PHP WebShell

• .. (вверх)
• [DIR] ..
• [FILE] footer.php
• [FILE] header.php
• [FILE] logout.php
• [FILE] nav.php
• [FILE] page-footer.php
• [FILE] page-header.php

Просмотр файла: page-header.php

<?php
$referrer = $_SERVER['HTTP_REFERER'] ?? '';
$defaultUrl = 'http://wallet.bitcardo.com/user/dashboard/index.php'; // Change to your homepage

// Parse current site host and referrer host
$currentHost = $_SERVER['HTTP_HOST'];
$refHost = parse_url($referrer, PHP_URL_HOST);

// Check if referrer exists and matches the current host
if (!empty($referrer) && $refHost === $currentHost) {
    $previousUrl = $referrer;
} else {
    $previousUrl = $defaultUrl;
}
?>
<!-- PAGE HEADER-->
<section class="px-md-5 mt-5">
    <div class="container mt-md-3 row">
        <div class="col-4">
            <?
                if ($_SERVER['REQUEST_URI'] == '/' || basename($_SERVER['PHP_SELF']) == 'index.php') {
            ?>
                
            <?
                }else{
            ?>
                <a href="http://wallet.bitcardo.com/user/dashboard/index.php">
                    <div class="rounded-icon shadow-sm">
                        <i class="bi bi-house-door text-decoration-none text-muted"></i>
                    </div>
                </a>
            <?
                }
            ?>
        </div>
        <div class="col-8 py-3 px-0">
            <!-- Aligning the button to the right of the container -->
            <div class="d-flex justify-content-end me-0 pe-0">
                <button class="btn btn-warning btn-sm rounded-5 me-1 px-3 shadow-sm">Invite & Earn $5</button>
                <!-- Button with initials EB (visible on mobile) -->
                <a href="../account/account.php" class="d-md-none btn-initials text-decoration-none bg-primary text-white px-2 py-1 rounded-5" style="background-color: #006397 !important;" title="<? echo $userFName . ' ' . $userLName; ?> ">
                    <?= $initials; ?>
                </a>

                <!-- Full Name (visible on desktop) with image before the name -->
                <a href="../account/account.php" class="bg-primary border rounded-5 px-3 btn-full-name text-decoration-none d-none d-md-block text-white p-1" style="background-color: #006397 !important;" title="<? echo $userFName . ' ' . $userLName; ?> ">
                <!-- Image (replace the 'src' with the image URL) -->
                    <img src="https://via.placeholder.com/40" alt="Profile Image" onerror="this.style.display='none';">
                    <!-- Fallback to initials if image is not found -->
                    <span class="btn-initials" style="display:none;"><?= $initials; ?></span> 
                    <? echo $userFName . ' ' . $userLName; ?> 
                </a>
            </div>
        </div>
    </div>
    <?php
        $flash = $_SESSION['flash'] ?? null;
        if ($flash) {
        unset($_SESSION['flash']); ?>
        <div class="container mt-3">
            <?php if (!empty($flash['ok'])): ?>
            <div class="alert alert-success alert-dismissible fade show" role="alert">
                <?= htmlspecialchars($flash['ok']) ?>
                <button type="button" class="btn-close" data-bs-dismiss="alert" aria-label="Close"></button>
            </div>
            <?php elseif (!empty($flash['error'])): ?>
            <div class="alert alert-danger alert-dismissible fade show" role="alert">
                <?= htmlspecialchars($flash['error']) ?>
                <button type="button" class="btn-close" data-bs-dismiss="alert" aria-label="Close"></button>
            </div>
            <?php endif; ?>
        </div>
    <?php } ?>

    <?php
            // user/common/trust_banner.php (or inline)
            if (!empty($_SESSION['user_id']) && !empty($_SESSION['show_trust_banner'])) {
            $needsBanner = true;

            // If device is already trusted, don't show
            $libDevice = __DIR__ . '/../../lib/device.php';
            if (file_exists($libDevice)) {
                require_once $libDevice;
                if (function_exists('device_is_trusted') && device_is_trusted($conn, (int)$_SESSION['user_id'])) {
                $needsBanner = false;
                unset($_SESSION['show_trust_banner']);
                }
            }

            if ($needsBanner): ?>
                <div class="container mt-3">
                    <div class="alert d-flex align-items-center justify-content-between"
                        style="border:1px solid rgba(7,98,137,.2); background:#f0f7fb; color:#0b3a4d; border-radius:12px;">
                        <div class="me-3">
                        <strong>Trust this device?</strong><br>
                        If you trust this device, we won’t ask for a code here next time.
                        </div>
                        <div class="d-flex gap-2">
                        <form method="post" action="/user/security/trust_device.php" class="m-0">
                            <input type="hidden" name="csrf" value="<?= htmlspecialchars($_SESSION['csrf'] ?? '') ?>">
                            <button class="btn btn-sm" style="background:#076289;color:#fff;border:1px solid #076289;border-radius:999px;">
                            Yes, trust
                            </button>
                        </form>
                        <form method="post" action="/user/security/dismiss_trust_banner.php" class="m-0">
                            <input type="hidden" name="csrf" value="<?= htmlspecialchars($_SESSION['csrf'] ?? '') ?>">
                            <button class="btn btn-sm btn-light" style="border-radius:999px;border:1px solid #cbd5e1; color:#0b3a4d;">
                            No, ask next time
                            </button>
                        </form>
                        </div>
                    </div>
                </div>
            <?php endif;
            }
        ?>

</section>

Выполнить команду