Scripts
online web browser
VOORBEELD WERKT ALLEEN TIJDENS SCHOOLTIJDEN. VOOR DE PRECIESE TIJDEN EN WAAROM, ZIE ONDERIN DIT DOCUMENT!!!!! Er is een nieuwe PYGO versie! te zien op http://www.pygo.be De oude is nog altijd te zien op http://www.pygo.be/classic De oude is ook de versie die hieronder in code staat. Ik ga de vernieuwde versie's code niet publiek maken Ik kon geen goede titel verzinnen, maar ik zal een korte toelichting geven: Dit script heb ik in 1 dag met een vriend geschreven, is gemaakt om een "beveiliging" om zeep te helpen, heel bruut gezegd. Ok, fijn.. Hoe werkt het, en wat doet het precies? Nou, niet zo moeilijk. Je gaat naar pygo (zo heet het dus) en dan krijg je een balk. een input veld dus, om iets in te typen :-) Je voert een site in, bijvoorbeeld funnygames. De site laad dan in het venster eronder. Ok, fijn.. Wat heb je eraan? Nog simpeler. Op mijn school, en ik denk nog wel op meer scholen is het gebruik van spelletjes websites en/of hotmail verboden. Met dit script kan je dan toch naar die sites gaan.. (moet je alleen zorgen dat er nietmand over je rug zit mee te kijken... ;-) ) Ok, fijn.. Wat betekent PYGO? PYGO... ***** ou ot wned Staat voor: "onze systeem beheerder", you got owned. Ik heb de naam gecensureerd, vond het een beetje lullig om dat hier op de site te plaatsen.. Ok, fijn.. Maar het voorbeeld werkt niet? Klopt! leuk he? :-) Het voorbeeld werkt alleen op school dagen, en tijdens school tijden. In het weekend is ie plat, en door de weeks werkt hij alleen tijdens 8:00 en 16:00 uur. Ik weet niet of egt heel veel toevoegd, maar als jullie het script maar niks vinden, dan verwijder het maar.. Het was meer bedoelt naar aanleiding van dit topic: http://www.phphulp.nl/forum/showtopic.php?cat=4&id=25487&lasttopic=1
online-web-browser
[b]index.php[/b]
[code]
<?php
require("time.php");
require("log.php");
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 3.2 Final//EN">
<html>
<head>
<title><?php echo str_repeat(md5(rand(1,1000)),rand(1,5)); ?></title>
<link rel="stylesheet" type="text/css" href="style.css" />
</head>
<body>
<form id="form" method="post" target="annie" action="kees.php">
Site: <input type="text" name="henk" size="130" id="site" />
<input type="submit" value="Ga naar" />
<select onChange="site.value = this.value; form.submit();">
<option value="">Snelkeuzes...</option>
<option value="www.funnygames.nl">Funnygames</option>
<option value="www.google.nl/firefox">Google</option>
<option value="www.runescape.com">Runescape</option>
</select>
</form>
<iframe width="100%" name="annie" height="90%" ></iframe>
</body>
</html>
[/code]
[b]kees.php[/b]
[code]
<?php
require("time.php");
require("log.php");
if(!empty($_POST['henk'])) {
$henk = $_POST['henk'];
if(substr($henk,0,8) == "https://") {
die("Je kan geen https verzoeken doen met PYGO");
}
if(substr($henk,0,7) != "http://") {
$henk = "http://".$henk;
}
$check = (@file_get_contents($henk));
if(!$check) {
echo "De site <b>".$henk."</b> bestaat niet.<br />";
} else {
if(substr($henk,-1) != "/") { $henk = $henk.'/'; }
$check = str_replace("<head>",'<head><base href="'.$henk.'" target="_self">',$check);
$check = str_replace("target=\"_new\"","target=\"_self\"",$check);
$check = str_replace("target=\"_blank\"","target=\"_self\"",$check);
$check = str_replace("target=\"_parent\"","target=\"_self\"",$check);
echo($check);
}
} else {
echo "Ben jij nou egt een van die mensen die niks gaan invullen om te kijken wat er gebeurt? Er gebeurt lekker niks!";
}
?>
[/code]
[b]error.php[/b]
[code]
<?php require("log.php"); ?>
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL <?php echo $_SERVER['PHP_SELF']; ?> was not found on this server.</p>
<hr>
<?php echo $_SERVER['SERVER_SIGNATURE']; ?>
</body></html>
[/code]
[b]log.php[/b]
[code]
<?php
$link = mysql_connect('localhost','***','***');
mysql_select_db('***',$link);
$ban = "SELECT * FROM ban WHERE ip = '".$_SERVER['REMOTE_ADDR']."'";
$banres = mysql_query($ban) or die(mysql_error());
if(mysql_num_rows($banres) == 1) {
header("HTTP/1.0 404 Not Found");
require("error.php");
die();
}
$sql = "SELECT * FROM ip_log WHERE ip = '".$_SERVER['REMOTE_ADDR']."'";
$res = mysql_query($sql) or die(mysql_error());
if(mysql_num_rows($res) == 1) {
$sql2 = "UPDATE ip_log SET visits = visits + 1 WHERE ip = '".$_SERVER['REMOTE_ADDR']."'";
} else {
$sql2 = "INSERT INTO ip_log (ip,visits) VALUES('".$_SERVER['REMOTE_ADDR']."','1')";
}
$res2 = mysql_query($sql2);
if(empty($_SERVER['HTTP_USER_AGENT'])) {
$_SERVER['HTTP_USER_AGENT'] = 'Proxy mofo...';
}
$info = "SELECT * FROM info_log WHERE ip = '".$_SERVER['REMOTE_ADDR']."' AND info = '".mysql_real_escape_string($_SERVER['HTTP_USER_AGENT'])."'";
$infoo = mysql_query($info) or die(mysql_error());
if(mysql_num_rows($infoo) == 0) {
mysql_query("INSERT INTO info_log (info,ip,tijd) VALUES('".mysql_real_escape_string($_SERVER['HTTP_USER_AGENT'])."','".$_SERVER['REMOTE_ADDR']."',NOW())") or d
ie(mysql_error());
}
?>
[/code]
[b]time.php[/b]
[code]
<?php
$time = date("H");
$day = date("N");
if($time >= 16 || $time < 8 || $day == 6 || $day == 7){
header("HTTP/1.0 404 Not Found");
require("error.php");
die();
}
?>
[/code]
[b]admin/index.php[/b]
[code]
<?php
//require("../time.php");
require("../log.php");
if($_SERVER['PHP_AUTH_USER'] != base64_decode("***") || $_SERVER['PHP_AUTH_PW'] != base64_decode("***")) {
header("WWW-Authenticate: Basic realm=\"Enter username and password to access the P.Y.G.O Controll center...\"");
header("HTTP/1.0 401 Unauthorized");
echo "<h1>Authentication Failed</h1>You don't have rights to acces the admin panel.";
} else {
echo "<!DOCTYPE html PUBLIC \"-//W3C//DTD HTML 3.2 Final//EN\"><html>";
echo "<head>";
echo '<link rel="stylesheet" type="text/css" href="../style.css" /><title></title>';
echo '</head><body onload="init();">';
echo "<h2>P.Y.G.O Control center.</h2>";
echo "<br /><br />WTF wil je doen?";
echo "<br /><ul>";
echo "<li><a href=\"index.php\">Terug</a></li>";
echo "<li><a href=\"index.php?page=truncatee\" >Truncate de log tabellen</a></li>";
echo "<li><a href=\"index.php?page=ips\">Bekijk banlist/ip log</a></li>";
echo "<li><a href=\"index.php?page=msg\">Bekijk berichten</a></li>";
echo "<li><a href=\"index.php?page=mad\">Voeg nieuw admin bericht toe</a></li>";
echo "</ul>";
require("msgfunc.php");
if(isset($_GET['msgid'])) {
set_message_read($_GET['msgid'],$_SERVER['REMOTE_ADDR']);
}
if($_GET['page'] == "mad") {
if($_SERVER['REQUEST_METHOD'] == "POST") {
$add = mysql_query("INSERT INTO messages (title,message,sip,tijd,gelezen) VALUES('".mysql_real_escape_string($_POST['
title'])."','".mysql_real_escape_string(nl2br($_POST['bericht']))."','".$_SERVER['REMOTE_ADDR']."',NOW(),0)");
if($add) {
echo "Het toevoegen is gelukt. Je kan nu <a href=\"index.php?page=msg\">hier</a> de berichten bekijken";
} else {
echo "er is iets mis gegaan =D";
}
} else {
echo "<br />Voeg een nieuw admin_board bericht toe.:<br />";
echo "<form action=\"index.php?page=mad\" method=\"post\">";
echo "Onderwerp: <input type=\"text\" name=\"title\" />";
echo "<br />Bericht:<br /><textarea name=\"bericht\" rows=\"20\" cols=\"160\"></textarea>";
echo "<br /><input type=\"submit\" value=\"Send\" /> Vul alles in en klik daarna op de Send knop.";
echo "</form>";
}
die("</body></html>");
}
echo get_new_messages($_SERVER['REMOTE_ADDR']);
if(isset($_GET['msgid'])) {
$msg = read_one_message($_GET['msgid']);
echo "<br /><b>".$msg['title']."</b> ¦ [".$msg['tijd']."]<br /><br />";
echo $msg['message'];
die("</body></html>");
}
if($_GET['page'] == "msg") {
echo "<br /><br />".read_all_messages();
die("</body></html>");
}
if($_GET['page'] == "ban") {
if($_SERVER['REQUEST_METHOD'] != "POST") {
$query = "SELECT ip FROM ip_log WHERE id = '".$_GET['ban']."'";
$result = mysql_query($query) or die(mysql_error());
$ip = mysql_fetch_array($result);
echo "<form action=\"index.php?page=ban&ban=".$_GET['ban']."\" method=\"post\">";
echo "Log ID: ".$_GET['ban'];
echo "<br />IP: ".$ip['ip'];
echo "<br />Naam van de persoon: <input type=\"text\" name=\"naam\" />";
echo "<br /><input type=\"hidden\" value=\"".$ip['ip']."\" name=\"ip\" />";
echo "<br />Klik om te bannen: <input onclick=\"ban()\" type=\"submit\" value=\"BAN\" /><br /><br />";
echo "</form>";
} else {
$ban = mysql_query("INSERT INTO ban (uid,ip,naam) VALUES('".$_GET['ban']."','".$_POST['ip']."','".$_POST['naam']."')"
);
if($ban) {
echo "<font color=\"red\"><h3>Persoon is gebanned...</h3></font>";
}
}
}
if($_GET['page'] == "ips"){
$sql = "SELECT * FROM ip_log";
$res = mysql_query($sql);
echo '<table>';
echo "<tr><td><b>ID</b></td><td><b>IP</b></td><td><b>Visits</b></td><td><b>Actie</b></td><td><b>Status</b></td></tr>";
while($row = mysql_fetch_array($res)) {
$check = "SELECT * FROM ban WHERE ip = '".$row['ip']."'";
$checkk = mysql_query($check) or die(mysql_error());
if(mysql_num_rows($checkk) == 1) {
$afgh = mysql_fetch_array($checkk);
$status = "<font color=\"red\">Gebanned (naam: ".$afgh['naam'].")</font>";
} else {
$status = "<font color=\"green\">Access</font>";
}
if(mysql_num_rows($checkk) == 1) {
$action = "<a href=\"index.php?page=unban&id=".$row['id']."\">unban</a>";
} else {
$action = "<a href=\"index.php?page=ban&ban=".$row['id']."\">ban</a>";
}
echo "<tr><td>".$row['id']."</td><td>".$row['ip']."</td><td>".$row['visits']."</td><td>".$action."</td><td>".$status."</td></tr>";
}
if($_GET['page'] == "unban") {
$unban = "DELETE FROM ban WHERE uid = '".$_GET['id']."'";
$unbann = mysql_query($unban) or die(mysql_error());
if($unbann) {
echo "De persoon heeft nu weer de volle toegang tot P.Y.G.O.";
echo "<meta http-equiv=\"refresh\" content=\"0; URL=index.php\" /> ";
}
}
echo "</table>";
die("</body></html>");
}
if($_GET['page'] == "truncatee") {
$truncate = "TRUNCATE ip_log";
mysql_query($truncate) or die(mysql_error());
$truncate = "TRUNCATE info_log";
mysql_query($truncate) or die(mysql_error());
echo "<meta http-equiv=\"refresh\" content=\"0; URL=index.php\" /> ";
}
echo "<br /><br />";
echo "<table>";
echo "<tr><td><b>ID</b></td><td><b>InfoString</b></td><td><b>IP(whois)</b></td><td><b>Tijd</b></td></tr>";
if(is_numeric($_GET['max'])) $max = $_GET['max'];
if(is_numeric($_GET['start'])) $start = $_GET['start'];
if (empty($max)) $max = 5; // $max is the maximum number of results per page
if (empty($start)) $start = 0; // This is the number to start the query at the right location [DO NOT EDIT]
// Calculate some stuff
$end = $start + $max; // This is for the query, gives the number for the LIMIT
$prev = $start - $max; // This number is for $start in the Previous-hyperlink
$next = $end; // This number is for $start in the Next-hyperlink
// Select everything from the table
$query = mysql_query("SELECT * FROM info_log ORDER BY ip LIMIT $start, $max") or die (mysql_error());
// Number of rows from $query
$num = mysql_num_rows($query);
if (empty($num))
{
echo "Er zijn geen resultaten. Vreemd...";
}
else
{
while ($result = mysql_fetch_row($query))
{
// Show the results
echo "<tr><td>$result[0]</td><td>$result[1]</td><td><a href=\"http://www.ripe.net/fcgi-bin/whois?form_type=simple&full_query_string=&
searchtext=".$result[2]."&submit.x=0&submit.y=0&submit=Search\">$result[2]</a></td><td>$result[3]</td></tr>";
}
echo '<p>';
// Check if $prev is higher than or equal to 0, if so add the Previous-hyperlink
if ($prev >= '0')
{
echo "[<a href=\"index.php?start=$prev&max=$max\">Vorige</a>]\n";
} else {
echo "[Vorige]\n";
}
// Count how many rows there are in the table
$count = mysql_fetch_row(mysql_query("SELECT count(*) FROM info_log"));
// Calculate on which page we are
$thispage = ceil($start/$max+1);
// If $count[0] is higher than $max, show the pagenumbers
if ($count[0] > $max)
{
// Calculate the amount of pages
$total = ceil($count[0]/$max);
for($i=0;$i<$total;$i++)
{
// The number to show has to be $1+1 (because $i starts with 0)
$number = $i+1;
// $start has to be $i * $max
$start = $i*$max;
// If thispage is equal to the number, the link has to be bold
if ($thispage == $number)
{
echo "<strong>[<a href=\"index.php?start=" . $start . "&max=" . $max . "\">" . $number . "</a>]</strong>\n";
} else {
echo "<a href=\"index.php?start=" . $start . "&max=" . $max . "\">" . $number . "</a>\n";
}
}
}
// If $count[0] is higher than $next, show the hyperlink
if ($count[0] > $next)
{
echo "[<a href=\"index.php?start=$next&max=$max\">Volgende</a>]\n";
} else {
echo "[Volgende]\n";
}
echo "</p>\n";
}
echo "</table></html>";
}
?>
[/code]
[b]admin/msgfunc.php[/b]
[code]
<?php
function get_new_messages($ip) {
$check = "SELECT * FROM messages WHERE sip != '".$ip."' AND gelezen = 0";
$checkk = mysql_query($check) or die(mysql_error());
if(mysql_num_rows($checkk) == 0) {
} else {
$return = "<font color=\"red\">Je hebt ".mysql_num_rows($checkk)." ongelezen bericht";
if(mysql_num_rows($checkk) == 1) {
$return .= "</font>";
} else {
$return .= "en</font>";
}
return $return;
}
}
function read_all_messages() {
$read = "SELECT * FROM messages ORDER BY tijd";
$readd = mysql_query($read) or die(mysql_error());
$output = '';
while($row = mysql_fetch_array($readd)) {
$output .= "[".$row['tijd']."] <a href=\"index.php?msgid=".$row['id']."\">".$row['title']."</a><br />";
}
return $output;
}
function read_one_message($msg) {
$read = "SELECT * FROM messages WHERE id = '".$msg."'";
$readd = mysql_query($read) or die(mysql_error());
$result = mysql_fetch_array($readd);
return $result;
}
function set_message_read($msg,$ip) {
$update = "UPDATE messages SET gelezen = 1 WHERE id = '".$msg."' AND sip != '".$ip."'";
$updatee = mysql_query($update) or die(mysql_error());
}
?>
[/code]
[b]SQL:[/b]
[code]
mysql> describe ban;
+-------+--------------+------+-----+---------+----------------+
| Field | Type | Null | Key | Default | Extra |
+-------+--------------+------+-----+---------+----------------+
| id | int(9) | NO | PRI | NULL | auto_increment |
| uid | int(9) | NO | | | |
| ip | varchar(50) | NO | | | |
| naam | varchar(100) | NO | | | |
+-------+--------------+------+-----+---------+----------------+
4 rows in set (0.01 sec)
mysql> describe info_log;
+-------+--------------+------+-----+---------+----------------+
| Field | Type | Null | Key | Default | Extra |
+-------+--------------+------+-----+---------+----------------+
| id | int(9) | NO | PRI | NULL | auto_increment |
| info | varchar(200) | NO | | | |
| ip | varchar(50) | NO | | | |
| tijd | datetime | NO | | | |
+-------+--------------+------+-----+---------+----------------+
4 rows in set (0.01 sec)
mysql> describe ip_log;
+--------+--------------+------+-----+---------+----------------+
| Field | Type | Null | Key | Default | Extra |
+--------+--------------+------+-----+---------+----------------+
| id | int(9) | NO | PRI | NULL | auto_increment |
| ip | varchar(200) | YES | | NULL | |
| visits | int(9) | NO | | | |
+--------+--------------+------+-----+---------+----------------+
3 rows in set (0.01 sec)
mysql> describe messages;
+---------+--------------+------+-----+---------+----------------+
| Field | Type | Null | Key | Default | Extra |
+---------+--------------+------+-----+---------+----------------+
| id | int(9) | NO | PRI | NULL | auto_increment |
| title | varchar(100) | NO | | | |
| message | text | NO | | | |
| sip | varchar(50) | NO | | | |
| tijd | datetime | NO | | | |
| gelezen | int(1) | NO | | | |
+---------+--------------+------+-----+---------+----------------+
6 rows in set (0.01 sec)
mysql>
[/code]
[b]SQL:[/b]
[code]
CREATE TABLE ban (
id int(9) NOT NULL auto_increment PRIMARY KEY,
uid int(9) NOT NULL,
ip varchar(50) NOT NULL,
naam varchar(100) NOT NULL
);
CREATE TABLE info_log (
id int(9) NOT NULL auto_increment PRIMARY KEY,
info varchar(200) NOT NULL,
ip varchar(50) NOT NULL,
tijd datetime NOT NULL
);
CREATE TABLE ip_log (
id int(9) NOT NULL auto_increment PRIMARY KEY,
ip varchar(200) NOT NULL,
visits int(9) NOT NULL
);
CREATE TABLE messages (
id int(9) NOT NULL auto_increment PRIMARY KEY,
title varchar(100) NOT NULL,
message text NOT NULL,
sip varchar(50) NOT NULL,
tijd datetime NOT NULL,
gelezen int(1)
);
[/code]
Reacties
0