403Webshell
Server IP : 192.169.170.185  /  Your IP : 216.73.216.97
Web Server : Apache
System : Linux p3plmcpnl495852.prod.phx3.secureserver.net 4.18.0-553.52.1.lve.el8.x86_64 #1 SMP Wed May 21 15:31:29 UTC 2025 x86_64
User : akhilnew ( 1712764)
PHP Version : 5.6.40
Disable Function : NONE
MySQL : ON  |  cURL : ON  |  WGET : ON  |  Perl : ON  |  Python : ON  |  Sudo : OFF  |  Pkexec : OFF
Directory :  /home/akhilnew/public_html/reflectivejournals.com/inc/

Upload File :
current_dir [ Writeable ] document_root [ Writeable ]

 

Command :

[ Back ]     

Current File : /home/akhilnew/public_html/reflectivejournals.com/inc/forgot-password.php
<?php
if($decrypt_focus === '[FORGOT_PASSWORD]'):
	if(! isset($_POST['zipcode']) OR $_POST['zipcode'] !== '' OR strlen($_POST['zipcode']) > 0):
		die(result(false, 'You are not authorized user.'));
	endif;

	$email = strip_tags(remspace(sanitize_email(escape($_POST['email']))));

	$stmt = $mysqli->prepare("SELECT * FROM users WHERE email = ?") or die(result(false, "An error occurred. Please try after some time."));
	$stmt->bind_param('s', $email);
	$stmt->execute();
	$stmt->store_result();
	$count_rows = $stmt->num_rows();
	$stmt->close();

	if(empty($email)):
		die(result(false, "Please enter your email address."));
	elseif($count_rows == 0):
		die(result(false, "Email address you have entered doesn't exist."));
	else:
		$newtoken = hash('whirlpool', $email . hash('sha512', $email . time()) . uniqid() . md5(session_id()));
		$subject = 'Password Reset Request on ' . $websitename;
		$body = '<div style="float:left;width:600px;background-color:#eee;padding:15px 20px 20px;text-align:center"><img src="' . $imageurl . 'logo.png" alt="' . $websitename . '" width="100" /><table border="0" cellpadding="0" cellspacing="0" style="width:500px;margin:10px auto 0px;background-color:#fff"><tr><td align="center" valign="middle" style="border:1px solid #ddd;padding:20px 0px"><h3>Reset Password</h3><br clear="all"><p>If you&apos;ve lost your password or wish to reset it,<br clear="all">please click on the button below to get started.</p><br clear="all"><br clear="all"><a href="' . $baseurl . 'forgot-password/reset/' . urlencode($email) . '/' . urlencode($newtoken) . '" target="_blank" style="background-color:#00aff2;color:#fff;font-size:12px;text-decoration:none;padding:10px 12px">Reset Your Password</a><br clear="all"><br clear="all"><br clear="all"><p style="color:#555">If you did not request a password reset, you can safely ignore this email.</p></td></tr></table></div>';

		$to = $email;$cc = "";$bcc = "";$attachments = array();
		if($mailer == 'amazon'):
			@AmazonMail($to, $cc, $bcc, $subject, $body, $attachments, $fromname, $fromemail, $fromname, $fromemail);
		elseif($mailer == 'phpmailer'):
			@PHPMail($to, $cc, $bcc, $subject, $body, $attachments, $fromname, $fromemail, $fromname, $fromemail);
		else:
			die(result(false, "Internal server error."));
		endif;

		$stmt = $mysqli->prepare("UPDATE users SET token = ? WHERE email = ?") or die(result(false, "An error occurred. Please try after some time."));
		$stmt->bind_param('ss', $newtoken, $email);
		$e = $stmt->execute();
		$stmt->close();
		$mysqli->close();
		if($e):
			die(result(true, "An email has been sent containing password reset link to <b>{$email}</b>."));
		else:
			die(result(false, "An error occurred. Please try after some time."));
		endif;
	endif;
elseif($decrypt_focus === '[RESET_PASSWORD]'):
	$email = strip_tags(remspace(sanitize_email(escape($_POST['email']))));
	$newtoken = strip_tags(remspace(sanitize(escape($_POST['resid']))));
	$password = strip_tags(remspace(escape($_POST['password'])));
	$repassword = strip_tags(remspace(escape($_POST['repassword'])));

	if(empty($email)):
		die(result(false, "Email address not found. Please try again."));
	elseif((empty($password) && strlen($password) == 0)):
		die(result(false, "Please enter your password."));
	elseif(strlen($password) < 8):
		die(result(false, "Password should be at least 8 characters long."));
	elseif((empty($repassword) && strlen($repassword) == 0)):
		die(result(false, "Please re-enter your password."));
	elseif($password !== $repassword):
		die(result(false, "Password doesn't match."));
	else:
		$pass = hash('whirlpool', hash('sha512', $password) . hash('sha384', $password . md5($password)) . TOKEN);
		$hash = hash('whirlpool', hash('sha384', $password) . hash('sha512', $password . md5($password)) . TOKEN);
		$null = "";

		$stmt = $mysqli->prepare("UPDATE users SET password = ?, hash = ?, token = ? WHERE (email = ? AND token = ?) LIMIT 1") or die(result(false, "An error occurred. Please try after some time."));
		$stmt->bind_param('sssss', $pass, $hash, $null, $email, $newtoken);
		$e = $stmt->execute();
		$stmt->close();
		$mysqli->close();
		if($e):
			die(result(true, "Your password has been reset successfully."));
		else:
			die(result(false, "An error occurred. Please try after some time."));
		endif;
	endif;
else:
	die(result(false, "Access Denied!."));
endif;
?>

Youez - 2016 - github.com/yon3zu
LinuXploit