| View previous topic :: View next topic |
| Author |
Message |
Exploited
Guest
|
 Posted: Thu Jan 30, 2003 10:26 am Post subject: Login ... |
 |
|
I'm making a login in addition to pub commands.
The syntax would be /msg botnick <handle> <pass>
It will not check if the host is correct or not, just if the password matches the handle. It will disable your host to login for 3 days when you do an incorrect login 3 times on 1 day (stored in a file). The code so far is below:
| Code: |
bind msg - login login
proc login {nick uhost hand rest} {
global botnick hosttype
set handle [lindex $rest 0] ; set pass [lindex $rest 1]
if {[login:ignore ign $handle $uhost]} { return 0 }
if {$handle == "" || $pass == ""} {
putnotc $nick "Usage: /msg $botnick login <handle> <password>" ; return 0 }
if {[passwdok $handle $pass]} {
chattr $handle +Q
putnotc $nick "Authentication successful!"
if {$hand != $handle} {
setuser $handle HOSTS [spmaskhost $nick $uhost $hosttype]
# spmaskhost just another proc I made, not pasted in here ;-)
putlog "\($nick!$uhost\) !$hand! AUTHED as $handle"
}
login:ignore rem $handle $uhost
setuser $handle XTRA SECNICK $nick
setuser $handle XTRA SECHOST $uhost
# I've seen this SECNICK/HOST trick in another script, although I can't remember which one it was
} else {
putnotc $nick "Authentication failed!"
login:ignore inc $handle $uhost
return 0}
}
proc login:ignore {cmd handle uhost} {
set file "login.ign" ; set host [lindex [split $uhost @] 1] ; set tmplist {} ; set fnd 0
if {![file exists $file]} {set fd [open $file w] ; close $fd}
switch $cmd {
# increase failed login attempts
"inc" { set fd [open $file r]
while { ![eof $fd] } {
set tmpline [gets $fd]
if {[lrange [split $tmpline] 0 1] != "$handle $host"} { lappend tmplist $tmpline
} else {lappend tmplist "$handle $host [expr [lindex [split $tmpline] 2] + 1] [unixtime]"
set fnd 1}
}
close $fd
if { $fnd == "0" } {lappend tmplist "$handle $host 1 [unixtime]"}
set fd [open $file w] ; foreach line $tmplist {puts $fd "$line"} ; close $fd }
# check if user is on ignore (handle host pare)
"ign" { set fd [open $file r]
while { ![eof $fd] } {
set tmpline [split [gets $fd]] ; set utime [lindex $tmpline 3]
if {$utime == "" || ![string is integer $utime]} {set utime 0}
if {[lrange $tmpline 0 1] != "$handle $host" || [lindex $tmpline 2] < 3} {
if {[expr [unixtime] - $utime] < 86400} { lappend tmplist $tmpline } else { set fnd 1 }
} else { if {[expr [unixtime] - $utime] < 259200} { return 1 } }
}
# 86400 sec = 1 day, 259200 = 3 days
close $fd
if {$fnd == 1} {set fd [open $file w] ; foreach line $tmplist {puts $fd "$line"} ; close $fd}
return 0 }
# remove login attempts when succesfull login
"rem" { set fd [open $file r]
while { ![eof $fd] } {
set tmpline [split [gets $fd]]
if {[lrange $tmpline 0 1] != "$handle $host"} {lappend tmplist $tmpline} else { set fnd 1 }
}
close $fd
if {$fnd == 1} {set fd [open $file w] ; foreach line $tmplist {puts $fd "$line"} ; close $fd} }
}
return 0
} |
the check to see if user is logged in would look like this:
| Code: |
proc loggedin {nick host handle} {
global botnick
if {![matchattr $handle +Q] || [getuser $handle XTRA SECNICK] != $nick || [getuser $handle XTRA SECHOST] != $host} { return 0}
return 1
} |
I would like to know how some of you think about this. E.g. how "bad" is it that this does not check your ip/host? And does anyone see something vulnerable or bad code in it? Or what more would you like to see in it? (dcc command to get someone unignored and deauth comming  )
greetings |
|
| Back to top |
|
 |
|
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
|
|
FAQ
Search
Memberlist
Usergroups
Register
Profile
Log in to check your private messages
Log in