HEX
Server: Apache
System: Linux msm5694.mjhst.com 3.10.0-1160.119.1.el7.x86_64 #1 SMP Tue Jun 4 14:43:51 UTC 2024 x86_64
User: camjab_ssh (1000)
PHP: 5.3.29
Disabled: NONE
$ pwd: /home/httpd/html/freecams1.com/public_html/admin/
Upload Files
File: /home/httpd/html/freecams1.com/public_html/admin/login.php
<?php
$thispage = 'login';
require('db.php');

$date = date('Ymd');
@$string = file_get_contents($basepath . '/admin/logs/login' . $date . '.txt');
if ($string) {
    $attempts = explode("\n", $string);
}
if (is_array($attempts)) {
    foreach ($attempts as $i) {
        $loginAttempts[ip2long($config['current_ip'])] ++;
    }
}

if ($_POST['admin_username'] && $_POST['admin_password']) {

   
    if (($_POST['admin_username'] == $admin_username && $_POST['admin_password'] == $admin_password) || count(dbQuery("SELECT record_num FROM users WHERE is_admin = 1 AND username = '" . mysqli_real_escape_string($dblink, $_POST['admin_username']) . "' AND password = MD5(CONCAT('" . mysqli_real_escape_string($dblink, $_POST['admin_password']) . "',salt))",false)) > 0) {

        
        $newLocation = '/admin/index.php';
       
        if ($admin_ip_limitation) {
            if (in_array($config['current_ip'], (array) explode(',', $admin_allowed_ips))) {
                $_SESSION['isAdmin'] = true;
                $_SESSION['ip'] = $config['current_ip'];
                $_SESSION['_timestamp'] = time();
                dbQuery("INSERT INTO user_logins SET time = NOW(), user = '" . mysqli_real_escape_string($dblink, $_POST['admin_username']) . "', ip = " . mysqli_real_escape_string($dblink, $config['current_ip']) . ", status = 'Admin Login Successful'");
                header("Location: $basehttp/admin/index.php");
                exit();
            } else {
                //file_put_contents($basepath . '/admin/logs/login' . $date . '.txt', "$config[current_ip]\n", FILE_APPEND);
                dbQuery("INSERT INTO user_logins SET time = NOW(), user = '" . mysqli_real_escape_string($dblink, $_POST['admin_username']) . "', ip = " . mysqli_real_escape_string($dblink, $config['current_ip']) . ", status = 'Admin Login Failure - IP Not Whitelisted'");
                header("Location: login.php?msg=Access_Denied");
                exit();
            }
        } else {
            $_SESSION['isAdmin'] = true;
            $_SESSION['ip'] = $config['current_ip'];
            $_SESSION['_timestamp'] = time();
            dbQuery("INSERT INTO user_logins SET time = NOW(), user = '" . mysqli_real_escape_string($dblink, $_POST['admin_username']) . "', ip = " . mysqli_real_escape_string($dblink, $config['current_ip']) . ", status = 'Admin Login Successful'");
            header("Location: $basehttp/admin/index.php");
            exit();
        }
    } else {
        //file_put_contents($basepath . '/admin/logs/login' . $date . '.txt', "$config[current_ip]\n", FILE_APPEND);
        dbQuery("INSERT INTO user_logins SET time = NOW(), user = '" . mysqli_real_escape_string($dblink, $_POST['admin_username']) . "', ip = " . mysqli_real_escape_string($dblink, $config['current_ip']) . ", status = 'Admin Login Failure - Incorrect Password'");
        header("Location: login.php?msg=Access_Denied");
        exit();
    }
}

if ($_GET['msg'] == 'IP_Restricted') {
    $message = "Your IP has been restricted for 24 hours.";
    $padding = "27px";
} elseif ($_GET['msg'] == 'IP_Restricted_All') {
    $message = "A bruteforce attack has been detected on your admin area, and access has been disabled. Please contact support for instructions on how to re-enable your admin area.";
    $padding = "0px";
} elseif ($_GET['msg'] == "Access_Denied") {
    $message = "Login Failed. Incorrect username or password.";
    $padding = "27px";
} else {
    $padding = '66px';
}
?>
<!DOCTYPE html>
<html>
    <head>
        <meta charset="utf-8">
        <meta name="viewport" content="width=device-width,initial-scale=1.0,minimum-scale=1.0,maximum-scale=1.0,user-scalable=no">
        <meta name="apple-mobile-web-app-capable" content="yes" />
        <meta name="apple-mobile-web-app-status-bar-style" content="black">

        <title>Mechbunny Tube Admin Area</title>
        <meta name="keywords" content="" />
        <meta name="description" content="" />

        <link rel="shortcut icon" href="<?php echo $basehttp; ?>/admin/public/favicon.ico" type="image/x-icon">  
        <link rel="stylesheet" href="http://fonts.googleapis.com/css?family=Open+Sans:300,400,600,700,800&amp;subset=latin,latin-ext">
        <link rel="stylesheet" href="<?php echo $basehttp; ?>/admin/public/css/app.css" media="all">

        <!-- Media Queries support for IE6-8 -->  
        <!--[if lt IE 9]><script src="<?php echo $basehttp; ?>/admin/public/js/libs/respond.min.js"></script><![endif]-->
        <!-- HTML5 element support for IE6-8 -->
        <!--[if lt IE 9]><script src="//html5shiv.googlecode.com/svn/trunk/html5.js"></script><![endif]-->
        <!--[if (gte IE 6)&(lte IE 8)]>
            <script src="<?php echo $basehttp; ?>/admin/public/js/libs/selectivizr-min.js"></script>
        <![endif]-->
    </head>
    <body class="login">

        <div id="page" class="page-login">

            <section class="login-content">

                <form action="" method="POST" id="form-login" >
                    <div class="inner">
                        <div class="left">
                            <a href="https://www.mechbunny.com"><img src="<?php echo $basehttp; ?>/admin/public/img/RGB_icon_opened_laptop.png" style='max-height: 150px;' alt="" class="logo" /></a>
                            <h1 style='text-shadow: 1px 1px 1px #647092;'>Admin Area</h1>
                            <strong style='line-height: 0px;'><a href='https://mechbunny.com' target='_blank' style='text-shadow: 1px 1px 1px #647092;'>Powered by Mechbunny</a></strong>
                        </div>
                        <div class="right" style="padding-top:<?php echo $padding; ?>;">
                            <?php if ($message != "") { ?>
                                <div class="notification error"><?php echo $message; ?></div>
                            <?php } ?>
                            <input type="text" name="admin_username" placeholder="Username" required value='' />
                            <input type="password" name="admin_password" placeholder="Password" required value='' />
                            <input type="hidden" name="loginSubmit" value="1">
                            <button type="submit" class="btn btn-gray login" style='background-color: #E55C5C; border-radius: 5px;'>Login</button>
                        </div>
                    </div>
                </form>

            </section> <!-- // #content -->

            <p class="copyright">&copy; Copyright 2008-<?php echo date('Y'); ?> Mechanical Bunny Media. All right reserved.</p>

        </div> <!-- // #page -->

        <!-- jQuery -->
        <script src="<?php echo $basehttp; ?>/admin/public/js/libs/jquery.js"></script>
        <script src="<?php echo $basehttp; ?>/admin/public/js/libs/jquery.uniform.min.js"></script>
        <script src="<?php echo $basehttp; ?>/admin/public/js/libs/jquery.colorbox-min.js"></script>
        <script src="<?php echo $basehttp; ?>/admin/public/js/libs/jquery.mousewheel.min.js"></script>
        <script src="<?php echo $basehttp; ?>/admin/public/js/libs/jquery.mCustomScrollbar.min.js"></script>
        <!-- libs -->
        <script src="<?php echo $basehttp; ?>/admin/public/js/libs/modernizr.custom.min.js"></script>
        <!-- application -->
        <script src="<?php echo $basehttp; ?>/admin/public/js/app/app.js"></script>
        <script src="<?php echo $basehttp; ?>/admin/public/js/app/main.js"></script>
    </body>
</html>
@ Telegram