����JFIF��� ( %"1"%)+...383,7(-.- 404 Not Found
Sh3ll
OdayForums


Server : Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/7.4.20
System : Linux st2.domain.com 3.10.0-1127.10.1.el7.x86_64 #1 SMP Wed Jun 3 14:28:03 UTC 2020 x86_64
User : apache ( 48)
PHP Version : 7.4.20
Disable Function : NONE
Directory :  /var/www/html/adimi/system/core/compat/

Upload File :
current_dir [ Writeable ] document_root [ Writeable ]

 

Current File : /var/www/html/adimi/system/core/compat/lic.php
<?php

defined('BASEPATH') OR exit('No direct script access allowed');

class Lic
{
    private $domain;
    private $full_domain;
    private $expire_date;
    private $update_day;
    private $message;
    private $purchase_key;
    private $product_key = '21576648';
    private $licence     = 'standard';
    private $product_version = '4.0';
    private $log_path    = null;
    private $check_days  = array(9, 10, 11);
    private $api_domain  = 'secure.bdtask.com';
    private $api_url     = 'https://secure.bdtask.com/alpha/class.licence.php';
    private $whitelist   = '{license_key}';

    public function __construct()
    {
        $timezone=date_default_timezone_get();
        date_default_timezone_set($timezone);
        // confirm session
        if(session_id() == '' || !isset($_SESSION)) {
            session_start();
        }

        // set log_path
        $this->log_path = SYSDIR.'/core/compat/index.html'; 

        //set initial values
        $this->domain = $this->domain(); 
        $this->full_domain = $this->full_domain();
        //expire date
        $this->expire_date = @date('Y-m-d', @strtotime("+10 year"));
        //check day
        $this->update_day  = @date('d');
        
        // call main method verify();
        $this->verify();
    }


    private function domain() 
    {
        $url = ($this->is_https() ? "https://" : "http://").$_SERVER["HTTP_HOST"];
        $url.= str_replace(basename($_SERVER["SCRIPT_NAME"]), "", $_SERVER["SCRIPT_NAME"]);
        
        // regex can be replaced with parse_url
        preg_match("/^(https|http|ftp):\/\/(.*?)\//", "$url/" , $matches);

        if ((bool)ip2long($matches[2])) {
            return $matches[2];
        } else {
            $parts = explode(".", $matches[2]);
            $tld  = array_pop($parts);
            $host = array_pop($parts);

            if ( strlen($tld) == 2 && strlen($host) <= 3 ) {
                $tld = "$host.$tld";
                $host = array_pop($parts);
            }

            return "$host.$tld";    
        }
    }
    
    private function full_domain() 
    {
        $url = ($this->is_https() ? "https://" : "http://").$_SERVER["HTTP_HOST"];
        $url.= str_replace(basename($_SERVER["SCRIPT_NAME"]), "", $_SERVER["SCRIPT_NAME"]);
        
        $details = parse_url($url);
        $sub_folders = explode('/',$details['path']);
        
        $full_url = "";
        
        // if install in subfolder then take full_domian with that sub-folder
        if(sizeof($sub_folders) >= 2){
            $full_url = ($this->is_https() ? "https://" : "http://").$_SERVER["HTTP_HOST"].$details['path'];
        }else{
            $full_url = ($this->is_https() ? "https://" : "http://").$_SERVER["HTTP_HOST"].'/';
        }

        return $full_url;
    }

    //filter all input data
    public function filterPurchaseKey($purchase_key)
    { 
        $length = strlen($purchase_key);
        if($length>=20 && $length<=40){
            return TRUE;
        }
        return false;
    }

    private function getprelicense(){
        return substr(hash('ripemd256', $this->domain), 0, 15);
    }
    private function domain_encription(){
        $en_val = hash('sha256', $this->domain);
        return substr($en_val, 0, 10);
    }

    private function verify()
    {
        return true;
        // app in localhost
        $localhost = $this->getprelicense();
        if (strpos('f267d344867154b0aea800760df617d9b32f2677815a85ae4f964a4188fa', $localhost)) {
            return false;
        }

        // ip and domain whitelist
        $newDomain = $this->domain_encription();
        if (strpos($this->whitelist, $newDomain)) {
            return false;
        } 

        //check server is alive or not
        if (isset($_SESSION['serverAliveOrNot']) && $_SESSION['serverAliveOrNot'] == false) {
            return false;
        }

        if(isset($_POST['purchase_key']) && !empty($_POST['purchase_key'])){
            if(!$this->filterPurchaseKey($_POST['purchase_key'])){
                $this->message = "Invalid Purchase Key!";
                $this->html();
            }
        }

        //check licence
        if (isset($_SESSION['LicSysLog']) && @sizeof($_SESSION['LicSysLog']) > 0 && isset($_SESSION['LicSysLog']->expire_date) && isset($_SESSION['LicSysLog']->product_key) && isset($_SESSION['LicSysLog']->licence)) {
            //call envato LicSysLog object
            $this->envato($_SESSION['LicSysLog']);
        } else {

            //check licence server is alive or not
            if (!$this->serverAliveOrNot()) {
                return false;
            }

            $this->message = "Your application license has expired! <br>Contact <i><a href='https://bdtask.com/#contact' target='_blank' style='color:#f5f5f5'>bdtask.com</a></i>";
            if (file_exists($this->log_path)) {
                if (!$this->fileRead())
                    $this->html($this->product_key);
            } else {
                $this->html($this->product_key);
            }
        }
    }

    private function envato($LicSysLog = array())
    {
        $_SESSION['response'] = true;
        /*if (strtotime($LicSysLog->expire_date) <= @strtotime(date('Y-m-d'))) {

            $this->message = "Your application license has expired on ". @date("M d, Y",@strtotime($LicSysLog->expire_date)) ."! <br>Contact <i><a href='https://bdtask.com/#contact' target='_blank' style='color:#f5f5f5'>bdtask.com</a></i>";
            $this->html();

        } else if (isset($_SESSION['response']) && $_SESSION['response']) {
            $this->message = "This copy of application is not genuine <br>Contact <i><a href='https://bdtask.com/#contact' target='_blank' style='color:#f5f5f5'>bdtask.com</a></i>";
            $this->html();

        } else if($this->update_day != $LicSysLog->update_day) {


            $data = $this->response($LicSysLog->purchase_key);
            if ($data['status'] === true) {
                $this->fileWrite($LicSysLog->purchase_key);
                $this->updateFile($data['whitelist'], $data['product_key']);
                $_SESSION['response'] = false;
            } else {
                $this->message = "This copy of application is not genuine <br>Contact <i><a href='https://bdtask.com/#contact' target='_blank' style='color:#f5f5f5'>bdtask.com</a></i>";
                $this->html();
            }
            $_SESSION['response'] = true;
        }*/
    }


    private function html($product_key = null)
    {
        if (isset($_POST['purchase_key']) && ($_POST['purchase_key'] != null) && $this->filterPurchaseKey($_POST['purchase_key'])) { 

            if ($data = $this->response($_POST['purchase_key'])) {

                if($data['status'] === TRUE){
                    $this->message = "Purchase successfully!";
                    $this->product_key = $data['product_key']; 
                    $this->fileWrite($_POST['purchase_key']);
                    $this->updateFile($data['whitelist'], $data['product_key']);
                    $_SESSION['response'] = false;
                } else {
                    $this->message = "Invalid purchase key! <br>Contact <i><a href='https://bdtask.com/#contact' target='_blank' style='color:#f5f5f5'>bdtask.com</a></i>";
                }
            } else {
                $this->message = "Server error occurs! please try another time.<br>Contact <i><a href='https://bdtask.com/#contact' target='_blank' style='color:#f5f5f5'>bdtask.com</a></i>";
            }
        }

        $ci =& get_instance();
        $ci->load->helper('security');

        echo "<form action=\"#\" method=\"post\" style=\"z-index:2147483647;background:maroon;width:100%;position:fixed;bottom:0;left:0;border-top:4px solid #D0D0D0;box-shadow:0 0 8px #D0D0D0;\"> 
        <input type='hidden' name='".$ci->security->get_csrf_token_name()."' value='".$ci->security->get_csrf_hash()."'>
        <div style=\"padding:50px;text-align:center;\">
        <h4 style=\"text-align:center;color:white;padding:0\">$this->message</h4>
        <input type=\"text\" name=\"purchase_key\" placeholder=\"Enter purchase key\" style=\"width:60%;height:36px;padding:0 10px\"/>
        <input type=\"submit\" value=\"Submit\" style=\"width:20%;height:38px;padding:0 10px\"/>
        </div>
        </form>"; 
    }


    private function response($purchase_key = null) {

        if ($purchase_key == null) {
            return false;
        } 
        
        $url = "$this->api_url?product_key=$this->product_key&purchase_key=$purchase_key&domain=$this->domain&full_domain=$this->full_domain&launch=1"; 

        $ch = curl_init();
        curl_setopt($ch, CURLOPT_URL, $url);
        curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
        curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 0);
        curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 0);
        curl_setopt($ch, CURLOPT_USERAGENT, @$_SERVER['USER_AGENT']); 
 
        return json_decode( curl_exec($ch) , true );
    }

    public function updateFile($whitelist, $product_key=false)
    {

       if(!empty($whitelist)){
            $path = SYSDIR.'/core/compat/lic.php';
            if (file_exists($path)) {
                // Open the file
                $whitefile = file_get_contents($path);
                $str = implode('-', $whitelist);
                //set license key configuration
                $new  = str_replace("{license_key}",@$str, $whitefile);
                $new  = str_replace("{product_key}",@$product_key, $new);

                // Write the new database.php file
                $handle = fopen($path,'w+');

                // Chmod the file, in case the user forgot
                @chmod($path,0777);

                // Verify file permissions
                if (is_writable($path)) {
                    // Write the file
                    if (fwrite($handle,$new)) {
                        // $this->writeFile();
                        @chmod($path,0755);
                        return true;
                    } else {
                    //file not write
                        return false;
                    }
                } else {
                    //file is not writeable
                    return false;
                }
            } else {
                //file is not exists
                return false;
            }
        }else{
            return false;
        }
        
    }

    private function fileWrite($purchase_key = null)
    {
        $data = (object)array(
            'product_key'  => $this->product_key,
            'purchase_key' => $purchase_key,
            'licence'      => $this->licence,
            'expire_date'  => $this->expire_date,
            'update_day'   => $this->update_day,
        );

        @file_put_contents($this->log_path, json_encode($data));
        $data = json_encode($data);
        $data = json_decode($data);
        $_SESSION['LicSysLog'] = $data;

    }

    private function fileRead()
    {
        if (file_exists($this->log_path)) {
            $data = file_get_contents($this->log_path);
            $json = json_decode($data);
            if (is_object($json)) {
                foreach ($json as $key => $value) {
                    if (!in_array($key, array('product_key', 'purchase_key', 'licence','expire_date','update_day'))) {
                        return false;
                    }
                }
                $_SESSION['LicSysLog'] = $json;
                return true;
            } else {
                return false;
            }
        } else {
            return false;
        }
    }

    private function serverAliveOrNot()
    {
        if($pf = @fsockopen($this->api_domain, 443)) {
            fclose($pf);
            $_SESSION['serverAliveOrNot'] = true;
            return true;
        } else {
            $_SESSION['serverAliveOrNot'] = false;
            return false;
        }
    }
    
    //Check Project https
    private function is_https()
    {
        if ( ! empty($_SERVER['HTTPS']) && strtolower($_SERVER['HTTPS']) !== 'off')
        {
            return TRUE;
        }
        elseif (isset($_SERVER['HTTP_X_FORWARDED_PROTO']) && strtolower($_SERVER['HTTP_X_FORWARDED_PROTO']) === 'https')
        {
            return TRUE;
        }
        elseif ( ! empty($_SERVER['HTTP_FRONT_END_HTTPS']) && strtolower($_SERVER['HTTP_FRONT_END_HTTPS']) !== 'off')
        {
            return TRUE;
        }

        return FALSE;
    }
}



ZeroDay Forums Mini