PHPhulp.nl PHPhulp.nl
35k+ leden Over PHPhulp Offerte opdracht Contact
-

Bruteforce protected?

Door - Rob - op 23-12-2016 21:58
3.635 views
Hallo!

ZOuden jullie willen kijken of dit bruteforce protetecd is? Hieronder staat de code
index.php

<script src="https://ajax.googleapis.com/ajax/libs/jquery/3.1.1/jquery.min.js"></script>
<?php
session_start();
 
// INCLUDE THE NEEDED CODE
$settings = parse_ini_file('../datafile.ini');
include_once 'paneel/assets/include/config.php';
include_once 'paneel/assets/include/functions.php';

$result = $conn->query("SELECT * FROM `bans` WHERE `value`='$currentIp'");
if(FALSE === $result) {
} else {
	$row = $result->fetch_assoc();
	if($row['end_date'] <= strtotime('now')) {
		$sql = "DELETE FROM `bans` WHERE `value`='$currentIp'";
		if($conn->query($sql) === TRUE) {
		}
	} else {
		header('Location: /verbannen');
	}
}

$error = "";
if(isset($_GET['error'])) {
	$error = "Er is een fout opgetreden.";
	echo "	<script>
	$('document').ready(function(){
		submit()
	});
	function submit() {
		document.getElementById('username').disabled = true;
		document.getElementById('password').disabled = true;
		document.getElementById('submit').disabled = true;
	}
	</script>";
	header("refresh:2; url=/");
}
if(isset($_GET['foutelogin'])) {
	$error = "Foutieve inloggegevens ingevoerd.";
	echo "	<script>
	$('document').ready(function(){
		submit()
	});
	function submit() {
		document.getElementById('username').disabled = true;
		document.getElementById('password').disabled = true;
		document.getElementById('submit').disabled = true;
	}
	</script>";
	header("refresh:2; url=/");
}

if(isset($_GET['contactbeheer'])) {
	$error = "Neem contact op met het beheer met de volgende code: <b>RKzJ77P3</b>.";
	
	echo "	<script>
	$('document').ready(function(){
		submit()
	});
	function submit() {
		document.getElementById('username').disabled = true;
		document.getElementById('password').disabled = true;
		document.getElementById('submit').disabled = true;
	}
	</script>";
}
if(isset($_GET['inlogerror'])) {
	$error = "U heeft momenteel te veel inlogpogingen gedaan.";
	
	echo "	<script>
	$('document').ready(function(){
		submit()
	});
	function submit() {
		document.getElementById('username').disabled = true;
		document.getElementById('password').disabled = true;
		document.getElementById('submit').disabled = true;
	}
	</script>";
}
?>
<html>
	<head>
		<title>Welkom - <?=$settings['companyname']?></title>
		<script src="https://ajax.googleapis.com/ajax/libs/jquery/3.1.1/jquery.min.js"></script>
	</head>
	<body>
		<?php
		if(isset($_GET['registreren'])) {
			
		}
		elseif(isset($_GET['wachtwoord_vergeten'])) {
			
		}
		else {
			echo $error;
			echo '
			<form id="form" action="paneel/assets/include/login_script.php" method="POST">
				<input id="username" type="text" name="username" placeholder="Gebruikersnaam" required>
				<input id="password" onclick="myFunction()" type="password" name="password" placeholder="Wachtwoord" required>
				<input id="submit" type="submit" name="login" value="Inloggen">
			</form>';
		}
		?>
	</body>
</html>


login_script.php

<?php
session_start();

$settings = parse_ini_file('../../../../datafile.ini');
$date = strtotime('now');
$end_date = strtotime('+300 seconds');
include_once 'config.php';

if(isset($_POST['login'])) {
	$result = $conn->query("SELECT COUNT(*) FROM `wrong_login` WHERE ip='$currentIp'");
	$row = $result->fetch_row();
	if($row[0] <= 2) {
		$username = mysqli_real_escape_string($conn, $_POST['username']);
		$password = $_POST['password'];
		
		$result = $conn->query("SELECT * FROM `leden` WHERE `username`='$username'");
		if(FALSE === $result) {
			header('Location: /?error');
			exit();
		}
		$row = $result->fetch_assoc();
		if($username == $row['username']) {
			if($currentIp == $row['ip']) {
					if(password_verify($password, $row['password'])) {
						
					} else {
						$result = $conn->query("SELECT * FROM `leden` WHERE `ip`='$currentIp'");
						if(FALSE === $result) {
							header('Location: /?error');
							exit();
						}
						$row = $result->fetch_assoc();
						$loguser = $row['username'];
						if(empty($loguser)) {
							$loguser = "Onbekend";
						}
						$result = $conn->query("INSERT INTO `logs` (`username`, `log_number`, `log_message`, `ip`, `date`) VALUES('$loguser', '2', 'Er is geprobeerd in te loggen op het account <b>$username</b> met verkeerde gegevens, met het ip <b>$currentIp</b>.', '$currentIp', '$date')");
						if(FALSE === $result) {
							header('Location: /?error');
							exit();
						}
						$result = $conn->query("INSERT INTO `wrong_login` (`ip`, `date`) VALUES('$currentIp', '$date')");
						if(FALSE === $result) {
							header('Location: /?error');
							exit();
						}
						header('Location: /?foutelogin');
						exit();
					}
			} else{
				$result = $conn->query("SELECT * FROM `leden` WHERE `ip`='$currentIp'");
				if(FALSE === $result) {
					header('Location: /?error');
					exit();
				}
				$row = $result->fetch_assoc();
				$loguser = $row['username'];
				if(empty($loguser)) {
					$loguser = "Onbekend";
				}
				$result = $conn->query("INSERT INTO `logs` (`username`, `log_number`, `log_message`, `ip`, `date`) VALUES('$loguser', '3', 'De gebruiker <b>$loguser</b> heeft met het ip <b$currentIp</b> heeft geprobeerd inteloggen op het account <b>$username</b>.', '$currentIp', '$date')");
				if(FALSE === $result) {
					header('Location: /?error');
					exit();
				}
				header('Location: /?contactbeheer');
				exit();
			}
		} else {
				$result = $conn->query("SELECT * FROM `leden` WHERE `ip`='$currentIp'");
					if(FALSE === $result) {
						header('Location: /?error');
						exit();
					}
					$row = $result->fetch_assoc();
					$loguser = $row['username'];
					if(empty($loguser)) {
						$loguser = "Onbekend";
					}
					$result = $conn->query("INSERT INTO `logs` (`username`, `log_number`, `log_message`, `ip`, `date`) VALUES('$loguser', '1', 'Er is geprobeerd in te loggen op het account <b>$username</b> met verkeerde gegevens, met het ip <b>$currentIp</b>.', '$currentIp', '$date')");
					if(FALSE === $result) {
						header('Location: /?error');
						exit();
					}
					$result = $conn->query("INSERT INTO `wrong_login` (`ip`, `date`) VALUES('$currentIp', '$date')");
					if(FALSE === $result) {
						header('Location: /?error');
						exit();
					}
			header('Location: /?foutelogin');
			exit();
		}
	} else {
		$result = $conn->query("SELECT * FROM `leden` WHERE `ip`='$currentIp'");
		if(FALSE === $result) {
			header('Location: /?error');
				exit();
			}
			$row = $result->fetch_assoc();
			$loguser = $row['username'];
			if(empty($loguser)) {
				$loguser = "Onbekend";
			}
			$result = $conn->query("INSERT INTO `bans` (`type`, `value`, `temporary`, `reason`,`start_date`, `end_date`, `gived_by`) VALUES('ip', '$currentIp', '1', 'Te veel login pogingen.', '$date', '$end_date', 'Het beheer')");
			if(FALSE === $result) {
				header('Location: /?error');
				exit();
			}
			header('Location: /?inlogerror');
			exit();
		}
}
else {
	?>
		<html class="error-page" xmlns="http://www.w3.org/1999/xhtml">
			<head>
				<meta http-equiv="X-UA-Compatible" content="IE=edge,chrome=1">
				<meta name="viewport" content="width=device-width, initial-scale=1">
				<meta http-equiv="content-type" content="text/html; charset=utf-8">
				<title>Pagina niet gevonden - Error 404</title>
				<link href="https://www.joomshaper.com/images/favicon.ico" rel="shortcut icon" type="image/vnd.microsoft.icon">
				<link href="https://www.joomshaper.com/templates/v3/css/bootstrap.min.css" rel="stylesheet" type="text/css">
				<link rel="stylesheet" href="https://cdnjs.cloudflare.com/ajax/libs/font-awesome/4.7.0/css/font-awesome.min.css">
				<link href="https://www.joomshaper.com/templates/v3/css/template.css" rel="stylesheet" type="text/css">
				<meta name="viewport" content="width=device-width, initial-scale=1.0">
			</head>
			<body>
				<div class="error-page-inner">
				<div>
				<div class="container">
				<p><i class="fa fa-exclamation-triangle"></i></p>
				<h1 class="error-code">404</h1>
				<p class="error-message">Pagina niet gevonden!</p>
				<a class="btn btn-primary btn-lg" href="/" "><i class="fa fa-chevron-left"></i> Ga terug naar de index!</a>
				</div>
				</div>
				</div>
			</body>
		</html>
<?php
}
?>


functions.php

<?php
function currentIp(){
	if (!empty($_SERVER['HTTP_CLIENT_IP'])) {
		$currentIp = $_SERVER['HTTP_CLIENT_IP'];
	} elseif (!empty($_SERVER['HTTP_X_FORWARDED_FOR'])) {
		$currentIp = $_SERVER['HTTP_X_FORWARDED_FOR'];
	} else {
		$currentIp = $_SERVER['REMOTE_ADDR'];
	}
}
?>


config.php

<?php
$conn = @new mysqli($settings['db_host'], $settings['db_user'], $settings['db_pass'], $settings['db_name']);

if (!empty($_SERVER['HTTP_CLIENT_IP'])) {
	$currentIp = $_SERVER['HTTP_CLIENT_IP'];
} elseif (!empty($_SERVER['HTTP_X_FORWARDED_FOR'])) {
	$currentIp = $_SERVER['HTTP_X_FORWARDED_FOR'];
} else {
	$currentIp = $_SERVER['REMOTE_ADDR'];
}

if($settings['adminIp'] == $currentIp) {
	if (mysqli_connect_errno()) {
		if($settings['adminIp'] == $currentIp) {
			echo "Failed to connect to MySQL: " . mysqli_connect_error();
		}
	}
}
?>


banned.php

<?php
session_start();
 
// INCLUDE THE NEEDED CODE
$settings = parse_ini_file("../datafile.ini");
include_once "paneel/assets/include/config.php";
include_once "paneel/assets/include/functions.php";
$result = $conn->query("SELECT * FROM `bans` WHERE `value`='$currentIp'");
if(FALSE === $result) {
		?>
			<html class="error-page" xmlns="http://www.w3.org/1999/xhtml">
			<head>
				<meta http-equiv="X-UA-Compatible" content="IE=edge,chrome=1">
				<meta name="viewport" content="width=device-width, initial-scale=1">
				<meta http-equiv="content-type" content="text/html; charset=utf-8">
				<title>Pagina niet gevonden - Error 404</title>
				<link href="https://www.joomshaper.com/images/favicon.ico" rel="shortcut icon" type="image/vnd.microsoft.icon">
				<link href="https://www.joomshaper.com/templates/v3/css/bootstrap.min.css" rel="stylesheet" type="text/css">
				<link rel="stylesheet" href="https://cdnjs.cloudflare.com/ajax/libs/font-awesome/4.7.0/css/font-awesome.min.css">
				<link href="https://www.joomshaper.com/templates/v3/css/template.css" rel="stylesheet" type="text/css">
				<meta name="viewport" content="width=device-width, initial-scale=1.0">
			</head>
			<body>
				<div class="error-page-inner">
				<div>
				<div class="container">
				<p><i class="fa fa-exclamation-triangle"></i></p>
				<h1 class="error-code">404</h1>
				<p class="error-message">Pagina niet gevonden!</p>
				<a class="btn btn-primary btn-lg" href="/" "><i class="fa fa-chevron-left"></i> Ga terug naar de index!</a>
				</div>
				</div>
				</div>
			</body>
		</html>
	<?php
} else {
	$row = $result->fetch_assoc();
	if($row["end_date"] <= strtotime("now")) {
		$sql = "DELETE FROM `bans` WHERE `value`='$currentIp'";
		if($conn->query($sql) === TRUE) {
		}
		$sql = "UPDATE `wrong_login` SET `deleted`='1' WHERE `ip`='$currentIp'";
		if($conn->query($sql) === TRUE) {
			header('Location: /');
		}
	} else {
		?><html><head>
		<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
		<meta name="viewport" content="width=1,initial-scale=1,user-scalable=1">
		<title>
			U bent verbannen!		</title>
		<link rel="shortcut icon" type="image/gif" href="https://nilesjohnson.files.wordpress.com/2011/10/favicon.png">
		<link rel="stylesheet" type="text/css" href="paneel/assets/css/index.css">
		<link href="http://fonts.googleapis.com/css?family=Lato:100italic,100,300italic,300,400italic,400,700italic,700,900italic,900" rel="stylesheet" type="text/css">
		<link rel="stylesheet" type="text/css" href="paneel/assets/bootstrap/css/bootstrap.min.css">
	</head>
	<body>
		<section class="container">
			<section class="login-form">
			
			<section>
				<p style="margin-bottom: -7px; margin-top: -15px; color: black; font-size: 18pt; font-weight: bold;">U bent verbannen!</p>
			</section>
			<div class="panel panel-default">
				<div class="panel-body">
					<center>U bent verbannen van het paneel, hieronder staat verdere informatie.</center><br>
					<ul style="margin-left: -5px; margin-top: 5px;">
						<li><b>Start datum verbanning</b><br>
						<?php 
						$result = $conn->query("SELECT * FROM `bans` WHERE `value`='$currentIp'");
						if(FALSE === $result) {
							exit();
						} else{
							$row = $result->fetch_assoc();
							echo "<i>".gmdate("Y-m-d H:i:s", $row["start_date"])."</i><br>";
						}
						?></li>
						<li><b>Eind datum verbanning</b><br>
						<?php
							echo "<i>".gmdate("Y-m-d H:i:s", $row["end_date"])."</i><br>";
						?>
						</li>
						<li><b>Reden van verbanning</b><br>
						<?php
						echo $row["reason"];
						?>
						<li><b>Verbanning gegeven door</b><br>
						<?php
						echo $row["gived_by"];
						?>
					</ul>
				</div>
				<div class="panel-footer">
					<a href="?unbankopen">Klik hier om uw unban te kopen.</a>
				</div>
			</div>
			
			</section>
		</section>
		<script src="http://ajax.googleapis.com/ajax/libs/jquery/2.1.1/jquery.min.js"></script>
		<script src="paneel/style/bootstrap/js/bootstrap.min.js"></script>
	</body></html><?php
	}
}
?>

thnx

[size=xsmall]Toevoeging op 23/12/2016 22:00:27:[/size]

Momenteel heb ik geen werkende link*
Ariën
24-12-2016 09:24 gewijzigd op 24-12-2016 09:25
Wat heb je aangepast?
Wat werkt er niet?
Wat gebeurt er?

Heb je ook al mijn opmerkingen gezien?
-
- Rob -
24-12-2016 09:38 gewijzigd op 24-12-2016 19:35
Ja, die heb ik gezien. en ik heb het probleem al gevonden, een foute bij index.php met delete.. :P



[size=xsmall]Toevoeging op 24/12/2016 09:51:38:[/size]

Hoe kan ik een timer maken, dat die als op de tijd zit van bv. 1482569435 (2016-12-24 08:50:35) als het precies die tijd is dat de pagina reload, ik neem aan dat dit met JS moet gebeuren, maar ik heb geen idee waar ik moet beginnen of het opzoeken. Dit is btw voor het verbannen zodat ik er een timer bij de ban pagina kan doen hoelang je nog een ban hebt.
Ariën
24-12-2016 09:54
Dat heet een countdown.
-
- Rob -
24-12-2016 10:02 gewijzigd op 24-12-2016 19:34
Dat weet ik :P maar als ik het opzoek, krijg ik wel antwoorden maar het werkt niet; dit is de code die ik heb


												<span id="countdown-1"><?php echo $row['end_date']; ?></span>
						<script>
secs = parseInt(document.getElementById('countdown-1').innerHTML,10);
setTimeout("countdown('countdown-1',"+secs+")");

function countdown(id, timer){
    function pad(num) {
        return num > 9 ? num : '0'+num;
    };
    timer--;
    days = Math.floor( timer / 86400 ),
    hours = Math.floor( timer / 3600 ),
    mins = Math.floor( timer / 60 ),
    secs = Math.floor( timer ),

    dd = days,
    hh = hours - days * 24,
    mm = mins - hours * 60,
    ss = secs - mins * 60;

    clock = dd + ' days ' + pad(hh) + ':' + pad(mm) + ':' + pad(ss) ;

    document.getElementById(id).innerHTML = clock;
    if ( timer > 0 ) {
        setTimeout("countdown('" + id + "'," + timer + ")", 1000);
    } else {
        window.location.reload(true);
    }
}
						</script>
Ariën
24-12-2016 10:08 gewijzigd op 24-12-2016 10:09
We willen je graag helpen, maar vertel dan graag in plasts van 'het werkt niet' wat er precies gebeurd. Noem relevante foutmeldingen, vreemd gedrag van de site.

En in gevallen van niet-werkende JavaScripts zegt de JavaScript console/debugger van je browser vaak nuttige informatie. Ook loont het vaak om naar je HTML-code in je browser te kijken.
-
- Rob -
24-12-2016 10:11 gewijzigd op 24-12-2016 19:34
console geeft geen error, het probleem is dat hij (denk ik) niet de goede tijd pakt want hij zegt telkens '17159 dagen 09:11:48' welke unix time ik ook pak...

[size=xsmall]Toevoeging op 24/12/2016 10:42:15:[/size]

Ik heb het opgelost met de volgende code


						<li><b>Hoelang duurt je ban nog</b><br>
						<script>
    CountDownTimer('<?php echo gmdate("F-j-Y g:i a", $row["end_date"]);?>', 'countdown');

    function CountDownTimer(dt, id)
    {
        var end = new Date(dt);

        var _second = 1000;
        var _minute = _second * 60;
        var _hour = _minute * 60;
        var _day = _hour * 24;
        var timer;

        function showRemaining() {
            var now = new Date();
            var distance = end - now;
            if (distance < 0) {

                clearInterval(timer);
                document.getElementById(id).innerHTML = 'Uw ban is verlopen!';

                return;
            }
            var days = Math.floor(distance / _day);
            var hours = Math.floor((distance % _day) / _hour);
            var minutes = Math.floor((distance % _hour) / _minute);
            var seconds = Math.floor((distance % _minute) / _second);

            document.getElementById(id).innerHTML = days + ' dagen ';
            document.getElementById(id).innerHTML += hours + ' uur ';
            document.getElementById(id).innerHTML += minutes + ' minuten ';
            document.getElementById(id).innerHTML += seconds + ' seconden';
        }

        timer = setInterval(showRemaining, 1000);
    }

</script>
<div id="countdown"></div>
Ariën
24-12-2016 19:37

Reageren

Inloggen om te reageren