Protect you database in 10 sec!
- Thread starter Azi
- Start date
I have the same question
- Joined
- Aug 19, 2007
- Messages
- 4,941
- Solutions
- 11
- Reaction score
- 352
Kakdeg
Enforia.no-ip.org
Thanks alot, really great script! rep
New Version: 3.0
Easier using by step-working, configure all inwork in http://localhost/scriptfile.php
Yours,
Ersiu.
Easier using by step-working, configure all inwork in http://localhost/scriptfile.php
PHP:
<?PHP
// Database Access protect by ersiu (azi)
// Version: 3.0
session_start();
$user = (@$_SESSION['user'])?$_SESSION['user']:'root';
$password = (@$_SESSION['password'])?$_SESSION['password']:'';
$conn = @MySQL_CONNECT("localhost", $user, $password);
function generatePassword($length=10){
$chars = array(
array(48, 57), // numbers
array(65, 90), // upper case letters
array(97,122), // lower case letters
#array(33, 43) // special chars
);
$password = "";
for($i=1; $i<$length; $i++){
$charset = rand(0, count($chars)-1);
$password .= chr(rand($chars[$charset][0], $chars[$charset][1]));
}
return $password;
}
$content = "<h1>Logged on: '{$user}'@'localhost'; password: '{$password}'";
if($conn){
$step = @($_REQUEST['step'])?$_REQUEST['step']:1;
if($step == 1) {
if(@$_POST['create'] == true && @!empty($_POST['dbuser']) && @!empty($_POST['dbpass']) && @$_POST['working'] == true){
$content.= "<h1>Step 1</h1>*Manage MySQL User!<hr>";
$create_query = MySQL_QUERY("CREATE USER '{$_POST['dbuser']}'@'localhost' IDENTIFIED BY '{$_POST['dbpass']}'");
$access_query = MySQL_QUERY("GRANT ALL PRIVILEGES ON * . * TO '{$_POST['dbuser']}'@'localhost' IDENTIFIED BY '{$_POST['dbpass']}' WITH GRANT OPTION MAX_QUERIES_PER_HOUR 0 MAX_CONNECTIONS_PER_HOUR 0 MAX_UPDATES_PER_HOUR 0 MAX_USER_CONNECTIONS 0");
if($create_query && $access_query){
$_SESSION['user'] = $_POST['dbuser'];
$_SESSION['password'] = $_POST['dbpass'];
$content.="You have created a new MySQL User!<BR>
Please save an account access data:<BR> <table>
<tr><td>User Login: </td><td><b>{$_POST['dbuser']}</b></td></tr>
<tr><td>User Host: </td><td><b>localhost</b></td></tr>
<tr><td>User Password: </td><td><b><font color='red'>{$_POST['dbpass']}</font></b></td></tr></table>";
$content.="Allright! <a href='?step=2'> Go to step 2!</a>";
}else{
$content.="Cannot create new MySQL User. <a href='?step=1'> Go back to step 1!</a>";
}
}elseif(@$_POST['create'] == false && @$_POST['working'] == true && @!empty($_POST['dbpass'])){
$content.= "<h1>Step 1</h1>*Manage MySQL User!<hr>";
$query = MySQL_QUERY("SET PASSWORD FOR 'root'@'localhost' = PASSWORD( '{$_POST['dbpass']}' )");
if($query){
$_SESSION['password'] = $_POST['dbpass'];
$content.="Password for root@localhost has been changed!<BR>
Please save an account access data:<BR> <table>
<tr><td>User Login: </td><td><b>root</b></td></tr>
<tr><td>User Host: </td><td><b>localhost</b></td></tr>
<tr><td>User Password: </td><td><b><font color='red'>{$_POST['dbpass']}</font></b></td></tr></table>";
$content.="Allright! <a href='?step=2'> Go to step 2!</a>";
}else{
$content.="Cannot change password for root@localhost. <a href='?step=1'> Go back to step 1!</a>";
}
}else{
$content.= "<h1>Step 1</h1>*Manage MySQL User!<hr>";
$content.= "<form action='?step=1' method='post'><input type='hidden' name='working' value='true'>
<table><tr><td>Username: </td><td><input type='text' name='dbuser'></td></tr>
<tr><td>Password: </td><td><input type='text' name='dbpass' value='".generatePassword(8)."'></td></tr>
</table>
<input type='checkbox' name='create' checked/> <b>Create New MySQL User</b>, else change password for root@localhost<br>
<input type='submit' value='Continue...'
</form>";
}
}elseif($step == 2){
$content.= "<h1>Step 2</h1>*Re-login to MySQL!<hr>";
$content.= "You have relogged for '{$user}'@'localhost'; using password: YES!<BR>";
$content.="Allright! <a href='?step=3'> Go to step 3!</a>";
}elseif($step == 3){
$content.= "<h1>Step 3</h1>*Deleting other MySQL Users!<hr>";
if(@$_POST['working'] == true){
if($_POST['delOption'] == 1){
$query = MySQL_Query("DELETE FROM mysql.user WHERE NOT(`User`='".((@$_SESSION['user'])?$_SESSION['user']:'root')."' AND `Host`='localhost')");
$content .= "Others users has been deleted!<BR><a href='?step=4'> Go to step 4!</a>";
}elseif($_POST['delOption'] == 2){
$query = MySQL_Query("DELETE FROM mysql.user WHERE `Password`=''");
$content .= "All users withou password has been deleted!<BR><a href='?step=4'> Go to step 4!</a>";
}else{
$content.="Wrong away!";
}
}else{
$query = MySQL_Query("select * from mysql.user");
$content.="<b>MySQL Users:</b><br><ul>";
while($user = MySQL_Fetch_Array($query)){
$content.="<ul>'{$user['User']}'@'{$user['Host']}' - Using Password: ".(($user['Password']=='')?'no':'yes')."</ul>";
}
$content.="</ul>";
$content.="<form action='?step=3' method='post'>
<input type='hidden' name='working' value='true'>
<b>Delete:</b><br> <input type='radio' name='delOption' value='1' checked> Other Users than '".((@$_SESSION['user'])?$_SESSION['user']:'root')."'@'localhost'<br>
<input type='radio' name='delOption' value='2'> Only users without password<br>
<input type='submit' value='Continue...'>
</form>";
}
}elseif($step == 4){
$content.= "<h1>Step 4</h1>*Deleting script file!<hr>";
if(@$_POST['delete'] == true){
$content.="Script file has been deleted!<BR>You can exit this page.";
unlink($_SERVER["SCRIPT_FILENAME"]);
}else{
$content.="<form action='?step=4' method='post'>
<input type='checkbox' name='delete' checked> Delete this script<br>
<input type='submit' value='Continue...'>
</form>";
}
}
}else{
$content .= "<font color='red'><b>Cannot connect to root@localhost using password: no</b></font>";
}
echo $content;
?>Yours,
Ersiu.
LucasFerraz
Systems Analyst
New Version: 3.0
Easier using by step-working, configure all inwork in http://localhost/scriptfile.php
PHP:<?PHP // Database Access protect by ersiu (azi) // Version: 3.0 session_start(); $user = (@$_SESSION['user'])?$_SESSION['user']:'root'; $password = (@$_SESSION['password'])?$_SESSION['password']:''; $conn = @MySQL_CONNECT("localhost", $user, $password); function generatePassword($length=10){ $chars = array( array(48, 57), // numbers array(65, 90), // upper case letters array(97,122), // lower case letters #array(33, 43) // special chars ); $password = ""; for($i=1; $i<$length; $i++){ $charset = rand(0, count($chars)-1); $password .= chr(rand($chars[$charset][0], $chars[$charset][1])); } return $password; } $content = "<h1>Logged on: '{$user}'@'localhost'; password: '{$password}'"; if($conn){ $step = @($_REQUEST['step'])?$_REQUEST['step']:1; if($step == 1) { if(@$_POST['create'] == true && @!empty($_POST['dbuser']) && @!empty($_POST['dbpass']) && @$_POST['working'] == true){ $content.= "<h1>Step 1</h1>*Manage MySQL User!<hr>"; $create_query = MySQL_QUERY("CREATE USER '{$_POST['dbuser']}'@'localhost' IDENTIFIED BY '{$_POST['dbpass']}'"); $access_query = MySQL_QUERY("GRANT ALL PRIVILEGES ON * . * TO '{$_POST['dbuser']}'@'localhost' IDENTIFIED BY '{$_POST['dbpass']}' WITH GRANT OPTION MAX_QUERIES_PER_HOUR 0 MAX_CONNECTIONS_PER_HOUR 0 MAX_UPDATES_PER_HOUR 0 MAX_USER_CONNECTIONS 0"); if($create_query && $access_query){ $_SESSION['user'] = $_POST['dbuser']; $_SESSION['password'] = $_POST['dbpass']; $content.="You have created a new MySQL User!<BR> Please save an account access data:<BR> <table> <tr><td>User Login: </td><td><b>{$_POST['dbuser']}</b></td></tr> <tr><td>User Host: </td><td><b>localhost</b></td></tr> <tr><td>User Password: </td><td><b><font color='red'>{$_POST['dbpass']}</font></b></td></tr></table>"; $content.="Allright! <a rel='nofollow' href='?step=2'> Go to step 2!</a>"; }else{ $content.="Cannot create new MySQL User. <a rel='nofollow' href='?step=1'> Go back to step 1!</a>"; } }elseif(@$_POST['create'] == false && @$_POST['working'] == true && @!empty($_POST['dbpass'])){ $content.= "<h1>Step 1</h1>*Manage MySQL User!<hr>"; $query = MySQL_QUERY("SET PASSWORD FOR 'root'@'localhost' = PASSWORD( '{$_POST['dbpass']}' )"); if($query){ $_SESSION['password'] = $_POST['dbpass']; $content.="Password for root@localhost has been changed!<BR> Please save an account access data:<BR> <table> <tr><td>User Login: </td><td><b>root</b></td></tr> <tr><td>User Host: </td><td><b>localhost</b></td></tr> <tr><td>User Password: </td><td><b><font color='red'>{$_POST['dbpass']}</font></b></td></tr></table>"; $content.="Allright! <a rel='nofollow' href='?step=2'> Go to step 2!</a>"; }else{ $content.="Cannot change password for root@localhost. <a rel='nofollow' href='?step=1'> Go back to step 1!</a>"; } }else{ $content.= "<h1>Step 1</h1>*Manage MySQL User!<hr>"; $content.= "<form action='?step=1' method='post'><input type='hidden' name='working' value='true'> <table><tr><td>Username: </td><td><input type='text' name='dbuser'></td></tr> <tr><td>Password: </td><td><input type='text' name='dbpass' value='".generatePassword(8)."'></td></tr> </table> <input type='checkbox' name='create' checked/> <b>Create New MySQL User</b>, else change password for root@localhost<br> <input type='submit' value='Continue...' </form>"; } }elseif($step == 2){ $content.= "<h1>Step 2</h1>*Re-login to MySQL!<hr>"; $content.= "You have relogged for '{$user}'@'localhost'; using password: YES!<BR>"; $content.="Allright! <a rel='nofollow' href='?step=3'> Go to step 3!</a>"; }elseif($step == 3){ $content.= "<h1>Step 3</h1>*Deleting other MySQL Users!<hr>"; if(@$_POST['working'] == true){ if($_POST['delOption'] == 1){ $query = MySQL_Query("DELETE FROM mysql.user WHERE NOT(`User`='".((@$_SESSION['user'])?$_SESSION['user']:'root')."' AND `Host`='localhost')"); $content .= "Others users has been deleted!<BR><a rel='nofollow' href='?step=4'> Go to step 4!</a>"; }elseif($_POST['delOption'] == 2){ $query = MySQL_Query("DELETE FROM mysql.user WHERE `Password`=''"); $content .= "All users withou password has been deleted!<BR><a rel='nofollow' href='?step=4'> Go to step 4!</a>"; }else{ $content.="Wrong away!"; } }else{ $query = MySQL_Query("select * from mysql.user"); $content.="<b>MySQL Users:</b><br><ul>"; while($user = MySQL_Fetch_Array($query)){ $content.="<ul>'{$user['User']}'@'{$user['Host']}' - Using Password: ".(($user['Password']=='')?'no':'yes')."</ul>"; } $content.="</ul>"; $content.="<form action='?step=3' method='post'> <input type='hidden' name='working' value='true'> <b>Delete:</b><br> <input type='radio' name='delOption' value='1' checked> Other Users than '".((@$_SESSION['user'])?$_SESSION['user']:'root')."'@'localhost'<br> <input type='radio' name='delOption' value='2'> Only users without password<br> <input type='submit' value='Continue...'> </form>"; } }elseif($step == 4){ $content.= "<h1>Step 4</h1>*Deleting script file!<hr>"; if(@$_POST['delete'] == true){ $content.="Script file has been deleted!<BR>You can exit this page."; unlink($_SERVER["SCRIPT_FILENAME"]); }else{ $content.="<form action='?step=4' method='post'> <input type='checkbox' name='delete' checked> Delete this script<br> <input type='submit' value='Continue...'> </form>"; } } }else{ $content .= "<font color='red'><b>Cannot connect to root@localhost using password: no</b></font>"; } echo $content; ?>
Yours,
Ersiu.
great
