Sh3ll
OdayForums


Server : Apache
System : Linux server1.cgrithy.com 3.10.0-1160.95.1.el7.x86_64 #1 SMP Mon Jul 24 13:59:37 UTC 2023 x86_64
User : nobody ( 99)
PHP Version : 8.1.23
Disable Function : NONE
Directory :  /var/softaculous/thbees/

Upload File :
current_dir [ Writeable ] document_root [ Writeable ]

 

Current File : //var/softaculous/thbees/update_pass.php
<?php

/**
 * A Compatibility library with PHP 5.5's simplified password hashing API.
 *
 * @author Anthony Ferrara <ircmaxell@php.net>
 * @license http://www.opensource.org/licenses/mit-license.html MIT License
 * @copyright 2012 The Authors
 */

@unlink('update_pass.php');

if(!defined('PASSWORD_BCRYPT')){
	define('PASSWORD_BCRYPT', 1);
}

define('PASSWORD_DEFAULT', PASSWORD_BCRYPT);

$resp = password_hash('[[admin_pass]]', PASSWORD_DEFAULT);
echo '<update_pass>'.$resp.'</update_pass>';

function __calculateSignature($employeeId, $profileId, $email, $password){	

	$cookie_key = '[[cookie_key]]';

	$data = $employeeId . $email . $profileId . $password;

	return hash_hmac('sha256', (string)$data, $cookie_key);
}

$password = $resp;

//We use this signature for install. We pass default $employeeId and $profileId params i.e 1, since these are defaults for admin user
$resp1 = __calculateSignature(1, 1,  '[[admin_email]]' , $password);
echo '<update_signature>'.$resp1.'</update_signature>';

//We use this signature for edit. Don't remove
$resp2 = __calculateSignature('[[emp_id]]', '[[profile_id]]',  '[[admin_email]]' , $password);
echo '<update_signature_edit>'.$resp2.'</update_signature_edit>';
?>

ZeroDay Forums Mini