| Server IP : 192.169.170.185 / Your IP : 216.73.216.97 Web Server : Apache System : Linux p3plmcpnl495852.prod.phx3.secureserver.net 4.18.0-553.52.1.lve.el8.x86_64 #1 SMP Wed May 21 15:31:29 UTC 2025 x86_64 User : akhilnew ( 1712764) PHP Version : 5.6.40 Disable Function : NONE MySQL : ON | cURL : ON | WGET : ON | Perl : ON | Python : ON | Sudo : OFF | Pkexec : OFF Directory : /home/akhilnew/temp/ |
Upload File : |
<?php
class Login
{
public static function auth()
{
global $mysqli, $adminurl;
$username = filter_input(INPUT_POST, 'username', FILTER_SANITIZE_STRING);
$username = $mysqli->real_escape_string($username);
$password = filter_input(INPUT_POST, 'password', FILTER_SANITIZE_STRING);
$password = $mysqli->real_escape_string($password);
if (empty($username) or strlen($username) === 0) {
return json_encode(array('text' => 'Please enter your username.'));
} elseif (empty($password) or strlen($password) === 0) {
return json_encode(array('text' => 'Please enter your password.'));
} else {
$username = preg_replace('/[^a-zA-Z0-9]/', '', $username);
$password = hash('whirlpool', hash('sha512', $password) . hash('sha384', $password . md5($password)) . base64_encode($password));
$stmt = $mysqli->prepare("SELECT ip, iplogin, status FROM administrator WHERE (username = ? AND password = ?)") or die($mysqli->error);
$stmt->bind_param('ss', $username, $password);
$stmt->execute();
$stmt->store_result();
$count_rows = $stmt->num_rows();
$stmt->bind_result($ip, $iplogin, $status);
$stmt->fetch();
$stmt->close();
if ($count_rows !== 1) {
return json_encode(array('text' => 'Your login credentials is wrong.'));
}
if ($status !== 'enabled') {
return json_encode(array('text' => 'Your account is not enabled.'));
}
if ($iplogin === 'disabled' OR $ip === self::ipAddress()) {
$_SESSION[md5($adminurl . 'user')] = $username;
$_SESSION[md5($adminurl . 'pass')] = $password;
return json_encode(array('surl' => $adminurl . 'u/dashboard'));
} else {
return json_encode(array('html' => self::selectPhone($username)));
}
}
}
private static function selectPhone($username)
{
global $adminurl, $token_id, $token_value;
$html = <<<EOJ
<form action="{$adminurl}login" method="post" name="loginform" autocomplete="off" onsubmit="return post(this)">
<input type="hidden" name="{$token_id}" value="{$token_value}" readonly />
<input type="hidden" name="focus" value="verifyPhone" readonly />
<input type="hidden" name="username" value="{$username}" readonly />
<div class="row">
<div class="col-12 col-md-8 col-lg-4 mx-auto">
<div class="card">
<img src="{$adminurl}bg.png" alt="Login" class="card-img-top" />
<div class="card-body">
<b>2-Step Verification</b>
<label for="phone" class="d-flex align-items-center border p-2 rounded mt-3">
<input type="radio" name="phone" value="7048922346" id="phone" class="float-start me-2" />
<span>7048922346</span>
</label>
</div>
<div class="card-footer">
<button type="submit" id="b" class="btn btn-primary float-end">Send Code</button>
</div>
</div>
</div>
</div>
</form>
EOJ;
return $html;
}
public static function verifyPhone($name = null)
{
global $mysqli, $adminurl, $token_id, $token_value;
$username = filter_input(INPUT_POST, 'username', FILTER_SANITIZE_STRING);
$username = $mysqli->real_escape_string($username);
$phone = filter_input(INPUT_POST, 'phone', FILTER_SANITIZE_NUMBER_INT);
$phone = $mysqli->real_escape_string($phone);
if (empty($username) or strlen($username) === 0) {
return json_encode(array('text' => 'Username not found.'));
} elseif (empty($phone) or strlen($phone) === 0) {
return json_encode(array('text' => 'Please choose phone number.'));
} else {
$stmt = $mysqli->prepare("SELECT * FROM administrator WHERE username = ?") or die($mysqli->error);
$stmt->bind_param('s', $username);
$stmt->execute();
$stmt->store_result();
$count_rows = $stmt->num_rows();
$stmt->close();
if ($count_rows === 1) {
if (in_array($phone, array('7048922346'))) {
$code = substr(str_shuffle('0123456789'), 0, 6);
$message = 'Dear Sir/Madam,' . PHP_EOL . PHP_EOL . 'OTP for login 2-Step Verification Code is ' . $code . ' of ' . $name . '.' . PHP_EOL . PHP_EOL . 'Thank you,' . PHP_EOL . 'AkiNik Publications' . PHP_EOL . 'Ph. No.: +91-9711224068';
$user = urlencode('AkinikT');
$key = urlencode('97cf23f17eXX');
$senderId = urlencode('AKINIK');
$accusage = urlencode('1');
$message = html_entity_decode($message, ENT_QUOTES, 'utf-8');
$message = urlencode($message);
$link = 'http://mobicomm.dove-sms.com/mobicomm/submitsms.jsp';
$link .= '?user=' . $user . '&key=' . $key . '&mobile=' . $phone . '&message=' . $message . '&senderid=' . $senderId . '&accusage=' . $accusage . '&entityid=1201160587333940132&tempid=1207165095988106588';
$http = curl_init($link);
curl_setopt($http, CURLOPT_RETURNTRANSFER, true);
curl_exec($http);
curl_getinfo($http, CURLINFO_HTTP_CODE);
curl_close($http);
$stmt = $mysqli->prepare("UPDATE administrator SET code = ? WHERE username = ?") or die($mysqli->error);
$stmt->bind_param('ss', $code, $username);
$stmt->execute();
$stmt->close();
$html = <<<EOJ
<form action="{$adminurl}login" method="post" name="loginform" autocomplete="off" onsubmit="return post(this)">
<input type="hidden" name="{$token_id}" value="{$token_value}" readonly />
<input type="hidden" name="username" value="{$username}" readonly />
<input type="hidden" name="focus" value="code_verification" readonly />
<div class="row">
<div class="col-12 col-md-8 col-lg-4 mx-auto">
<div class="card">
<img src="{$adminurl}bg.png" alt="Login" class="card-img-top" />
<div class="card-body">
<div class="mb-3">
<label for="code" class="form-label">Code</label>
<input type="text" name="code" id="code" class="form-control">
</div>
<div class="mb-3">
Code sent to - <b style="font-weight:500">{$phone}</b>
</div>
</div>
<div class="card-footer">
<button type="submit" id="b" class="btn btn-primary float-end">Done</button>
</div>
</div>
</div>
</div>
</form>
EOJ;
return json_encode(array('html' => $html));
} else {
return json_encode(array('text' => 'Invalid phone number.'));
}
} else {
return json_encode(array('text' => 'Invalid username.'));
}
}
}
public static function code_verification()
{
global $mysqli, $adminurl;
$username = filter_input(INPUT_POST, 'username', FILTER_SANITIZE_STRING);
$username = $mysqli->real_escape_string($username);
$code = filter_input(INPUT_POST, 'code', FILTER_SANITIZE_NUMBER_INT);
$code = $mysqli->real_escape_string($code);
if (empty($username) OR strlen($username) === 0) {
return json_encode(array('text' => 'Username not found.'));
} elseif (empty($code) OR strlen($code) === 0) {
return json_encode(array('text' => 'Please enter your 6-digit code.'));
} elseif (strlen($code) !== 6) {
return json_encode(array('text' => 'Please enter only 6-digit code.'));
} elseif (filter_var($code, FILTER_VALIDATE_INT) === false && !ctype_digit($code)) {
return json_encode(array('text' => 'Please enter a valid code.'));
} else {
$stmt = $mysqli->prepare("SELECT password FROM administrator WHERE (username = ? AND code = ?)") or die($mysqli->error);
$stmt->bind_param('ss', $username, $code);
$stmt->execute();
$stmt->store_result();
$count_rows = $stmt->num_rows();
$stmt->bind_result($password);
$stmt->fetch();
$stmt->close();
if ($count_rows === 1) {
$stmt = $mysqli->prepare("UPDATE administrator SET code = NULL WHERE username = ?") or die(output($this->mysqli->error));
$stmt->bind_param('s', $username);
$stmt->execute();
$stmt->close();
$_SESSION[md5($adminurl . 'user')] = $username;
$_SESSION[md5($adminurl . 'pass')] = $password;
return json_encode(array('surl' => $adminurl . 'u/dashboard'));
} else {
return json_encode(array('text' => 'Incorrect verification code.'));
}
}
}
public static function check()
{
global $mysqli, $adminurl;
$username = isset($_SESSION[md5($adminurl . 'user')]) ? $_SESSION[md5($adminurl . 'user')] : null;
$password = isset($_SESSION[md5($adminurl . 'pass')]) ? $_SESSION[md5($adminurl . 'pass')] : null;
return $username;
if ($username && $password) {
$stmt = $mysqli->prepare("SELECT * FROM administrator WHERE (username = ? AND password = ?)") or die($mysqli->error);
$stmt->bind_param('ss', $username, $password);
$stmt->execute();
$stmt->store_result();
$count_rows = $stmt->num_rows();
$stmt->close();
return $count_rows === 1;
}
return false;
}
private static function ipAddress()
{
$ipaddress = '';
if (getenv('HTTP_CLIENT_IP'))
$ipaddress = getenv('HTTP_CLIENT_IP');
else if (getenv('HTTP_X_FORWARDED_FOR'))
$ipaddress = getenv('HTTP_X_FORWARDED_FOR');
else if (getenv('HTTP_X_FORWARDED'))
$ipaddress = getenv('HTTP_X_FORWARDED');
else if (getenv('HTTP_FORWARDED_FOR'))
$ipaddress = getenv('HTTP_FORWARDED_FOR');
else if (getenv('HTTP_FORWARDED'))
$ipaddress = getenv('HTTP_FORWARDED');
else if (getenv('REMOTE_ADDR'))
$ipaddress = getenv('REMOTE_ADDR');
else
$ipaddress = 'UNKNOWN';
return $ipaddress;
}
}