Tip: Click lines to highlight, hold ctrl/cmd to multi-select
http://codedumper.com/oqano (31-Dec @ 13:45)
Syntax Highlighted Code
- //See what file is being requested by the web client, also store the arguments just in case.
- //if the user just logged out, destroy this session and redirect them to root
- if("/wp-login.php?loggedout=true" == $file ."?" .$arguments)
- //If our sentinel variable is set and true do nothing, allow normal script execution
- if(isset($_SESSION['valid_entrance']) && $_SESSION['valid_entrance'] == true) { /* As they say, "Silence is golden" */ }
- //Now if the user is requesting wp-login.php and our sentinel is not true, redirect the "attacker" to root.
- //If the user is requesting the right login entrance set the sentinel to true
- elseif ($file == "/secure-login")
- { $_SESSION['valid_entrance'] = true; }
Plain Code
session_start();
//See what file is being requested by the web client, also store the arguments just in case.
list($file,$arguments) = explode("?", $_SERVER['REQUEST_URI']);
//if the user just logged out, destroy this session and redirect them to root
if("/wp-login.php?loggedout=true" == $file ."?" .$arguments)
{ session_destroy(); header("location: /"); }
//If our sentinel variable is set and true do nothing, allow normal script execution
if(isset($_SESSION['valid_entrance']) && $_SESSION['valid_entrance'] == true) { /* As they say, "Silence is golden" */ }
//Now if the user is requesting wp-login.php and our sentinel is not true, redirect the "attacker" to root.
elseif($file == "/wp-login.php" && !isset($_SESSION['valid_entrance']))
{ header("Location: /"); exit(); }
//If the user is requesting the right login entrance set the sentinel to true
elseif ($file == "/secure-login")
{ $_SESSION['valid_entrance'] = true; }