403Webshell
Server IP : 127.0.0.1  /  Your IP : 216.73.216.48
Web Server : Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12
System : Windows NT DESKTOP-3H4FHQJ 10.0 build 19045 (Windows 10) AMD64
User : win 10 ( 0)
PHP Version : 8.2.12
Disable Function : NONE
MySQL : OFF |  cURL : ON |  WGET : OFF |  Perl : OFF |  Python : OFF |  Sudo : OFF |  Pkexec : OFF
Directory :  D:/xamppkk/htdocs-coblaa/cbawards/

Upload File :
current_dir [ Writeable] document_root [ Writeable]

 

Command :

[ Back ]     

Current File : D:/xamppkk/htdocs-coblaa/cbawards/join_competition.php
<html>
<?php
include('db.php');
session_start();
if(isset($_SESSION['id']))
{
$my_id = $_SESSION['id'];		
}
//////////////////////////////////////////////////////////////////////////////////// 
?>
<?php
$user_ip = getenv('REMOTE_ADDR');
$geo = unserialize(file_get_contents("http://www.geoplugin.net/php.gp?ip=$user_ip"));
$city = $geo["geoplugin_city"];
$country = $geo["geoplugin_countryName"];
///////////////////////////////////////////////////////////////////////////////////

$cur_date = date("d");
$cur_month = date("M");
$cur_year = date("Y");
///////////////////////////////////////////////////////////////////////////////////
?>
<input id="my_id" style="display:none;" value="<?php echo"$my_id";?>" />

<head>
<title>cbawards</title>
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<link rel="stylesheet" type="text/css" href="main_css/join_competition.css" />

</head>

<body>
<div class="sub_title" ><img src="main_icon/bk.png" onclick="history.back();" class="close_page_icon" />Join the competition</div>
<div class="main_container" >

<!--h1 class="main_title" >CB Awards</h1-->


<img src="main_icon/cb_awad_log.png" class="cb_awad_log" stylek="margin-top:60px;" />

<div id="login_div" class="login_div" >

<form action="join_competition" method="post" enctype="multipart/form-data" >

<input type="text" name="login_user_name" class="name_input" placeholder="Username..." />

<input type="Password" name="login_user_pass" class="name_input" placeholder="Password..." />


<?php
if(isset($_POST['login_now']))
{
   $login_user_name = $_POST['login_user_name'];	
   $login_user_pass= $_POST['login_user_pass'];	


   if($login_user_name =="" OR $login_user_pass =="" )
   { echo"<div class='error_output' style='color:red;'>Fill all the fields</div>";}else{
	   
  	$get_user ="select * from cb_award_usertb where user_name='$login_user_name' AND user_password='$login_user_pass' ";
	$run_get_user= mysqli_query($con,$get_user);
	$check_user = mysqli_num_rows($run_get_user);
	if($check_user <1 ){
	echo"<div class='error_output' style='color:red;'>Username or password is incorrect</div>";
		}else{

	while($row_get_user_login = mysqli_fetch_array($run_get_user))
	{
	$user_id = $row_get_user_login['id'];
	$_SESSION['id']=$user_id;
	echo"<script>window.open('index', '_self')</script>";	

	}
   }
   }
   }

?>


<button name="login_now" class="register_btn" >Login</button>

</form>
<span name="" class="login" >Don’t have an account? <span class="login_btn" onclick="show_create_acc_div();" >Sign Up </span></span>

</div>





<div id="sub_vid_div" class="sub_vid_div" >

<form action="" method="post" enctype="multipart/form-data" >

<input type="text" name="user_name" class="name_input" placeholder="Username..." />

<div class="wrap_div"><span class="name_lebal" >Profile image</span>
<input type="file" name="user_profile" class="name_input" placeholder="Enter Name..." />
</div>

<!--div class="wrap_div"><span class="name_lebal" >Video</span>
<input type="file" name="video" class="name_input" placeholder="Enter Name..." />
</div-->

<input type="Password" name="user_pass" class="name_input" placeholder="Password..." />
<input type="Password" name="user_comfirm_pass" class="name_input" placeholder="Confirm Password..." />


<?php
if(isset($_POST['register_now']))
{
   $username = $_POST['user_name'];
   $user_profile = $_FILES['user_profile']['name'];	
   $user_pass= $_POST['user_pass'];	
   $user_comfirm_pass = $_POST['user_comfirm_pass'];
   $user_name_leng =strlen($username);
   $user_pass_leng =strlen($user_pass);

   if($username =="" OR $user_profile =="" OR $user_pass =="" OR $user_comfirm_pass =="" )
   {echo"<div class='error_output' style='color:red;'>Fill all the fields</div>";}elseif($user_pass !== $user_comfirm_pass){
	 echo"<div class='error_output' style='color:red;'>Your password does not match</div>";}elseif($user_name_leng <3){
		 echo"<div class='error_output' style='color:red;'>Username must be 3 letters and above!</div>";
	 }elseif($user_pass_leng<4){ echo"<div class='error_output' style='color:red;'>Password must be 4 letters and above!</div>";}else{
	   
   
   $username = mysqli_real_escape_string($con,$username);
   
   $type= explode('.',$user_profile);
   $type= end($type); 
   $profile_url =rand();  
   $image_tmp = $_FILES['user_profile']['tmp_name'];
    
   
   if($type !=="png" AND $type !=="jpg" AND $type !=="jfif"){ echo"<div class='error_output' style='color:red;'>Profile image format not supported</div>";
  }else{
  

   $insert_user="insert into cb_award_usertb (user_name,user_profile,img_type,user_password,user_county,user_city,cur_date,cur_month,cur_year,cur_time)
   values('$username','$profile_url','$type','$user_pass','$country','$city','$cur_date','$cur_month','$cur_year',CURTIME() )";
  $run_insert_user = mysqli_query($con,$insert_user);
   if($run_insert_user){
   move_uploaded_file($image_tmp,'thumb_img/'.$profile_url.'.'.$type);
   
   
   	$get_user ="select * from cb_award_usertb where user_name='$username' AND user_password='$user_pass' ";
	$run_get_user = mysqli_query($con,$get_user);
	while($row_get_user = mysqli_fetch_array($run_get_user))
	{
		$user_id = $row_get_user['id'];
		$_SESSION['id']=$user_id;
	   	   
   	$insert_cb_bank ="insert into cb_banktb (my_id,cb_coin,cur_date,cur_month,cur_year,cur_time )
	values('$user_id','0','$cur_date','$cur_month','$cur_year',CURTIME() )";
	$run_cb_bank_acc = mysqli_query($con,$insert_cb_bank);
	if($run_cb_bank_acc){ echo"<script>window.open('index', '_self')</script>";}

		
	}
   
   echo"<div class='error_output' style='color:green;'>You have joined the competition successfully</div>";
  // echo"<script>window.open('user_account', '_self')</script>";	
   
   
   }
   }
   
	 }
}


?>


<button name="register_now" class="register_btn" >Join</button>

</form>

<span name="" class="login" >Alredy have account <span onclick="show_login();" class="login_btn" >Login</span></span>

</div>









</div>

<script>
function show_create_acc_div()
{
document.getElementById('sub_vid_div').style="display:block;";
document.getElementById('login_div').style="display:none;";	
}

function show_login()
{
document.getElementById('sub_vid_div').style="display:none;";
document.getElementById('login_div').style="display:block;";	
}

</script>

</body>
</html>

Youez - 2016 - github.com/yon3zu
LinuXploit