PHP WebShell

• .. (вверх)
• [DIR] ..
• [FILE] add_cwallet.php
• [FILE] bitgo_config.php
• [DIR] chat
• [FILE] db_config.php
• [FILE] save_cwallet.php
• [FILE] send_crypto.php
• [FILE] send_crypto_processor.php
• [FILE] send_tsol.php
• [FILE] test.php

Просмотр файла: save_cwallet.php

<?php
// DB config
require_once "../config/db_config.php";

// Set environment variable manually (for local testing only – REMOVE this on production)
putenv("CENTRAL_WALLET_KEY=tszzHEGn4XRHb/am+l2oT012R5sl0wqQe/q4ekycpFQ=");

// Get the encryption key from the environment
$key_base64 = getenv("CENTRAL_WALLET_KEY");

// Validate key
if (!$key_base64) {
    die("❌ Missing encryption key.");
}

// Decode and validate key length (must be 32 bytes for AES-256)
$key = base64_decode($key_base64, true);
if (!$key || strlen($key) !== 32) {
    die("❌ Invalid encryption key. Must be a 32-byte base64 string.");
}

// Collect POST data safely
$coin = $_POST['coin'] ?? '';
$wallet_add_id = $_POST['wallet_add_id'] ?? '';
$wallet_add = $_POST['wallet_add'] ?? '';
$passphrase = $_POST['passphrase'] ?? '';

if (!$coin || !$wallet_add_id || !$wallet_add || !$passphrase) {
    die("❌ Missing required fields.");
}

// --- ENCRYPTION PROCESS ---

// 1. Generate a secure IV (16 bytes for AES-256-CBC)
$iv = openssl_random_pseudo_bytes(16, $isStrong);
if (!$iv || !$isStrong) {
    die("❌ Failed to generate a secure IV.");
}

// 2. Encrypt the passphrase using AES-256-CBC
$encrypted_raw = openssl_encrypt(
    $passphrase,
    'AES-256-CBC',
    $key,
    OPENSSL_RAW_DATA,
    $iv
);

if ($encrypted_raw === false) {
    die("❌ Encryption failed.");
}

// 3. Encode encrypted data and IV for safe storage
$encrypted_phrase = base64_encode($encrypted_raw);
$dynamic_iv = base64_encode($iv);

// --- SAVE TO DATABASE ---

$stmt = $conn->prepare("INSERT INTO cwallet (coin, wallet_add_id, wallet_add, encrypted_phrase, dynamic_iv, created_at) VALUES (?, ?, ?, ?, ?, NOW())");

if (!$stmt) {
    die("❌ Prepare failed: " . $conn->error);
}

$stmt->bind_param(
    "sssss",
    $coin,
    $wallet_add_id,
    $wallet_add,
    $encrypted_phrase,
    $dynamic_iv
);

if ($stmt->execute()) {
    echo "✅ Wallet saved successfully.";
} else {
    echo "❌ Failed to save: " . $stmt->error;
}

$stmt->close();
$conn->close();
?>

Выполнить команду