⚝
One Hat Cyber Team
⚝
Your IP:
216.73.216.81
Server IP:
178.33.27.10
Server:
Linux cpanel.dev-unit.com 3.10.0-1160.119.1.el7.x86_64 #1 SMP Tue Jun 4 14:43:51 UTC 2024 x86_64
Server Software:
Apache/2.4.62 (Unix) OpenSSL/1.0.2k-fips
PHP Version:
8.2.25
Buat File
|
Buat Folder
Eksekusi
Dir :
~
/
usr
/
local
/
cwp
/
softaculous
/
themes
/
default
/
admin
/
View File Name :
support_access_theme.php
<?php ////////////////////////////////////////////////////////////// //=========================================================== // support_access_theme.php //=========================================================== // SOFTACULOUS // Version : 1.1 // Inspired by the DESIRE to be the BEST OF ALL // ---------------------------------------------------------- // Started by: Alons // Date: 10th Jan 2009 // Time: 21:00 hrs // Site: http://www.softaculous.com/ (SOFTACULOUS) // ---------------------------------------------------------- // Please Read the Terms of use at http://www.softaculous.com // ---------------------------------------------------------- //=========================================================== // (c)Softaculous Inc. //=========================================================== ////////////////////////////////////////////////////////////// if(!defined('SOFTACULOUS')){ die('Hacking Attempt'); } function support_access_theme(){ global $theme, $globals, $user, $l, $error, $updated, $info, $report, $access_users, $success_msg, $warning_msg; softheader(__('$0 - Support Access', array(APP))); echo '<div class="container-fluid"> <div class="container my-4"> <div class="sai-page-title text-center"> <h2>'.__('Support Access').'</h2> </div> </div> </div>'; error_handle($error); if(!empty($success_msg)){ echo '<div class="container-fluid"> <div class="alert alert-success"><i class="fas fa-check sai_icons mr-2"></i> '.$success_msg.'</div> </div>'; } if(!empty($warning_msg)){ echo '<div class="container-fluid"> <div class="alert alert-warning"><i class="fas fa-exclamation-triangle sai_icons mr-2"></i> '.$warning_msg.'</div> </div>'; } echo ' <div id="stooltip" style="display:none; position:absolute; top: 0px; left: 0px; border: 1px solid #CCC; padding: 8px; background: #FFF; z-index:1000;"></div> <form accept-charset="'.$globals['charset'].'" name="support_access" method="post" action="" class="form-horizontal"> <div class="container-fluid"> <div class="row"> <div class="col-12"> <div class="sai-card p-3 mb-3"> <div class="sai_main_head"> <h2 class="sai-heading mb-2">'.__('Grant Support Access to $0 team', array(APP)).'</h2> <hr class="sai_main_head_hr"/> </div> <div class="col-12 col-md-6 mb-2"> <label for="access_hours" class="sai-label mb-0">'.__('Access Hours').'</label><br /> <span class="sai_exp2 mb-2">'.__('Enter hours to allow access, after which the wheel user will be automatically deleted. Default: 7 days').'</span> <div class="input-group"> <input type="text" name="access_hours" class="form-control" id="access_hours" size="10" value="'.POSTval('access_hours').'" /> <div class="input-group-addon"> <span class="input-group-text" style="font-size:0.9rem;line-height:1.4;">'.__('Hour(s)').'</span> </div> </div> </div> <div class="col-12 col-md-6 mb-2"> <label for="note" class="sai-label mb-0">'.__('Note (Optional)').'</label><br /> <span class="sai_exp2 mb-2">'.__('Add a note for your reference').'</span> <input type="text" name="note" class="form-control" id="note" size="10" value="'.POSTval('note').'" /> <input type="submit" name="grant_access" value="'.__('Grant Access').'" class="flat-butt mt-4"/> </div> <br /> <div class="col-12 mb-2"> <p class=""><b>'.__('Note').'</b>:<br /> '.__('Upon granting access the following steps will be performed on your server').':<br /> - '.__('A wheel user will be created with sudo privileges').'<br /> - '.__('The username will start with $0 softacsupport $1 followed by a few random numbers', array('<b>', '</b>')).'<br /> - '.__('A unique public key will be added to authorized_keys of the wheel user').'<br /> - '.__('The public key installed will allow authentication only via our allowed server IPs').'<br /> - '.__('The wheel user will be automatically deleted via cron as per the $0 Access Hours $1 selected above', array('<b>', '</b>')).'<br /> </p> </div> <div class="col-12 mb-2 table-responsive"> <table border="0" cellpadding="5" cellspacing="1" class="soft-table-list table" align=""> <thead class="sai-sub-type"> <tr> <td><input type="checkbox" onclick="check(document.getElementsByName(\'accessids[]\'), this);" /></td> <td>'.__('Username').'</td> <td>'.__('Access Granted').'</td> <td>'.__('Revoke Time').'</td> <td>'.__('IPs to Allow').'</td> <td class="text-center">'.__('Note').'</td> <td class="text-center">'.__('Options').'</td> </tr> </thead>'; $i=1; if(!empty($access_users)){ foreach($access_users as $sk => $sv){ echo '<tr class="'.($i % 2 == 0 ? "sai_evenrowcolor" : "sai_oddrowcolor").'"> <td> <input type="checkbox" name="accessids[]" id="'.$sk.'" value="'.$sk.'"> </td> <td>'.$sv['username'].'</td> <td>'.datify($sv['installed']).'</td> <td>'.datify($sv['revoke_time']).'</td> <td>'.implode(', ', $sv['tunnel_ips']).'</td> '.(!empty($sv['note']) ? '<td width="10%" class="text-center"><i class="fas fa-clipboard px-1 sai_icons" style="cursor:pointer;" onmouseover="showtip(\''.addcslashes(htmlentities($sv['note'], ), "'").'\', this);"></i></td>' : '<td width="10%"> </td>').' <td class="text-center"> <button type="submit" revoke="'.$sk.'" onclick="return delconf(this);" title="'.__('Revoke').'" class="text-decoration-none remove-btn"> <i class="fas fa-trash-alt sai_icons" style="color:red;"></i> </button> </td> </tr>'; $i++; } }else{ echo ' <tr class="sai_evenrowcolor text-center"> <td colspan="6"> '.__('There are no support access users. Use the above form to create one.').' </td> </tr>'; } echo '</table> </div> <div class="row"> <div class="col-12 col-lg-6 ml-auto mt-4 text-right"> <span class="sai-label"> '.__('With Selected').': <select name="multi_options" id="multi_options" class="form-control d-inline-block w-50"> <option name="todo" id="todo" value="0">---</option> <option name="todo" id="todo" value="mult_rem">'.__('Revoke Access').'</option> </select> '.csrf_display().' <input type="button" value="'.__('Go').'" onclick="show_confirm()" class="flat-butt"> </span> </div> </div> <div id="rem_div"></div> </div> </div> </div> </div> </div> '.csrf_display().' </form> <script language="javascript" type="text/javascript"><!-- // --><![CDATA[ accessids = new Array(); removed = new Object(); function show_confirm(){ accessids = new Array(); removed = new Object(); if($_("multi_options").value != "mult_rem"){ return false; } // Build the list of access ids to revoke var field = document.getElementsByName(\'accessids[]\'); accessids = new Array(); var c = 0; for(i = 0; i < field.length; i++){ if(field[i].checked == true){ accessids[c] = field[i].value; c++; } } //alert(accessids); if(c == 0){ alert("'.__js('No access user selected to revoke').'"); return false; } var r = confirm("'.__js('Are you sure you wish to revoke access for the selected user(s) ? The action will be irreversible. No further confirmations will be asked !').'"); if(r != true){ return false; } remove_by_id(accessids[0], "", 0); } function remove_by_id(accessid, re, oldaccessid){ removed[accessid] = false; if(re.length > 0 && oldaccessid > 0){ if(re == "removed"){ removed[accessid] = true; } } nextaccessid = 0; // Find the next user to remove for(i = 0; i < accessids.length; i++){ if(typeof(removed[accessids[i]]) != "undefined"){ continue; } nextaccessid = accessids[i]; break; } // If there is something left to be removed if(accessid != 0){ var csrf_token = $("#csrf_token").val(); try{ $.ajax({ type: "POST", url: "'.$globals['index'].'act=support_access&api=json&ajax=1", data: { csrf_token: csrf_token, revoke: accessid, random: Math.random() }, // Checking for error success: function(data){ remove_by_id(nextaccessid, data, accessid); } }); $_("rem_div").innerHTML = "<br /><br /><p align=\"center\"><img src=\"' . $theme['images'] . 'ajax_remove.gif\"> <br />'.__js('Revoking access'). ': " +accessid+ "<br /></p>"; return true; }catch(e){ return false; } } $_("rem_div").innerHTML = ""; alert("'.__js('The selected access user(s) have been revoked. The page will now be reloaded !').'"); window.location.href = "'.$globals['index'].'act=support_access"; return true; } $(document).ready(function(){ $(".sai_altrowstable tr").mouseover(function(){ var old_class = $(this).attr("class"); //alert(old_class); $(this).attr("class", "sai_tr_bgcolor"); $(this).mouseout(function(){ $(this).attr("class", old_class); }); }); }); function showtip(txt, el){ $_("stooltip").innerHTML = txt; var pos = findelpos(el); $_("stooltip").style.display = ""; var tipheight = parseInt($_("stooltip").offsetHeight); var tipwidth = parseInt($_("stooltip").offsetWidth); //alert(tipheight+" "+tipwidth); var abody = findelpos($_("abody")); var bodyWidth = abody[0] + $_("abody").offsetWidth if((pos[0] + tipwidth) > bodyWidth){ pos[0] = pos[0] - (pos[0] + tipwidth - bodyWidth) + 15; } $_("stooltip").style.left = pos[0]+"px"; $_("stooltip").style.top = (pos[1]-5-tipheight)+"px"; el.onmouseout = function(){ hidetip(); }; }; function hidetip(){ $_("stooltip").style.display = "none"; } function delconf(el){ if(!confirm("'.__js('Are you sure want to revoke access for this user ?').'")){ return false; } accessids = new Array(); var accessid = el.getAttribute("revoke"); accessids[0] = accessid; //alert(accessids); remove_by_id(accessids[0], "", 0); return false; }; // ]]></script> '; softfooter(); }