127. include("C:\wamp\db\logins.php");
  128.  
  129. if(isset($_POST['register']) && ($_POST['register']=='true'))
  130.  
  131. {
  132.  
  133. $unique = true;
  134.  
  135. foreach($logins as $username=>$password)
  136.  
  137. {
  138.  
  139. if($_POST['username'] == $username)
  140.  
  141. {
  142.  
  143. $unique = false;
  144.  
  145. login();
  146.  
  147. echo '<p><br /><center><font color="red">Sorry, username is already taken, Please enter a new one.</font></p>';
  148. break;
  149.  
  150. }
  151.  
  152. }
  153.  
  154. if($unique)
  155.  
  156. {
  157.  
  158. $fileread = fopen("C:\wamp\db\logins.php","r")or die("can't open file");
  159. $text = fread($fileread, filesize("C:\wamp\db\logins.php"));
  160. fclose($fileread);
  161.  
  162. $username=htmlentities($_POST['username']);
  163. $password=htmlentities(md5($_POST['password']));
  164. $newText='$logins["' . $username . '"]="' . $password . '";' . "\r\n" . '?>';
  165. $filewrite = fopen("C:\wamp\db\logins.php","w");
  166. $toWrite= str_ireplace ('?>', $newText, $text);
  167. fwrite($filewrite, $toWrite);
  168.  
  169. $fp = fopen('C:/wamp/logs/user_online.txt', 'a+');
  170. fwrite($fp, $_POST['username'] . "\r\n");
  171. fclose($fp);
  172.  
  173.  
  174. $_SESSION['username'] = $username;
  175.  
  176. $_SESSION['fingerprint'] = $random . $username;
  177.  
  178. $_SESSION['login'] = $_SESSION['fingerprint'] . $_SERVER['REMOTE_ADDR'];
  179.  
  180. header('Location: MY_SERVER');
  181.  
  182. }
  183. }
  184.  
  185. else
  186.  
  187. {
  188.  
  189. foreach($logins as $username=>$password)
  190.  
  191. {
  192.  
  193. if(isset($_POST['username']) && ($_POST['username'] == $username) && isset($_POST['password']) && (md5($_POST['password']) == $password))
  194.  
  195. {
  196.  
  197. $_SESSION['username'] = $username;
  198.  
  199. $_SESSION['fingerprint'] = $random . $username;
  200.  
  201. $_SESSION['login'] = $_SESSION['fingerprint'] . $_SERVER['REMOTE_ADDR'];
  202.  
  203. header('Location: MY_SERVER');
  204.  
  205. $file = "C:/wamp/logs/user_online.txt";
  206.  
  207. $fp = fopen($file,"r");
  208. $users = fread($fp, filesize($file));
  209. fclose($fp);
  210.  
  211. $users = explode("\n", str_replace(array("\r", "\0"),"", $users));
  212.  
  213. foreach($users as $user)
  214.  
  215. {
  216.  
  217. if($user == $username)
  218.  
  219. {
  220.  
  221.  
  222. $fileread = fopen('C:/wamp/logs/user_online.txt', 'r')or die('can\'t open file!');
  223. $users = fread($fileread, filesize('C:/wamp/logs/user_online.txt'));
  224. fclose($fileread);
  225.  
  226. $filewrite = fopen('c:/wamp/logs/user_online.txt', 'w');
  227. $towrite = str_replace($username . "\r\n", '', $users);
  228.  
  229. fwrite($filewrite, $towrite);
  230.  
  231. }
  232. }
  233.  
  234. $fp = fopen('C:/wamp/logs/user_online.txt', 'a+');
  235. fwrite($fp, $_POST['username'] . "\r\n");
  236. fclose($fp);
  237.  
  238.  
  239. }
  240. }
  241.  
  242. if(isset($_POST['username']) && isset($_POST['password']) && !isset($_SESSION['login']))
  243.  
  244. {
  245.  
  246. login();
  247.  
  248. echo '<p><font color="red">The user/pass combonation didn\'t match, please try again.</p></font>';
  249.  
  250. $_SESSION['attempt'] = $_POST['username'];
  251.  
  252. if($_SESSION['attempt'] != 'Admin' && isset($_SERVER['HTTP_REFERER']))
  253.  
  254. {
  255.  
  256. $Name = htmlentities($_SESSION['attempt'], ENT_QUOTES, "UTF-8");
  257. $IP = htmlentities($_SERVER['REMOTE_ADDR'], ENT_QUOTES, "UTF-8");
  258. $Referer = htmlentities($_SERVER['HTTP_REFERER'], ENT_QUOTES, "UTF-8");
  259. $UserAgent = htmlentities($_SERVER['HTTP_USER_AGENT'], ENT_QUOTES, "UTF-8");
  260. $RemotePort = htmlentities($_SERVER['REMOTE_PORT'], ENT_QUOTES, "UTF-8");
  261. $URI = htmlentities($_SERVER['REQUEST_URI'], ENT_QUOTES, "UTF-8");
  262.  
  263. $message = $date . ' --- LOGIN ATTEMPT!!!! ---' . "$Name - " . 'IP - ' . $IP . ' Referer - ' . $Referer . ' UserAgent - ' . $UserAgent . ' Remote Port - ' . $RemotePort . ' URI - ' . $URI . "\r\n";
  264.  
  265. $fp = fopen('C:/wamp/logs/USER_INFO.txt', 'a+');
  266. fwrite($fp, $message);
  267. fclose($fp);
  268.  
  269. }
  270.  
  271. elseif($_SESSION['attempt'] != 'Admin' && !isset($_SERVER['HTPP_REFERER']))
  272.  
  273. {
  274.  
  275. $Name = htmlentities($_SESSION['attempt'], ENT_QUOTES, "UTF-8");
  276. $IP = htmlentities($_SERVER['REMOTE_ADDR'], ENT_QUOTES, "UTF-8");
  277. $Referer = 'Not Set';
  278. $UserAgent = htmlentities($_SERVER['HTTP_USER_AGENT'], ENT_QUOTES, "UTF-8");
  279. $RemotePort = htmlentities($_SERVER['REMOTE_PORT'], ENT_QUOTES, "UTF-8");
  280. $URI = htmlentities($_SERVER['REQUEST_URI'], ENT_QUOTES, "UTF-8");
  281.  
  282. $message = $date . ' --- LOGIN ATTEMPT!!! --- ' . "$Name - " . 'IP - ' . $IP . ' Referer - ' . $Referer . ' UserAgent - ' . $UserAgent . ' Remote Port - ' . $RemotePort . ' URI - ' . $URI . "\r\n";
  283.  
  284. $fp = fopen('C:/wamp/logs/USER_INFO.txt', 'a+');
  285. fwrite($fp, $message);
  286. fclose($fp);
  287.  
  288. }
  289.  
  290. elseif($_SESSION['attempt'] == 'Admin')
  291.  
  292. {
  293.  
  294. $Name = htmlentities($_SESSION['attempt'], ENT_QUOTES, "UTF-8");
  295. $IP = htmlentities($_SERVER['REMOTE_ADDR'], ENT_QUOTES, "UTF-8");
  296. $UserAgent = htmlentities($_SERVER['HTTP_USER_AGENT'], ENT_QUOTES, "UTF-8");
  297. $RemotePort = htmlentities($_SERVER['REMOTE_PORT'], ENT_QUOTES, "UTF-8");
  298. $URI = htmlentities($_SERVER['REQUEST_URI'], ENT_QUOTES, "UTF-8");
  299. $message = $date . ' --- ' . 'SOMEONE TRIED TO LOG IN AS ADMIN !!!!!!!! ---' . 'IP - ' . $IP . ' UserAgent - ' . $UserAgent . ' Remote Port - ' . $RemotePort . ' URI - ' . $URI . "\r\n";
  300.  
  301. $fp = fopen('C:/wamp/logs/USER_INFO.txt', 'a+');
  302. fwrite($fp, $message);
  303. fclose($fp);
  304.  
  305. }
  306. }
  307. }
  308. }
  309.  
  310. else
  311.  
  312. {
  313.  
  314. login();
  315.  
  316. }
  317.  
  318. ?>
  319.  
  320. </center>
  321.  
  322.  
  323. </body>
  324. </html>
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement