403Webshell
Server IP : 74.208.236.18  /  Your IP : 216.73.216.45
Web Server : Apache
System : Linux infong654 4.4.400-icpu-108 #2 SMP Wed Feb 11 10:12:42 UTC 2026 x86_64
User : u39365822 ( 135825)
PHP Version : 8.4.23
Disable Function : NONE
MySQL : OFF  |  cURL : ON  |  WGET : ON  |  Perl : ON  |  Python : OFF  |  Sudo : OFF  |  Pkexec : OFF
Directory :  /homepages/7/d147067425/htdocs/includes/

Upload File :
current_dir [ Writeable ] document_root [ Writeable ]

 

Command :


[ Back ]     

Current File : /homepages/7/d147067425/htdocs/includes/main.php
<?php
ob_start();
session_start();
require "db_con_get.php";
if(isset($_POST['btn-save'])) {
	$first_name = $_POST['first_name'];
	$last_name = $_POST['last_name'];
	$full_name=$first_name.' '.$last_name;
	$email = $_POST['email'];
	$hashpassword = @sha1($_POST['password']);
    $status = 0;		
	$sql = "select email_id from therapist where email_id='".$email."'";
	$resultset = mysqli_query($con, $sql) or die("database error:". mysqli_error($con));
	$row = mysqli_fetch_assoc($resultset);
	if(empty($row['email_id'])){	
	    $sql = "insert into therapist(`id`,`name`,`email_id`,`password`,`status`,`created_at`,`updated_at`) VALUES (NULL,'".$full_name."','".$email."','".$hashpassword."','".$status."',now(),now())";
	    mysqli_query($con,$sql) or die("database error:". mysqli_error($con));
    // Otp being send ....
        $otp = rand(100000,999999);
		// Send OTP
		$to=$email;
        $from = 'therapist@revealmyway.com'; 
        $fromName = 'Reveal Therapist Account'; 
        $subject = 'OTP for Registeration';  
        $htmlContent = "One Time Password for a therapist account signup:<br/><br/>" . $otp;	   
        $headers = "From: $fromName"." <".$from.">"; 
        $semi_rand = md5(time());  
        $mime_boundary = "==Multipart_Boundary_x{$semi_rand}x";  
        $headers .= "\nMIME-Version: 1.0\n" . "Content-Type: multipart/mixed;\n" . " boundary=\"{$mime_boundary}\""; 
        $message = "--{$mime_boundary}\n" . "Content-Type: text/html; charset=\"UTF-8\"\n" . 
        "Content-Transfer-Encoding: 7bit\n\n" . $htmlContent . "\n\n";   
        $message .= "--{$mime_boundary}--"; 
        $returnpath = "-f" . $from;
        if(mail($to, $subject, $message, $headers,$returnpath)) {
            $result = mysqli_query($con,"INSERT INTO otp_auth_expiry(therapist_email, otp_code, is_expired, created_at) VALUES ('".@$email."', '" . $otp . "', 0, '" . date("Y-m-d H:i:s"). "')");
			$current_id = mysqli_insert_id($con);
			if(!empty($current_id)) {
				$msg="success1";
			}
        } else {
            $msg="Email could not be sent...";
        }			
	    
	} else {				
	    $msg="1";	 
	}
	echo $msg;
}
if(isset($_POST['btn-login'])) {
	$username = $_POST['username'];
	$password = $_POST['password'];
	$hashPass = @sha1($_POST['password']);
    $sql = "select * from therapist where `email_id` = '".$username."' AND `status`=1";
    $result = mysqli_query($con, $sql) or die(mysqli_error($con));
    $count = mysqli_num_rows($result);
    if ($count > 0) {
        $row = mysqli_fetch_assoc($result);
        
        // generate OTP
		$otp = rand(100000,999999);
		// Send OTP
		$to=$row['email_id'];
        $from = 'therapist@revealmyway.com'; 
        $fromName = 'Reveal Therapist Account'; 
        $subject = 'OTP for Login';  
        $htmlContent = "One Time Password for Therapist login authentication is:<br/><br/>" . $otp;	   
        $headers = "From: $fromName"." <".$from.">"; 
        $semi_rand = md5(time());  
        $mime_boundary = "==Multipart_Boundary_x{$semi_rand}x";  
        $headers .= "\nMIME-Version: 1.0\n" . "Content-Type: multipart/mixed;\n" . " boundary=\"{$mime_boundary}\""; 
        $message = "--{$mime_boundary}\n" . "Content-Type: text/html; charset=\"UTF-8\"\n" . 
        "Content-Transfer-Encoding: 7bit\n\n" . $htmlContent . "\n\n";   
        $message .= "--{$mime_boundary}--"; 
        $returnpath = "-f" . $from;
        if(mail($to, $subject, $message, $headers,$returnpath)) {
            $result = mysqli_query($con,"INSERT INTO otp_auth_expiry(otp_code,is_expired,created_at) VALUES ('" . $otp . "', 0, '" . date("Y-m-d H:i:s"). "')");
			$current_id = mysqli_insert_id($con);
			if(!empty($current_id)) {
				$success=1;
			}
        } else {
            $msg="Email could not be sent...";
        }
    
        if(@$_POST["remember_me"]=='1' || @$_POST["remember_me"]=='on'){
            $hour = time() + 3600 * 24 * 30;
            setcookie('username', $username, $hour, '/');
            setcookie('password', $password, $hour, '/');
        }else{
            $hour = time();
            setcookie("username", "", $hour,'/');
            setcookie("password", "", $hour,'/');
        }
        $passHash = $row['password'];
        if($hashPass==$passHash) {	
            $_SESSION['CURRENT_THERIPIST'] = $row;
            unset($_SESSION['CURRENT_THERIPIST']['password']);
            $msg="success1";
        } else {
            $msg="password is incorrect";
        }  
    } else {
        $msg="Email ID is incorrect";
	}
	echo $msg;	
}

if(isset($_POST['otp_code'])) {
    if(!empty($_SESSION['CURRENT_THERIPIST'])) {
        $postOTP = $_POST['otp_code'];
        $result = mysqli_query($con,"SELECT * FROM otp_auth_expiry WHERE otp_code='" . $postOTP . "' AND is_expired!=1 AND NOW() <= DATE_ADD(created_at, INTERVAL 1 HOUR)") or die("database error:". mysqli_error($con));
        $count  = mysqli_num_rows($result);
        if(!empty($count)) {
            $result = mysqli_query($con,"UPDATE otp_auth_expiry SET is_expired = 1 WHERE otp_code = '" . $postOTP . "'");
            $_SESSION['loggedin'] = true;
            $msg = "success2";	
        } else {
            //$success = "success1";
            $msg = "Invalid OTP!";
        }	
    } else {
        $msg="Sorry but your session has expired. Please try login again..";
    }
    echo $msg;	
}
if(isset($_POST['otp_code_reg'])) {
    $postOTP = $_POST['otp_code_reg'];
    $result = mysqli_query($con,"SELECT * FROM otp_auth_expiry WHERE otp_code='" . $postOTP . "' AND is_expired!=1 AND NOW() <= DATE_ADD(created_at, INTERVAL 1 HOUR)") or die("database error:". mysqli_error($con));
    $row = mysqli_fetch_assoc($result);
    $count  = mysqli_num_rows($result);
    if(!empty($count)) {
        $upTherapist = mysqli_query($con, "UPDATE `therapist` SET `status` = '1' WHERE `email_id` = '".$row['therapist_email']."'") 
        or die("Error updating therapist after OTP confirmation: ". mysqli_error($con));
        $result = mysqli_query($con,"UPDATE otp_auth_expiry SET is_expired = 1 WHERE otp_code = '" . $postOTP . "'");
        $msg = "success2";	
    } else {
        //$success = "success1";
        $msg = "Invalid OTP!";
    }	
    
    echo $msg;	
}

if(isset($_POST['btn-forget'])) {
	$email = mysqli_real_escape_string($con,$_POST['email']);
    $sql = "SELECT * FROM therapist WHERE `email_id` = '".$email."'";
    $result = mysqli_query($con,$sql) or die(mysqli_error($con));
    $count_ther = mysqli_num_rows($result);
    if($count_ther>0) {
    $row_ther = mysqli_fetch_assoc($result);
    $token = bin2hex(openssl_random_pseudo_bytes(16));
    $Update_q=mysqli_query($con,"update `therapist` set `token`='".$token."' where `email_id`='".$email."' ") or die(mysqli_error($con));
    if($Update_q>0){
    $token=$token;
    $to=$row_ther['email_id'];
    $from = 'therapist@revealmyway.com'; 
    $fromName = 'Reveal Therapist Account'; 
    $subject = 'Password Reset link';  
    $htmlContent = '<strong>Click here to Reset Your account Password</strong> http://therapist.revealmyway.com/reset-password.php?token='.$token;	   
    $headers = "From: $fromName"." <".$from.">"; 
    $semi_rand = md5(time());  
    $mime_boundary = "==Multipart_Boundary_x{$semi_rand}x";  
    $headers .= "\nMIME-Version: 1.0\n" . "Content-Type: multipart/mixed;\n" . " boundary=\"{$mime_boundary}\""; 
    $message = "--{$mime_boundary}\n" . "Content-Type: text/html; charset=\"UTF-8\"\n" . 
    "Content-Transfer-Encoding: 7bit\n\n" . $htmlContent . "\n\n";   
    $message .= "--{$mime_boundary}--"; 
    $returnpath = "-f" . $from;
    if(mail($to, $subject, $message, $headers,$returnpath)) {
    $msg="success";
    }else {
    $msg="Email could not be sent...";
    }
    }
    }else{
    $msg= "Incorrect Email-ID"; 
    }
    echo $msg;	
}
if(isset($_POST['btn-reset'])) { 
    $password = mysqli_real_escape_string($con,$_POST['password']);
    $confirm_password = mysqli_real_escape_string($con,$_POST['confirm_password']);
    $token = mysqli_real_escape_string($con,$_POST["token"]);
    if($password!=$confirm_password){
    $msg= "Password do not match, both password should be same.";
    }
    if(empty($token) && !isset($token)){
    $msg.= "Invalid Token";
    }
    if(empty($msg)){
    $newpassword=@sha1($_POST['password']);
    $update_data=mysqli_query($con,"update `therapist` set `password`='".mysqli_real_escape_string($con,$newpassword)."', `token`='' ,`updated_at`=now() where `id`='".base64_decode($_POST['token'])."' ") or die(mysqli_error($con));
    if($update_data){
    $msg='success';
    }else{
	$msg= "Something Error.Please Contact Administrator";	
	}  
    }
    echo $msg;	
}
?>

Youez - 2016 - github.com/yon3zu
LinuXploit