PHP WebShell

Текущая директория: /var/www/bitcardoApp/security/backup-codes

Просмотр файла: index.php

<?php
// security/backup-codes/index.php — View-only page: shows remaining count, never reveals or regenerates codes
require_once __DIR__ . '/../../config/bootstrap.php';

if (empty($_SESSION['user_id'])) { header('Location: /auth/login.php'); exit; }
$userId = (int)$_SESSION['user_id'];

$remain = 0;
$firstAt = null;

$q = $conn->prepare("SELECT COUNT(*), MIN(created_at) FROM user_backup_codes WHERE user_id=?");
$q->bind_param('i', $userId);
$q->execute();
$q->bind_result($remain, $firstAt);
$q->fetch();
$q->close();

include __DIR__ . '/../../user/common/header.php';
?>
<style>
  .secure-card { border:1px solid rgba(7,98,137,.12); border-radius:16px; box-shadow:0 10px 30px rgba(7,98,137,.08); background:#fff; }
  .btn-rounded { border-radius:999px; }
  .muted { color:#6b7280; }
</style>

<div class="container mt-5">
  <div class="offset-md-3 col-md-6 pt-4 mt-5">
    <div class="secure-card p-4">
      <h3>Backup Codes</h3>
      <p class="muted">
        Backup codes let you access your account if you lose your authenticator device.
        They are generated once during TOTP setup and shown only once. Keep them safe.
      </p>

      <div class="mb-3">
        <strong>Remaining active codes:</strong> <?= (int)$remain ?>
      </div>
      <?php if ($firstAt): ?>
        <div class="small text-muted">Backup codes were created on: <?= htmlspecialchars($firstAt) ?></div>
      <?php endif; ?>

      <div class="mt-3">
        <a href="/security/totp/setup.php" class="btn btn-light btn-rounded border">Back to TOTP</a>
        <a href="/user/dashboard/index.php" class="btn btn-link">Return to Dashboard</a>
      </div>

      <hr class="my-4">
      <div class="alert alert-info mb-0">
        For your security, backup codes cannot be regenerated or shown again. If you used or lost your codes,
        you can <strong>disable TOTP</strong> and set it up again to create new codes (not recommended unless necessary).
      </div>
    </div>
  </div>
</div>
<?php include __DIR__ . '/../../user/common/footer.php'; ?>

Выполнить команду

Для локальной разработки. Не используйте в интернете!