1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Is there any chance/way to reveal these login details?

Discussion in 'PHP & Perl' started by DashBerlin, Jan 30, 2016.

  1. DashBerlin

    DashBerlin Newbie

    Joined:
    Jun 6, 2013
    Messages:
    22
    Likes Received:
    2
    Occupation:
    Experience Specialist
    Hey guys, I worked with some guy for about a month & a half and today he just stole all the codes from our site and copied it to his new site and left me with nothin.. :(

    the bright side is that he uses the files that I already have, which means I have all his php source codes..
    the other side of the coin is that he changed the details of the admin panel which means I can't access the panel in his new site..

    Is there any way to reveal the new details of the admin??

    This is the panel's login source code:
    Code:
    <?php
    
    session_start();
    
    
    if( isset($_POST['username']) && isset($_POST['password']) ){
        
        if(($_POST['username'] == "Pegi3") && ($_POST['password'] == "mypassword")){
        
            $_SESSION['is_admin'] = 1;
            
            if ( isset($_POST['redirect_uri']) && ($_POST['redirect_uri'] != "") ){
                
                header("Location: ". $_POST['redirect_uri'] );
            }
            else{
                header("Location: index.php");
            }
            
            $error_message = "Successful login";
        }
        
        else{
            $error_message = "INVALID LOGIN";
        }
    
    
    }
    
    
    ?>
    
    
        <!DOCTYPE html>
        <html>
    
    
        <head>
    
    
            <meta charset="UTF-8">
    
    
            <title>Login</title>
    
    
            <link rel="stylesheet" href="style.css" media="screen" type="text/css" />
    
    
        </head>
    
    
        <body>
    
    
            <div class="container">
    
    
                <div id="login">
    
    
                    <div class="error">
                        <?php
              
                  if(isset($error_message)){
                      echo $error_message;
                  }
              
              ?>
                    </div>
    
    
                    <form method="post" action="login.php">
    
    
                        <fieldset class="clearfix">
    
    
                            <input type="hidden" name="redirect_uri" value="<?php echo (isset($_GET['redirect_uri']) ? $_GET['redirect_uri'] : ''); ?>" />
                            <p><span class="fontawesome-user"></span><input name="username" type="text" value="Username" onBlur="if(this.value == '') this.value = 'Username'" onFocus="if(this.value == 'Username') this.value = ''" required></p>
                            <!-- JS because of IE support; better: placeholder="Username" -->
                            <p><span class="fontawesome-lock"></span><input name="password" type="password" value="Password" onBlur="if(this.value == '') this.value = 'Password'" onFocus="if(this.value == 'Password') this.value = ''" required></p>
                            <!-- JS because of IE support; better: placeholder="Password" -->
                            <p><input type="submit" value="Sign In"></p>
    
    
                        </fieldset>
    
    
                    </form>
    
    
                </div>
                <!-- end login -->
    
    
            </div>
    
    
        </body>
    
    
        </html>
    As you can see the username and password here are: "Pegi3" & "mypassword".

    He changed those details in his site.

    Is there any way to find the new username & password? my sqli or something with cookies or something else?
    Thanks alot!
     
  2. abhi007

    abhi007 Jr. VIP Jr. VIP

    Joined:
    Aug 31, 2010
    Messages:
    5,804
    Likes Received:
    3,919
    Location:
    Theatre of dreams :)
    Is the guy a member on this forum?
     
  3. DashBerlin

    DashBerlin Newbie

    Joined:
    Jun 6, 2013
    Messages:
    22
    Likes Received:
    2
    Occupation:
    Experience Specialist
    no, he's not....
     
  4. AppsIps

    AppsIps Newbie

    Joined:
    Sep 4, 2015
    Messages:
    39
    Likes Received:
    8
    Gender:
    Male
    No, there is no chance for it. Only FTP access.