1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
|
<?php
/*
* pwhash.php file for PHP Shell
* Copyright (C) 2005-2010 the Phpshell-team
* Licensed under the GNU GPL. See the file COPYING for details.
*
*/
define('PHPSHELL_VERSION', '2.2');
function stripslashes_deep($value) {
if (is_array($value))
return array_map('stripslashes_deep', $value);
else
return stripslashes($value);
}
if (get_magic_quotes_gpc())
$_POST = stripslashes_deep($_POST);
$username = isset($_POST['username']) ? $_POST['username'] : '';
$password = isset($_POST['password']) ? $_POST['password'] : '';
?>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN"
"http://www.w3.org/TR/html4/strict.dtd">
<html>
<head>
<title>Password Hasher for PHP Shell <?php echo PHPSHELL_VERSION ?></title>
<meta http-equiv="Content-Script-Type" content="text/javascript">
<meta http-equiv="Content-Style-Type" content="text/css">
<meta name="generator" content="phpshell">
<link rel="stylesheet" href="style.css" type="text/css">
</head>
<body>
<h1>Password Hasher for PHP Shell <?php echo PHPSHELL_VERSION ?></h1>
<form action="<?php $_SERVER['PHP_SELF']; ?>" method="POST">
<fieldset>
<legend>Username</legend>
<input name="username" type="text" value="<?php echo $username ?>">
</fieldset>
<fieldset>
<legend>Password</legend>
<input name="password" type="text" value="<?php echo $password ?>">
</fieldset>
<fieldset>
<legend>Result</legend>
<?php
if ($username == '' || $password == '') {
echo " <p><i>Enter a username and a password and update.</i></p>\n";
} else {
$u = strtolower($username);
if (preg_match('/[[ |&~!()]/', $u) || $u == 'null' ||
$u == 'yes' || $u == 'no' || $u == 'true' || $u == 'false') {
echo ' <p class="error">Your username cannot contain any of the following reserved
word: "<tt>null</tt>", "<tt>yes</tt>", "<tt>no</tt>", "<tt>true</tt>", or
"<tt>false</tt>". The following characters are also prohibited:
"<tt> </tt>" (space), "<tt>[</tt>" (left bracket), "<tt>|</tt>" (pipe),
"<tt>&</tt>" (ampersand), "<tt>~</tt>" (tilde), "<tt>!</tt>" (exclamation
mark), "<tt>(</tt>" (left parenthesis), or "<tt>)</tt>" (right
parenthesis).</p>' . "\n";
echo ' <p>Please choose another username and try again.</p>' . "\n";
} else {
echo " <p>Write the following line into <tt>config.php</tt> " .
"in the <tt>users</tt> section:</p>\n";
if ( function_exists('sha1') ) { $fkt = 'sha1' ; } else { $fkt = 'md5' ; } ;
$salt = dechex(mt_rand());
$hash = $fkt . ':' . $salt . ':' . $fkt($salt . $password);
echo "<pre>\n";
echo htmlentities(str_pad($username, 8) . ' = "' . $hash . '"') . "\n";
echo "</pre>\n";
}
}
?>
<p><input type="submit" value="Update"></p>
</fieldset>
</form>
<hr>
<address>
Copyright © the Phpshell-team, please see <a href="AUTHORS">AUTHORS</a>.
This is PHP Shell <?php echo PHPSHELL_VERSION ?>, get the latest version at <a
href="http://phpshell.sourceforge.net/">http://phpshell.sourceforge.net/</a>.
</address>
</body>
</html>
|
