PHP WebShell

• .. (вверх)
• [DIR] ..
• [FILE] dismiss_trust_banner.php
• [FILE] revoke_device.php
• [FILE] revoke_session.php
• [FILE] sessions.php
• [FILE] trust_device.php

Просмотр файла: trust_device.php

<?php
// user/security/trust_device.php
require_once __DIR__ . '/../../config/bootstrap.php';
require_once __DIR__ . '/../../lib/csrf.php';

// Must be logged in
if (empty($_SESSION['user_id'])) { header('Location: /auth/login.php'); exit; }

// CSRF
if ($_SERVER['REQUEST_METHOD'] !== 'POST' ||
    !isset($_POST['csrf'], $_SESSION['csrf']) ||
    !hash_equals($_SESSION['csrf'], $_POST['csrf'])) {
  $_SESSION['flash'] = ['error' => 'Session expired. Please try again.'];
  header('Location: /user/dashboard/index.php'); exit;
}

$userId = (int)$_SESSION['user_id'];

// Optional device helper
$libDevice = __DIR__ . '/../../lib/device.php';
if (file_exists($libDevice)) require_once $libDevice;

if (function_exists('device_mark_trusted')) {
  // Use DB flag if available; fallback to 30 days
  $trustDays = function_exists('get_settings') ? (int)get_settings('otp_trust_days', 30) : 30;
  device_mark_trusted($conn, $userId, $trustDays);
  $_SESSION['flash'] = ['ok' => 'This device is now trusted. You won’t be asked for a code here again.'];
} else {
  $_SESSION['flash'] = ['error' => 'Unable to trust this device right now.'];
}

// Hide the banner after action
unset($_SESSION['show_trust_banner']);

// Go back to dashboard (or HTTP_REFERER if you prefer)
header('Location: /user/dashboard/index.php');
exit;

Выполнить команду