devai Posted May 19, 2008 Share Posted May 19, 2008 Hello everyone, I am fairly new to PHP.. Now.. I am working on a site, and have set-up a development forum for it.. I have found out that many people have been trying to access my forum, by trying to guess on the authentication page.. It's slowing down my site so I need help.. Now.. While I was asleep my cousin was working on a script that wrote down anything that was entered into the authentication page.... Meaning the username and passwords... And it included something that writes down there IP and the time they tried to access.. He wasn't quite done with the script.. So I need help.... Apparently he had no idea on what he was doing.. <?php define('USER', 'user'); define('PASSWORD', 'password'); if (!isset($_SERVER['PHP_AUTH_USER']) || !isset($_SERVER['PHP_AUTH_PW'])) { header('WWW-Authenticate: Basic realm="My Realm"'); header('HTTP/1.0 401 Unauthorized'); echo 'You hit cancel, good on you.'; } elseif ( isset($_SERVER['PHP_AUTH_USER']) && $_SERVER['PHP_AUTH_USER'] == USER && isset($_SERVER['PHP_AUTH_PW']) && $_SERVER['PHP_AUTH_PW'] == PASSWORD ) { echo "<p>Hello {$_SERVER['PHP_AUTH_USER']}.</p>"; echo "<p>You entered '{$_SERVER['PHP_AUTH_PW']}' as your password.</p>"; } else { header('HTTP/1.0 400 Bad Request'); echo "<p>You shall not pass!</p>"; } //Get date $date = date("d/F/Y"); //Get time $time = date("g:i a"); //File username-passwords-ip are stored $file = 'intruders.txt'; //Begins to amened the information to the file $handle = fopen("$file", "a"); //Writes the username,password, and ip fwrite($handle, 'Username='); fwrite($handle, "$username \n"); fwrite($handle, 'Password='); fwrite($handle, "$password \n"); fwrite($handle, 'Ip='); fwrite($handle, "$REMOTE_ADDR \n"); fwrite($handle, 'Date='); fwrite($handle, "$date \n"); fwrite($handle, 'Time='); fwrite($handle, "$time"); fwrite($handle, "\r\n\n"); //Stops writing information fclose($handle); //Exits file ?> Can anybody help me fix this? I've been reading many tutorials, and no help... The purpose of this is, to see all the attempted username and password combinations that had been used so that we can take precaution... And to ban the IP address that attempted to do it.. Link to comment https://forums.phpfreaks.com/topic/106257-help-with-php-authentication/ Share on other sites More sharing options...
devai Posted May 19, 2008 Author Share Posted May 19, 2008 Anybody? My cousin is working on something the bans any IP that is on the intruders.txt from the server.. So.. I really need this finished soon... Link to comment https://forums.phpfreaks.com/topic/106257-help-with-php-authentication/#findComment-544612 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.