Ravens PHP Scripts: Forums
 

 

View next topic
View previous topic
Post new topic   Reply to topic    Ravens PHP Scripts And Web Hosting Forum Index -> Security - PHP Nuke
Author Message
Achaean
Regular
Regular


Joined: Mar 22, 2004
Posts: 64
Location: Missouri, USA

PostPosted: Sun Apr 04, 2004 8:33 pm Reply with quote

hey, I recently started screwing around and such with java script and I wanted to make a login for my site to a secure place, that I want only certain people to know of, all i need is just one username, and one pw, dont need muliple ones and such, so far ive found some code but not sure where to go from here, I want it to redirect to my ranks page as a test, heres my javascript code, you can see this at Only registered users can see links on this board! Get registered or login!

Code:
<?php 


if (!eregi("modules.php", $PHP_SELF)) {

die ("You can't access this file directly...");
}
include("header.php");
?>



<!-- TWO STEPS TO INSTALL HTACCESS LOGIN:

  1.  Copy the coding into the HEAD of your HTML document
  2.  Add the last code into the BODY of your HTML document  -->

<!-- STEP ONE: Paste this code into the HEAD of your HTML document  -->

<HEAD>

<SCRIPT LANGUAGE="JavaScript">

<!-- Based on FTP log in by:  Reinout Verkerk -->
<!-- Original:  Gordon Hudson (sales@hostroute.com) -->
<!-- Web Site:  http://www.hostroute.com/ -->
<!-- This script and many more are available free online at -->
<!-- The JavaScript Source!! http://javascript.internet.com -->

<!-- Begin
function Login(form) {
var username = form.username.value;
var password = form.password.value;
var server = form.server.value;
if (username && password && server) {
var htsite = "http://" + username + ":" + password + "@" + server;
window.location = htsite;
}
else {
alert("Please enter your username and password.");
   }
}
//  End -->
</script>

</HEAD>

<!-- STEP TWO: Copy this code into the BODY of your HTML document  -->

<BODY>

<!-- The hidden form field "server" needs to be the
     address of your password protected directory. -->
<br><br><br><br>
<form name=login>
<input type="hidden" name="ranks.php" value="http://www.1staxis.com/modules.php?name=Ranks">
Username:
<input type=text name=username size=20>
<br><br>
Password:
<input type=password name=password size=20>
<br><br>
<input type=button value="Login!" onClick="Login(this.form)" name="button">
</form>


<!-- Script Size:  1.58 KB -->


<?php
include("footer.php");
?>


my site is Only registered users can see links on this board! Get registered or login! any help would be most appriciated!
 
View user's profile Send private message Send e-mail Visit poster's website AIM Address Yahoo Messenger MSN Messenger ICQ Number
Raven
Site Admin/Owner


Joined: Aug 27, 2002
Posts: 17077

PostPosted: Sun Apr 04, 2004 9:26 pm Reply with quote

Why not just make a secret user/pass and only let those people know about that you want to have it? JavaScript (client side) loginins are MUCH less secure than nuke (server side).
 
View user's profile Send private message
Achaean
PostPosted: Sun Apr 04, 2004 9:29 pm Reply with quote

alright well heres want i want, dont care how to do it, didnt know how to do the phpnuke, no one i knew knew how to do it, so all i want is maybe 1 user name, or two, that is general, for everyone to use to access my page, can you give me code to do that or help me on it?
 
Raven
PostPosted: Sun Apr 04, 2004 9:31 pm Reply with quote

There is no code. Just register a username/password with nuke as you normally would and then only give that id/pass out to those that you want to have it.
 
Rikk03
Worker
Worker


Joined: Feb 16, 2004
Posts: 164

PostPosted: Mon Apr 05, 2004 12:28 am Reply with quote

Why not use user groups? Then change the access levels
 
View user's profile Send private message
sixonetonoffun
Spouse Contemplates Divorce


Joined: Jan 02, 2003
Posts: 2496

PostPosted: Mon Apr 05, 2004 3:32 pm Reply with quote

In response to this topic: My Privy Only registered users can see links on this board! Get registered or login!
Description: Requires a htaccess password protected directory somewhere. Need not be on the local server. This is not very secure! You have been warned.

Not the most useful module but...

Here goes.
Edit the modules\My_Privy\language\lang-english.php
and any other lang files you add.

All configuration is done in the language file.

My Privy:
Supports Only registered users can see links on this board! Get registered or login! and Only registered users can see links on this board! Get registered or login! urls that can be
formatted like this: Only registered users can see links on this board! Get registered or login! Only registered users can see links on this board! Get registered or login!

Note* I didn't add a graphic check so its best
to only allow resistered users to access this mod.

I have only tested on PHPNuke 6.0 but since there
are no db calls or member functions it should be fine for newer versions.
If not let me know and I'll fix it. But I've no desire
to install a newer version of PHPNuke to test on if its
not needed.

If there is any demand this could be done in conjuntion with a port of Only registered users can see links on this board! Get registered or login!

But since I have no use for it I won't bother with it unless someone can demonstrate a real need for it that would be useful to others.

sixonetonoffun Only registered users can see links on this board! Get registered or login!
 
View user's profile Send private message
Achaean
PostPosted: Mon Apr 05, 2004 6:47 pm Reply with quote

ok but there is only one problem, I dont want registered members to see the page, just certain people i know, thats why I want to create a login, with just one username and password, this is to be on a seperate page and not included in my forums or anything, is there no simple way to do this?
 
Raven
PostPosted: Mon Apr 05, 2004 6:55 pm Reply with quote

A couple of alternate approaches.

1. - Create an 'easter' egg. Then, only tell those special people where to find it Wink. When they do, they click on it and expose the special page.

2. - Modify blocks/block-module.php to check the username/id and if it's your special one, then display the link in the Site Navigation block.
 
Achaean
PostPosted: Mon Apr 05, 2004 7:00 pm Reply with quote

yea but I wanted to do a login page, something a bit better looking, is there no code for a simple login code, to go to a hidden page? I dont need the hidden page secure itself, just ill hide it and link the login to it
 
sixonetonoffun
PostPosted: Mon Apr 05, 2004 7:15 pm Reply with quote

If that is all you wanted what was the point with the login script at all? Make an index.html drop into an htpasswd protected directory and your done.

The form just sends the info in the url instead of having the generic popup prompt.

I figured if you had a fancy indexed directory this would work nicely. I miss understood your intent. I thought you had some pix or files (Huge directory of files) and didn't want to hassle with entering them into a database.

So I guess if you only give us half the problem you only get half the answer or in this case several answers.

Simple login scripts... see google there are many in fact I even posted one not long ago. This won't run on versions of MySQL older then 4.1 but if you'd like your welcome to look at it. This is just a demo no extras just a "Simple" login script with a simple demo index.php: Only registered users can see links on this board! Get registered or login!
 
Achaean
PostPosted: Mon Apr 05, 2004 9:13 pm Reply with quote

ok i did your myprivvy module, and I was having a small problem with it i edited the file in the language folder, and got that set, but its saying file not found and such, how do i configure the htaccess page? just what do i need to do other than change the language files to get it working?
 
sixonetonoffun
PostPosted: Mon Apr 05, 2004 9:59 pm Reply with quote

Login to your Control Panel if you have one and use the admin tool for setting up a password protected directory.

That works best if you can do it that way.

If your having trouble with the module try using just the directory path Only registered users can see links on this board! Get registered or login!
not Only registered users can see links on this board! Get registered or login!

If you don't have a .htaccess/.htpasswd area setup to test on you'll have to create one. If you need help with that just google it there are loads of system specific tutorials out there.

Here is a pretty good one: Only registered users can see links on this board! Get registered or login!
 
Raven
PostPosted: Mon Apr 05, 2004 10:20 pm Reply with quote

I really think you're making this WAY more complicated than it needs to be. Why not make your 'special' page a module that is active but hidden? Then, just tell your private group the hidden module's name? You could even add code to the module to only allow those certain users access in the event it gets compromized.
 
Achaean
PostPosted: Tue Apr 06, 2004 6:46 am Reply with quote

well i was thinking about that, but i didnt want to post the link to the hidden module, instead i wanted everyone to know that we do have a tactics page, but only clan members can access it so, thats why i want to do a login page, but it seems to be obviously a little more complicated for just 1 user and a password
 
Raven
PostPosted: Tue Apr 06, 2004 6:51 am Reply with quote

It really is not hard to do. It's just understanding exactly what you are trying to do that is causing all the chatter. I still contend just create a clone of the nuke login block and modify it to call up the tactics page instead of the news module.
 
Achaean
PostPosted: Tue Apr 06, 2004 4:57 pm Reply with quote

are you talking about the login to the forums?
 
Raven
PostPosted: Tue Apr 06, 2004 5:01 pm Reply with quote

No. The login block that comes with nuke, or any login block that anyone has. Just clone it, rename it, and modify it to point to your 'secret' page instead of News or whatever.
 
Achaean
PostPosted: Tue Apr 06, 2004 8:11 pm Reply with quote

ok heres what i decided to do, I found a javascript code in a tutorial with this code, ive inserted it and also edited the robots to do its task also, but for some reason once again i get an error, this is just in one page, the index, and I was wondering if any of you knew a small coding error i made or something to make it,

Code:
<?php 


if (!eregi("modules.php", $PHP_SELF)) {

die ("You can't access this file directly...");
}
include("header.php");
?>
<html>
<head>
<title>1stAD Tactics Center</title>

<META HTTP-EQUIV="Robots" NAME="Robots"
CONTENT="noindex, nofollow">

<!-Function which provides the page if the visitor gets the password right->

<Script Language="JavaScript">

<!-Hide from non-JavaScript Browsers
function correct() {

document.write("<html><head><title>Password Correct!</title></head><body bgcolor='#ffffff'><center><font color='#000000' face='arial' size='4'>
Welcome to the 1stAd Tactical Center."+"<p><a href='http://www.1staxis.com/modules.php?name=Donations'><font color='#0000ff' face='arial' size='2'>
Click here to enter the private area.</a>"+"</p></center></body></html>");

document.close();

}

<!-Error function if visitor gets the password wrong->

function error() {

document.write("<html><head><title>Password Incorrect!</title>
</head><body bgcolor='black'>"+"<font color='#ffffff' size='5' face='arial'>"+"
<center><h1>Oops!</h1><br><b>
Invalid Password - <b>"+password+"</font><br><br>
<font color='#ffffff' size='3' face='arial'>Click Try Again to have another go or Close to give up.</font><br><br>
<input type='button' value='Try Again' onClick='self.location.reload()'>
<BR><BR>"+"<input type='button' value='Close' onclick='window.close()'></body></html>");

document.close();

}

// Stop hiding->

</script>

</head>

<body bgcolor="#ffffff">

<!- Password function ->

<script>

<!-Hide from non-JavaScript Browsers

var password = prompt("Please enter your password:","");

// FIRST PASSWORD
switch(password){
case"google" : window.location="javascript:correct()"
break ;

//SECOND PASSWORD
case"greatland" : window.location="javascript:correct()"
break ;

//ERROR MESSAGE IF PASSWORD IS INCORRECT
default : window.location="javascript:error()"
break ;

}

//Stop hiding->

</script>
</body>
</html>



<?php
include("footer.php");
?>


This is everything in my module, i have also added this in my robots file,
Code:
Disallow /cgi-bin/

Disallow /passpage.htm


can anyone help?
 
Achaean
PostPosted: Wed Apr 07, 2004 5:36 pm Reply with quote

does anyone know why this wont work on phpnuke is it a simple error or something?
 
sixonetonoffun
PostPosted: Wed Apr 07, 2004 6:27 pm Reply with quote

This line
<!-Hide from non-JavaScript Browsers
is wrong just delete it or add a space after the dash

There is another error which I didn't hunt down.
 
sixonetonoffun
PostPosted: Wed Apr 07, 2004 6:47 pm Reply with quote

Ok here's the deal. All your code was word wrapped thats whats wrong I think. If you look at this line:
Code:


document.write("<html><head><title>Password Incorrect!</title> </head><body bgcolor='black'>"+"<font color='#ffffff' size='5' face='arial'>"+" <center><h1>Oops!</h1><br><b> Invalid Password - <b>"+password+"</font><br><br> <font color='#ffffff' size='3' face='arial'>Click Try Again to have another go or Close to give up.</font><br><br> <input type='button' value='Try Again' onClick='self.location.reload()'> <BR><BR>"+"<input type='button' value='Close' onclick='window.close()'></body></html>");

Should all be one line does that make sense?

I fixed all those and stripped the comments out and it works "ok" without errors.
 
Raven
PostPosted: Wed Apr 07, 2004 8:38 pm Reply with quote

From the office of the painfully obvious

Please tell me you are not serious about using this script? In the event you are, I would also suggest that you have an opening banner that says something like

Greetings to all would be crackers out there. I cordially invite you to not only break in to my secret page but also to hack me in any other way you can. Also, please pass this along to every cracker and script kiddie that's out there. Thanks so much!

p.s. I don't believe anything I've ever read about javascript's insecurity.
 
Achaean
PostPosted: Wed Apr 07, 2004 9:44 pm Reply with quote

hehe alright i found another script from the web, and just for you Raven hehe, Ive heavily encrypted the data, so its pretty much a tough one to break, anyway hehe thanks for your guys help. BTW, hehe its not javascript. hard for anyone to break it hehe Arrow HitsFan
 
Display posts from previous:       
Post new topic   Reply to topic    Ravens PHP Scripts And Web Hosting Forum Index -> Security - PHP Nuke

View next topic
View previous topic
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You can attach files in this forum
You can download files in this forum


Powered by phpBB © 2001-2007 phpBB Group
All times are GMT - 6 Hours
 
Forums ©