403Webshell
Server IP : 172.64.80.1  /  Your IP : 172.70.127.136
Web Server : Apache
System : Linux mail.federalpolyede.edu.ng 5.10.0-32-amd64 #1 SMP Debian 5.10.223-1 (2024-08-10) x86_64
User : federalpolyede.edu.ng_idh35skikv ( 10000)
PHP Version : 7.4.33
Disable Function : opcache_get_status
MySQL : OFF  |  cURL : ON  |  WGET : OFF  |  Perl : OFF  |  Python : OFF  |  Sudo : OFF  |  Pkexec : OFF
Directory :  /var/www/vhosts/federalpolyede.edu.ng/httpdocs_backup/entranceform/

Upload File :
current_dir [ Writeable ] document_root [ Writeable ]

 

Command :

[ Back ]     

Current File : /var/www/vhosts/federalpolyede.edu.ng/httpdocs_backup/entranceform/createAccount_process.php
<?php
ob_start();
require_once('../connect.php');
$db=db_connect();
extract($_POST);
if ($formTypea=='utmeFormn'){
    die("An Error Occured");
}

$trans=substr($phoneNumber,7);
$sql=$db->query("select * from entrancetable where gsm='$phoneNumber' and formType='$formTypea'");
$sql_fetch=$sql->fetch(PDO::FETCH_BOTH);
$num_phone=$sql->rowCount();
if ($num_phone>0){
    header('location:createAccount.php?id=5');
}elseif ($pass1<>$pass2) {
    header('location:createAccount.php?id=1');
}elseif (strlen($trans)<>4) {
   header('location:createAccount.php?id=3');
  //  echo count($trans);
}elseif ($dept==0) {
    header('location:createAccount.php?id=4');
}else {
    $transID = mt_rand(100000, 999999) . $trans;
    $surName = str_replace("'", "''", $surName);
    $otherNames = str_replace("'", "''", $otherNames);
   $pass2=md5($pass1);
 /*   echo $formTypea.'<br>';
    echo $surName.'<br>';
    echo $otherNames.'<br>';
    echo $pass2.'<br>';
    echo $phoneNumber.'<br>';
    echo $eMail.'<br>';
    echo $dept.'<br>';
    echo $transID.'<br>';*/

    // $sql_a->execute();
    //INSERT INTO `entrancetable` (`sn`, `surname`, `othernames`, `password`, `gsm`, `email`, `course`, `transID`, `dateCreated`, `formType`, `dept`, `formNo`) VALUES (NULL, 'wq', '1', '2', '3', '4', '5', '6', CURRENT_TIMESTAMP, '7', '8', '9');
if($formTypea=='hndForm'){
    $inst_nme='0';
    if($inst_name=="9"){
        die("This Service will be available Shortly. Thanks");
    }
}else{
    $inst_name='0';
}

    $sql_query="INSERT INTO entrancetable (`sn`, `surname`, `othernames`, `password`, `gsm`, `email`, `course`, `transID`,`formType`,`dept`,`formNo`) VALUES (?,?,?,?,?,?,?,?,?,?,?)";
    $sql_a = $db->prepare($sql_query);
   $sql_a->execute([NULL,$surName,$otherNames,$pass2,$phoneNumber,$eMail,$dept,$transID,$formTypea,$dept,'']);
//echo "INSERT INTO `fedpoly`.`entrancetable` (`sn`, `surname`, `othernames`, `password`, `gsm`, `email`, `course`, `transID`,`formType`,`dept`,`formNo`)
 //VALUES (NULL, '$surName', '$otherNames', '$pass2', '$phoneNumber', '$eMail', '$dept', '$transID','$formTypea','$dept','')";
  // $sql_a = $db->query("INSERT INTO `fedpoly`.`entrancetable` (`sn`, `surname`, `othernames`, `password`, `gsm`, `email`, `course`, `transID`,`formType`,`dept`,`formNo`)
 //VALUES (NULL, '$surName', '$otherNames', '$pass2', '$phoneNumber', '$eMail', '$dept', '$transID','$formTypea','$dept','')");
    //  $result = mysql_query($sql);
    ?>
    <div align="center">
<?php

    if ($sql_a) {
    //=================================
   $sent = "[email protected]";
    $header  = "MIME-Version: 1.0" . "\r\n";
    $header .= "Content-type: text/html; charset=iso-8859-1" . "\r\n";
    $header .= "To: <".$eMail.">" . "\r\n";
    $subject="Federal Poly Ede | Account Creation";
//    $message="<img src='https://federalpolyede.edu.ng/images/logo.png'><h2><br>Your Account Created Successfully</h2>";
        $message="<img src='../images/logo.png'><h2><br>Your Account Created Successfully</h2>";
    $message.="<br><b>Name:</b> ".strtoupper($surName)." ".$otherNames;
    $message.=" <br><b>Transaction ID:</b> ".$transID;
        $message.=" <br><b>Password:</b> ".$pass1;
    $message.=" <br><b>Date:</b> ".DATE("d-m-y H:i:s");

   $sql_dept=$db->query("select * from dept where sn=$dept");
        $sql_fetch_dept=$sql_dept->fetch(PDO::FETCH_BOTH);
    $deptName=  $sql_fetch_dept['dOption'];
    $message.="<br><b>Department:</b> ".$deptName;
        $message.="<a href=login_process.php?user=".$transID ."&pass=".$pass1."><p>Click Here to Proceed</a>";
//        $message.='<div style="color: #FF0000"><a href="index_pay_question.php" style="color: #FF0000"><h1>Click Here to Pay for Electronic Preparatory Questions For POST UTME</h1></a></div>';
        $message = str_replace("\n.", "\n..", $message);

   $header .= "From: ".$sent."\r\n";
   $header .= "Reply-to: ".$sent."\r\n";
//    mail($eMail, $subject, $message,$header);
        @mail($eMail,$subject,$message,$header);
//        mail($eMail,"My subject","hello");
        echo $message;
        require_once ("sendMail.php");
        $email=$eMail;
        $surName=strtoupper($surName);
        SendSMTPLoginMail($email, $surName,$transID, $pass1);
    //===============================
}
}
ob_end_flush();
?>

<div style="color: #0000FF;"><h1>Write Down Your Details Before You Proceed</h1></div>
<form>

    <input type="button"  value="Click to Print" onclick="print()" >
</form>

    </div>

Youez - 2016 - github.com/yon3zu
LinuXploit