NAT PROXY
/ ip firewall nat add chain=dstnat src-address=10.0.0.0/16 dst-address=0.0.0.0/0 protocol=tcp dst-port=80 \
action=redirect to-ports=3126 comment=”Proxy” disabled=no
Proxy-off
/ system script add name=”Proxy-off” source=”/ip firewall nat set \[/ip firewall nat find \
comment=\”Proxy\”\] disable=yes
\n/ip web-proxy set enabled=no” \
policy=ftp,reboot,read,write,policy,test,winbox,password
Proxy-limpacache
/ system script add name=”Proxy-limpacache” source=”/ip web-proxy clear-cache” \
policy=ftp,reboot,read,write,policy,test,winbox,password
Proxy-on
/ system script add name=”Proxy-on” source=”/ip web-proxy set enabled=yes
\n/ip firewall nat \
set \[/ip firewall nat find comment=\”Proxy\”\] disable=no
\n” \
policy=ftp,reboot,read,write,policy,test,winbox,password
scheduler proxy-off
/ system scheduler add name=”control-proxy-off” on-event=Proxy-off start-date=nov/29/2006 start-time=02:30:00 interval=15d comment=”” disabled=no
scheduler proxy-limpacache
/ system scheduler add name=”control-proxy-limpacache” on-event=Proxy-limpacache start-date=nov/29/2006 start-time=02:31:00 interval=15d comment=”” disabled=no
scheduler proxy-on
/ system scheduler add name=”controle-proxy-on” on-event=Proxy-on start-date=nov/29/2006 start-time=02:40:00 interval=15d comment=”” disabled=no
Wednesday, November 25, 2009
Creating Admin with 1 IP Access
Each website must have an admin page. Page admin here means the web pages that are used by webmasters to manage content and web interface. Surely we would not want if the admin page is known by other parties. Using your username and password fine. But did not rule out another user will try mecoba login security that you created.
In addition to using the username and password, there are other ways to secure the admin page. Namely by limiting the IP Address. So only certain IP address that can open the pages of this admin. Ah, after a long story, of course you can not wait to find out how to create a secure admin page.
First of all, you need to know your IP address. To find out, you can use the following command:
print? IP you:?. $ HTTP_SERVER_VARS [ 'REMOTE_ADDR'];
?>
If so, then in the admin section, for example you put in the folder? Administrator / index.php?, You type the following command at the beginning of the script:
$ ip =? 127.0.0.1? / / Ip which has been noted previously
if ($ HTTP_SERVER_VARS [ 'REMOTE_ADDR']! = $ ip) (
header (? location: .. / index.php);
) Else (
Setcookie (? Ip?, $ Ip);)
?>
Then for every other web page, (which is also found in the administrator folder) you add the following command:
$ ip =? $ _COOKIE [? ip?];? / / Call cookies ip
if ($ HTTP_SERVER_VARS [ 'REMOTE_ADDR']! = $ ip) (
print? You do not have rights to access this page .....!!!!?;
) Else (
/ / Display your menu
)
?>
Do not forget to do the call or session cookies for the username and password you created. The above examples are only for calling cookies to IP Address. You can also create more than 1 IP Address that can access your admin. Of course by using the database.
CREATE TABLE `web_saya`. Tb_admin `` (
`id` BIGINT (20) NOT NULL PRIMARY KEY AUTO_INCREMENT,
`ip` VARCHAR (30) NOT NULL
) ENGINE = MyISAM
INSERT INTO `web_saya`. Tb_admin `` (
`id`,
`ip`
)
VALUES (
NULL, '127 .0.0.1 '
);
Config.php
$ host =? localhost?;
$ user =? root?;
$ pass =??;
$ conn = mysql_connect ($ host, $ user, $ pass) or die (? Check the host name, user, or pass ..?);
$ pilih_db = mysql_select_db (? web_saya?);
?>
Then in the index.php located in the folder administrator, you type the following script:
Index.php
Include (? Config.php?);
$ ip = $ HTTP_SERVER_VARS [ 'REMOTE_ADDR'];
$ valid_ip = mysql_query (? tb_admin SELECT * FROM WHERE ip =? $ ip??);
if (! = $ valid_ip) (
print? You do not have rights to access this page!?;
) Else (
/ / Display your admin menu
)
?>
With the above script, you can enter more than 1 IP address that can access your admin page ..
Good luck ....
In addition to using the username and password, there are other ways to secure the admin page. Namely by limiting the IP Address. So only certain IP address that can open the pages of this admin. Ah, after a long story, of course you can not wait to find out how to create a secure admin page.
First of all, you need to know your IP address. To find out, you can use the following command:
print? IP you:?. $ HTTP_SERVER_VARS [ 'REMOTE_ADDR'];
?>
If so, then in the admin section, for example you put in the folder? Administrator / index.php?, You type the following command at the beginning of the script:
$ ip =? 127.0.0.1? / / Ip which has been noted previously
if ($ HTTP_SERVER_VARS [ 'REMOTE_ADDR']! = $ ip) (
header (? location: .. / index.php);
) Else (
Setcookie (? Ip?, $ Ip);)
?>
Then for every other web page, (which is also found in the administrator folder) you add the following command:
$ ip =? $ _COOKIE [? ip?];? / / Call cookies ip
if ($ HTTP_SERVER_VARS [ 'REMOTE_ADDR']! = $ ip) (
print? You do not have rights to access this page .....!!!!?;
) Else (
/ / Display your menu
)
?>
Do not forget to do the call or session cookies for the username and password you created. The above examples are only for calling cookies to IP Address. You can also create more than 1 IP Address that can access your admin. Of course by using the database.
CREATE TABLE `web_saya`. Tb_admin `` (
`id` BIGINT (20) NOT NULL PRIMARY KEY AUTO_INCREMENT,
`ip` VARCHAR (30) NOT NULL
) ENGINE = MyISAM
INSERT INTO `web_saya`. Tb_admin `` (
`id`,
`ip`
)
VALUES (
NULL, '127 .0.0.1 '
);
Config.php
$ host =? localhost?;
$ user =? root?;
$ pass =??;
$ conn = mysql_connect ($ host, $ user, $ pass) or die (? Check the host name, user, or pass ..?);
$ pilih_db = mysql_select_db (? web_saya?);
?>
Then in the index.php located in the folder administrator, you type the following script:
Index.php
Include (? Config.php?);
$ ip = $ HTTP_SERVER_VARS [ 'REMOTE_ADDR'];
$ valid_ip = mysql_query (? tb_admin SELECT * FROM WHERE ip =? $ ip??);
if (! = $ valid_ip) (
print? You do not have rights to access this page!?;
) Else (
/ / Display your admin menu
)
?>
With the above script, you can enter more than 1 IP address that can access your admin page ..
Good luck ....
Limit Download Files with PHP Script
ne of the problems a web developer is when trying to narrow down the download. Restricted download here is not intended as bandwidth management as practiced by a computer network administrator. But the restriction is limiting the download here is the only user who has registered only allowed to download. Problems surfaced when the browser displays the original location of the file storage directory. Of course the script has been created to be in vain.
Another problem related to downloading again there are restrictions on when users use download manager. Www.pdfchm.com samples can be taken.
More recently the author also has a few questions. How to do a good preventive so that only the registered users are welcome to download. Understandably, many real pendownload never desperate to figure out how to download a good. : D ~ ~ Including the author's own. : D ~ ~
Some of the last time the author tries to assemble a script to provide solutions that all. What is amazing in it have included prevention solutions downloaded by Download Manager like IDM, Download Accelerator Plus, download manager and many others. : D ~ ~
There is only a user to get used to the html file to download using a download manager. : D ~ ~ Mad indeed pendownload side. But the advantage for us. Can at least minimize the problems that exist.
Yupsss ... of the authors do not speak alone karuan, better describe the author directly about how sedetil may download the php restrictions.
Below is an example that the author made to explain how this script work.
The first is the index.php file will not explain the author of this script, because quite familiar.
The Registration and payment are duitnya ...: D ~~~
Kalo mau ngetest browsers that do not pay at first sessionnya clear ...
Tailor download but do not pay, gw banget: D ~~~ ";
?>
Second is reg.php file. The author if this script is a state when the user has been registered and will download the desired file.
The following form displays a security code. Users are welcome to fill out your name, email and code that has been provided. If conditions are met then the user is allowed to do the download. If not users will diredirect to redirect.php page.
align=center>
| Name | |
| Email | |
| $ codenya | |
| Codenya | |
| "; ?> Few authors explain the above script. There is a function and one form. Function is generateCode () ... $ codenya = generateCode (); This function is taken from code.php file, its contents are as follows: Function is only randomization process numbers and letters. Possible letters and numbers-how many bits to be displayed can be set as you wish. Sentence point is: while ($ i <$ characters) ( $ code .= substr ($ possible, mt_rand (0, strlen ($ possible) -1), 1); $ i + +; ) This means, do all the randomization process n $ characters by using the variable $ possible as a possibility. You can use the logic of your property to conduct randomization process. This just as an example of randomization process that will be used as a security code. Return to the page reg.php $ _SESSION [ 'Code'] = $ codenya; $ _SESSION [ 'Download'] = session_id (); $ _SESSION [ 'Cekdownload'] = $ _SESSION [ 'download']; $ _SESSION [ 'Code'] will be used as a benchmark for matching with the variable $ _POST [ 'code']. Variable $ _POST [ 'code'] generated from the text itself Inputan named 'code' is entered by the user when filling out the form Inputan. $ _SESSION [ 'Download'] obtained from session_id (), here the authors use when the user has logged conditions. And will also be used to grant permission has only registered users are welcome to download. $ _SESSION [ 'Cekdownload'], authors use this session variable for confirmation only. Then cek.php file contains: This script works to filter: if (isset ($ _POST [ 'name']) & & isset ($ _POST [ 'email']) & & isset ($ _POST [ 'code'])) when the user has successfully entered the name, email and security code if ($ _SESSION [ 'code'] == $ _POST [ 'code']) and if the user has correctly filled the security codenya header ( "location: download.php / true / $ _SESSION [download]") the user will be redirect to download the file. and sentence else (echo "Security Codenya Wrong!!";) occurs because the user of filling code. Then the point is download.php script: to the browser header ( 'Content-Disposition: attachment; filename ='. $ fileName); header ( 'content-type:'. $ MimeType); header ( 'content-length:'. filesize ($ fileName)); / / Display the file readfile ($ fileName); ) else (header ( "location: redirect");) ?> There is a sentence like this: if (isset ($ _SESSION [ 'download']) & & ($ _SESSION [ 'download'] == $ _SESSION [ 'cekdownload'])) as the authors say, is just selecting it, I did it deliberately selecting repeatedly because basically the core of this script in a different page with the page when a new user successfully logged. This script so that became the backbone. His job is to trick the browser by giving special header. Thus although the previous user has to download, and provide a link like this: http://www.victim.com/download.php/true/80261996fc7a35138de58216ac02a78a to her friend to download while the user is already registered sessionnya has expired, only users who have not registered the diredirect to pages that make things more quiet and the mortal world. : D ~ ~ In my example script gives this sentence is in the file redirect.php Kalo mau Download Pay Donk ... huehuheu: D ~ ~ "; ?> back to the core of this script, which download.php this sentence: if (strpos ($ _SERVER [ 'HTTP_USER_AGENT'], 'MSIE 5') or strpos ($ _SERVER [ 'HTTP_USER_AGENT'], 'Opera 7')) ( $ MimeType = 'application / x-download'; ) Actually, just to prevent bad habits conducted by the two browsers when reading a file type. Next: header ( 'Content-Disposition: attachment; filename ='. $ fileName); header ( 'content-type:'. $ MimeType); header ( 'content-length:'. filesize ($ fileName)); / / Display the file readfile ($ fileName); first header ( 'Content-Disposition: attachment; filename ='. $ fileName); content-disposition header is ordered to treat the file browser that we put in hosting directory as a file that you downloaded. content-type header, this is sometimes deliberately used as both a browser that is opera and internet explorer again failed to recognize the file type. Keep informed many times indeed. Bandelll! : D ~ ~ ~ huehue. (Hence dong pake mozilla firefox: D ~) header ( 'content-length:'. filesize ($ fileName)); sentence serves to tell how big the file will be downloaded, so that when the browser to download the user can see the progress bar how much percent of the files being downloaded. The latter is readfile ($ fileName);, because the previous headers have been introduced to the browser that this file of type zip, has a size so as well have told the browser to recognize that the file which will download it as a complement readfile for reading files will be downloaded, it is technically only displays the dialog form download. Do not miss any writer create a file. Htaccess file to redirect. Only served to equalize the same with http://www.victim.com/redirect.php http://www.victim.com/download.php/true/redirect. So do not forget to activate your mod_rewite. To enable mod_rewrite, you can edit the httpd.conf file to remove the sign # in line # LoadModule rewrite_module modules / mod_rewrite.so thus becomes Rewrite_module LoadModule modules / mod_rewrite.so Good luck. The full script can be downloaded here http://www.networkandgame.890m.com/ilmuwebsite/labdownload.zip |
Lethal right-click function
()
message = "Copyright - ilmuwebsite.com Team 2007";
function click (e) (
if (document.all) (
if (event.button == 2) (
alert (message);
return false;
)
)
if (document.layers) (
if (e.which == 3) (
alert (message);
return false;
)
)
)
if (document.layers) (
document.captureEvents (Event.MOUSEDOWN);
)
document.onmousedown = click;
/ / ->
message = "Copyright - ilmuwebsite.com Team 2007";
function click (e) (
if (document.all) (
if (event.button == 2) (
alert (message);
return false;
)
)
if (document.layers) (
if (e.which == 3) (
alert (message);
return false;
)
)
)
if (document.layers) (
document.captureEvents (Event.MOUSEDOWN);
)
document.onmousedown = click;
/ / ->
Subscribe to:
Posts (Atom)