PHP WebShell

• .. (вверх)
• [DIR] ..
• [FILE] 2fa.php
• [FILE] 2fa_actions.php
• [FILE] sessions.php
• [FILE] sessions_actions.php
• [FILE] throttle.php
• [FILE] throttle_actions.php

Просмотр файла: 2fa_actions.php

<?php
// backyard/models/security/2fa_actions.php
declare(strict_types=1);
header('Content-Type: application/json; charset=utf-8');

include_once '../../config/db_config.php';
require_once __DIR__.'/2fa.php';

function out($d, int $code=200){ http_response_code($code); echo json_encode($d); exit; }

try{
    if ($_SERVER['REQUEST_METHOD'] !== 'POST') out(['ok'=>false,'error'=>'Method not allowed'],405);

    $raw = file_get_contents('php://input');
    $js  = json_decode($raw, true) ?: [];

    $action  = (string)($js['action'] ?? '');
    $user_id = (int)($js['user_id'] ?? 0);
    if ($user_id <= 0) out(['ok'=>false,'error'=>'Invalid user_id'],400);

    switch ($action) {
        case 'enable':
            out(['ok'=>fa_set_totp_enabled($conn, $user_id, true)]);
        case 'disable':
            out(['ok'=>fa_set_totp_enabled($conn, $user_id, false)]);
        case 'reset':
            out(['ok'=>fa_reset_totp($conn, $user_id)]);
        case 'regen_codes':
            $codes = fa_regenerate_backup_codes($conn, $user_id, 10);
            out(['ok'=>true, 'codes'=>$codes]);
        default:
            out(['ok'=>false,'error'=>'Unknown action'],400);
    }
}catch(Throwable $e){
    out(['ok'=>false,'error'=>'Server error: '.$e->getMessage()],500);
}

Выполнить команду