Merge branch 'master' of github.com:NerdOfCode/admin-panel

Author: NerdOfLinux

404.php

@@ -1,11 +1,11 @@
 <?php
 session_start();
 if($_SESSION['status']=="1"){
-	header("Location: /options.php");
+	header("Location: /options/php");
 	$_SESSION['logged_in']="1";
 }
 $ip=$_SERVER['REMOTE_ADDR'];
-echo "The file you tried to access is protected and you dont have permission to view it... <br>";
-echo "Your IP has been reported: <b>$ip<b>";
+echo "The file you have tried to access is top secret and unfortuantely you do not have the clearance to access it...";
+echo "Your IP has been reported: <b>$ip</b>";
 
 ?>

README.md

@@ -1,25 +1,41 @@
 # admin-panel
-This is a very sucky admin panel that is in pre-pre-pre-pre-pre-pre-pre-pre-alpha stages. So far it can run shell commands, and basic MySQL queries. It has a simple UI, and the passwords in the database are now hashed, as opposed to the plaintext they used to be.
+This is a brand new admin panel that is currently in alpha stages. As of now, the panel can run shell commands, basic MySQL queries, and simple PHP commands. This panel has a very simple UI, and the passwords in the database are hashed.
 
-## Set-Up
+## To Set-Up, follow steps below:
 
-First create a MySQL database by running:
+First clone the repository into your web server's document root directory, then run:
+
+`git clone [email protected]:NerdOfCode/admin-panel.git`
+
+
+Then to set a user up, create a MySQL database by running:
 
 ```MySQL
 CREATE DATABASE database_name_goes_here;
 ```
 
-To set it up, create a MySQL table, with the fields `name` and `password`, to do so run:
+Then switch over to it by running:
+
+```MySQL
+USE database_name_goes_here;
+```
+
+To set the table up, create a MySQL table with the fields `name` and `password`, to do so run:
 
 ```MySQL
-CREATE TABLE users(name VARCHAR(30) NOT NULL, password VARCHAR(256) NOT NULL);
+CREATE TABLE users(name VARCHAR(30) NOT NULL, password VARCHAR(256) NOT NULL, commands VARCHAR(128));
 ```
-Then put your desired username in the `name` field, and the password in the `password` field.
+Then put your desired username in the `name` field, and the password in the `password` field, to do so run:
+```MySQL
+INSERT INTO users VALUES("user_here","password goes here","");
+```
+
+<b>NOTICE<b>
 The password must be PHP hashed, to do so, run:
 
 ```shell
 php -r 'echo password_hash("password", PASSWORD_DEFAULT);'; echo ""
 ```
-on a LAMP install, make sure to put this password back in the MySQL table...
+MAKE SURE to put this password back in the MySQL table...
 
 Finally, change the values in the <b>user.php</b> file to match your own.

index.php

@@ -6,53 +6,54 @@
 	header("Location: /options.php");
 	$_SESSION['logged_in']="1";
 }
-
-
-
 ?>
 <html>
   <head>
     <title>Admin Panel</title>
     <script src="https://ajax.googleapis.com/ajax/libs/jquery/3.2.1/jquery.min.js"></script>
-    <link rel="stylesheet" type="text/css" href="style.css">
+    <link rel="stylesheet" type="text/css" href="newstyle.css">
   </head>
   <body>
     <h1 style="text-align:center;">Admin Panel</h1><hr>
-    <form name="form" id="form" action="" method="post" >
+    <form name="index" id="index" action="" method="post">
       Username:&ensp;<input type="text" name="UID" id="UID" required><br><br>
       Password:&ensp;<input type="password" name="passwd" id="passwd" required><br><br>
-      <input type="submit" value="Submit" onClick="">
+      <input type="submit" value="Submit" onClick=""">
     </form>
 
 <script>
 $(document).ready(function(){
 	$('#form').submit(function(){
-		$('#UID').fadeOut();
-		$('#passwd').fadeOut();
+		$('#UID').fadeOut(500);
+		$('#passwd').fadeOut(500);
 })
-	
 });
+
+var input = document.getElementById('UID');
+input.focus();
+input.select();
+
 </script>
-    
+<p class="footer">By: <a href="https://github.com/NerdOfCode" target="_blank"><b>NerdOf</b>Code</a>, <a href="https://github.com/NerdOfLinux" target="_blank"><b>NerdOf</b>Linux</a> | <a href="https://github.com/NerdOfCode/admin-panel/blob/master/LICENSE">License</a></p>    
   </body>
 
 <?php
 include('user.php');
 $user_name = $_POST['UID'];
+$_SESSION['user']="$user_name";
 $user_password = $_POST['passwd'];
 $db = mysqli_connect('localhost',$user,$pass,$database) or die("Error connecting to MYSQL");
 $query = "SELECT password FROM $table WHERE name = '$user_name'";
-mysqli_query($db, $query) or die("Unable to access MYSQL");
+mysqli_query($db, $query) or die("<p class=\"text-align:center;\">Unable to access MYSQL</p>");
 $result = mysqli_query($db, $query);
 $row = mysqli_fetch_array($result);
 $password=$row['password'];
 if(password_verify($_POST['passwd'], $password)){
         $_SESSION['status'] = "1";
         header("Location: /options.php");
         die();
-}else{
-        echo "An error has occured... Please try again later";
-        $_SESSION['status'] = "0";
+}else if(!empty($user_name)){
+	echo "<p class=\"false\" style=\"color:red;text-align:center;\">INVALID</p>";
 }
 mysqli_close($db);
 

mysql.php

@@ -0,0 +1,9 @@
+<?php
+include "user.php";
+$user_logged=$_SESSION['user'];
+$query=$_SESSION['run_seperate'];
+$db = mysqli_connect('localhost',$user,$pass,$database) or die("<p style=\"color:red;\"><b>Error: </b> connection to MySQL failed. Please re-enter information and try again.</p>");
+$new_query="UPDATE $table SET commands='$query' WHERE name='$user_logged'";
+mysqli_query($db, $new_query);
+$mysqli_close($db);
+?>

mysql_exec.php

@@ -8,17 +8,19 @@
 		$_SESSION['logged_in']="0";
 }}else if($status != "1"){
         header("Location: /404.php");}
+
+
 ?>
 <html>
 <head>
 <title>Admin Panel</title>
-<link rel="stylesheet" type="text/css" href="style.css">
+<link rel="stylesheet" type="text/css" href="newstyle.css">
+<meta HTTP-EQUIV="refresh" CONTENT="300;URL=logout.php">
 </head>
 <body>
 <h1 style="text-align: center;">Admin Panel</h1>
 <a href="logout.php">Logout</a>&ensp;
 <a href="options.php">Home</a><hr>
-<p>Below is version v.000001 of admin panel by NerdOfCode</p>
 <p>You can execute shell commands seperately from Mysql commands</p>
 <form action="" name="query" id="query" method="post">
         DBNAM: &nbsp;&nbsp;&nbsp;<input type="text" id="mysql_get" name="mysql_get" placeholder="ex: custom" value="<?php echo $_SESSION[udb];?>"></input><br><br>
@@ -29,7 +31,11 @@
         <button type="Submit" value="Submit">Submit</button>
 
 </form>
-
+<script>
+var input = document.getElementById('mysql_get');
+input.focus();
+input.select();
+</script>
 </body>
 
 <?php
@@ -57,6 +63,9 @@
    		$stringArray = str_replace(":", ": ", $stringArray);
     		echo $stringArray;
 		$mysqli_close($db);
+		//Set session variable for mysql.php
+		$_SESSION['run_seperate']="$query";
+		include 'mysql.php';
 	}
 ?>
 </html>

style.css newstyle.cssstyle.css renamed to newstyle.css

@@ -1,13 +1,15 @@
 body {
-	background-color: #a89aff;;
+	background-color: #c6e2ff;
 }
 
-#UID{
-	text-align: center;;
-}
-#passwd{
-	text-align: center;
+
+#index{
+	width: 200px;
+	margin: auto;
+
 }
+
+
 .server{
    font-weight: bold;
    display: inline-block; 
@@ -23,7 +25,11 @@ body {
   cursor: pointer;
   width: 150px; 
   background-color: #9f9595;
-
-
 }
-
+.footer{
+	position: absolute;
+	bottom:0;
+	left: 0;
+	right: 0;
+	text-align:center;
+}

options.php

@@ -13,17 +13,20 @@
 <html>
 <head>
 <title>Admin Panel</title>
-<link rel="stylesheet" type="text/css" href="style.css">
+<link rel="stylesheet" type="text/css" href="newstyle.css">
+<meta HTTP-EQUIV="refresh" CONTENT="300;URL=logout.php">
 </head>
 <body>
 <h1 style="text-align: center;">Admin Panel</h1>
 <a href="logout.php">Logout</a><hr>
-<p>You are currently running version <?php echo $version; ?></p>
 <p>Below you will find shortcuts to a number of settings meant to replace SSH</p>
 
 <a href="shell.php"><p class="server">EXECUTE SHELL</p></a>
 <a href="mysql_exec.php"><p class="server">EXECUTE MYSQL</p></a>
-<a href="php_exec.php"><p class="server">EXECUTE PHP</p></a>
+<a href="php_exec.php"><p class="server">EXECUTE PHP</p></a><br><br>
+
+
+<p class="footer">Version: <?php echo $version; ?></p>
 </body>
 
 

php_exec.php

@@ -7,7 +7,8 @@
 <html>
   <head>
     <title>Admin Panel</title>
-    <link rel="stylesheet" type="text/css" href="style.css">
+    <link rel="stylesheet" type="text/css" href="newstyle.css">
+    <meta HTTP-EQUIV="refresh" CONTENT="300;URL=logout.php">
   </head>
   <body>
     <h1 style="text-align:center;">Admin Panel</h1>
@@ -27,9 +28,16 @@
 	//Run the shell command
 	$run = eval($shell);
 	echo "<pre>$run</pre>";
+	$_SESSION['run_seperate']="$shell";
+        include 'mysql.php';
 }else{
 	echo "<b>Nothing has been run yet.</b>";	
 }
-?>  
+?>
+<script>
+var input = document.getElementById('query_box');
+input.focus();
+input.select();
+</script>
 </body>
 </html>

shell.php

@@ -1,23 +1,33 @@
+
  <?php
 session_start();
 if($_SESSION['status']!="1"){
 	header("Location: /404.php");
 }
 ?>
+<!-- NerdOfCode -->
 <html>
   <head>
     <title>Admin Panel</title>
-    <link rel="stylesheet" type="text/css" href="style.css">
+    <link rel="stylesheet" type="text/css" href="newstyle.css">
+    <meta HTTP-EQUIV="refresh" CONTENT="300;URL=logout.php">
   </head>
   <body>
     <h1 style="text-align:center;">Admin Panel</h1>
     <a href="logout.php">Logout</a>&ensp;
     <a href="options.php">Home</a><hr>
 
-    <form action="" name="query" id="query" method="post">
+    <form action="" name="query" id="query" method="post" >
     	SHELL: &nbsp;&nbsp;&ensp;&nbsp;&nbsp;<input type="text" id="query_box" name="query_box" placeholder="Ex: whoami"></input><br><br>   
     	<button type="Submit" value="Submit">Submit</button>
     </form>
+<script>
+var input = document.getElementById('query_box');
+input.focus();
+input.select();
+</script>
+
+
 <?php
 $cwd=getcwd();
 echo "<br>Current directory: $cwd<br>";
@@ -27,6 +37,8 @@
 	$run = shell_exec("$shell");
 	echo "<br><b>Output: </b><br>";
 	echo "<pre>$run</pre>";
+	$_SESSION['run_seperate']="$shell";
+	include "mysql.php";
 }else{
 	echo "<b>Nothing has been run yet.</b>";	
 }

user.php

@@ -6,7 +6,7 @@
 $table="";
 
 //Dont edit below here
-$version=".00001 alpha";
+$version="<b>0.00001 alpha<b>";
 ?>