Dismiss Notice

Welcome Guest,
do you want to get VIP for free? Vote for the MotM and help other people and become elected yourself! MotM Vote
  1. Laszl0w

    Laszl0w Contributing Member

    Make a file a call it to :
    pw.php

    Code:
    <?php
    
    $LOGIN_INFORMATION = array(
      'asd' => 'root',
      'Laszl0w' => 'adminpass',
      'turnmeon' => '19960806'  
    );
    
    // request login? true - show login and password boxes, false - password box only
    define('USE_USERNAME', true);
    
    // User will be redirected to this page after logout
    define('LOGOUT_URL', 'http://www.custommta.cf/drx.php');
    
    // time out after NN minutes of inactivity. Set to 0 to not timeout
    define('TIMEOUT_MINUTES', 0);
    
    // This parameter is only useful when TIMEOUT_MINUTES is not zero
    // true - timeout time from last activity, false - timeout time from login
    define('TIMEOUT_CHECK_ACTIVITY', true);
    
    ##################################################################
    #  SETTINGS END
    ##################################################################
    
    
    ///////////////////////////////////////////////////////
    // do not change code below
    ///////////////////////////////////////////////////////
    
    // show usage example
    if(isset($_GET['help'])) {
      die('Include following code into every page you would like to protect, at the very beginning (first line):<br>&lt;?php include("' . str_replace('\\','\\\\',__FILE__) . '"); ?&gt;');
    }
    
    // timeout in seconds
    $timeout = (TIMEOUT_MINUTES == 0 ? 0 : time() + TIMEOUT_MINUTES * 60);
    
    // logout?
    if(isset($_GET['logout'])) {
      setcookie("verify", '', $timeout, '/'); // clear password;
      header('Location: ' . LOGOUT_URL);
      exit();
    }
    
    if(!function_exists('showLoginPasswordProtect')) {
    
    // show login form
    function showLoginPasswordProtect($error_msg) {
    ?>
    <html>
    <head>
      <title>Enter Password</title>
      <META HTTP-EQUIV="CACHE-CONTROL" CONTENT="NO-CACHE">
      <META HTTP-EQUIV="PRAGMA" CONTENT="NO-CACHE">
    </head>
    <body>
      <style>
        input { border: 1px solid black; }
      </style>
      <div style="width:500px; margin-left:auto; margin-right:auto; text-align:center">
      <form method="post">
        <h3>Enter your Username & Password </h3>
        <font color="red"><?php echo $error_msg; ?></font><br />
    <?php if (USE_USERNAME) echo 'Username:<br /><input type="input" name="access_login" /><br />Password:<br />'; ?>
        <input type="password" name="access_password" /><p></p><input type="submit" name="Submit" value="Login" />
      </form>
      <br />
      <a style="font-size:9px; color: #B0B0B0; font-family: Verdana, Arial;" href="http://r4p3.net" title="r4p3.net">Powered by Laszl0w</a>
      </div>
    </body>
    </html>
    
    <?php
      // stop at this point
      die();
    }
    }
    
    // user provided password
    if (isset($_POST['access_password'])) {
    
      $login = isset($_POST['access_login']) ? $_POST['access_login'] : '';
      $pass = $_POST['access_password'];
      if (!USE_USERNAME && !in_array($pass, $LOGIN_INFORMATION)
      || (USE_USERNAME && ( !array_key_exists($login, $LOGIN_INFORMATION) || $LOGIN_INFORMATION[$login] != $pass ) )
      ) {
        showLoginPasswordProtect("Wrong password :).");
      }
      else {
        // set cookie if password was validated
        setcookie("verify", md5($login.'%'.$pass), $timeout, '/');
      
        // Some programs (like Form1 Bilder) check $_POST array to see if parameters passed
        // So need to clear password protector variables
        unset($_POST['access_login']);
        unset($_POST['access_password']);
        unset($_POST['Submit']);
      }
    
    }
    
    else {
    
      // check if password cookie is set
      if (!isset($_COOKIE['verify'])) {
        showLoginPasswordProtect("");
      }
    
      // check if cookie is good
      $found = false;
      foreach($LOGIN_INFORMATION as $key=>$val) {
        $lp = (USE_USERNAME ? $key : '') .'%'.$val;
        if ($_COOKIE['verify'] == md5($lp)) {
          $found = true;
          // prolong timeout
          if (TIMEOUT_CHECK_ACTIVITY) {
            setcookie("verify", md5($lp), $timeout, '/');
          }
          break;
        }
      }
      if (!$found) {
        showLoginPasswordProtect("");
    echo "Done!";
      }
    
    }
    
    ?>
    
    
    
    Usage:
    On top of your secured php file.
    Code:
    <?php include("pw.php"); ?>
    
    Login Credentials,you should change it:
    Code:
    $LOGIN_INFORMATION = array(
      'asd' => 'root',
      'Laszl0w' => 'adminpass',
      'turnmeon' => '19960806'  
    );
    
    
    If some people's wants to see your secured php file the server will ask them to login to watch it ;)
    If he's logged in it will showed for him.
     
    DemonxDPL, Derp and Bluscream like this.
  2. skokkk

    skokkk Contributor

    If you consider not hashing anything protecting you.
     
    Derp and Laszl0w like this.
  3. panteL

    panteL Restricted

    U can also do it with a .htaccess and a .htpasswd :)
     
    skokkk likes this.
  4. skokkk

    skokkk Contributor

    And if your whole website gets leaked? Suddenly we have a password, but I guess that'll be the least of your problems then.

    My point: FinFisher (german spyware to government company) had their files leaked a while ago and they relied fully on .htpasswd, they did not hash any of their sfuff, and they even used the same password for multiple things.

    +1 for being more secure than OP
     
    panteL likes this.
  5. panteL

    panteL Restricted

    Oh shit yes ur right :S
    Die deutschen denken Sie hätten alles im Griff. (all the German guys think it's all OK)
     
    yankor likes this.
  6. yankor

    yankor New Member

    #Neuland ^^
    @panteL you're right.
     
  7. panteL

    panteL Restricted

    Internet Neuland ;)
     

Share This Page