So, the host of the webpage I'm currently working on doesn't allow shell connections. I find this to be inconvenient. Luckily the php there isn't running in safe mode, so I can execute arbitrary commands. A sort of stateless shell can be simulated like so:

PHP Code:

<?
if (isset($_POST['password']) && $_POST['password'] == 'secret1word0combo4')
{    setcookie('Auth', 1, time()+60*60);
    $_COOKIE['Auth'] = 1;
}
if (isset($_POST['nextcommand']) && $_POST['nextcommand'] == 'logout')
{    setcookie('Auth', 0, time()+10);
    $_COOKIE['Auth'] = 0;
}
?>

<html><body bgcolor='0'ONLOAD="document.all('nextcommand').focus();">
<style type="text/css">
pre {color: #FFFFFF}
body {color: #FFFFFF}
</style>

<?
if (isset($_COOKIE['Auth']) && $_COOKIE['Auth'] == 1)
{    if (isset($_POST['nextcommand']))
    {    run($_POST['nextcommand']);
    }
    echo "<pre>";
    echo "prompt> <form action=pseudoshell.php method=post><input ID=nextcommand type=textbox name=nextcommand></form>";
    echo "</pre>";
}
else
{
    ?>
    Type the password.
    <form action=pseudoshell.php method=post><input ID=nextcommand type=password name=password></form>
    <?
}
?>
</body></html>

<?
function run($command)
{    $output = `$command 2>&1`;
    echo "<pre>
prompt> $command
".htmlspecialchars($output)."
</pre>";
}
?>

Obviously if a malicious person could find this page, they could wreck havoc and destroy the webpage. So I put the simple cookie check in, as above. Is this a secure way to protect my webpage?

Specifically, can a user invent their own cookies? or somehow take a peek at the source to see what the word is?

Besides using https encryption, are there any simple things I can do to improve the security of this?

take a look at .htaccess option. assuminig the server is apache

Ibbo

Let's just assume cookies can be made. So store the password in the cookie. That way they'd have to know the password to make the cookie in the first place.

I wouldn't trust the system overall, but I'm not a trusting guy. You may want to implement encryption manually. Try the xICE SDK (http://www.xice.net) -- Shameless self-promotion.

try multiple passes... you can give them a login.htm file for usage on their private computer. I end up with several keys like this;

Key1: jk45928urifjl32kujf09328ppjki423
Key2: xmxcakjuioljue38u38l5h5kljlfzlkjk
Key3: sslwalkreapo9i0tioik4l5ksertpoi49
..........

If you put them in a .htm file on a comp that no-one else has access to, they're quite secure.... don't rely on that alone though, someone could be listening to the data you're sending.... I agree with spudge, never trust anything.

Thanks all. I'm just going to put a .htaccess directive on it and forget the rest. At least that makes it secure from malicious users on the same host as I. If a man in the middle wants to f' up my site, he can do it just by reading the ftp login packets.