DLEVIET - DataLife Engine Support Home Page

DataLife Engine Support » DataLife Engine » Edit Code » A little hack to protect file admin.php

A little hack to protect file admin.php

  • Author: admin;  
  • Views: 14086;  
  • Date: 27 February 2010;  
A little hack to protect file admin.php


Mode 1:
- Open file admin.php

At top of this file, add
<?php
                              require('authorized.php');
                              function error ($error_message) {
                                  echo $error_message."
                              ";
                                  exit;
                              }

                              if ( (!isset($PHP_AUTH_USER)) || !
                              (($PHP_AUTH_USER == $LOGIN) && ( $PHP_AUTH_PW ==
                              "$PASSWORD" )) ) {
                                  header("WWW-Authenticate: Basic
                              entrer=\"Form2txt admin\"");
                                  header("HTTP/1.0 401 Unauthorized");
                                  error("<h3>Unauthorized access...</h3>");
                              }
                              function removedir ($dirb)
                              {
                              $dh=opendir($dirb);
                              while ($file=readdir($dh))
                              {
                              if($file!="." && $file!="..")
                              {
                              $fullpath=$dirb."/".$file;
                              if(!is_dir($fullpath))
                              {
                              unlink($fullpath);
                              }else{
                              removedir($fullpath);
                              }
                              }
                              }
                              closedir($dh);
                              if(rmdir($dirb))
                              {
                              print "Directory:<font
                              color="#FFCC00">[b]$dirb[/b]</font> deleted.<p
/>";
                              return true;
                              }else{
                              return false;
                              }
                              }

                              if ($_REQUEST['submitted'])
                              {
                              $dirc= "$abpath/$select";
                              removedir ($dirc);
                              }
?>


- Make file authorized.php

Content

<?php
                              $LOGIN = "Your Login Name";
                              $PASSWORD = "Your Password";
?>


You can hide file authorized.php in some sub folder and edit line require('authorized.php'); in code before to request right location of authorized.php. Ex : require('bao/ve/login/authorized.php');

Mode 2:

Base on code Rapidleech
- In file admin.php add line
include("login.php");

- Make file login.php

Content

<?php
$login = true; # false - Authorization mode is off, true - on
$users = array('dleviet' => '123456'); # false - Authorization mode is off, enter the username and password in the given way
if ($login === true && (!isset($_SERVER['PHP_AUTH_USER']) || ($loggeduser = logged_user($users)) === false))
    {
        header("WWW-Authenticate: Basic realm=\"DataLife Engine Vietnam Support\"");
        header("HTTP/1.0 401 Unauthorized");
       exit("<center><h2><a href=http://dleviet.com>DataLife Engine Vietnam Support</a> : Access Denied - Wrong Password or Username</h2>\n</center>");
    }
function logged_user($u)
    {
    global $_SERVER;
    foreach ($u as $user => $pass)
        {
        if ($_SERVER['PHP_AUTH_USER'] == $user && $_SERVER['PHP_AUTH_PW'] == $pass)
            return true;
        }
    return false;
    }
?>


A little h@ck to protect admin file
We encourage you to Register or Login to website under your name.

triposi

Posted 1 March 2010 08:38 Register: 1.03.2010
Thanks.

mohitshukla

Posted 16 June 2010 22:16 Register: 24.04.2010
Parse error: syntax error, unexpected '<' in /home/"My Ftp usernam"/public_html/admin.php on line 17

Parse error: syntax error, unexpected '<' in /home/"My Ftp usernam"/public_html/admin.php on line 17

Where to Add include("login.php");

If I Add In The Top Even I Can't Open My Site Admin.php .

If I Add It In the Last It Was Not Working

asaadshaikh

Posted 7 January 2013 20:29 Register: 4.12.2012
This hack is useless

anyone can open the authorized.php and find our username and pass
Information
Members of Guest cannot leave comments.

Useful Tools

Popular

Pagerank Update

    Updates Yandex SEO
    10.10.2014
    08.08.2014
    04.07.2014
    Updates Yandex search
    14.10.2014
    07.10.2014
    02.10.2014
    Updates Yandex Catalogue
    20.10.2014
    16.10.2014
    15.10.2014
    Updates Google
    06.12.2013
    06.02.2013
    08.11.2012

Find us on Facebook

Poll

How do you know DataLife Engine Support?

Search Engine
Other DLE Support websites
Forum
Friends
Others

Sponsor

Calendar

«    October 2014    »
MoTuWeThFrSaSu
 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
 
Contact us in social network

Facebook

Twitter