ZOuden jullie willen kijken of dit bruteforce protetecd is? Hieronder staat de code
index.php
<script src="https://ajax.googleapis.com/ajax/libs/jquery/3.1.1/jquery.min.js"></script>
<?php
session_start();
// INCLUDE THE NEEDED CODE
$settings = parse_ini_file('../datafile.ini');
include_once 'paneel/assets/include/config.php';
include_once 'paneel/assets/include/functions.php';
$result = $conn->query("SELECT * FROM `bans` WHERE `value`='$currentIp'");
if(FALSE === $result) {
} else {
$row = $result->fetch_assoc();
if($row['end_date'] <= strtotime('now')) {
$sql = "DELETE FROM `bans` WHERE `value`='$currentIp'";
if($conn->query($sql) === TRUE) {
}
} else {
header('Location: /verbannen');
}
}
$error = "";
if(isset($_GET['error'])) {
$error = "Er is een fout opgetreden.";
echo " <script>
$('document').ready(function(){
submit()
});
function submit() {
document.getElementById('username').disabled = true;
document.getElementById('password').disabled = true;
document.getElementById('submit').disabled = true;
}
</script>";
header("refresh:2; url=/");
}
if(isset($_GET['foutelogin'])) {
$error = "Foutieve inloggegevens ingevoerd.";
echo " <script>
$('document').ready(function(){
submit()
});
function submit() {
document.getElementById('username').disabled = true;
document.getElementById('password').disabled = true;
document.getElementById('submit').disabled = true;
}
</script>";
header("refresh:2; url=/");
}
if(isset($_GET['contactbeheer'])) {
$error = "Neem contact op met het beheer met de volgende code: <b>RKzJ77P3</b>.";
echo " <script>
$('document').ready(function(){
submit()
});
function submit() {
document.getElementById('username').disabled = true;
document.getElementById('password').disabled = true;
document.getElementById('submit').disabled = true;
}
</script>";
}
if(isset($_GET['inlogerror'])) {
$error = "U heeft momenteel te veel inlogpogingen gedaan.";
echo " <script>
$('document').ready(function(){
submit()
});
function submit() {
document.getElementById('username').disabled = true;
document.getElementById('password').disabled = true;
document.getElementById('submit').disabled = true;
}
</script>";
}
?>
<html>
<head>
<title>Welkom - <?=$settings['companyname']?></title>
<script src="https://ajax.googleapis.com/ajax/libs/jquery/3.1.1/jquery.min.js"></script>
</head>
<body>
<?php
if(isset($_GET['registreren'])) {
}
elseif(isset($_GET['wachtwoord_vergeten'])) {
}
else {
echo $error;
echo '
<form id="form" action="paneel/assets/include/login_script.php" method="POST">
<input id="username" type="text" name="username" placeholder="Gebruikersnaam" required>
<input id="password" onclick="myFunction()" type="password" name="password" placeholder="Wachtwoord" required>
<input id="submit" type="submit" name="login" value="Inloggen">
</form>';
}
?>
</body>
</html>
login_script.php
<?php
session_start();
$settings = parse_ini_file('../../../../datafile.ini');
$date = strtotime('now');
$end_date = strtotime('+300 seconds');
include_once 'config.php';
if(isset($_POST['login'])) {
$result = $conn->query("SELECT COUNT(*) FROM `wrong_login` WHERE ip='$currentIp'");
$row = $result->fetch_row();
if($row[0] <= 2) {
$username = mysqli_real_escape_string($conn, $_POST['username']);
$password = $_POST['password'];
$result = $conn->query("SELECT * FROM `leden` WHERE `username`='$username'");
if(FALSE === $result) {
header('Location: /?error');
exit();
}
$row = $result->fetch_assoc();
if($username == $row['username']) {
if($currentIp == $row['ip']) {
if(password_verify($password, $row['password'])) {
} else {
$result = $conn->query("SELECT * FROM `leden` WHERE `ip`='$currentIp'");
if(FALSE === $result) {
header('Location: /?error');
exit();
}
$row = $result->fetch_assoc();
$loguser = $row['username'];
if(empty($loguser)) {
$loguser = "Onbekend";
}
$result = $conn->query("INSERT INTO `logs` (`username`, `log_number`, `log_message`, `ip`, `date`) VALUES('$loguser', '2', 'Er is geprobeerd in te loggen op het account <b>$username</b> met verkeerde gegevens, met het ip <b>$currentIp</b>.', '$currentIp', '$date')");
if(FALSE === $result) {
header('Location: /?error');
exit();
}
$result = $conn->query("INSERT INTO `wrong_login` (`ip`, `date`) VALUES('$currentIp', '$date')");
if(FALSE === $result) {
header('Location: /?error');
exit();
}
header('Location: /?foutelogin');
exit();
}
} else{
$result = $conn->query("SELECT * FROM `leden` WHERE `ip`='$currentIp'");
if(FALSE === $result) {
header('Location: /?error');
exit();
}
$row = $result->fetch_assoc();
$loguser = $row['username'];
if(empty($loguser)) {
$loguser = "Onbekend";
}
$result = $conn->query("INSERT INTO `logs` (`username`, `log_number`, `log_message`, `ip`, `date`) VALUES('$loguser', '3', 'De gebruiker <b>$loguser</b> heeft met het ip <b$currentIp</b> heeft geprobeerd inteloggen op het account <b>$username</b>.', '$currentIp', '$date')");
if(FALSE === $result) {
header('Location: /?error');
exit();
}
header('Location: /?contactbeheer');
exit();
}
} else {
$result = $conn->query("SELECT * FROM `leden` WHERE `ip`='$currentIp'");
if(FALSE === $result) {
header('Location: /?error');
exit();
}
$row = $result->fetch_assoc();
$loguser = $row['username'];
if(empty($loguser)) {
$loguser = "Onbekend";
}
$result = $conn->query("INSERT INTO `logs` (`username`, `log_number`, `log_message`, `ip`, `date`) VALUES('$loguser', '1', 'Er is geprobeerd in te loggen op het account <b>$username</b> met verkeerde gegevens, met het ip <b>$currentIp</b>.', '$currentIp', '$date')");
if(FALSE === $result) {
header('Location: /?error');
exit();
}
$result = $conn->query("INSERT INTO `wrong_login` (`ip`, `date`) VALUES('$currentIp', '$date')");
if(FALSE === $result) {
header('Location: /?error');
exit();
}
header('Location: /?foutelogin');
exit();
}
} else {
$result = $conn->query("SELECT * FROM `leden` WHERE `ip`='$currentIp'");
if(FALSE === $result) {
header('Location: /?error');
exit();
}
$row = $result->fetch_assoc();
$loguser = $row['username'];
if(empty($loguser)) {
$loguser = "Onbekend";
}
$result = $conn->query("INSERT INTO `bans` (`type`, `value`, `temporary`, `reason`,`start_date`, `end_date`, `gived_by`) VALUES('ip', '$currentIp', '1', 'Te veel login pogingen.', '$date', '$end_date', 'Het beheer')");
if(FALSE === $result) {
header('Location: /?error');
exit();
}
header('Location: /?inlogerror');
exit();
}
}
else {
?>
<html class="error-page" xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="X-UA-Compatible" content="IE=edge,chrome=1">
<meta name="viewport" content="width=device-width, initial-scale=1">
<meta http-equiv="content-type" content="text/html; charset=utf-8">
<title>Pagina niet gevonden - Error 404</title>
<link href="https://www.joomshaper.com/images/favicon.ico" rel="shortcut icon" type="image/vnd.microsoft.icon">
<link href="https://www.joomshaper.com/templates/v3/css/bootstrap.min.css" rel="stylesheet" type="text/css">
<link rel="stylesheet" href="https://cdnjs.cloudflare.com/ajax/libs/font-awesome/4.7.0/css/font-awesome.min.css">
<link href="https://www.joomshaper.com/templates/v3/css/template.css" rel="stylesheet" type="text/css">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
</head>
<body>
<div class="error-page-inner">
<div>
<div class="container">
<p><i class="fa fa-exclamation-triangle"></i></p>
<h1 class="error-code">404</h1>
<p class="error-message">Pagina niet gevonden!</p>
<a class="btn btn-primary btn-lg" href="/" "><i class="fa fa-chevron-left"></i> Ga terug naar de index!</a>
</div>
</div>
</div>
</body>
</html>
<?php
}
?>
functions.php
<?php
function currentIp(){
if (!empty($_SERVER['HTTP_CLIENT_IP'])) {
$currentIp = $_SERVER['HTTP_CLIENT_IP'];
} elseif (!empty($_SERVER['HTTP_X_FORWARDED_FOR'])) {
$currentIp = $_SERVER['HTTP_X_FORWARDED_FOR'];
} else {
$currentIp = $_SERVER['REMOTE_ADDR'];
}
}
?>
config.php
<?php
$conn = @new mysqli($settings['db_host'], $settings['db_user'], $settings['db_pass'], $settings['db_name']);
if (!empty($_SERVER['HTTP_CLIENT_IP'])) {
$currentIp = $_SERVER['HTTP_CLIENT_IP'];
} elseif (!empty($_SERVER['HTTP_X_FORWARDED_FOR'])) {
$currentIp = $_SERVER['HTTP_X_FORWARDED_FOR'];
} else {
$currentIp = $_SERVER['REMOTE_ADDR'];
}
if($settings['adminIp'] == $currentIp) {
if (mysqli_connect_errno()) {
if($settings['adminIp'] == $currentIp) {
echo "Failed to connect to MySQL: " . mysqli_connect_error();
}
}
}
?>
banned.php
<?php
session_start();
// INCLUDE THE NEEDED CODE
$settings = parse_ini_file("../datafile.ini");
include_once "paneel/assets/include/config.php";
include_once "paneel/assets/include/functions.php";
$result = $conn->query("SELECT * FROM `bans` WHERE `value`='$currentIp'");
if(FALSE === $result) {
?>
<html class="error-page" xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="X-UA-Compatible" content="IE=edge,chrome=1">
<meta name="viewport" content="width=device-width, initial-scale=1">
<meta http-equiv="content-type" content="text/html; charset=utf-8">
<title>Pagina niet gevonden - Error 404</title>
<link href="https://www.joomshaper.com/images/favicon.ico" rel="shortcut icon" type="image/vnd.microsoft.icon">
<link href="https://www.joomshaper.com/templates/v3/css/bootstrap.min.css" rel="stylesheet" type="text/css">
<link rel="stylesheet" href="https://cdnjs.cloudflare.com/ajax/libs/font-awesome/4.7.0/css/font-awesome.min.css">
<link href="https://www.joomshaper.com/templates/v3/css/template.css" rel="stylesheet" type="text/css">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
</head>
<body>
<div class="error-page-inner">
<div>
<div class="container">
<p><i class="fa fa-exclamation-triangle"></i></p>
<h1 class="error-code">404</h1>
<p class="error-message">Pagina niet gevonden!</p>
<a class="btn btn-primary btn-lg" href="/" "><i class="fa fa-chevron-left"></i> Ga terug naar de index!</a>
</div>
</div>
</div>
</body>
</html>
<?php
} else {
$row = $result->fetch_assoc();
if($row["end_date"] <= strtotime("now")) {
$sql = "DELETE FROM `bans` WHERE `value`='$currentIp'";
if($conn->query($sql) === TRUE) {
}
$sql = "UPDATE `wrong_login` SET `deleted`='1' WHERE `ip`='$currentIp'";
if($conn->query($sql) === TRUE) {
header('Location: /');
}
} else {
?><html><head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<meta name="viewport" content="width=1,initial-scale=1,user-scalable=1">
<title>
U bent verbannen! </title>
<link rel="shortcut icon" type="image/gif" href="https://nilesjohnson.files.wordpress.com/2011/10/favicon.png">
<link rel="stylesheet" type="text/css" href="paneel/assets/css/index.css">
<link href="http://fonts.googleapis.com/css?family=Lato:100italic,100,300italic,300,400italic,400,700italic,700,900italic,900" rel="stylesheet" type="text/css">
<link rel="stylesheet" type="text/css" href="paneel/assets/bootstrap/css/bootstrap.min.css">
</head>
<body>
<section class="container">
<section class="login-form">
<section>
<p style="margin-bottom: -7px; margin-top: -15px; color: black; font-size: 18pt; font-weight: bold;">U bent verbannen!</p>
</section>
<div class="panel panel-default">
<div class="panel-body">
<center>U bent verbannen van het paneel, hieronder staat verdere informatie.</center><br>
<ul style="margin-left: -5px; margin-top: 5px;">
<li><b>Start datum verbanning</b><br>
<?php
$result = $conn->query("SELECT * FROM `bans` WHERE `value`='$currentIp'");
if(FALSE === $result) {
exit();
} else{
$row = $result->fetch_assoc();
echo "<i>".gmdate("Y-m-d H:i:s", $row["start_date"])."</i><br>";
}
?></li>
<li><b>Eind datum verbanning</b><br>
<?php
echo "<i>".gmdate("Y-m-d H:i:s", $row["end_date"])."</i><br>";
?>
</li>
<li><b>Reden van verbanning</b><br>
<?php
echo $row["reason"];
?>
<li><b>Verbanning gegeven door</b><br>
<?php
echo $row["gived_by"];
?>
</ul>
</div>
<div class="panel-footer">
<a href="?unbankopen">Klik hier om uw unban te kopen.</a>
</div>
</div>
</section>
</section>
<script src="http://ajax.googleapis.com/ajax/libs/jquery/2.1.1/jquery.min.js"></script>
<script src="paneel/style/bootstrap/js/bootstrap.min.js"></script>
</body></html><?php
}
}
?>
thnx
[size=xsmall]Toevoeging op 23/12/2016 22:00:27:[/size]
Momenteel heb ik geen werkende link*
