PHP WebShell

• .. (вверх)
• [DIR] ..
• [FILE] dismiss_trust_banner.php
• [FILE] revoke_device.php
• [FILE] revoke_session.php
• [FILE] sessions.php
• [FILE] trust_device.php

Просмотр файла: dismiss_trust_banner.php

<?php
// user/security/dismiss_trust_banner.php
require_once __DIR__ . '/../../config/bootstrap.php';
require_once __DIR__ . '/../../lib/csrf.php';

if (empty($_SESSION['user_id'])) { header('Location: /auth/login.php'); exit; }

if ($_SERVER['REQUEST_METHOD'] !== 'POST' ||
    !isset($_POST['csrf'], $_SESSION['csrf']) ||
    !hash_equals($_SESSION['csrf'], $_POST['csrf'])) {
  $_SESSION['flash'] = ['error' => 'Session expired. Please try again.'];
  header('Location: /user/dashboard/index.php'); exit;
}

// Do NOT trust the device: just hide the banner.
// Because the device remains untrusted, next login will get challenged if your
// `otp_require_on_new_dev` flag is ON.
unset($_SESSION['show_trust_banner']);

$_SESSION['flash'] = ['ok' => 'We’ll ask for a code on your next login from this device.'];
header('Location: /user/dashboard/index.php');
exit;

Выполнить команду