PHP WebShell
Текущая директория: /var/www/bitcardoApp/user/account
Просмотр файла: account.php
<?php
// Add this small prelude so we can read security status
require_once __DIR__ . '/../../config/bootstrap.php';
$userId = isset($_SESSION['user_id']) ? (int)$_SESSION['user_id'] : 0;
// TOTP enabled?
$totpEnabled = 0;
if ($userId) {
if ($stmt = $conn->prepare("SELECT enabled FROM user_totp WHERE user_id=? LIMIT 1")) {
$stmt->bind_param('i', $userId);
$stmt->execute();
$stmt->bind_result($totpEnabled);
$stmt->fetch();
$stmt->close();
}
}
// Remaining backup codes
$backupRemain = 0;
if ($userId) {
if ($q = $conn->prepare("SELECT COUNT(*) FROM user_backup_codes WHERE user_id=? AND used_at IS NULL")) {
$q->bind_param('i', $userId);
$q->execute();
$q->bind_result($backupRemain);
$q->fetch();
$q->close();
}
}
?>
<?php
// Trusted-device label (safe: auto-hides if libs missing)
$isTrusted = false;
if (!empty($_SESSION['user_id'])) {
$libDevice = __DIR__ . '/../../lib/device.php';
if (file_exists($libDevice)) {
require_once $libDevice;
if (function_exists('device_is_trusted')) {
$isTrusted = device_is_trusted($conn, (int)$_SESSION['user_id']);
}
}
}
?>
<style>
.badge-pill {
display:inline-flex; align-items:center; gap:8px;
border-radius:999px; padding:6px 12px; font-weight:600; font-size:.875rem;
}
.badge-trusted { background:#16a34a; color:#fff; }
.badge-untrusted { background:#94a3b8; color:#fff; }
.trust-dot {
width:8px; height:8px; border-radius:50%;
background:#22c55e;
}
.trust-dot.muted { background:#cbd5e1; }
</style>
<? include '../common/header.php'; ?>
<!-- Main Container -->
<div class="container mt-3">
<div class="row">
<? include '../common/nav.php'; ?>
<!-- Main Content -->
<main class="col-md-9 col-lg-10 px-md-5 mb-5">
<? include '../common/page-header.php'; ?>
<div class="container my-5">
<div class="row g-4">
<!-- Left Column -->
<div class="col-lg-5">
<div class="card-soft">
<div class="offset-5 col-4 mb-3">
<div class="rounded-icon">
<i class="bi bi-person"></i>
</div>
</div>
<h4 class="fw-bold mb-0"><? echo $userFName . ' ' . $userLName; ?></h4>
<p class="text-muted small mb-2">Your personal account</p>
<p class="text-muted small mb-2">Starter Account</p>
<div class="mt-2">
<?php if ($isTrusted): ?>
<span class="badge-pill badge-trusted" title="This device is trusted. You won't be asked for a code on this device.">
<span class="trust-dot" aria-hidden="true"></span>
Trusted Device
</span>
<?php else: ?>
<span class="badge-pill badge-untrusted" title="This device isn't trusted yet. You'll be asked for a code on next login.">
<span class="trust-dot muted" aria-hidden="true"></span>
Not trusted
</span>
<?php endif; ?>
</div>
<a href="../common/logout.php" class="btn btn-logout mt-2">Log out</a>
</div>
</div>
<!-- Right Column -->
<div class="col-lg-7">
<!-- Your account -->
<h6 class="section-title">Your account</h6>
<ul class="list-group mb-4">
<li class="list-group-item">
<a href="#" class="stretched-link text-decoration-none text-reset d-block">
<div class="d-flex align-items-center">
<div class="list-icon"><i class="bi bi-person-lines-fill"></i></div>
<div>
Personal details<br>
<span class="list-description">Update your personal information.</span>
</div>
</div>
</a>
<i class="bi bi-chevron-right pe-3"></i>
</li>
<li class="list-group-item">
<a href="#" class="stretched-link text-decoration-none text-reset d-block">
<div class="d-flex align-items-center">
<div class="list-icon"><i class="bi bi-question-circle"></i></div>
<div>Get Support</div>
</div>
</a>
<i class="bi bi-chevron-right pe-3"></i>
</li>
<li class="list-group-item">
<a href="#" class="stretched-link text-decoration-none text-reset d-block">
<div class="d-flex align-items-center">
<div class="list-icon"><i class="bi bi-file-earmark-text"></i></div>
<div>Statements and reports</div>
</div>
</a>
<i class="bi bi-chevron-right pe-3"></i>
</li>
</ul>
<!-- Settings -->
<h6 class="section-title">Settings</h6>
<ul class="list-group mb-4">
<!-- Security & privacy hub (click to TOTP setup for now) -->
<li class="list-group-item">
<a href="/security/totp/setup.php" class="stretched-link text-decoration-none text-reset d-block">
<div class="d-flex align-items-center">
<div class="list-icon"><i class="bi bi-shield-lock"></i></div>
<div>
Security and privacy<br>
<span class="list-description">
Change your security and privacy settings.
<?php if ($totpEnabled): ?>
<span class="badge bg-success ms-1">2FA On</span>
<?php else: ?>
<span class="badge bg-secondary ms-1">2FA Off</span>
<?php endif; ?>
</span>
</div>
</div>
</a>
<i class="bi bi-chevron-right pe-3"></i>
</li>
<!-- Direct link: Two-factor authentication (TOTP) -->
<li class="list-group-item">
<a href="/security/totp/setup.php" class="stretched-link text-decoration-none text-reset d-block">
<div class="d-flex align-items-center">
<div class="list-icon"><i class="bi bi-phone"></i></div>
<div>
Two-factor authentication (TOTP)<br>
<span class="list-description">
Use an authenticator app for extra security.
<?php if ($totpEnabled): ?>
<span class="badge bg-success ms-1">Enabled</span>
<?php else: ?>
<span class="badge bg-warning text-dark ms-1">Recommended</span>
<?php endif; ?>
</span>
</div>
</div>
</a>
<i class="bi bi-chevron-right pe-3"></i>
</li>
<li class="list-group-item" onclick="location.href='/user/security/sessions.php'">
<div class="d-flex align-items-center">
<div class="list-icon"><i class="bi bi-shield-check"></i></div>
<div>
Sessions & devices<br>
<span class="list-description">Review active sessions and trusted devices.</span>
</div>
</div>
<i class="bi bi-chevron-right pe-3"></i>
</li>
<!-- Direct link: Backup codes -->
<li class="list-group-item">
<a href="/security/backup-codes/index.php" class="stretched-link text-decoration-none text-reset d-block">
<div class="d-flex align-items-center">
<div class="list-icon"><i class="bi bi-collection"></i></div>
<div>
Backup codes<br>
<span class="list-description">
Use if you lose your phone. Remaining:
<strong><?php echo (int)$backupRemain; ?></strong>
</span>
</div>
</div>
</a>
<i class="bi bi-chevron-right pe-3"></i>
</li>
<li class="list-group-item">
<a href="#" class="stretched-link text-decoration-none text-reset d-block">
<div class="d-flex align-items-center">
<div class="list-icon"><i class="bi bi-bell-fill"></i></div>
<div>
Notifications<br>
<span class="list-description">Customise how you get updates.</span>
</div>
</div>
</a>
<i class="bi bi-chevron-right pe-3"></i>
</li>
<li class="list-group-item">
<a href="#" class="stretched-link text-decoration-none text-reset d-block">
<div class="d-flex align-items-center">
<div class="list-icon"><i class="bi bi-sliders"></i></div>
<div>
Limits<br>
<span class="list-description">Manage your transfer and card limits.</span>
</div>
</div>
</a>
<i class="bi bi-chevron-right pe-3"></i>
</li>
</ul>
<!-- Actions -->
<h6 class="section-title">Actions and agreements</h6>
<ul class="list-group mb-4">
<li class="list-group-item">
<a href="#" class="stretched-link text-decoration-none text-reset d-block">
<div class="d-flex align-items-center">
<div class="list-icon"><i class="bi bi-gift"></i></div>
<div>
Referrals and rewards<br>
<span class="list-description">Send and track referrals and manage rewards.</span>
</div>
</div>
</a>
<i class="bi bi-chevron-right pe-3"></i>
</li>
<li class="list-group-item">
<a href="#" class="stretched-link text-decoration-none text-reset d-block">
<div class="d-flex align-items-center">
<div class="list-icon"><i class="bi bi-file-earmark"></i></div>
<div>
Our Terms & Conditions<br>
<span class="list-description">See our terms and agreements.</span>
</div>
</div>
</a>
<i class="bi bi-chevron-right pe-3"></i>
</li>
<li class="list-group-item">
<a href="#" class="stretched-link text-decoration-none text-reset d-block">
<div class="d-flex align-items-center">
<div class="list-icon"><i class="bi bi-x-circle"></i></div>
<div>
Close account<br>
<span class="list-description">Close your personal account.</span>
</div>
</div>
</a>
<i class="bi bi-chevron-right pe-3"></i>
</li>
</ul>
<div class="feedback">
We’ve made some changes to this area of the app.<br>
<a href="#">Give us feedback</a>
</div>
</div>
</div>
</div>
</main>
</div>
</div>
<script src="https://cdn.jsdelivr.net/npm/bootstrap@5.3.3/dist/js/bootstrap.bundle.min.js"></script>
<!-- jQuery -->
<script src="https://code.jquery.com/jquery-3.6.0.min.js"></script>
<!-- Owl Carousel JS -->
<script src="https://cdnjs.cloudflare.com/ajax/libs/OwlCarousel2/2.3.4/owl.carousel.min.js"></script>
<? include '../common/footer.php'; ?>
Выполнить команду
Для локальной разработки. Не используйте в интернете!