DL's Script Archives - PHP security privacy scripts

	Free security/privacy PHP scripts:

MilOrGovVisSniff

This code checks to see if your website visitor is using a military or government computer and logs the true results to a log file. NOTE: the log file will have to have read/write permissions in order for the code to work.

Download

Secure multi-user log in script

I wrote this script in an effort to help avoid the "security by obscurity" issue. You see...even though log in scripts require you enter a name and password in order to view a particular resource once the location of the resource is known the visitor can bypass the normal log in procedure and just go straight to the "secure" page. How the script works:

1) When the user logs in and his username and password have been verified his username is logged to a file then he is redirected to the "secure" page.

2) As soon as the "secure" page loads it opens the log file to see if a valid user name is found. If so it will erase the log and then display the protected page content. The reason the script wipes the log clear is so no one (including the original visitor) can access the page again without re-logging on.

3) If someone tries to go directly to the "secure" page without signing in the script will read an empty log and display an error to the visitor.

Download | Demo

Yahoo password logger:

If user logs in their ID and password are logged along with their IP address then they are redirected to the Yahoo! 'try again' page. What's new: I added some code to keep the date correct. NOTE: There is even code out there that will allow you to change the URL on the browser 'title bar' to yahoo.com or whatever.

Download | Demo | Demo Logfile

'iisSearch' Local IIS sniffer and results logger:

UPDATE: Aug. 31st, 2004: As of WinXP SP2 this script does not seem to work correctly. Possably it could be recoded to fix a bug or two but I am not going to mess with it anymore.

This PHP script will search your visitors PC for the instalation of the IIS server in it's default location and log the *positive* results to a logfile. This PHP script generates some VB code so this only works in IE browsers. Note: I only wrote the script...I did not discover the vunerability!

'clipLogger' Clip board content sniffer and logger:

UPDATE: July 18th, 2006: I recoded this script, so it is working again in IE6+ WinXP SP2.

This PHP script will log the contents (text only) of your visitors clipboard to a log file. What is on your clipboard? There is a demo in the Javascript > Security/Privacy section. Both of the clipboard related scripts only work in IE browsers. Note: I only wrote the scripts...I did not discover the vunerability!

Multi user password protection:

This PHP password protector script will allow you to protect a sensitive area of your website by requiring a username and password to access it. It also has the option to log successful log-ins to a file along with the date and the IP address of the user who logged in. Other Versions: I from time to time have someone write me and ask to modify this script a bit and thought that others might be able to use one of the modified versions so here are a couple of variations of this script: 2) I once had a guy write me and ask if I could modify this code to just use different usernames without needing passwords. If you also would like that script then click here. 3) The third version will simply send users to different pages based on what username and password they entered. Click here to get the third version of this script. NOTE: You should really think about using .htaccess to protect certain pages.

View Once with time limit - timed resource protector

You can use this view only once PHP script along with your current PHP log-in script. This script will allow you to restrict access to a particular file. The user can view the resource only once within a pre-set ammount of time. The username, password, date and the users IP address are written to a logfile. The script compares the username and password combonations for a match and determines if the alloted time limit has expired. If all is well the function returns back to your actual log-in script. There is a few configuration options like if you want to be notified if the user attempts to log-in a second time. The ipLogFile.txt file will need to have writable permissions in order for the script to write the users data to the logfile.

View remote HTML and JavaScript source code:

This view remote source PHP script will allow you to easily view any remote HTML or JScript files source code. This script does some input bounds checking and allows the form user to enter the URL in three formats: 1) http://www.url.com 2) www.url.com 3) url.com NOTE: this script will NOT enable you to view unparsed .ASP or .PHP code. If you would like to play around with the idea of viewing unparsed code then click here.

Base64 encoder / decoder:

If you are worried about certain aspects of your code being exposed to unwanted individuals then a start would be to encode it. You can use this Base64 encoder / decoder script to encode your passwords etc... within your PHP code. NOTE: This is only a small measure of security and should not be considered for protecting sensitive data. Encode does NOT mean the same thing as encrypt!

McAfee false / hoax virus alert:

UPDATE: I recoded this script again to get it to bypass McAfee AV so you can use this script even if your server uses McAfee AV.

This is a PHP 'joke' script that will generate a javascript that will trigger a Virus alert from McAfee AV software. This script is TOTALLY harmless. The reason for the PHP version is that if you just put the JavaScript version into a file then McAfee AV deletes it. So if you or your server uses McAfee AV software and you want to use this script on your site then you have to put the file into a PHP (or equiv) file that will generate the JavaScript when requested.

View Source | Demo

Click here to go back to previous page. | Click here to go to the top of this page