FTP Backup manager
Because of the mirror issues as written in http://www.howtoforge.com/forums/showthread.php?t=52341 I started a new little project based on Virtual Hosting With PureFTPd And MySQL (Incl. Quota And Bandwidth Management) On Debian Etch.
The installation instruction are for Debian Etch but works also for Debian Lenny.
I created a web interface for the FTP Backup server so phpmyadmin is not needed anymore, the interface and ftpserver is tested for several days and seems bug free.
Follow the installation instuctions written by Falko but use the MySQL.txt file provided in the zip to populate the MySQL database.
Change the MySQL password in inc_connect.php and upload the php files into the root of the webserver (/var/www)
when connecting the webserver shows a loginscreen:
You can change the admin password when logged on.
remark: the delete option deletes the user without question!
The files are modified and the zip is updated
But one thing you should check is for some vulnerabilities, e.g. XSS, SQL Injection create_FTP_user.php, just as an example, as the script is lacking input validation and output masking, a.o..
I agree, I did protect granted.php for a MySQL injection but I forgot the other files :(
Tonight I'll modify the other files and upload the zip again.
But don't forget about Cross Site Scripting and others, as well ;)
In basic if not logged on there is no possibilty to run one of the other scripts, validation is done at the beginning of every script:
then the MySQL injection is checked:
$User = stripslashes($User);
$Password = stripslashes($Password);
$User = mysql_real_escape_string($User);
$Password = mysql_real_escape_string($Password);
and the password is encrypted:
at last the session is registered:
Did I miss something or better, is there something that can make the script better?
The files are modified and more secure, thanks to Ben for his advice.
The zip in the first post is updated
Added a installation manual for Debian Lenny (see first post)
|All times are GMT +2. The time now is 20:17.|
Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.