PHP WebShell

• .. (вверх)
• [DIR] ..
• [FILE] analytics_preferences.php
• [FILE] change_password.php
• [FILE] dismiss_trust_banner.php
• [FILE] limits.php
• [FILE] notifications.php
• [FILE] revoke_device.php
• [FILE] revoke_session.php
• [FILE] security_privacy.php
• [FILE] sessions.php
• [FILE] trust_device.php

Просмотр файла: revoke_device.php

<?php
// user/security/revoke_device.php
require_once __DIR__ . '/../../config/bootstrap.php';
require_once __DIR__ . '/../../lib/csrf.php';

if (empty($_SESSION['user_id'])) {
  header('Location: /auth/login.php');
  exit;
}

// keep your existing CSRF helper
csrf_verify_or_fail($_POST['csrf'] ?? null, '/auth/login.php');

$userId    = (int)$_SESSION['user_id'];
$udeviceId = (int)($_POST['id'] ?? 0);

if ($udeviceId > 0) {
  // FIX 1: udevice_id (not udev_id)
  // FIX 2: trusted_until should be cleared (NULL) when revoking
  $u = $conn->prepare("
    UPDATE user_devices
    SET trusted = 0,
        trusted_until = NULL
    WHERE udevice_id = ?
      AND user_id = ?
    LIMIT 1
  ");
  $u->bind_param('ii', $udeviceId, $userId);
  $u->execute();
  $u->close();
}

header('Location: /user/security/sessions.php?revoked=1');
exit;

Выполнить команду