public function requireLogin() { global $whmcs; if ($this->isLoggedIn()) { if (WHMCS_Session::get("2fabackupcodenew")) { $this->setTemplate("logintwofa"); $twofa = new WHMCS_2FA(); if ($twofa->setClientID($this->getUserID())) { $backupcode = $twofa->generateNewBackupCode(); $this->assign("newbackupcode", $backupcode); WHMCS_Session::delete("2fabackupcodenew"); } else { $this->assign("newbackupcodeerror", true); } $this->output(); exit; } return true; } $_SESSION['loginurlredirect'] = html_entity_decode($_SERVER['REQUEST_URI']); if (WHMCS_Session::get("2faverifyc")) { $this->setTemplate("logintwofa"); if (WHMCS_Session::get("2fabackupcodenew")) { $this->assign("newbackupcode", true); } else { if ($whmcs->get_req_var("incorrect")) { $this->assign("incorrect", true); } } $twofa = new WHMCS_2FA(); if ($twofa->setClientID(WHMCS_Session::get("2faclientid"))) { if (!$twofa->isActiveClients() || !$twofa->isEnabled()) { WHMCS_Session::destroy(); redir(); } if ($whmcs->get_req_var("backupcode")) { $this->assign("backupcode", true); } else { $challenge = $twofa->moduleCall("challenge"); if ($challenge) { $this->assign("challenge", $challenge); } else { $this->assign("error", "Bad 2 Factor Auth Module. Please contact support."); } } } else { $this->assign("error", "An error occurred. Please try again."); } } else { $this->setTemplate("login"); $this->assign("loginpage", true); $this->assign("formaction", "dologin.php"); if ($whmcs->get_req_var("incorrect")) { $this->assign("incorrect", true); } } $this->output(); exit; }
$fromname = $data['fromname']; $fromemail = $data['fromemail']; $plaintext = $data['plaintext']; if ($plaintext) { $message = nl2br($message); } } echo "\n<form method=\"post\" action=\""; echo $PHP_SELF; echo "\" name=\"frmmessage\"\n id=\"sendmsgfrm\" enctype=\"multipart/form-data\">\n <input type=\"hidden\" name=\"action\" value=\"send\" /> <input type=\"hidden\"\n name=\"type\" value=\""; echo $type; echo "\" />\n"; $token = $queryMgr->generateToken(); $queryMgr->setQuery($token, ""); $_SESSION['massmail']['sentids'] = array(); WHMCS_Session::set("massmailemailoptout", false); if ($massmailquery) { if ($queryMgr->isValidTokenFormat($massmailquery)) { $queryToStore = $queryMgr->getQuery($massmailquery); } else { $queryToStore = $massmailquery; } $queryMgr->setQuery($token, $queryToStore); echo "<input type=\"hidden\" name=\"massmail\" value=\"true\" /><input type=\"hidden\" name=\"sendforeach\" value=\"" . $sendforeach . "\" />"; } else { if ($multiple) { echo "<input type=\"hidden\" name=\"multiple\" value=\"true\" />"; foreach ($selectedclients as $selectedclient) { echo "<input type=\"hidden\" name=\"selectedclients[]\" value=\"" . $selectedclient . "\" />"; } } else {
public function handleInvalidToken() { if (defined("CLIENTAREA")) { WHMCS_Session::destroy(); redir("", "clientarea.php"); } exit("Invalid Token"); }
* @ Release on : 2013-12-24 * @ Website : http://www.mtimer.cn * **/ define("ADMINAREA", true); require "../init.php"; $aInt = new WHMCS_Admin("Configure Administrators"); $aInt->title = $aInt->lang("administrators", "title"); $aInt->sidebar = "config"; $aInt->icon = "admins"; $aInt->helplink = "Administrators"; $validate = new WHMCS_Validate(); if ($action == "save") { check_token("WHMCS.admin.default"); $auth = new WHMCS_Auth(); $auth->getInfobyID(WHMCS_Session::get("adminid")); if (!$auth->comparePassword($whmcs->get_req_var("confirmpassword"))) { $_ADMINLANG['administrators']['confirmexistingpw'] = "You must confirm your existing administrator password"; $validate->addError(array("administrators", "confirmexistingpw")); } else { $validate->validate("required", "firstname", array("administrators", "namerequired")); if ($validate->validate("required", "email", array("administrators", "emailerror"))) { $validate->validate("email", "email", array("administrators", "emailinvalid")); } if ($validate->validate("required", "username", array("administrators", "usererror"))) { $existingid = get_query_val("tbladmins", "id", array("username" => $username)); if (!$id && $existingid || $id && $existingid && $id != $existingid) { $validate->addError("administrators", "userexists"); } } if (!$id) {
public function setFlagTo($adminid) { $adminid = (int) $adminid; $validadminids = $this->getFlaggableStaff(); if ($adminid != 0 && !array_key_exists($adminid, $validadminids)) { return false; } if ($adminid == $this->getData("flag")) { return false; } if (0 < $adminid) { $data = get_query_vals("tbladmins", "id,firstname,lastname,username", array("id" => $adminid)); if (!$data['id']) { return false; } $adminname = trim($data['firstname'] . " " . $data['lastname']); if (!$adminname) { $adminname = $data['username']; } } else { if ($adminid < 0) { $adminid = 0; } } if (!count($this->data)) { $this->getData(); } update_query("tbltickets", array("flag" => $adminid), array("id" => $this->getData("id"))); if (0 < $adminid) { $this->log("Assigned to Staff Member " . $adminname); if (WHMCS_Session::get("adminid") && $adminid != WHMCS_Session::get("adminid")) { $this->sendAdminEmail("Support Ticket Flagged", $adminid); } } else { $this->log("Staff Assignment Removed"); } run_hook("TicketFlagged", array("ticketid" => $this->getData("id"), "adminid" => $adminid, "adminname" => $adminname)); return true; }
/** * Initialisation of class * * @return WHMCS_Init */ public function init() { spl_autoload_register(array($this, "load_class")); $_GET = $this->sanitize_input_vars($_GET); $_POST = $this->sanitize_input_vars($_POST); $_REQUEST = $this->sanitize_input_vars($_REQUEST); $_SERVER = $this->sanitize_input_vars($_SERVER); $_COOKIE = $this->sanitize_input_vars($_COOKIE); foreach ($this->danger_vars as $var) { if (isset($_REQUEST[$var]) || isset($_FILES[$var])) { exit("Unauthorized request"); continue; } } $this->load_input(); $this->clean_input(); $this->register_globals(); if (!$this->load_config_file()) { exit("<div style=\"border: 1px dashed #cc0000;font-family:Tahoma;background-color:#FBEEEB;width:100%;padding:10px;color:#cc0000;\"><strong>Welcome to WHMCS 5.2.15 FULL DECODED && NULLED BY MTIMER!</strong><a></a><br>Before you can begin using WHMCS you need to perform the installation procedure. <a href=\"" . (file_exists("install/install.php") ? "" : "../") . "install/install.php\" style=\"color:#000;\">Click here to begin ...</a><form action=\"https://www.paypal.com/cgi-bin/webscr\" method=\"post\" target=\"_blank\" style=\"margin-top:10px;margin-bottom:5px;\"><input type=\"hidden\" name=\"cmd\" value=\"_s-xclick\"><input type=\"hidden\" name=\"hosted_button_id\" value=\"N3T56B5LHAGBS\"><input type=\"image\" src=\"https://www.paypal.com/en_US/i/btn/btn_donate_LG.gif\" border=\"0\" name=\"submit\" alt=\"Donate to get updates lifetime!\" style=\"margin-bottom:-5px;\"><p style=\"display:inline;margin-left:10px;\"> to get v5.2.16 & updates lifetime via email. Be fair and support this project. It doesn't cost much :) ~</p></form></div>"); } if (!$this->database_connect()) { exit("<div style=\"border: 1px dashed #cc0000;font-family:Tahoma;background-color:#FBEEEB;width:100%;padding:10px;color:#cc0000;\"><strong>Critical Error</strong><br>Could not connect to the database</div>"); } $this->sanitize_db_vars(); global $CONFIG; global $PHP_SELF; global $remote_ip; $PHP_SELF = $_SERVER['PHP_SELF'] = $_SERVER['SCRIPT_NAME']; $remote_ip = $this->remote_ip = $this->get_user_ip(); $CONFIG = $this->load_config_vars(); if ($this->enforce_ip_bans()) { redir("", $CONFIG['SystemURL'] . "/banned.php"); } $instanceid = $this->getWHMCSInstanceID(); if (!$instanceid) { $instanceid = $this->createWHMCSInstanceID(); } $session = new WHMCS_Session(); $session->create($instanceid); $token_manager =& getTokenManager($this); $token_manager->conditionallySetToken(); if (isset($_SESSION['Language'])) { $this->set_client_language($_SESSION['Language'], 1); } if (isset($_REQUEST['systpl'])) { $_SESSION['Template'] = $_REQUEST['systpl']; } if (isset($_REQUEST['carttpl'])) { $_SESSION['OrderFormTemplate'] = $_REQUEST['carttpl']; } $this->validate_templates(); $this->validate_admin_auth(); $this->validate_client_auth(); return $this; }
$templatefile = "domaindocument"; $pageicon = "images/domains_big.gif"; initialiseClientArea($pagetitle, $pageicon, $breadcrumbnav); $search = $whmcs->get_req_var("search"); $domain = $whmcs->get_req_var("domain"); $bulkdomains = $whmcs->get_req_var("bulkdomains"); $tld = $whmcs->get_req_var("tld"); $tlds = $whmcs->get_req_var("tlds"); $ext = $whmcs->get_req_var("ext"); $direct = $whmcs->get_req_var("direct"); $sld = ""; $invalidtld = ""; $availabilityresults = array(); $search_tlds = array(); $tldslist = array(); $client = new WHMCS_Client(WHMCS_Session::get("uid")); $uid = $client->getID(); $currencyid = isset($_SESSION['currency']) ? $_SESSION['currency'] : ""; $currency = getCurrency($uid, $currencyid); $smartyvalues['currency'] = $currency; $action = isset($_REQUEST['a']) ? $_REQUEST['a'] : ""; $domain = isset($_REQUEST['domain']) ? $_REQUEST['domain'] : ""; $document_download = isset($_REQUEST['dl']) ? $_REQUEST['dl'] : ""; $search_domain = $_POST['search_domain'] != "Enter Domain to Find" ? $_POST['search_domain'] : ""; $current_date = date('Y-m-d'); $where = array("registrar" => "domainku"); if ($domain || $search_domain) { $where["domain"] = $domain ? $domain : $search_domain; $where_document = array("domain" => $domain); } $query = full_query("\n SELECT t.id, t.userid, t.type, t.domain, t.registrar, t.registrationdate, t.registrationperiod, t.status AS domstatus, i.status, o.nameservers, o.transfersecret,\n m.domain AS coza_domain, m.domainid AS coza_domainid, m.userid AS coza_userid, m.id_doc_storage_name, m.id_doc_type, m.le_doc_storage_name, \n m.le_doc_type, m.su_doc_storage_name, m.su_doc_type, m.domain_approval_date, m.domain_status,\n c.firstname, c.lastname, c.companyname, c.email, c.address1, c.address2, c.city, c.state, c.postcode, c.country, c.phonenumber\n FROM tbldomains t \n LEFT JOIN mod_domaincloudregistrar m ON t.domain = m.domain \n LEFT JOIN tblorders o ON t.orderid = o.id\n LEFT JOIN tblinvoices i ON o.invoiceid = i.id\n LEFT JOIN tblclients c ON t.userid = c.id\n WHERE t.userid = " . $uid . " AND t.status <> 'Cancelled' AND t.status <> 'Expired' AND " . (!empty($domain) || !empty($search_domain) ? "t.domain LIKE '" . (!empty($domain) ? $domain : $search_domain) . "%'" : "t.domain LIKE '%.id'") . ";\n ");
} echo "<div id=\"login_msg\"><span style=\"font-size:14px;\"><strong>" . $msgtitle . "</strong></span><br>" . $msg . "</div>"; if (isset($_SESSION['2fabackupcodenew'])) { $twofa = new WHMCS_2FA(); if ($twofa->setAdminID($_SESSION['2faadminid'])) { $backupcode = $twofa->generateNewBackupCode(); echo "<div id=\"login\"><p align=\"center\">Your New Backup Code is:</p><div style=\"margin:20px auto;padding:10px;width:280px;background-color:#F2D4CE;border:1px dashed #AE432E;text-align:center;font-size:20px;\">" . $backupcode . "</div><p align=\"center\">Write this down on paper and keep it safe.<br />It will be needed if you ever lose your 2nd factor device or it is unavailable to you again in future.</p><form method=\"post\" action=\"dologin.php\"><p align=\"center\"><input type=\"submit\" value=\"Continue to Admin Area »\" /></p></form></div>"; } else { echo "<div id=\"login\">An error occurred. Please try again.</div>"; } } else { if (isset($_SESSION['2faverify'])) { $twofa = new WHMCS_2FA(); if ($twofa->setAdminID($_SESSION['2faadminid'])) { if (!$twofa->isActiveAdmins() || !$twofa->isEnabled()) { WHMCS_Session::destroy(); redir(); } if ($whmcs->get_req_var("backupcode")) { echo "<div id=\"login\"><form method=\"post\" action=\"dologin.php\"><input type=\"hidden\" name=\"backupcode\" value=\"1\" /><p align=\"center\"><input type=\"text\" name=\"code\" size=\"25\" /> <input type=\"submit\" value=\"Login »\" /></p><p align=\"center\">Enter Your Backup Code Above to Login</p></form></div>"; } else { $challenge = $twofa->moduleCall("challenge"); if ($challenge) { echo "<div id=\"login\">" . $challenge . "<p align=\"center\">Can't Access Your 2nd Factor Device? <a href=\"login.php?backupcode=1\">Login using Backup Code</a></p></div>"; } else { echo "<div id=\"login\">Bad 2 Factor Auth Module. Please contact support.</div>"; } } } else { echo "<div id=\"login\">An error occurred. Please try again.</div>"; }
$success = $twofa->verifyBackupCode($whmcs->get_req_var("code")); } else { $success = $twofa->moduleCall("verify"); } if ($success) { validateClientLogin(get_query_val("tblclients", "email", array("id" => $_SESSION['2faclientid'])), "", true); if ($_SESSION['2farememberme']) { wSetCookie("User", $_SESSION['uid'] . ":" . sha1($_SESSION['upw'] . $whmcs->get_hash()), time() + 60 * 60 * 24 * 365); } else { wDelCookie("User"); } WHMCS_Session::delete("2faclientid"); WHMCS_Session::delete("2farememberme"); WHMCS_Session::delete("2faverifyc"); if ($whmcs->get_req_var("backupcode")) { WHMCS_Session::set("2fabackupcodenew", true); $gotourl = "clientarea.php?newbackupcode=true"; header("Location: " . $gotourl); exit; } $loginsuccess = true; } else { if (strpos($gotourl, "?")) { $gotourl .= "&"; } else { $gotourl .= "?"; } $gotourl .= "incorrect=true"; header("Location: " . $gotourl); exit; }
/** * store a key/value pair in the backend storage * * @param unknown $key * @param unknown $value * * @return void */ private function setSessionValue($key, $value) { if (class_exists("WHMCS_Session")) { WHMCS_Session::set($key, $value); } else { $_SESSION[$key] = $value; } return $this; }
if ($success) { $adminfound = $auth->getInfobyID($_SESSION['2faadminid']); $auth->setSessionVars(); $auth->processLogin(); if ($_SESSION['2farememberme']) { $auth->setRememberMeCookie(); } else { $auth->unsetRememberMeCookie(); } if ($whmcs->get_req_var("backupcode")) { WHMCS_Session::set("2fabackupcodenew", true); redir("newbackupcode=1", "login.php"); } WHMCS_Session::delete("2faverify"); WHMCS_Session::delete("2faadminid"); WHMCS_Session::delete("2farememberme"); if (isset($_SESSION['admloginurlredirect'])) { $loginurlredirect = $_SESSION['admloginurlredirect']; unset($_SESSION['admloginurlredirect']); $urlparts = explode("?", $loginurlredirect, 2); $filename = !empty($urlparts[0]) ? $urlparts[0] : ""; $qry_string = !empty($urlparts[1]) ? $urlparts[1] : ""; redir($qry_string, $filename); } else { redir("", "index.php"); } exit; } redir(($whmcs->get_req_var("backupcode") ? "backupcode=1&" : "") . "incorrect=1", "login.php"); } if (!trim($username) || !trim($password)) {
} redir("a=confproduct&i=" . $newprodnum . $ajax); exit; } } else { if ($aid) { $requestAddonID = (int) $whmcs->get_req_var("aid"); $requestServiceID = (int) $whmcs->get_req_var("serviceid"); $requestProductID = (int) $whmcs->get_req_var("productid"); if (!$requestServiceID && $requestProductID) { $requestServiceID = $requestProductID; } if (!$requestAddonID || !$requestServiceID) { redir("gid=addons"); } $data = get_query_vals("tblhosting", "id,packageid", array("id" => $requestServiceID, "userid" => WHMCS_Session::get("uid"), "domainstatus" => "Active")); $serviceid = $data['id']; $pid = $data['packageid']; if (!$serviceid) { redir("gid=addons"); } $data = get_query_vals("tbladdons", "id,packages", array("id" => $requestAddonID)); $aid = $data['id']; $packages = $data['packages']; if (!$aid) { redir("gid=addons"); } $packages = explode(",", $packages); if (!in_array($pid, $packages)) { redir("gid=addons"); }