Howdy, Stranger!
It looks like you're new here. If you want to get involved, click one of these buttons!
Top Posters
Who's Online (0)
Powered by Vanilla.
Made with Bootstrap.
- Perl / PHP Software Updater made by Mr. P-teo
-
So here it is, iv just finnished my new script. This is a perl / php software updater. This script uses a php file and checks a MySQL database for the version. It requires user credentials, and uses MD5 hashing. I have used a number of fairly standard modules and a few which need installing but here are the codes.
If you wish to test this script with a run the perl script as it is, with the
username: root
password: toor
if you are on linux change the system command, this will download and run the winrar installer. The only thing is that you will have to change the version to match the new one within the perl script as i couldn't be bothered to add that in. Other than that its all set.
Perl Local Client
use WWW::Mechanize;
use LWP::Simple;
use HTTP::Cookies;
use Digest::MD5;
print \"Username: \"; # username
chomp($user = <STDIN>);
print \"Password: \"; # password
chomp($pass = <STDIN>);
$request_information = \"http://psls.3owl.com/updater_file.php\"; # PHP file location
$passmd5 = Digest::MD5->new;
$passmd5->add($pass);
$encrypted = $passmd5->hexdigest; # encrypt password
my $mech = WWW::Mechanize->new();
$mech->cookie_jar(HTTP::Cookies->new());
$mech->get($request_information);
$mech->form_name('get');
$mech->field(username => $user);
$mech->field(password => $encrypted);
$mech->click();
$version = \"1.0 Beta\";
if(($mech->content =~ /$user/)&&($mech->content =~ /$encrypted/)){
print \"\n\nChecking For Updates...\n\n\";
if($mech->content =~ /$version/){
print \"You are all up to date...\n\";
}else{
print \"\nYou are out of date, starting download...\n\n\";
$software_url = 'http://www.rarlab.com/rar/wrar410.exe'; # Just sample file, i used winrar
$localfilename = 'winrar-fromperl.exe'; # filename
my $mech = WWW::Mechanize->new;
getstore($software_url, $localfilename );
print \"Download Complete, Please Install the new version.\n\n\";
system('start '.$localfilename); # linux will require start change to exec
}
}else{
print \"\n\nUnable to check, invalid logins or PC.\n\n\";
}
PHP Web script
<?php
//This script will require a database with the following tables
// - users & version
// users columns = username & password
// version columns = version
// Enjoy...
mysql_connect(\"hostname\", \"user\", \"pass\");
mysql_select_db(\"db_name\");
echo \"
<style>
#textbox{border: 0;background: transparent;color: #ffffff;}
#button{border: 0; background: transparent;}
</style>
<center><form name='get' action='' method='POST' >
<input id='textbox' type='text' name='username' /></br>
<input id='textbox' type='password' name='password' /></br>
<input id='button' type='submit' name='button' value=''/>
</form></center><meta http-equiv='REFRESH' content='0;url=index.html'>\";
$password = strip_tags(htmlentities($_POST['password']));
$username = strip_tags(htmlentities($_POST['username']));
$get = isset($_POST['button']);
if($get){
$request_information = mysql_query(\"SELECT * FROM `users` WHERE username='\".$username.\"' AND password='\".$password.\"'\");
$version = mysql_query(\"SELECT * FROM `version`\");
if(mysql_num_rows($request_information) > 0){
while($row = mysql_fetch_array($request_information))
{
echo \"\n\".$row['username'] . \"\n\" . $row['password'];
}
while($versionrow = mysql_fetch_array($version)){
echo \"\n\n\".$versionrow['version'];
}
}
}
mysql_close();
?>
Hope you like this small little script, enjoy.Skype: mrpt3oTwitter: MrPteo
-
Nice script p-teo, might use this at some point :)
-
hmm~ according to php.net, calling htmlentities() without specifying any flags (ENT_QUOTES flag in particular) will not do anything to single or double quote characters, which means this is probably injectable. mysql_real_escape_string() might be appropriate~
-
^ yer quite possibly, i have to let people do some of the work hahaSkype: mrpt3oTwitter: MrPteo
