[
MAINHACK
]
Mail Test
BC
Config Scan
HOME
Create...
New File
New Folder
Viewing / Editing File: functions.php
<?php //php mailer use PHPMailer\PHPMailer\PHPMailer; include_once "PHPMailer/PHPMailer.php"; include_once "PHPMailer/Exception.php"; //count the row of record in our database function row_count($result){ global $new; return mysqli_num_rows($result); } // public function base_url($uri = '', $protocol = NULL) // { // $base_url = $this->slash_item('base_url'); // if (isset($protocol)) // { // // For protocol-relative links // if ($protocol === '') // { // $base_url = substr($base_url, strpos($base_url, '//')); // } // else // { // $base_url = $protocol.substr($base_url, strpos($base_url, '://')); // } // } // return $base_url.$this->_uri_string($uri); // } //escape string function (sql injection) function escape($string){ global $new; return mysqli_real_escape_string($new, $string); } //send query function function query($query){ global $new; $result = mysqli_query($new,$query); confirm($result); return $result; } //function for sticky form function getInputValue($name){ global $new; if(isset($_POST[$name])){ echo $_POST[$name]; } } function check_version(){ global $new; $latest_verion=@file_get_contents('http://localhost/newpro/mydashboard/version.txt'); //current version $current_version=1.2; if($latest_verion == $current_version){ echo "System version $latest_verion"; }else{ if($current_version < $latest_verion){ echo "Please upgrade your script to the latest verions which is $latest_verion"; } } } //function to set first letter to upper case function sanitizeFormString($inputText){ global $new; $inputText = ucfirst(strtolower($inputText));// first letter to upper case & the rest lower case return $inputText; } //check if for errors function confirm($result){ global $new; if(!$result){ die("QUERY FAILED" . mysqli_error($new)); } } //function to fetch data from the database function fetch_array($result){ global $new; return mysqli_fetch_array($result); } function validate_phone_number($phone_number) { // Allow +, - and . in phone number $filtered_phone_number = filter_var($phone_number, FILTER_SANITIZE_NUMBER_INT); // Remove "-" from number $phone_to_check = str_replace("-", "", $filtered_phone_number); // Check the lenght of number // This can be customized if you want phone number from a specific country if (strlen($phone_to_check) < 10 || strlen($phone_to_check) > 14) { return false; } else { return true; } } ?> <?php /*********************Helper functions *************/ //clean input field function function clean($string){ global $new; return htmlspecialchars($string); } //redirection function function redirect($location){ global $new; return header("Location: {$location}"); } //set message function set_message($message){ global $new; if(!empty($message)){ $_SESSION['message'] = $message; } else{ $message = ""; } } //display message function display_message(){ if(isset($_SESSION['message'])){ echo $_SESSION['message']; unset($_SESSION['message']);//so that the message will not stay there all the time } } function token_generator(){ global $new; $token = $_SESSION['token'] = md5(uniqid(mt_rand(), true)); return $token; } //funtion to display error function display_validation_error($error_message){ global $new; $error_message = <<<DELIMITER <div class="alert alert-danger alert-dismissible" role="alert"> <button type="button" class="close" data-dismiss="alert" aria-label="close"><span aria-hidden="true">×</span></button><strong>Warning!</strong> $error_message </div> DELIMITER; return $error_message; } //function to check if email already exit function email_exit($email){ global $new; $sql = "SELECT id FROM users WHERE email = '{$email}'"; $result = query($sql); if(row_count($result)==1){ return true; } else{ return false; } } function phone_exit($phone_number){ global $new; $sql = "SELECT id FROM users WHERE phone_number = '{$phone_number}'"; $result = query($sql); if(row_count($result)==1){ return true; } else{ return false; } } function course_exist($the_cid,$the_user_id){ global $new; $sql = "SELECT course_id,user_id FROM enroll WHERE course_id='$the_cid' AND user_id = '".$_SESSION['user_id']."'"; $result = query($sql); $row = fetch_array($result); $course_id = $row['course_id']; $user_id = $row['user_id']; if($course_id===$the_cid && $user_id===$_SESSION['user_id']){ return true; } else{ return false; } } //function activate_user() function activate_user(){ global $new; if($_SERVER['REQUEST_METHOD'] == "GET"){ if(isset($_GET['email'])){ $email = clean($_GET['email']); $validation_code = clean($_GET['code']); $sql = "SELECT id FROM users WHERE email = '".escape($_GET['email'])."' AND validation_code = '".escape($_GET['code'])."' "; $result = query($sql); confirm($result); //if the user was found if(row_count($result) == 1){ $sql2 = "UPDATE users SET active = 1, validation_code = 0 WHERE email = '".escape($email)."' AND validation_code = '".escape($validation_code)."' "; $result2= query($sql2); set_message("<p class='alert alert-success text-center '>Your account has been activated please login </p>"); redirect("login"); }else{ set_message("<p class='alert alert-danger text-center'>Sorry Your account could not be activated </p>"); redirect("register"); } } } } function activate_user1(){ global $new; if($_SERVER['REQUEST_METHOD'] == "GET"){ if(isset($_GET['email'])){ $email = clean($_GET['email']); $validation_code = clean($_GET['code']); $sql = "SELECT id FROM users WHERE email = '".escape($_GET['email'])."' AND validation_code = '".escape($_GET['code'])."' "; $result = query($sql); confirm($result); //if the user was found if(row_count($result) == 1){ $sql2 = "UPDATE users SET active = 1, validation_code = 0 WHERE email = '".escape($email)."' AND validation_code = '".escape($validation_code)."' "; $result2= query($sql2); set_message("<p class='alert alert-success text-center '>Your account has been activated please login </p>"); redirect("referral"); }else{ set_message("<p class='alert alert-danger text-center'>Sorry Your account could not be activated </p>"); redirect("referral"); } } } }//activate user ends /*************************Validate user login functions*******************/ function validate_user_login(){ global $new; $errors = []; $min = 3; $max = 20; //post request function if($_SERVER['REQUEST_METHOD'] == "POST"){ $email = clean($_POST['email']); $password = clean($_POST['password']); $remember = isset($_POST['remember']); if(empty($email)){ $errors[]= "Email field cannot be empty"; } if(empty($password)){ $errors[]= "Password field cannot be empty"; } if(!empty($errors)){ foreach($errors as $error){ //Display error code here echo display_validation_error($error); } }else{ //if login succeed go homepage if(login_user($email,$password,$remember)){ return true; }else{ echo display_validation_error("Your Credentials Are Not Correct"); } } } } /************************* user login functions*******************/ function login_user($email,$password,$remember){ global $new; $sql = "SELECT password, status, id FROM users WHERE email = '".escape($email)."' AND active = 1 "; $result = query($sql); //if we found somebody if(row_count($result)== 1){ $row = fetch_array($result); $_SESSION['id'] = $row['id']; $_SESSION['status'] = $row['status']; $db_password = $row['password']; //if we are able to find the password if(password_verify($password, $db_password)){ if($row['status']=='admin'){ $_SESSION['admin']= 'admin'; redirect('admin/index.php'); } elseif ($row['status'] == 'user') { $_SESSION['user'] == 'user'; redirect('paper.php'); } if($remember == "on"){ setcookie('email',$email,time(),+86400); } $_SESSION['email'] = $email; return true; } else{ return false; } return true; } //else if we find nobody else{ return false; } }//end of function /********************** logged in function *****************/ function logged_in(){ global $new; if(isset($_SESSION['email']) || isset($_COOKIE['email'])){ return true; } else{ return false; } }//function end /********************** AES encryption function begins *****************/ //$key is our base64 encoded 128bit key that we created earlier. You will probably store and define this key in a config file. $key = 'cOt7HOrCNKIlk+CFIqJlAFpQMl1MFhFLP5wCgn4ZbwjLS4qZwcKzBk7JKL/MIICOypjbz/YeJe5LDXGS7uduKxDKDl7tXOgTCuUcgz8RYHYXJmzC/oqJCeJ5Ut7FHzXxTebzvIchnWG3Zqc1hKdLBid1GKllxsrPTbuDOhRQ6tI='; function my_encrypt($data, $key) { global $new; // Remove the base64 encoding from our key $encryption_key = base64_decode($key); // Generate an initialization vector $iv = openssl_random_pseudo_bytes(openssl_cipher_iv_length('aes-128-cbc')); // Encrypt the data using AES 256 encryption in CBC mode using our encryption key and initialization vector. $encrypted = openssl_encrypt($data, 'aes-128-cbc', $encryption_key, 0, $iv); // The $iv is just as important as the key for decrypting, so save it with our encrypted data using a unique separator (::) return base64_encode($encrypted . '::' . $iv); } function my_decrypt($data, $key) { global $new; // Remove the base64 encoding from our key $encryption_key = base64_decode($key); // To decrypt, split the encrypted data from our IV - our unique separator used was "::" list($encrypted_data, $iv) = explode('::', base64_decode($data), 2); return openssl_decrypt($encrypted_data, 'aes-128-cbc', $encryption_key, 0, $iv); } /********************** AES encryption function ends *****************/ function send_email($email, $subject, $msg, $headers){ //global $new; $mail = new PHPMailer(); $mail->addAddress($email); $mail->setFrom('info@starr6.com','Starr6.com'); //$mail->AddEmbeddedImage('src=../img/logo.png', 'logo_2u'); $mail->Subject = $subject; $mail->isHTML(true); $mail->CharSet= 'UTF-8'; $mail->Body = $msg; if($mail->send()){ echo 'Message has been sent'; }else{ echo 'Message could not be sent. Mailer Error: ', $mail->ErrorInfo; } } /********************** Recover Password function *****************/ function recover_password(){ global $new; if($_SERVER['REQUEST_METHOD'] == "POST"){ if(isset($_SESSION['token']) && $_POST['token'] === $_SESSION['token']){ $email = clean($_POST['email']); if(empty($email)){ echo display_validation_error("Email field cannot be empty"); } if(email_exit($email)) { $the_hash_value = md5($email . microtime()).date("dmyHis"); $validation_code = hash("sha512", $the_hash_value . microtime()).date("dmyHis"); $key = 'cOt7HOrCNKIlk+CFIqJlAFpQMl1MFhFLP5wCgn4ZbwjLS4qZwcKzBk7JKL/MIICOypjbz/YeJe5LDXGS7uduKxDKDl7tXOgTCuUcgz8RYHYXJmzC/oqJCeJ5Ut7FHzXxTebzvIchnWG3Zqc1hKdLBid1GKllxsrPTbuDOhRQ6tI='; $date = date("Y-m-d H:i:s"); $min = date("Y-m-d H:i:s", strtotime($date . "+15 minutes")); $date_encrypted = my_encrypt($min, $key); //setting cookie so that forgot validation code will not be available all the time //setcookie('temp_access_code', $validation_code , time()+900); //setcookie($name, $value, $expire, $path, $domain, $secure, $httponly); setcookie('temp_access_code', $validation_code , time()+900, '/',null,null,true); //inserting the validation code of the user inside the database $sql = "UPDATE users SET forgot_pass_expire_time='".$date_encrypted."', validation_code = '".escape($validation_code)."' WHERE email = '".escape($email)."'"; $result = query($sql); confirm($result); $query = "SELECT name FROM users WHERE email = '$email'"; $send_query = query($query); confirm($send_query); $row = mysqli_fetch_assoc($send_query); $name = $row['name']; $subject = "Please reset your password"; $ghana=""; $actual_link = (isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] === 'on' ? "https" : "http") . "://$_SERVER[HTTP_HOST]$ghana"; $message = " Hi, <br><br> A password reset for your account was requested. <br><br> Please click the link below to change your password. <br><br> Note that the link is valid for 15 minutes. After the time has expire, you<br> will have to resubmit the request for a password reset.<br><br> <a href =\"$actual_link/reset.php?code=$validation_code\" <br> Change Your Password </a> "; // $headers = "From: richempire.com"; if(!send_email($email , $subject, $message , $headers)){ echo display_validation_error("Email could not be sent"); } set_message("<p class='alert alert-success text-center '>Please check your email or spam folder for a password reset code</p>"); redirect("sign-in.php"); } else{ echo display_validation_error("This email does not exist"); } }else{ //if the token is not the same or set ;that generator redirect("sign-in.php"); } //if cancel is clicked if(isset($_POST['cancel_submit'])){ redirect("index.php"); } } }//function end /********************** code validation function *****************/ function validate_code(){ global $new; if(isset($_COOKIE['temp_access_code'])){ if(!isset($_GET['email']) && !isset($_GET['code'])){ redirect("index.php"); }elseif(empty($_GET['email']) || empty($_GET['code'])){ redirect("index.php"); }else{ if(isset($_POST['code'])){ $email = clean($_GET['email']); $validation_code = clean($_POST['code']); $sql = "SELECT id FROM users WHERE validation_code = '".escape($validation_code)."' AND email ='".escape($email)."' "; $result = query($sql); //if code is true or found if(row_count($result) == 1){ $path = '/'; $domain = 'www.paper.critacghana.com'; $secure = isset($_SERVER['HTTPS']); $httponly = true; // JavaScript can't access cookie setcookie('temp_access_code', $validation_code , time()+900,$path,$domain,$secure,$httponly); //setcookie($name, $value, $expire, $path, $domain, $secure, $httponly); //varifying that the user was from code.php redirect("reset.php?email=$email&code=$validation_code"); }else{ //if code is not found echo display_validation_error("Sorry wrong validation code"); } } } }else{ set_message("<p class='bg-danger text-center'>Sorry your validation cookie was expired </p>"); redirect("recover.php"); } }//function end /********************** password reset function *****************/ function password_reset(){ global $new; if(isset($_GET['code'])){ $validation_code = sql_prep($_GET['code']); //if our token and post token are the same if(isset($_SESSION['token']) && isset($_POST['token'])){ if($_POST['token']=== $_SESSION['token']){ $query = "SELECT id,forgot_pass_expire_time FROM users WHERE validation_code = '".sql_prep($_GET['code'])."'"; $send_query = mysqli_query($new,$query); $row = mysqli_fetch_array($send_query); $the_min = $row['forgot_pass_expire_time']; $find_user = mysqli_num_rows($send_query); if($find_user == 1){ $key = 'cOt7HOrCNKIlk+CFIqJlAFpQMl1MFhFLP5wCgn4ZbwjLS4qZwcKzBk7JKL/MIICOypjbz/YeJe5LDXGS7uduKxDKDl7tXOgTCuUcgz8RYHYXJmzC/oqJCeJ5Ut7FHzXxTebzvIchnWG3Zqc1hKdLBid1GKllxsrPTbuDOhRQ6tI='; $date_decrypted = my_decrypt($the_min, $key); $server_date_time_now = date("Y-m-d H:i:s"); if ($the_min != '0') { if ($date_decrypted > $server_date_time_now) { $password = sql_prep($_POST['password']); $confirm_password = sql_prep($_POST['confirm_password']); $password = dirty_html($password); $confirm_password = dirty_html($confirm_password); $password = h($password); $confirm_password = h($confirm_password); if($password === $confirm_password){ $updated_password = password_hash($password,PASSWORD_BCRYPT, array('cost'=>12)); //updating the new passwords $active_update = 1; $update_date_time = 0; $sql = mysqli_prepare($new, "UPDATE users SET password = ? ,forgot_pass_expire_time = ? WHERE validation_code =?"); mysqli_stmt_bind_param($sql, 'sss', $updated_password,$update_date_time,$validation_code); mysqli_stmt_execute($sql); set_message("<p class='alert alert-success text-center '>Your password has been updated, please login</p>"); redirect("sign-in.php"); }else{ echo display_validation_error("Password fields don't match"); } }else{ set_message("<p class='alert alert-danger text-center '>Sorry your time has expired. </p>"); redirect("forgot-password.php"); } }else{ set_message("<p class='alert alert-danger text-center '>error please request for password reset again. </p>"); redirect("forgot-password.php"); } }else{ set_message("<p class='alert alert-danger text-center '>Sorry your password cannot be recovered, please use the link provided in the reset email. </p>"); redirect("forgot-password.php"); } } } } else{ set_message("<p class='alert alert-danger text-center '>Sorry click on the link in your email to reset your password </p>"); redirect("forgot-password.php"); } } function TimeAgo ($oldTime, $newTime) { $timeCalc = strtotime($newTime) - strtotime($oldTime); if ($timeCalc >= (60*60*24*30*12*2)){ $timeCalc = intval($timeCalc/60/60/24/30/12) . " years ago"; }else if ($timeCalc >= (60*60*24*30*12)){ $timeCalc = intval($timeCalc/60/60/24/30/12) . " year ago"; }else if ($timeCalc >= (60*60*24*30*2)){ $timeCalc = intval($timeCalc/60/60/24/30) . " months ago"; }else if ($timeCalc >= (60*60*24*30)){ $timeCalc = intval($timeCalc/60/60/24/30) . " month ago"; }else if ($timeCalc >= (60*60*24*2)){ $timeCalc = intval($timeCalc/60/60/24) . " days ago"; }else if ($timeCalc >= (60*60*24)){ $timeCalc = " Yesterday"; }else if ($timeCalc >= (60*60*2)){ $timeCalc = intval($timeCalc/60/60) . " hours ago"; }else if ($timeCalc >= (60*60)){ $timeCalc = intval($timeCalc/60/60) . " hour ago"; }else if ($timeCalc >= 60*2){ $timeCalc = intval($timeCalc/60) . " minutes ago"; }else if ($timeCalc >= 60){ $timeCalc = intval($timeCalc/60) . " minute ago"; }else if ($timeCalc > 0){ $timeCalc .= " seconds ago"; } return $timeCalc; } // function password_reset(){ // global $new; // if(isset($_GET['min']) && isset($_GET['code'])){ // $the_min = sql_prep($_GET['min']); // $key = 'cOt7HOrCNKIlk+CFIqJlAFpQMl1MFhFLP5wCgn4ZbwjLS4qZwcKzBk7JKL/MIICOypjbz/YeJe5LDXGS7uduKxDKDl7tXOgTCuUcgz8RYHYXJmzC/oqJCeJ5Ut7FHzXxTebzvIchnWG3Zqc1hKdLBid1GKllxsrPTbuDOhRQ6tI='; // @$date_decrypted = my_decrypt($the_min, $key); // $server_date_time_now = date("Y-m-d H:i:s"); // //if our token and post token are the same // if(isset($_SESSION['token']) && isset($_POST['token'])){ // $validation_code = sql_prep($_GET['code']); // if($_POST['token']=== $_SESSION['token']){ // $query = mysqli_query($new, "SELECT id FROM users WHERE validation_code = '".$validation_code."'" // $stmt = mysqli_prepare($new, "SELECT id FROM users WHERE validation_code = ? AND forgot_pass_expire_time = ? "); // mysqli_stmt_bind_param($stmt, 'ss', $validation_code, $the_min); // mysqli_stmt_execute($stmt); // mysqli_stmt_bind_result($stmt, $validation_code,$forgot_pass_expire_time); // mysqli_stmt_store_result($stmt); // if(mysqli_stmt_num_rows($stmt) == 1){ // $password = sql_prep($_POST['password']); // $confirm_password = sql_prep($_POST['confirm_password']); // $password = dirty_html($password); // $confirm_password = dirty_html($confirm_password); // $password = h($password); // $confirm_password = h($confirm_password); // if($password === $confirm_password){ // $updated_password = password_hash($password,PASSWORD_BCRYPT, array('cost'=>12)); // //updating the new passwords // $active_update = 1; // $update_date_time = 0; // // $query = "UPDATE users SET "; // // $query .="password = ? , "; // // $query .="forgot_pass_expire_time = ? "; // // $query .="WHERE validation_code =? "; // // mysqli_stmt_bind_param($query, 'sss', $updated_password,$update_date_time,$validation_code); // // mysqli_stmt_execute($query); // $sql = mysqli_prepare($new, "UPDATE users SET password = ? ,forgot_pass_expire_time = ? WHERE validation_code =?"); // mysqli_stmt_bind_param($sql, 'sss', $updated_password,$update_date_time,$validation_code); // mysqli_stmt_execute($sql); // set_message("<p class='alert alert-success text-center '>Your password has been updated, please login</p>"); // redirect("login.php"); // }else{ // echo display_validation_error("Password fields don't match"); // } // }else{ // set_message("<p class='alert alert-danger text-center '>Sorry your password cannot be recovered, please use the link provided in the reset email. </p>"); // redirect("forgot.php"); // } // } // } // } // else{ // set_message("<p class='alert alert-danger text-center '>Sorry click on the link in your email to reset your password </p>"); // redirect("forgot.php"); // } // } // function password_reset(){ // global $new; // if(isset($_GET['code']) && isset($_GET['min'])){ // $the_validation_code = sql_prep($_GET['code']); // $the_min_date = sql_prep($_GET['min']); // //if our token and post token are the same // //if(isset($_SESSION['token']) && isset($_POST['token'])){ // // if($_POST['token']=== $_SESSION['token']){ // $stmt = mysqli_prepare($new, "SELECT forgot_pass_expire_time FROM users WHERE validation_code =? "); // mysqli_stmt_bind_param($stmt, 's', $the_validation_code); // mysqli_stmt_execute($stmt); // mysqli_stmt_bind_result($stmt,$forgot_pass_expire_time); // mysqli_stmt_store_result($stmt); // if(mysqli_stmt_num_rows($stmt) == 1){ // mysqli_stmt_fetch($stmt); // $server_date_time_now = date("Y-m-d H:i:s"); // $key = 'cOt7HOrCNKIlk+CFIqJlAFpQMl1MFhFLP5wCgn4ZbwjLS4qZwcKzBk7JKL/MIICOypjbz/YeJe5LDXGS7uduKxDKDl7tXOgTCuUcgz8RYHYXJmzC/oqJCeJ5Ut7FHzXxTebzvIchnWG3Zqc1hKdLBid1GKllxsrPTbuDOhRQ6tI='; // $date_decrypted = my_decrypt($the_min_date,$key); // if ($date_decrypted > $server_date_time_now){ // $password = sql_prep($_POST['password']); // $confirm_password = sql_prep($_POST['confirm_password']); // $password = dirty_html($password); // $confirm_password = dirty_html($confirm_password); // $password = h($password); // $confirm_password = h($confirm_password); // if($password === $confirm_password){ // $updated_password = password_hash($password,PASSWORD_BCRYPT, array('cost'=>12)); // //updating the new passwords // $date_time_update = 0; // $sql = mysqli_prepare($new, "UPDATE users SET password = ? ,forgot_pass_expire_time = ? WHERE validation_code =?"); // mysqli_stmt_bind_param($sql, 'sss', $updated_password,$date_time_update,$validation_code); // mysqli_stmt_execute($sql); // set_message("<p class='alert alert-success text-center '>Your password has been updated, please login</p>"); // redirect("login.php"); // }else{ // echo display_validation_error("Password fields don't match"); // } // }else{ // set_message("<p class='alert alert-danger text-center '>Sorry your time has expired </p>"); // redirect("forgot.php"); // } // }else{ // set_message("<p class='alert alert-danger text-center '>Sorry your password cannot be recovered, please use the link provided in the reset email. </p>"); // redirect("forgot.php"); // } // }else{ // set_message("<p class='alert alert-danger text-center '>Sorry please use the link provided in the reset email</p>"); // redirect("forgot.php"); // } // //} // } ?>
Save Changes
Cancel / Back
Close ×
Server Info
Hostname: server1.winmanyltd.com
Server IP: 203.161.60.52
PHP Version: 8.3.27
Server Software: Apache
System: Linux server1.winmanyltd.com 4.18.0-553.22.1.el8_10.x86_64 #1 SMP Tue Sep 24 05:16:59 EDT 2024 x86_64
HDD Total: 117.98 GB
HDD Free: 59.92 GB
Domains on IP: N/A (Requires external lookup)
System Features
Safe Mode:
Off
disable_functions:
None
allow_url_fopen:
On
allow_url_include:
Off
magic_quotes_gpc:
Off
register_globals:
Off
open_basedir:
None
cURL:
Enabled
ZipArchive:
Enabled
MySQLi:
Enabled
PDO:
Enabled
wget:
Yes
curl (cmd):
Yes
perl:
Yes
python:
Yes (py3)
gcc:
Yes
pkexec:
Yes
git:
Yes
User Info
Username: eliosofonline
User ID (UID): 1002
Group ID (GID): 1003
Script Owner UID: 1002
Current Dir Owner: 1002