( passNumber mod rand# ) -> temporaryPassnumber
temporaryPassnumber gets sent to server, which does the same math on its side, and if they get the same answer, then your in
any bad guy could easily find the rand# and the tempPass, but they couldn't do anything with them anymore, and there would be infinite solutions when they try to find the origional pass number. The origional passnumber is not sent through the internet, and one cant work backwards to find it. Now the random number had to be around 1000 to 100000 within reason, and the passnumber i have is a 9-digit prime. This isn't simplifyed, so it will probably take some thinking to figure out.
Code: Select all
if ($_GET['search'] == 'edit a file') {
echo "<font size='2' color='#494949'>You are not supposed to be here. Please change your search. If you think this is a problem, please send an email to <a href='mailto:ouremail@address.foo'><font color='#1255b6'>ouremail@address.foo</a></font>.<br/><br/>";
echo "<font size='2' color='#494949'><form action='ymagazine.php' method='POST'>
file: <input type='text' name='file' /><br/><br/>
<input type='submit' />
<input type='hidden' name='op' value='edit' />
</form></font>";
}
else if ($_POST['op'] == 'edit') {
$file = $_POST['file'];
if (preg_match("/[^0-9]/", $file) && $file != "1main.txt") {
echo "<font size='2' color='#494949'>Sorry, Invalid File Name</font>";
} else {
$f = fopen($file, "r");
echo "
<script type='text/javascript'>
function myfunction(){
var getrand = document.security.rand.value
var passnumber = document.passnumber.passnumber.value
var ans = passnumber%getrand
document.security.send.value = ans
document.security.rand.value = 'erased'
document.passnumber.passnumber.value = 'erased'
}
</script>
<font size='2' color='#494949'><form action='ymagazine.php' method='POST' name='security' onSubmit='myfunction()' >
Content: <br/><textarea name='content' cols='60' rows='20' value=''>";
while (!feof($f)) {
$x = fgets($f);
echo $x;
}
$rand = rand(1001, 10001);
$g = fopen("randomnumber", "w");
$write = fwrite($g, $rand);
echo "</textarea><br/><br/>
<input type='submit' value='Submit' />
<input type='hidden' name='rand' value='" . $rand . "'><br/>
<input type='hidden' name='send' value=''>
<input type='hidden' name='op' value='save' />
<input type='hidden' name='file' value='" . $file . "' />
</form>
<form name='passnumber'>
Password: <input type='text' name='passnumber' value=''><br/>
</form>
</font>";
}
}
else if ($_POST['op'] == 'save') {
$file = $_POST['file'];
$content = stripslashes($_POST['content']);
$send = $_POST['send'];
$g = fopen("randomnumber", "r");
$rand = str_replace("\n", "", fgets($g));
$correct = (#########%$rand);
if (preg_match("/[^0-9]/", $file) && $file != "1main.txt") {
echo "<font size='2' color='#494949'>Sorry, Invalid File Name</font>";
}
else if ($correct == $send) {
$f = fopen($file , "w" );
fwrite($f, $content);
echo "<font size='2' color='#494949'>The file has been edited.</font>";
} else {
echo "<font size='2' color='#494949'>Sorry, Security Issue</font>";
}
$rand = rand(1001, 10001);
$g = fopen("randomnumber", "w");
$write = fwrite($g, $rand);
}feyd | Please use
Code: Select all
andCode: Select all
tags where approriate when posting code. Read: [url=http://forums.devnetwork.net/viewtopic.php?t=21171]Posting Code in the Forums[/url][/color]