PHP: Aizsarg

Moderators: Vecākie lietotāji

Mad182
Reģistrēts lietotājs
Atbildes: 903
Pievienojies: 14 Mar 2007, 15:16
Reputācija: 0
Atrodas: Latvija

PHP: Aizsarg

Post no Mad182 » 06 Mai 2007, 19:59

Rakstîts pirms kâda laiciòa un kopçts no GFX-deream :) Izdomâju iemest arî te.

autentifikacija.php:

Code: Select all

<?php
########## PAR ######################################################
#
# Skripts lapas aizsardzîbai ar paroli.
# Lai aizsargâtu kâdu failu, ieliec tâ sâkumâ ar include&#40;"autentifikacija.php"&#41;;
# Lai pievienotu izlogoðanâs pogu, jebkurâ vietâ ieliec echo "$iziet";
#
#####################################################################


########## KONFIGURÂCIJA ############################################

$parole = "root"; // parole, kura tiks izmantota autentifikâcijai
$cepums = "ielogojies"; // cepums &#40;cookie&#41;, kurð tiks izmantots
$laiks = "3600"; // laiks, cik ilgi paliks ielogojies &#40;sekundçs&#41;
$iteksts = "Izlogoties"; // teksts, izlogosanâs linkam
$prasit = "Ievadi paroli!"; //kâ paprasît paroli 
$slikts = "Nespelçjies ar cepumiem. Resns paliksi!"; // ja megina iebarot sliktu cookie 
$kludastxt = "Ievadîtâ parole nav pareiza!"; // ko râdît, ja uzraksta nepareizu paroli

#####################################################################


########## FUNKCIJAS ################################################

// funkcija, kas uzliek cepumu. Atseviðíi atdalîta tâdçï, ka tiek lietota vairâkâs vietâs
function uzliktcepumu&#40;&#41; &#123;
global $cepums,$encrypt_parole,$beidzas;
	setcookie&#40;$cepums,$encrypt_parole,$beidzas&#41;;
&#125;

// funkcija, kas attçlo login logu
function prasitparoli&#40;$kluda&#41; &#123;

?>
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http&#58;//www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>

<head>
<meta http-equiv="content-type" content="text/html; charset=UTF-8" />
<title>Ieþurnalçties</title>
</head>

<body>
<form action="" method="POST">
Parole&#58; <input type="password" name="parole" size="20"> 
<input type="submit" value="Ieþurnalçties">
<p><?php echo "$kluda"; ?></p>
</form>
</body>

</html>
<?php 
&#125;

#####################################################################


########## KIÐMIÐ ###################################################

$encrypt_parole = md5&#40;$parole&#41;; // aizkodçjam paroli ar md5
$beidzas = time&#40;&#41;+$laiks; // pieliekam norâdîto laiku pie tagadçjâ laika 
$iziet = '<a href="'.$_SERVER&#91;'REQUEST_URI'&#93;.'?iziet=ja">Iziet</a>'; // links lai izlogotos

// èeko, vai ir mçìinâjums ielogoties
if &#40;isset&#40;$_POST&#91;'parole'&#93;&#41;&#41; &#123;
	// salîdzina ierakstîto paroli ar îsto
	$meginajums = md5&#40;$_POST&#91;'parole'&#93;&#41;;
	// ja ierakstîtâ parole ir pareiza, uzliek cepumu
	if &#40;$meginajums == $encrypt_parole&#41; &#123;
		uzliktcepumu&#40;&#41;;
	// ja nav pareiza, paprasa paroli vçlreiz
	&#125; else &#123;
		prasitparoli&#40;$kludastxt&#41;;
		exit&#40;&#41;;
	&#125;
// èeko, vai ir cepums
&#125; elseif &#40;isset&#40;$_COOKIE&#91;$cepums&#93;&#41;&#41; &#123;
	// ja cepums nav labs, nelaiþ iekðâ
	if &#40;$_COOKIE&#91;$cepums&#93;<>$encrypt_parole&#41; &#123;
		prasitparoli&#40;$slikts&#41;;
		exit&#40;&#41;;
	&#125;
//ja nav ne cepuma, ne meìinâjuma ielogoties, tad parâda login lapu
&#125; else &#123;
		prasitparoli&#40;$prasit&#41;;
		exit&#40;&#41;;
&#125;

// èeko, vai kâds negri izlogoties
if &#40;isset&#40;$_GET&#91;'iziet'&#93;&#41;&#41; &#123;
	$iziet = $_GET&#91;'iziet'&#93;;
	// ja ir pieprasîjums izlogoties, novâc cepumu
	if &#40;$iziet == "ja"&#41; &#123;
		setcookie&#40;$cepums,'',time&#40;&#41; - 3600&#41;;
		// èeko, vai pie adreses ir ?iziet=ja, un ja ir, tad to novâc, lai atkal varçtu ielogoties
		if &#40;substr&#40;$_SERVER&#91;'REQUEST_URI'&#93;,-9&#41;=='?iziet=ja'&#41; &#123;
		$adrese = str_replace&#40;'?iziet=ja','',$_SERVER&#91;'REQUEST_URI'&#93;&#41;;
		// pârmet uz adresi bez "?iziet=ja"
		header&#40;'Location&#58; '.$adrese&#41;;
		&#125;
	//prasa paroli un iziet
	prasitparoli&#40;$prasit&#41;;
	exit&#40;&#41;;
	&#125;
&#125;
?>
Izveidojam failu uz servera, un visâs lapâs, ko gribam aizsargât, pasâ augsâ liekam

Code: Select all

<?php include&#40;"autentifikacija.php"&#41;; ?>
Vietâ, kur gribam linku "iziet":

Code: Select all

<?php echo "$iziet"; ?>
Te ðis fails jau izveidots kopâ ar paraugu, kâ to lietot: http://www.mad182.ex.lv/files/WEB/login.zip
Un kâ tas darbojas dzîvç: http://www.mad182.ex.lv/files/WEB/login/ (parole: root)

Ja ir kaut kâdas neskaidrîbas, just ask :)

User avatar
Tvinky
E-žurnālists
Atbildes: 454
Pievienojies: 17 Apr 2007, 13:11
Reputācija: 0

Post no Tvinky » 07 Mai 2007, 08:44

Norm, tikai ja atradiis XSS un iebaaziis snifuku, tad apeediis cepumus un saies cieminji :)

Mad182
Reģistrēts lietotājs
Atbildes: 903
Pievienojies: 14 Mar 2007, 15:16
Reputācija: 0
Atrodas: Latvija

Post no Mad182 » 15 Mai 2007, 20:26

Tvinky wrote:Norm, tikai ja atradiis XSS un iebaaziis snifuku, tad apeediis cepumus un saies cieminji :)
Neredzu, kur tu viòu iebâzîsi...

User avatar
Tvinky
E-žurnālists
Atbildes: 454
Pievienojies: 17 Apr 2007, 13:11
Reputācija: 0

Post no Tvinky » 15 Mai 2007, 21:36

Nu tipa nejau visa lapa no ðî viena koda sastâvçs. Imho atradîð kaut kur citur XSS robu un viss tâlâk pçc kârtas... Es cenðos paroles pa cepumiem nemçtât, bet katrs dara kâ labâk ;)

Pievienot atbildi

Return to “Web veidošana un problēmas”