UGN Security
Posted By: Ghost First couple of PHP scripts - 10/10/04 02:47 PM
I recently got into PHP because i wanted to see why everyone thought it was so great, so i wrote a few scripts to get into most of the basics.

Code
<?php 
if($_POST['plaintext'] != NULL) {
$plaintext = $_POST['plaintext'];
$encrypted = md5($plaintext);
echo "Your string, when converted to an MD5 hash is: 
 $encrypted";
}
?>
<html>
 <head>
  <title>MD5 Crypter</title>
 </head>
 <body> 
  <form action="md5.php" method="post">
  <input type="text" name="plaintext"> 
  <input type="submit">
 </body>
</html>
  
There's my first one, just takes your plaintext and encrypts it via md5.

Then i wrote these two:

Code
 <?php
$date = date("r");
$handle = fopen("log.txt", "a");
$ip = $_SERVER['REMOTE_ADDR'];
fwrite($handle, "<table border=1 cellspacing=1 cellpadding=0><tr><td><font color=white>Page View</font><td><font color=white>$ip</font>");
fwrite($handle, "<td><font color=white>$date</font>");
fwrite($handle, "</table>");
?>
 
Code
 <html>
 <head>
  <title>Login</title>
 </head>
 <body bgcolor="black">
<form action="login.php" method="post">
<table><tr><td><font color="white">Username: </font><input type="text" name="user">

<tr><td><font color="white">Password: </font><input type="text" name="password">

<center><input type="submit"></center>
</table>
</form>
</body>
</html>
<?php
$ip = $_SERVER['REMOTE_ADDR'];
$pass = $_POST['password'];
$user = $_POST['user'];
$date = date("r");
$handle = fopen("log.txt", "a");
if ($_POST['user'] == "Ghost" && md5($_POST['password']) == "9dbc0166304c474cb424d7979ad8b530") {
Authenticated();
} else {
fwrite($handle, "<table border=1 cellspacing=1 cellpadding=0><tr><td><font color=white>Failed login!</font><td><font color=white> $user </font> <td><font color=white> $pass </f$
}
function Authenticated()
{
$handle = fopen("log.txt", "a");
$ip = $_SERVER['REMOTE_ADDR'];
$pass = $_POST['password'];
$user = $_POST['user'];
$date = date("r");
readfile("log.txt");
fwrite($handle, "<table border=1 cellspacing=1 cellpadding=0><tr><td><font color=white>Successful login!</font><td><font color=white> $user </font><td><font color=white> $ip </$
}
?>
 
First one just writes the ip address of the user and the date of the view, to a log file. Second one does the same, except it logs ip addresses, dates, and the username password combo of a login (if its an invalid login), or the date, username, and ip, if its a valid login.

What do you guys think, anything i could do to optimze any of these scripts? any suggestions? comments?
© UGN Security Forum