public function requireLogin()
{
global $whmcs;
if ($this->isLoggedIn()) {
if (WHMCS_Session::get("2fabackupcodenew")) {
$this->setTemplate("logintwofa");
$twofa = new WHMCS_2FA();
if ($twofa->setClientID($this->getUserID())) {
$backupcode = $twofa->generateNewBackupCode();
$this->assign("newbackupcode", $backupcode);
WHMCS_Session::delete("2fabackupcodenew");
} else {
$this->assign("newbackupcodeerror", true);
}
$this->output();
exit;
}
return true;
}
$_SESSION['loginurlredirect'] = html_entity_decode($_SERVER['REQUEST_URI']);
if (WHMCS_Session::get("2faverifyc")) {
$this->setTemplate("logintwofa");
if (WHMCS_Session::get("2fabackupcodenew")) {
$this->assign("newbackupcode", true);
} else {
if ($whmcs->get_req_var("incorrect")) {
$this->assign("incorrect", true);
}
}
$twofa = new WHMCS_2FA();
if ($twofa->setClientID(WHMCS_Session::get("2faclientid"))) {
if (!$twofa->isActiveClients() || !$twofa->isEnabled()) {
WHMCS_Session::destroy();
redir();
}
if ($whmcs->get_req_var("backupcode")) {
$this->assign("backupcode", true);
} else {
$challenge = $twofa->moduleCall("challenge");
if ($challenge) {
$this->assign("challenge", $challenge);
} else {
$this->assign("error", "Bad 2 Factor Auth Module. Please contact support.");
}
}
} else {
$this->assign("error", "An error occurred. Please try again.");
}
} else {
$this->setTemplate("login");
$this->assign("loginpage", true);
$this->assign("formaction", "dologin.php");
if ($whmcs->get_req_var("incorrect")) {
$this->assign("incorrect", true);
}
}
$this->output();
exit;
}
$fromname = $data['fromname'];
$fromemail = $data['fromemail'];
$plaintext = $data['plaintext'];
if ($plaintext) {
$message = nl2br($message);
}
}
echo "\n<form method=\"post\" action=\"";
echo $PHP_SELF;
echo "\" name=\"frmmessage\"\n id=\"sendmsgfrm\" enctype=\"multipart/form-data\">\n <input type=\"hidden\" name=\"action\" value=\"send\" /> <input type=\"hidden\"\n name=\"type\" value=\"";
echo $type;
echo "\" />\n";
$token = $queryMgr->generateToken();
$queryMgr->setQuery($token, "");
$_SESSION['massmail']['sentids'] = array();
WHMCS_Session::set("massmailemailoptout", false);
if ($massmailquery) {
if ($queryMgr->isValidTokenFormat($massmailquery)) {
$queryToStore = $queryMgr->getQuery($massmailquery);
} else {
$queryToStore = $massmailquery;
}
$queryMgr->setQuery($token, $queryToStore);
echo "<input type=\"hidden\" name=\"massmail\" value=\"true\" /><input type=\"hidden\" name=\"sendforeach\" value=\"" . $sendforeach . "\" />";
} else {
if ($multiple) {
echo "<input type=\"hidden\" name=\"multiple\" value=\"true\" />";
foreach ($selectedclients as $selectedclient) {
echo "<input type=\"hidden\" name=\"selectedclients[]\" value=\"" . $selectedclient . "\" />";
}
} else {
public function handleInvalidToken()
{
if (defined("CLIENTAREA")) {
WHMCS_Session::destroy();
redir("", "clientarea.php");
}
exit("Invalid Token");
}
* @ Release on : 2013-12-24
* @ Website : http://www.mtimer.cn
*
**/
define("ADMINAREA", true);
require "../init.php";
$aInt = new WHMCS_Admin("Configure Administrators");
$aInt->title = $aInt->lang("administrators", "title");
$aInt->sidebar = "config";
$aInt->icon = "admins";
$aInt->helplink = "Administrators";
$validate = new WHMCS_Validate();
if ($action == "save") {
check_token("WHMCS.admin.default");
$auth = new WHMCS_Auth();
$auth->getInfobyID(WHMCS_Session::get("adminid"));
if (!$auth->comparePassword($whmcs->get_req_var("confirmpassword"))) {
$_ADMINLANG['administrators']['confirmexistingpw'] = "You must confirm your existing administrator password";
$validate->addError(array("administrators", "confirmexistingpw"));
} else {
$validate->validate("required", "firstname", array("administrators", "namerequired"));
if ($validate->validate("required", "email", array("administrators", "emailerror"))) {
$validate->validate("email", "email", array("administrators", "emailinvalid"));
}
if ($validate->validate("required", "username", array("administrators", "usererror"))) {
$existingid = get_query_val("tbladmins", "id", array("username" => $username));
if (!$id && $existingid || $id && $existingid && $id != $existingid) {
$validate->addError("administrators", "userexists");
}
}
if (!$id) {
public function setFlagTo($adminid)
{
$adminid = (int) $adminid;
$validadminids = $this->getFlaggableStaff();
if ($adminid != 0 && !array_key_exists($adminid, $validadminids)) {
return false;
}
if ($adminid == $this->getData("flag")) {
return false;
}
if (0 < $adminid) {
$data = get_query_vals("tbladmins", "id,firstname,lastname,username", array("id" => $adminid));
if (!$data['id']) {
return false;
}
$adminname = trim($data['firstname'] . " " . $data['lastname']);
if (!$adminname) {
$adminname = $data['username'];
}
} else {
if ($adminid < 0) {
$adminid = 0;
}
}
if (!count($this->data)) {
$this->getData();
}
update_query("tbltickets", array("flag" => $adminid), array("id" => $this->getData("id")));
if (0 < $adminid) {
$this->log("Assigned to Staff Member " . $adminname);
if (WHMCS_Session::get("adminid") && $adminid != WHMCS_Session::get("adminid")) {
$this->sendAdminEmail("Support Ticket Flagged", $adminid);
}
} else {
$this->log("Staff Assignment Removed");
}
run_hook("TicketFlagged", array("ticketid" => $this->getData("id"), "adminid" => $adminid, "adminname" => $adminname));
return true;
}
/**
* Initialisation of class
*
* @return WHMCS_Init
*/
public function init()
{
spl_autoload_register(array($this, "load_class"));
$_GET = $this->sanitize_input_vars($_GET);
$_POST = $this->sanitize_input_vars($_POST);
$_REQUEST = $this->sanitize_input_vars($_REQUEST);
$_SERVER = $this->sanitize_input_vars($_SERVER);
$_COOKIE = $this->sanitize_input_vars($_COOKIE);
foreach ($this->danger_vars as $var) {
if (isset($_REQUEST[$var]) || isset($_FILES[$var])) {
exit("Unauthorized request");
continue;
}
}
$this->load_input();
$this->clean_input();
$this->register_globals();
if (!$this->load_config_file()) {
exit("<div style=\"border: 1px dashed #cc0000;font-family:Tahoma;background-color:#FBEEEB;width:100%;padding:10px;color:#cc0000;\"><strong>Welcome to WHMCS 5.2.15 FULL DECODED && NULLED BY MTIMER!</strong><a></a><br>Before you can begin using WHMCS you need to perform the installation procedure. <a href=\"" . (file_exists("install/install.php") ? "" : "../") . "install/install.php\" style=\"color:#000;\">Click here to begin ...</a><form action=\"https://www.paypal.com/cgi-bin/webscr\" method=\"post\" target=\"_blank\" style=\"margin-top:10px;margin-bottom:5px;\"><input type=\"hidden\" name=\"cmd\" value=\"_s-xclick\"><input type=\"hidden\" name=\"hosted_button_id\" value=\"N3T56B5LHAGBS\"><input type=\"image\" src=\"https://www.paypal.com/en_US/i/btn/btn_donate_LG.gif\" border=\"0\" name=\"submit\" alt=\"Donate to get updates lifetime!\" style=\"margin-bottom:-5px;\"><p style=\"display:inline;margin-left:10px;\"> to get v5.2.16 & updates lifetime via email. Be fair and support this project. It doesn't cost much :) ~</p></form></div>");
}
if (!$this->database_connect()) {
exit("<div style=\"border: 1px dashed #cc0000;font-family:Tahoma;background-color:#FBEEEB;width:100%;padding:10px;color:#cc0000;\"><strong>Critical Error</strong><br>Could not connect to the database</div>");
}
$this->sanitize_db_vars();
global $CONFIG;
global $PHP_SELF;
global $remote_ip;
$PHP_SELF = $_SERVER['PHP_SELF'] = $_SERVER['SCRIPT_NAME'];
$remote_ip = $this->remote_ip = $this->get_user_ip();
$CONFIG = $this->load_config_vars();
if ($this->enforce_ip_bans()) {
redir("", $CONFIG['SystemURL'] . "/banned.php");
}
$instanceid = $this->getWHMCSInstanceID();
if (!$instanceid) {
$instanceid = $this->createWHMCSInstanceID();
}
$session = new WHMCS_Session();
$session->create($instanceid);
$token_manager =& getTokenManager($this);
$token_manager->conditionallySetToken();
if (isset($_SESSION['Language'])) {
$this->set_client_language($_SESSION['Language'], 1);
}
if (isset($_REQUEST['systpl'])) {
$_SESSION['Template'] = $_REQUEST['systpl'];
}
if (isset($_REQUEST['carttpl'])) {
$_SESSION['OrderFormTemplate'] = $_REQUEST['carttpl'];
}
$this->validate_templates();
$this->validate_admin_auth();
$this->validate_client_auth();
return $this;
}
$templatefile = "domaindocument";
$pageicon = "images/domains_big.gif";
initialiseClientArea($pagetitle, $pageicon, $breadcrumbnav);
$search = $whmcs->get_req_var("search");
$domain = $whmcs->get_req_var("domain");
$bulkdomains = $whmcs->get_req_var("bulkdomains");
$tld = $whmcs->get_req_var("tld");
$tlds = $whmcs->get_req_var("tlds");
$ext = $whmcs->get_req_var("ext");
$direct = $whmcs->get_req_var("direct");
$sld = "";
$invalidtld = "";
$availabilityresults = array();
$search_tlds = array();
$tldslist = array();
$client = new WHMCS_Client(WHMCS_Session::get("uid"));
$uid = $client->getID();
$currencyid = isset($_SESSION['currency']) ? $_SESSION['currency'] : "";
$currency = getCurrency($uid, $currencyid);
$smartyvalues['currency'] = $currency;
$action = isset($_REQUEST['a']) ? $_REQUEST['a'] : "";
$domain = isset($_REQUEST['domain']) ? $_REQUEST['domain'] : "";
$document_download = isset($_REQUEST['dl']) ? $_REQUEST['dl'] : "";
$search_domain = $_POST['search_domain'] != "Enter Domain to Find" ? $_POST['search_domain'] : "";
$current_date = date('Y-m-d');
$where = array("registrar" => "domainku");
if ($domain || $search_domain) {
$where["domain"] = $domain ? $domain : $search_domain;
$where_document = array("domain" => $domain);
}
$query = full_query("\n SELECT t.id, t.userid, t.type, t.domain, t.registrar, t.registrationdate, t.registrationperiod, t.status AS domstatus, i.status, o.nameservers, o.transfersecret,\n m.domain AS coza_domain, m.domainid AS coza_domainid, m.userid AS coza_userid, m.id_doc_storage_name, m.id_doc_type, m.le_doc_storage_name, \n m.le_doc_type, m.su_doc_storage_name, m.su_doc_type, m.domain_approval_date, m.domain_status,\n c.firstname, c.lastname, c.companyname, c.email, c.address1, c.address2, c.city, c.state, c.postcode, c.country, c.phonenumber\n FROM tbldomains t \n LEFT JOIN mod_domaincloudregistrar m ON t.domain = m.domain \n LEFT JOIN tblorders o ON t.orderid = o.id\n LEFT JOIN tblinvoices i ON o.invoiceid = i.id\n LEFT JOIN tblclients c ON t.userid = c.id\n WHERE t.userid = " . $uid . " AND t.status <> 'Cancelled' AND t.status <> 'Expired' AND " . (!empty($domain) || !empty($search_domain) ? "t.domain LIKE '" . (!empty($domain) ? $domain : $search_domain) . "%'" : "t.domain LIKE '%.id'") . ";\n ");
}
echo "<div id=\"login_msg\"><span style=\"font-size:14px;\"><strong>" . $msgtitle . "</strong></span><br>" . $msg . "</div>";
if (isset($_SESSION['2fabackupcodenew'])) {
$twofa = new WHMCS_2FA();
if ($twofa->setAdminID($_SESSION['2faadminid'])) {
$backupcode = $twofa->generateNewBackupCode();
echo "<div id=\"login\"><p align=\"center\">Your New Backup Code is:</p><div style=\"margin:20px auto;padding:10px;width:280px;background-color:#F2D4CE;border:1px dashed #AE432E;text-align:center;font-size:20px;\">" . $backupcode . "</div><p align=\"center\">Write this down on paper and keep it safe.<br />It will be needed if you ever lose your 2nd factor device or it is unavailable to you again in future.</p><form method=\"post\" action=\"dologin.php\"><p align=\"center\"><input type=\"submit\" value=\"Continue to Admin Area »\" /></p></form></div>";
} else {
echo "<div id=\"login\">An error occurred. Please try again.</div>";
}
} else {
if (isset($_SESSION['2faverify'])) {
$twofa = new WHMCS_2FA();
if ($twofa->setAdminID($_SESSION['2faadminid'])) {
if (!$twofa->isActiveAdmins() || !$twofa->isEnabled()) {
WHMCS_Session::destroy();
redir();
}
if ($whmcs->get_req_var("backupcode")) {
echo "<div id=\"login\"><form method=\"post\" action=\"dologin.php\"><input type=\"hidden\" name=\"backupcode\" value=\"1\" /><p align=\"center\"><input type=\"text\" name=\"code\" size=\"25\" /> <input type=\"submit\" value=\"Login »\" /></p><p align=\"center\">Enter Your Backup Code Above to Login</p></form></div>";
} else {
$challenge = $twofa->moduleCall("challenge");
if ($challenge) {
echo "<div id=\"login\">" . $challenge . "<p align=\"center\">Can't Access Your 2nd Factor Device? <a href=\"login.php?backupcode=1\">Login using Backup Code</a></p></div>";
} else {
echo "<div id=\"login\">Bad 2 Factor Auth Module. Please contact support.</div>";
}
}
} else {
echo "<div id=\"login\">An error occurred. Please try again.</div>";
}
$success = $twofa->verifyBackupCode($whmcs->get_req_var("code"));
} else {
$success = $twofa->moduleCall("verify");
}
if ($success) {
validateClientLogin(get_query_val("tblclients", "email", array("id" => $_SESSION['2faclientid'])), "", true);
if ($_SESSION['2farememberme']) {
wSetCookie("User", $_SESSION['uid'] . ":" . sha1($_SESSION['upw'] . $whmcs->get_hash()), time() + 60 * 60 * 24 * 365);
} else {
wDelCookie("User");
}
WHMCS_Session::delete("2faclientid");
WHMCS_Session::delete("2farememberme");
WHMCS_Session::delete("2faverifyc");
if ($whmcs->get_req_var("backupcode")) {
WHMCS_Session::set("2fabackupcodenew", true);
$gotourl = "clientarea.php?newbackupcode=true";
header("Location: " . $gotourl);
exit;
}
$loginsuccess = true;
} else {
if (strpos($gotourl, "?")) {
$gotourl .= "&";
} else {
$gotourl .= "?";
}
$gotourl .= "incorrect=true";
header("Location: " . $gotourl);
exit;
}
/**
* store a key/value pair in the backend storage
*
* @param unknown $key
* @param unknown $value
*
* @return void
*/
private function setSessionValue($key, $value)
{
if (class_exists("WHMCS_Session")) {
WHMCS_Session::set($key, $value);
} else {
$_SESSION[$key] = $value;
}
return $this;
}
if ($success) {
$adminfound = $auth->getInfobyID($_SESSION['2faadminid']);
$auth->setSessionVars();
$auth->processLogin();
if ($_SESSION['2farememberme']) {
$auth->setRememberMeCookie();
} else {
$auth->unsetRememberMeCookie();
}
if ($whmcs->get_req_var("backupcode")) {
WHMCS_Session::set("2fabackupcodenew", true);
redir("newbackupcode=1", "login.php");
}
WHMCS_Session::delete("2faverify");
WHMCS_Session::delete("2faadminid");
WHMCS_Session::delete("2farememberme");
if (isset($_SESSION['admloginurlredirect'])) {
$loginurlredirect = $_SESSION['admloginurlredirect'];
unset($_SESSION['admloginurlredirect']);
$urlparts = explode("?", $loginurlredirect, 2);
$filename = !empty($urlparts[0]) ? $urlparts[0] : "";
$qry_string = !empty($urlparts[1]) ? $urlparts[1] : "";
redir($qry_string, $filename);
} else {
redir("", "index.php");
}
exit;
}
redir(($whmcs->get_req_var("backupcode") ? "backupcode=1&" : "") . "incorrect=1", "login.php");
}
if (!trim($username) || !trim($password)) {
}
redir("a=confproduct&i=" . $newprodnum . $ajax);
exit;
}
} else {
if ($aid) {
$requestAddonID = (int) $whmcs->get_req_var("aid");
$requestServiceID = (int) $whmcs->get_req_var("serviceid");
$requestProductID = (int) $whmcs->get_req_var("productid");
if (!$requestServiceID && $requestProductID) {
$requestServiceID = $requestProductID;
}
if (!$requestAddonID || !$requestServiceID) {
redir("gid=addons");
}
$data = get_query_vals("tblhosting", "id,packageid", array("id" => $requestServiceID, "userid" => WHMCS_Session::get("uid"), "domainstatus" => "Active"));
$serviceid = $data['id'];
$pid = $data['packageid'];
if (!$serviceid) {
redir("gid=addons");
}
$data = get_query_vals("tbladdons", "id,packages", array("id" => $requestAddonID));
$aid = $data['id'];
$packages = $data['packages'];
if (!$aid) {
redir("gid=addons");
}
$packages = explode(",", $packages);
if (!in_array($pid, $packages)) {
redir("gid=addons");
}
