403Webshell
Server IP : 74.208.236.18  /  Your IP : 216.73.216.91
Web Server : Apache
System : Linux infong654 4.4.400-icpu-108 #2 SMP Wed Feb 11 10:12:42 UTC 2026 x86_64
User : u39365822 ( 135825)
PHP Version : 8.4.23
Disable Function : NONE
MySQL : OFF  |  cURL : ON  |  WGET : ON  |  Perl : ON  |  Python : OFF  |  Sudo : OFF  |  Pkexec : OFF
Directory :  /homepages/7/d147067425/htdocs/client_user_2/includes/

Upload File :
current_dir [ Writeable ] document_root [ Writeable ]

 

Command :


[ Back ]     

Current File : /homepages/7/d147067425/htdocs/client_user_2/includes/ajax-handler.php
<?php
session_start();
include('./db_con_get.php');
$userID = @$_SESSION['CURRENT_THERIPIST']['id'];
function call_api($fields, $url) {
    //API call 
    $curl = curl_init($url);
    curl_setopt($curl, CURLOPT_URL, $url);
    curl_setopt($curl, CURLOPT_RETURNTRANSFER, true);

    $headers = array(
    "X-Custom-Header: value",
    "Content-Type: application/json",
    "API-TOKEN:t68VRoQGFSxHVR3dskZvRKpe8Pb1rQrm",
    );
    curl_setopt($curl, CURLOPT_HTTPHEADER, $headers);
    // Api call footer
    curl_setopt($curl, CURLOPT_POSTFIELDS, json_encode($fields));
    //for debug only!
    curl_setopt($curl, CURLOPT_SSL_VERIFYHOST, false);
    curl_setopt($curl, CURLOPT_SSL_VERIFYPEER, false);

    $resp = curl_exec($curl);
    curl_close($curl);
    //var_dump($resp);
    return $resp;
}
if(isset($_POST)) {
    if(@$_POST['task'] != '') {
        switch($_POST['task']) {
            case 'show_profiler_form':
                //$url = 'http://apis.revealmyway.com:4000/therapist_api/public/api/user/link';
                $currentUserId = @$_SESSION['CURRENT_CLIENT']['UserID'];
                $fields = ['id' => @$currentUserId ? $currentUserId : '0'];
                $get_balance = $con->query("SELECT `UserID`, `UserName`, `Profiler` FROM `user` WHERE 
                `UserID` = '".$currentUserId."'");
                $response = array();
                if($get_balance->num_rows > 0) {
                    $getProfilerRow = $get_balance->fetch_array(MYSQLI_ASSOC);
                    $jotForm = [];
                    if($getProfilerRow['Profiler'] > 0) {
                        if(@$_SESSION['CURRENT_CLIENT']['GuidReference'] != '') {
                            $jotForm['FormSourceLink'] = 'https://www.jotform.com/form/230103657041140?guid='.@$_SESSION['CURRENT_CLIENT']['GuidReference'];
                            $jotForm['IsSubmissionAvailable'] = true;
                            $jotForm['SubmissionsAvailable'] = $getProfilerRow['Profiler'];
                            $response = $jotForm;
                        } else {
                            $response = ["message" => 'Sorry but your guid reference is not defined. Please contact your therapist.'];    
                        }
                    } else {
                        $response = ["message" => 'No More Uses of this Tool. To use this tool again, ask your therapist, counselor, or coach to give you additional uses.'];
                    }
                }
                echo json_encode($response);
                //echo call_api($fields, $url);
            break;  
            case 'show_rp_profiler_form':
                //$url = 'http://apis.revealmyway.com:4000/therapist_api/public/api/user/link';
                $currentUserId = @$_SESSION['CURRENT_CLIENT']['UserID'];
                $fields = ['id' => @$currentUserId ? $currentUserId : '0'];
                $get_balance = $con->query("SELECT `UserID`, `UserName`, `PeriodicProfiler` FROM `user` WHERE 
                `UserID` = '".$currentUserId."'");
                $response = array();
                if($get_balance->num_rows > 0) {
                    $getProfilerRow = $get_balance->fetch_array(MYSQLI_ASSOC);
                    $jotForm = [];
                    if($getProfilerRow['PeriodicProfiler'] > 0) {
                        if(@$_SESSION['CURRENT_CLIENT']['GuidReference'] != '') {
                            $jotForm['FormSourceLink'] = 'https://form.jotform.com/230104027959150?guid='.$_SESSION['CURRENT_CLIENT']['GuidReference'];
                            $jotForm['IsSubmissionAvailable'] = true;
                            $jotForm['SubmissionsAvailable'] = $getProfilerRow['PeriodicProfiler'];
                            $response = $jotForm;
                        } else {
                            $response = ["message" => 'Sorry but your guid reference is not defined. Please contact your therapist.'];    
                        }
                    } else {
                        $response = ["message" => 'No More Uses of this Tool. To use this tool again, ask your therapist, counselor, or coach to give you additional uses.'];
                    }
                }
                echo json_encode($response);
                //echo call_api($fields, $url);
            break;
            case 'show_pmg_form':
                //$url = 'http://apis.revealmyway.com:4000/therapist_api/public/api/user/pmglink';
                $currentUserId = @$_SESSION['CURRENT_CLIENT']['UserID'];
                $fields = ['id' => @$currentUserId ? $currentUserId : '0'];
                $get_balance = $con->query("SELECT `UserID`, `UserName`, `PMG` FROM `user` WHERE 
                `UserID` = '".$currentUserId."'");
                $response = array();
                if($get_balance->num_rows > 0) {
                    $getProfilerRow = $get_balance->fetch_array(MYSQLI_ASSOC);
                    $jotForm = [];
                    if($getProfilerRow['PMG'] > 0) {
                        if(@$_SESSION['CURRENT_CLIENT']['GuidReference'] != '') {
                            $jotForm['FormSourceLink'] = 'https://form.jotform.com/230103647663149?guid='.$_SESSION['CURRENT_CLIENT']['GuidReference'];
                            $jotForm['IsSubmissionAvailable'] = true;
                            $jotForm['SubmissionsAvailable'] = $getProfilerRow['PMG'];
                            $response = $jotForm;
                        } else {
                            $response = ["message" => 'Sorry but your guid reference is not defined. Please contact your therapist.'];    
                        }
                    } else {
                        $response = ["message" => 'No More Uses of this Tool. To use this tool again, ask your therapist, counselor, or coach to give you additional uses.'];
                    }
                }
                echo json_encode($response);
                //echo call_api($fields, $url);
            break;   
            case 'auth_pp':
                if(@$_POST['check'] != '') {
                    $chkA = $con->query("SELECT `id` FROM `client_options` WHERE 
                    `client_id` = '".@$_SESSION['CURRENT_CLIENT']['UserID']."' AND `option_name` = 'pp_auth_reports'");
                    $countRows = $chkA->num_rows;
                    $authVal = $_POST['check'] == 'true' ? 'Authorized': 'Unauthorized';
                    
                    if($countRows > 0) {
                        $up_option = mysqli_query($con, "UPDATE `client_options` SET `client_id` = '".@$_SESSION['CURRENT_CLIENT']['UserID']."', 
                        `option_name` = 'pp_auth_reports', `option_value` = '".@$authVal."' 
                        WHERE `client_id` = '".@$_SESSION['CURRENT_CLIENT']['UserID']."' AND `option_name` = 'pp_auth_reports'") or die("Error updating ".mysqli_error($con));
                        echo $_POST['check'] == 'true' ? 'You have Authorized your therapist successfully!' : 'You have Unauthorized your therapist successfully!';
                    } else {
                        $ins_option = mysqli_query($con, "INSERT INTO `client_options` (`client_id`, `client_email`, `option_name`, `option_value`) 
                        VALUES ('".@$_SESSION['CURRENT_CLIENT']['UserID']."', '".@$_SESSION['CURRENT_CLIENT']['EmailID']."','pp_auth_reports', 
                        '".@$authVal."')") or die(mysqli_error($con));
                        echo $_POST['check'] == 'true' ? 'You have Authorized your therapist successfully!' : 'You have Unauthorized your therapist successfully!';
                    }
                }  
            break; 
            case 'auth_rp':
                if(@$_POST['check'] != '') {
                    $chkA = $con->query("SELECT `id` FROM `client_options` WHERE 
                    `client_id` = '".@$_SESSION['CURRENT_CLIENT']['UserID']."' AND `option_name` = 'rp_auth_reports'");
                    $countRows = $chkA->num_rows;
                    $authVal = $_POST['check'] == 'true' ? 'Authorized': 'Unauthorized';
                    
                    if($countRows > 0) {
                        $up_option = mysqli_query($con, "UPDATE `client_options` SET `client_id` = '".@$_SESSION['CURRENT_CLIENT']['UserID']."', 
                        `option_name` = 'rp_auth_reports', `option_value` = '".@$authVal."' 
                        WHERE `client_id` = '".@$_SESSION['CURRENT_CLIENT']['UserID']."' AND `option_name` = 'rp_auth_reports'") or die("Error updating ".mysqli_error($con));
                        echo $_POST['check'] == 'true' ? 'You have Authorized your therapist successfully!' : 'You have Unauthorized your therapist successfully!';
                    } else {
                        $ins_option = mysqli_query($con, "INSERT INTO `client_options` (`client_id`, `client_email`, `option_name`, `option_value`) 
                        VALUES ('".@$_SESSION['CURRENT_CLIENT']['UserID']."', '".@$_SESSION['CURRENT_CLIENT']['EmailID']."','rp_auth_reports', 
                        '".@$authVal."')") or die(mysqli_error($con));
                        echo $_POST['check'] == 'true' ? 'You have Authorized your therapist successfully!' : 'You have Unauthorized your therapist successfully!';
                    }
                }  
            break;
            case 'auth_pmg':
                if(@$_POST['check'] != '') {
                    $chkA = $con->query("SELECT `id` FROM `client_options` WHERE 
                    `client_id` = '".@$_SESSION['CURRENT_CLIENT']['UserID']."' AND `option_name` = 'pmg_auth_reports'");
                    $countRows = $chkA->num_rows;
                    $authVal = $_POST['check'] == 'true' ? 'Authorized': 'Unauthorized';
                    
                    if($countRows > 0) {
                        $up_option = mysqli_query($con, "UPDATE `client_options` SET `client_id` = '".@$_SESSION['CURRENT_CLIENT']['UserID']."', 
                        `option_name` = 'pmg_auth_reports', `option_value` = '".@$authVal."' 
                        WHERE `client_id` = '".@$_SESSION['CURRENT_CLIENT']['UserID']."' AND `option_name` = 'pmg_auth_reports'") or die("Error updating ".mysqli_error($con));
                        echo $_POST['check'] == 'true' ? 'You have Authorized your therapist successfully!' : 'You have Unauthorized your therapist successfully!';
                    } else {
                        $ins_option = mysqli_query($con, "INSERT INTO `client_options` (`client_id`, `client_email`, `option_name`, `option_value`) 
                        VALUES ('".@$_SESSION['CURRENT_CLIENT']['UserID']."', '".@$_SESSION['CURRENT_CLIENT']['EmailID']."', 'pmg_auth_reports', 
                        '".@$authVal."')") or die(mysqli_error($con));
                        echo $_POST['check'] == 'true' ? 'You have Authorized your therapist successfully!' : 'You have Unauthorized your therapist successfully!';
                    }
                }  
            break;     
            case 'add_client_invite':
                parse_str($_POST['formdata'], $param);
                $errors = array();
                if(@$param['name'] == '') {
                    $errors['name'] = "Client name is required.";
                }
                if(@$param['email'] == '') {
                    $errors['email'] = "Email name is required.";
                }
                if(count($errors) > 0) {
                    echo json_encode(['msg' => '<span style="color:red">Please correct validation errors!</span>', "errors" => $errors]);
                } else {
                    $to = @$param['email'];
                    $subject = "Therapist Invite";
                    $headers = "From: therapist@revealmyway.com\r\n";
                    $headers .= "MIME-Version: 1.0" . "\r\n";
                    $headers .= "Content-type: text/html; charset=UTF-8" . "\r\n";
                    $headers .= "Reply-To: noreply@revealmyway.com\r\n";
                    $headers .= "X-Mailer: PHP/".phpversion();
                    $message = file_get_contents('./email-inlined.php');
                    
                    $ins_user = $con->query(
                                    "INSERT INTO `user` (`therapist_id`, `UserName`, `PasswordHash`, `EmailID`, `IsActive`, `CreatedOn`) 
                                    VALUES ('".@$userID."', '".@base64_encode($param['name'])."', 'n/a', '".@base64_encode($param['email'])."', '1', now())"
                                );
                    if($ins_user) {
                        mail($to, $subject, $message, $headers);
                        echo json_encode(['msg' => '<span style="color:green">An invite for signup has been sent to client!</span>']);
                    } else {
                        echo json_encode(['error' => 'Error '.$con->error]);
                    }          
                    
                }
                
            break;  
            
            case 'resend_client_invite':
                
                if(@$_POST['user'] != '') {
                    $getUser = $con->query("SELECT `UserID`, `EmailID` FROM `user` WHERE 
                    `UserID` = '".$_POST['user']."'");
                    $useRow = $getUser->fetch_array(MYSQLI_ASSOC);

                    $to = @base64_decode($useRow['EmailID']);
                    $subject = "Therapist Invite";
                    $headers = "From: therapist@revealmyway.com\r\n";
                    $headers .= "MIME-Version: 1.0" . "\r\n";
                    $headers .= "Content-type: text/html; charset=UTF-8" . "\r\n";
                    $headers .= "Reply-To: noreply@revealmyway.com\r\n";
                    $headers .= "X-Mailer: PHP/".phpversion();
                    $message = file_get_contents('./email-inlined.php');
                    
                    
                    if(mail($to, $subject, $message, $headers)) {
                        echo json_encode(['msg' => 'An invite for signup has been sent to client!']);
                    }         
                    
                } else {
                    echo json_encode(['msg' => 'Please correct validation errors!', "errors" => $errors]);        
                }
                
            break;
 
        }
    }
}

Youez - 2016 - github.com/yon3zu
LinuXploit