Giter Site home page Giter Site logo

php-panel-v1's Introduction

Note

This was my 1st project and it has multiple security issue and bad practices.
Please do not use this in production, only use this for learning purpose.

Default admin acc: admin:1234567

Features:

  • Auth
    • Login
    • Register(requires invite)
  • Dashboard
    • Chatbox
    • Download loader
  • Admin Panel
    • Generate invite code
    • Ban/unban user
    • Activate/deactivate sub
    • Rest HWID
    • Promote/demote user from admin
    • Change cheat version
    • Set cheat to detected/undetected
    • Set cheat to under maintainence
  • API
    • login
    • Get user data
    • Get cheat version
    • Get if cheat detected/undetected

php-panel-v1's People

Contributors

znixbtw avatar

Stargazers

 avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar

Watchers

 avatar  avatar  avatar  avatar

php-panel-v1's Issues

fix timestamp in db

`-- phpMyAdmin SQL Dump
-- version 4.9.2
-- https://www.phpmyadmin.net/

-- Host: 127.0.0.1:3306
-- Generation Time: Aug 10, 2020 at 06:11 PM
-- Server version: 10.4.10-MariaDB
-- PHP Version: 7.4.0

SET SQL_MODE = "NO_AUTO_VALUE_ON_ZERO";
SET AUTOCOMMIT = 0;
START TRANSACTION;
SET time_zone = "+00:00";

/*!40101 SET @OLD_CHARACTER_SET_CLIENT=@@CHARACTER_SET_CLIENT /;
/
!40101 SET @OLD_CHARACTER_SET_RESULTS=@@CHARACTER_SET_RESULTS /;
/
!40101 SET @OLD_COLLATION_CONNECTION=@@COLLATION_CONNECTION /;
/
!40101 SET NAMES utf8mb4 */;

--
-- Database: users


--
-- Table structure for table invites

DROP TABLE IF EXISTS invites;
CREATE TABLE IF NOT EXISTS invites (
uid int(11) NOT NULL AUTO_INCREMENT,
code varchar(255) NOT NULL,
used int(1) NOT NULL DEFAULT 0,
PRIMARY KEY (uid)
) ENGINE=MyISAM AUTO_INCREMENT=2 DEFAULT CHARSET=latin1;

--
-- Dumping data for table invites

INSERT INTO invites (uid, code, used) VALUES
(1, 'admin_acc_invite', 1);


--
-- Table structure for table service

DROP TABLE IF EXISTS service;
CREATE TABLE IF NOT EXISTS service (
status int(1) NOT NULL DEFAULT 0,
version int(1) NOT NULL DEFAULT 0,
maintenance int(1) NOT NULL DEFAULT 0
) ENGINE=MyISAM DEFAULT CHARSET=latin1;

--
-- Dumping data for table service

INSERT INTO service (status, version, maintenance) VALUES
(0, 1, 0);


--
-- Table structure for table shoutbox

DROP TABLE IF EXISTS shoutbox;
CREATE TABLE IF NOT EXISTS shoutbox (
id int(255) NOT NULL AUTO_INCREMENT,
user varchar(255) NOT NULL,
msg varchar(255) NOT NULL,
time timestamp NULL DEFAULT CURRENT_TIMESTAMP ON UPDATE CURRENT_TIMESTAMP,
PRIMARY KEY (id)
) ENGINE=MyISAM DEFAULT CHARSET=latin1;


--
-- Table structure for table users

DROP TABLE IF EXISTS users;
CREATE TABLE IF NOT EXISTS users (
id int(11) NOT NULL AUTO_INCREMENT,
username varchar(50) NOT NULL,
password varchar(255) NOT NULL,
admin int(1) NOT NULL DEFAULT 0,
hwid varchar(255) DEFAULT NULL,
active int(1) NOT NULL DEFAULT 0,
banned int(1) NOT NULL DEFAULT 0,
created_at timestamp DEFAULT CURRENT_TIMESTAMP,
inject varchar(255) DEFAULT NULL,
ip varchar(255) DEFAULT NULL,
PRIMARY KEY (id),
UNIQUE KEY username (username),
UNIQUE KEY hwid (hwid)
) ENGINE=MyISAM AUTO_INCREMENT=2 DEFAULT CHARSET=latin1;

--
-- Dumping data for table users

INSERT INTO users (id, username, password, admin, hwid, active, banned, created_at, inject, ip) VALUES
(1, 'admin', '$2y$10$OUK4tSrF3aa3Qm0D/1TcU.iPq5Ptvzik3/OBaMcSSLiUqPOcuOTGy', 1, NULL, 0, 0, '2020-08-10 23:38:23', NULL, NULL);
COMMIT;

/*!40101 SET CHARACTER_SET_CLIENT=@OLD_CHARACTER_SET_CLIENT /;
/
!40101 SET CHARACTER_SET_RESULTS=@OLD_CHARACTER_SET_RESULTS /;
/
!40101 SET COLLATION_CONNECTION=@OLD_COLLATION_CONNECTION */;
`

Endless loading

I installed the panel on the host, connected the database, I go to the site and there is always loading

Please add some feautures

Hello. Can you add some feautures?

  1. User roles (Admin, Support, custom roles)
  2. Reset password
  3. Template engine
  4. Working IP logger
  5. Admins and supports can edit user profiles like that: https://i.imgur.com/AZW8pKk.png
  6. Localization changer
  7. Disabling invites

You can find me in telegram @dinrise or discord DinRise#3507 and i can show my panel for you)

Can't Login

When I try to login with admin credentials the page just reloads.

HTTP ERROR 403

So i have changed the admin = 1 in sql but i still get "HTTP ERROR 403"

SQL Error

If you enter a ' in the Invite code field you get an error:

Warning
: mysqli_fetch_all() expects parameter 1 to be mysqli_result, bool given in
C:\xampp\www\register.php
on line
81


Warning
: mysqli_fetch_array() expects parameter 1 to be mysqli_result, bool given in
C:\xampp\www\register.php
on line
83

In general i think you have pretty clean and easy to read code but everytime you used SQL it looks kinda meh.
I would suggest you to use Prepared Statements instead. You also dont need to care about SQL injections if you use it.
https://www.php.net/manual/en/mysqli.quickstart.prepared-statements.php

After SSL certificate website get loop loading

Hello.
After installing the SSL certificate, the website does not want to be fully loaded. It looks like "loop load" or something like that
How to fix it ??????

// edit: Yes i tried to remove browser history.
20200906_235841.jpg

Possible XSS

I found multiple possibles XSS vulnerabilities.

Login.php
If you put "><script>alert(1);</script> in the username parameter you can execute scripts.

Register.php
If you put "><script>alert(1);</script> in the password AND/OR confirm_password parameter you can execute scripts.

Im not sure how dangerous they are in that case, but you could fix them.

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.