403Webshell
Server IP : 172.64.80.1  /  Your IP : 216.73.216.175
Web Server : LiteSpeed
System : Linux srv13.swhc.ca 4.18.0-553.126.2.lve.el8.x86_64 #1 SMP Thu May 28 14:12:30 UTC 2026 x86_64
User : hongluck ( 2522)
PHP Version : 7.4.33
Disable Function : NONE
MySQL : OFF  |  cURL : ON  |  WGET : ON  |  Perl : ON  |  Python : ON  |  Sudo : OFF  |  Pkexec : OFF
Directory :  /home/hongluck/public_html/old site/webcal/includes/

Upload File :
current_dir [ Writeable ] document_root [ Writeable ]

 

Command :


[ Back ]     

Current File : /home/hongluck/public_html/old site/webcal/includes/connect.php
<?php
if ( empty ( $PHP_SELF ) && ! empty ( $_SERVER ) &&
  ! empty ( $_SERVER['PHP_SELF'] ) ) {
  $PHP_SELF = $_SERVER['PHP_SELF'];
}
if ( ! empty ( $PHP_SELF ) && preg_match ( "/\/includes\//", $PHP_SELF ) ) {
    die ( "You can't access this file directly!" );
}

// db settings are in config.php

// Establish a database connection.
// This may have happened in validate.php, depending on settings.
// If not, do it now.
if ( empty ( $c ) ) {
  $c = dbi_connect ( $db_host, $db_login, $db_password, $db_database );
  if ( ! $c ) {
    die_miserable_death (
      "Error connecting to database:<blockquote>" .
      dbi_error () . "</blockquote>\n" );
  }
  // Do a sanity check on the database, making sure we can
  // at least access the webcal_config table.
  if ( function_exists ( "doDbSanityCheck" ) ) {
    doDbSanityCheck ();
  }
}

// If we are in single user mode, make sure that the login selected is
// a valid login.
if ( $single_user == 'Y' ) {
  if ( empty ( $single_user_login ) ) {
    die_miserable_death ( "You have not defined <tt>single_user_login</tt> in " .
      "<tt>includes/settings.php</tt>" );
  }
  $res = dbi_query ( "SELECT COUNT(*) FROM webcal_user " .
    "WHERE cal_login = '$single_user_login'" );
  if ( ! $res ) {
    echo "Database error: " . dbi_error (); exit;
  }
  $row = dbi_fetch_row ( $res );
  if ( $row[0] == 0 ) {
    // User specified as single_user_login does not exist
    if ( ! dbi_query ( "INSERT INTO webcal_user ( cal_login, " .
      "cal_passwd, cal_is_admin ) VALUES ( '$single_user_login', " .
       "'" . md5($single_user_login) . "', 'Y' )" ) ) {
      die_miserable_death ( "User <tt>$single_user_login</tt> does not " .
        "exist in <tt>webcal_user</tt> table and was not able to add " .
        "it for you:<br /><blockquote>" .
        dbi_error () . "</blockquote>" );
    }
    // User was added... should we tell them?
  }
  dbi_free_result ( $res );
}


// global settings have not been loaded yet, so check for public_access now
$res = dbi_query ( "SELECT cal_value FROM webcal_config " .
  "WHERE cal_setting = 'public_access'" );
$pub_acc_enabled = false;
if ( $res ) {
  if ( $row = dbi_fetch_row ( $res ) ) {
    if ( $row[0] == "Y" )
      $pub_acc_enabled = true;
  }
  dbi_free_result ( $res );
}
if ( $pub_acc_enabled ) {
  $res = dbi_query ( "SELECT cal_value FROM webcal_config " .
    "WHERE cal_setting = 'public_access_can_add'" );
  if ( $res ) {
    if ( $row = dbi_fetch_row ( $res ) ) {
      $public_access_can_add = $row[0];
    }
    dbi_free_result ( $res );
  }
}

// Debugging stuff :-)
//echo "pub_acc_enabled = " . ( $pub_acc_enabled ? "true" : "false" ) . " <br />";
//echo "session_not_found = " . ( $session_not_found ? "true" : "false" ) . " <br />";
//echo "use_http_auth = " . ( $use_http_auth ? "true" : "false" ) . " <br />";
//echo "PHP_AUTH_USER = $PHP_AUTH_USER <br />";
//echo "login = $login <br />";


if ( empty ( $PHP_SELF ) )
  $PHP_SELF = $_SERVER["PHP_SELF"];

if ( empty ( $login_url ) )
  $login_url = "login.php";
if ( strstr ( $login_url, "?" ) )
  $login_url .= "&amp;";
else
  $login_url .= "?";
if ( ! empty ( $login_return_path ) )
  $login_url .= "return_path=$login_return_path";
 

if ( empty ( $session_not_found ) )
  $session_not_found = false;

if ( $pub_acc_enabled && ! empty ( $session_not_found ) ) {
  $login = "__public__";
  $is_admin =  false;
  $lastname = "";
  $firstname = "";
  $fullname = "Public Access"; // Will be translated after translation is loaded
  $user_email = "";
} else if ( ! $pub_acc_enabled && $session_not_found && ! $use_http_auth ) {
  do_redirect ( $login_url );
  exit;
}

if ( empty ( $login ) && $use_http_auth ) {
  if ( strstr ( $PHP_SELF, "login.php" ) ) {
    // ignore since login.php will redirect to index.php
  } else {
    send_http_login ();
  }
} else if ( ! empty ( $login ) ) {
  // they are already logged in ($login is set in validate.php)
  if ( strstr ( $PHP_SELF, "login.php" ) ) {
    // ignore since login.php will redirect to index.php
  } else if ( $login == "__public__" ) {
    $is_admin =  false;
    $lastname = "";
    $firstname = "";
    $fullname = "Public Access";
    $user_email = "";
  } else {
    user_load_variables ( $login, "login_" );
    if ( ! empty ( $login_login ) ) {
      $is_admin =  ( $login_is_admin == "Y" ? true : false );
      $lastname = $login_lastname;
      $firstname = $login_firstname;
      $fullname = $login_fullname;
      $user_email = $login_email;
    } else {
      // Invalid login
      if ( $use_http_auth ) {
        send_http_login ();
      } else {
        // This shouldn't happen since login should be validated in validate.php
        // If it does happen, it means we received an invalid login cookie.
        //echo "Error getting user info for login \"$login\".";
        do_redirect ( $login_url . "&amp;error=Invalid+session+found." );
      }
    }
  }
}
//else if ( ! $single_user ) {
//  echo "Error(3)! no login info found: " . dbi_error () . "<br /><span style=\"font-weight:bold;\">SQL:</span> $sql";
//  exit;
//}

// If they are accessing using the public login, restrict them from using
// certain pages.
$not_auth = false;
if ( ! empty ( $login ) && $login == "__public__" ) {
  if ( strstr ( $PHP_SELF, "views.php" ) ||
    strstr ( $PHP_SELF, "views_edit_handler.php" ) ||
    strstr ( $PHP_SELF, "category.php" ) ||
    strstr ( $PHP_SELF, "category_handler.php" ) ||
    strstr ( $PHP_SELF, "activity_log.php" ) ||
    strstr ( $PHP_SELF, "admin.php" ) ||
    strstr ( $PHP_SELF, "adminhome.php" ) ||
    strstr ( $PHP_SELF, "admin_handler.php" ) ||
    strstr ( $PHP_SELF, "groups.php" ) ||
    strstr ( $PHP_SELF, "group_edit_handler.php" ) ||
    strstr ( $PHP_SELF, "pref.php" ) ||
    strstr ( $PHP_SELF, "pref_handler.php" ) ||
    strstr ( $PHP_SELF, "edit_user.php" ) ||
    strstr ( $PHP_SELF, "edit_user_handler.php" ) ||
    strstr ( $PHP_SELF, "approve_entry.php" ) ||
    strstr ( $PHP_SELF, "reject_entry.php" ) ||
    strstr ( $PHP_SELF, "del_entry.php" ) ||
    strstr ( $PHP_SELF, "set_entry_cat.php" ) ||
    strstr ( $PHP_SELF, "list_unapproved.php" ) ||
    strstr ( $PHP_SELF, "layers.php" ) ||
    strstr ( $PHP_SELF, "layer_toggle.php" ) ||
    strstr ( $PHP_SELF, "import.php" ) ||
    strstr ( $PHP_SELF, "import_handler.php" ) ||
    strstr ( $PHP_SELF, "edit_template.php" ) ) {
    $not_auth = true;
  }
  if ( $public_access_can_add != 'Y' ) { // do not allow add
    if ( strstr ( $PHP_SELF, "edit_entry.php" ) ||
      strstr ( $PHP_SELF, "edit_entry_handler.php" ) ) {
      $not_auth = true;
    }
  }
}

if ( empty ( $is_admin ) || ! $is_admin ) {
  if ( strstr ( $PHP_SELF, "admin.php" ) ||
    strstr ( $PHP_SELF, "admin_handler.php" ) ||
    strstr ( $PHP_SELF, "groups.php" ) ||
    strstr ( $PHP_SELF, "group_edit.php" ) ||
    strstr ( $PHP_SELF, "group_edit_handler.php" ) ||
    strstr ( $PHP_SELF, "edit_template.php" ) ||
    strstr ( $PHP_SELF, "activity_log.php" ) ) {
    $not_auth = true;
  }
}

// restrict access if calendar is read-only
if ( $readonly == "Y" ) {
  if ( strstr ( $PHP_SELF, "activity_log.php" ) ||
    strstr ( $PHP_SELF, "adminhome.php" ) ||
    strstr ( $PHP_SELF, "admin.php" ) ||
    strstr ( $PHP_SELF, "approve_entry.php" ) ||
    strstr ( $PHP_SELF, "category_handler.php" ) ||
    strstr ( $PHP_SELF, "category.php" ) ||
    strstr ( $PHP_SELF, "del_entry.php" ) ||
    strstr ( $PHP_SELF, "edit_report_handler.php" ) ||
    strstr ( $PHP_SELF, "edit_report.php" ) ||
    strstr ( $PHP_SELF, "edit_template.php" ) ||
    strstr ( $PHP_SELF, "edit_user_handler.php" ) ||
    strstr ( $PHP_SELF, "edit_user.php" ) ||
    strstr ( $PHP_SELF, "group_edit_handler.php" ) ||
    strstr ( $PHP_SELF, "groups.php" ) ||
    strstr ( $PHP_SELF, "import_handler.php" ) ||
    strstr ( $PHP_SELF, "import_handler.php" ) ||
    strstr ( $PHP_SELF, "import.php" ) ||
    strstr ( $PHP_SELF, "layers.php" ) ||
    strstr ( $PHP_SELF, "layer_toggle.php" ) ||
    strstr ( $PHP_SELF, "list_unapproved.php" ) ||
    strstr ( $PHP_SELF, "pref_handler.php" ) ||
    strstr ( $PHP_SELF, "pref.php" ) ||
    strstr ( $PHP_SELF, "pref_handler.php" ) ||
    strstr ( $PHP_SELF, "purge.php" ) ||
    strstr ( $PHP_SELF, "reject_entry.php" ) ||
    strstr ( $PHP_SELF, "set_entry_cat.php" ) ||
    strstr ( $PHP_SELF, "users.php" ) ||
    strstr ( $PHP_SELF, "views_edit_handler.php" ) ||
    strstr ( $PHP_SELF, "views.php" ) ) {
    $not_auth = true;
  }
}

// We can't call translate() here because translate.php gets loaded
// after this include file :-(
// So, instead of an error message that may be in the wrong language,
// just redirect to some other page.
if ( $not_auth ) {
  /*
  echo "<html>\n<head>\n<title>" . translate($application_name) . " " .
    translate("Error") .  "</title>\n</head>\n<body>\n";
  echo "<h2>" . translate ( "Error" ) . "</h2>\n" .
    translate ( "You are not authorized" );
  */
  do_redirect ( "week.php" );
}

?>

Youez - 2016 - github.com/yon3zu
LinuXploit