PHP WebShell

• .. (вверх)
• [DIR] ..
• [FILE] disable.php
• [FILE] setup.php

Просмотр файла: disable.php

<?php
// security/totp/disable.php — Disable TOTP using a current TOTP code or a backup code
require_once __DIR__ . '/../../config/bootstrap.php';
require_once __DIR__ . '/../../lib/totp.php';

if (empty($_SESSION['user_id'])) { header('Location: /auth/login.php'); exit; }
$userId = (int)$_SESSION['user_id'];

$secret = null; $enabled = 0;
$stmt = $conn->prepare("SELECT secret_base32, enabled FROM user_totp WHERE user_id=? LIMIT 1");
$stmt->bind_param('i', $userId);
$stmt->execute();
$stmt->bind_result($secret, $enabled);
$stmt->fetch();
$stmt->close();

if (!$secret || !$enabled) { header('Location: /security/totp/setup.php'); exit; }

$info = ''; $error = '';
$redirectTo = '/security/totp/setup.php';
$redirectMs = 5000;

if ($_SERVER['REQUEST_METHOD'] === 'POST') {
  $code = trim($_POST['code'] ?? '');
  $ok = false;

  // Try TOTP first
  if ($code && totp_verify($secret, $code, 1)) {
    $ok = true;
  } else {
    // Try backup code (mark used if valid)
    $hash = hash('sha256', strtoupper(str_replace([' ', '-'], '', $code)));
    $s = $conn->prepare("SELECT ubc_id FROM user_backup_codes WHERE user_id=? AND code_hash=? AND used_at IS NULL LIMIT 1");
    $s->bind_param('is', $userId, $hash);
    $s->execute(); $s->bind_result($ubcId);
    if ($s->fetch()) { $ok = true; }
    $s->close();
    if ($ok) {
      $u = $conn->prepare("UPDATE user_backup_codes SET used_at=NOW() WHERE ubc_id=?");
      $u->bind_param('i', $ubcId); $u->execute(); $u->close();
    }
  }

  if ($ok) {
    // 1) Disable TOTP
    $u = $conn->prepare("UPDATE user_totp SET enabled=0 WHERE user_id=?");
    $u->bind_param('i', $userId);
    $u->execute();
    $u->close();

    // 2) Delete ALL backup codes so next enable generates a fresh set
    $d = $conn->prepare("DELETE FROM user_backup_codes WHERE user_id=?");
    $d->bind_param('i', $userId);
    $d->execute();
    $d->close();

    // 3) Success message + auto-redirect
    $info = 'TOTP has been disabled and your backup codes were cleared. You’ll be redirected to set it up again.';
  } else {
    $error = 'Invalid code. Enter a current authenticator code or a valid backup code.';
  }
}

include __DIR__ . '/../../user/common/header.php';
?>
<style>
  .secure-card { border:1px solid rgba(7,98,137,.12); border-radius:16px; box-shadow:0 10px 30px rgba(7,98,137,.08); background:#fff; }
  .secure-input { padding:10px 12px; border:1px solid #e5eaee; border-radius:10px; }
  .secure-input:focus { border-color:#0a7bab; box-shadow: 0 0 0 3px rgba(10,123,171,.12); }
  .btn-secure-primary{ background:#076289; border-color:#076289; color:#fff !important; }
  .btn-secure-primary:hover, .btn-secure-primary:focus{
    background:#fff; border-color:#076289; color:#076289 !important; box-shadow:0 0 0 3px rgba(7,98,137,.12);
  }
  .btn-rounded { border-radius:999px; }
  .muted { color:#6b7280; }
</style>

<div class="container mt-5">
  <div class="offset-md-3 col-md-6 pt-4 mt-5">
    <div class="secure-card p-4">
      <h3>Disable Authenticator (TOTP)</h3>
      <p class="muted">Confirm with a 6-digit authenticator code or a backup code.</p>

      <?php if ($info): ?>
        <div class="alert alert-success d-flex align-items-center justify-content-between">
          <span><?= htmlspecialchars($info) ?></span>
          <span class="small text-muted ms-3">Redirecting in <span id="redirSec"><?= (int)($redirectMs/1000) ?></span>s…</span>
        </div>
        <div class="d-flex gap-2 mt-2">
          <a href="<?= htmlspecialchars($redirectTo) ?>" class="btn btn-secure-primary btn-rounded">Go to TOTP setup now</a>
        </div>
        <script>
          (function(){
            var secs = <?= (int)($redirectMs/1000) ?>;
            var el = document.getElementById('redirSec');
            var t = setInterval(function(){
              secs--;
              if (el) el.textContent = secs;
              if (secs <= 0) {
                clearInterval(t);
                window.location.href = '<?= htmlspecialchars($redirectTo, ENT_QUOTES) ?>';
              }
            }, 1000);
          })();
        </script>
      <?php endif; ?>

      <?php if ($error): ?>
        <div class="alert alert-danger"><?= htmlspecialchars($error) ?></div>
      <?php endif; ?>

      <?php if (!$info): // hide form once success happens ?>
      <form method="post" class="mt-2">
        <label class="form-label">Code (TOTP or backup)</label>
        <input name="code" class="form-control secure-input" required>
        <div class="d-flex gap-2 mt-3">
          <button class="btn btn-outline-danger btn-rounded">Disable</button>
          <a href="/security/totp/setup.php" class="btn btn-link">Back</a>
        </div>
      </form>
      <?php endif; ?>
    </div>
  </div>

  <div class="mt-5 text-center">
    <a href="/user/dashboard/index.php" class="py-1 px-3 btn btn-sm btn-rounded btn-light mt-3 border">Return to Dashboard</a>
  </div>
</div>
<?php include __DIR__ . '/../../user/common/footer.php'; ?>

Выполнить команду