WordPress, Shopify ir PHPFusion programuotojų bendruomenė

Parašė ramon· 2008 Bir. 28 01:06:14

Taigi, sukuriau siokia tokia adminkes apsauga, na cia tiesiog sukciu demaskavimas kurie nori patekt i jusu adminke be jusu zinios,na ka gi pradedame...

Atidarome administration/index.php ir randame tokias eilutes:

require_once ADMIN."navigation.php";



if (!iADMIN || $userdata['user_rights'] == "" || !defined("iAUTH") || $aid != iAUTH) fallback("../index.php");

Ir pakeiciam i si koda:

require_once ADMIN."navigation.php";



//********************************************

$ip = getenv("REMOTE_ADDR");

$leistini = "0.00.000.00|1.11.111.11|2.22.222.22"; 

$leistini_ip = explode("|", $leistini);

$nikas = $userdata['user_name'];

$laikas = showdate("longdate", time());



$irasas=$laikas."|".$ip."|".$nikas;



if (!in_array($ip, $leistini_ip)) {

    $file=BASEDIR."abc.txt";



    $duomenys=fopen($file, "a");



        fwrite($duomenys, "$irasas\n");

    fclose($duomenys);

redirect(BASEDIR."index.php");

}



//********************************************



if (!iADMIN || $userdata['user_rights'] == "" || !defined("iAUTH") || $aid != iAUTH) fallback("../index.php");

Uzdarome ir issagojame.
Po to atidarome administration/navigation.php ir iskarto ieskom sias eilutes:

   if ($page4) echo "<img src='".THEME."images/bullet.gif' alt=''> <a href='".ADMIN."index.php".$aidlink."&amp;pagenum=4' class='side'>".$locale['ac04']."</a><br>\n";

   echo "<hr class='side-hr'>

<img src='".THEME."images/bullet.gif' alt=''> <a href='".BASEDIR."index.php' class='side'>".$locale['151']."</a>";

}

Ir pakeiciam i si koda :

   if ($page4) echo "<img src='".THEME."images/bullet.gif' alt=''> <a href='".ADMIN."index.php".$aidlink."&amp;pagenum=4' class='side'>".$locale['ac04']."</a><br>\n";

if (SUPERADMIN) echo "<hr class='side-hr'><img src='".THEME."images/bullet.gif' alt=''> <a href='".ADMIN."abc.php".$aidlink."' class='side'>Adminkes Sarasa</a>\n";

   echo "<hr class='side-hr'>

<img src='".THEME."images/bullet.gif' alt=''> <a href='".BASEDIR."index.php' class='side'>".$locale['151']."</a>";

}

Uzdarome ir issagojame.
Poto susikurkite abc.php ir jame irasote sias eilutes:

<?php

require_once "../maincore.php";

require_once BASEDIR."subheader.php";

require_once ADMIN."navigation.php";



if (SUPERADMIN) {

opentable("");



if (isset($_POST['valyti'])) {

   $failas=BASEDIR."abc.txt";    

   $veiksmas=fopen($failas, "w"); 

   redirect(FUSION_SELF.$aidlink);

}



echo "<div class='tbl2'><b>Veiksmai:</b> <form name='inputform' method='post' action='".FUSION_SELF.$aidlink."'><input type='submit' name='valyti' value='Valyti sarasa' class='button'></form></div><br><br>";



$failas=file(BASEDIR."abc.txt");

$a=sizeof($failas);







while(0 < $a){

        $a=$a-1;

        $b=explode("|", $failas[$a]);

        echo("<hr>

            <li><b>Laikas: </b>$b[0]</li>

            <li><b>IP: </b>$b[1]</li>

            <li><b>Nikas: </b>$b[2]</li>");

} 



closetable();

} else { fallback(ADMIN."index.php".$aidlink); }





echo "</td>\n";

require_once BASEDIR."footer.php";

?>

Uzdarome/issagojame ir tada ji ikeliame i administration/ aplanka.
Po to susikurkite abc.txt ir ji ikelkite i ftp ir iskarto ji suCHMODinkite 777...

ARBA: Atsisiuskite zemiau esanti prisegta *.rar faila ir jame esanti abc.txt faila ikelkite i ftp bei suCHMODinkite 777, dar yra ten abc.php ji ikelkite i administration/ aplanka. Cia labiau yra tynginiams

PASTABA: nepamirskite redaguoti sia eilute:

//Cia rasote vartotoju ip kuriems norite leisti uzeiti i jusu adminke :)

//Kiekviena ip reikia atsikirti | zenklu

$leistini = "0.00.000.00|1.11.111.11|2.22.222.22";