xodivorce/xeorl
1
0
Fork 0
mirror of https://github.com/xodivorce/xeorl.git synced 2025-12-20 00:29:34 +05:30
Code Issues Packages Projects Releases Wiki Activity

v4.2.3

Browse Source
This commit is contained in:
Prasid Mandal
2025-02-05 15:50:04 +05:30
parent 7f15dbfc08
commit 55448e34c6
38 changed files with 449 additions and 663 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
htdocs/core/config.php
View File

@@ -1,18 +1,15 @@
<?php
// Load Composer's autoloader
require_once __DIR__ . '/vendor/autoload.php'; // Correct path for vendor directory in core
// Initialize dotenv and load environment variables
$dotenv = Dotenv\Dotenv::createImmutable(__DIR__ . '/../'); // Adjusted to point to htdocs/.env
require_once __DIR__ . '/vendor/autoload.php';
$dotenv = Dotenv\Dotenv::createImmutable(__DIR__ . '/../');
$dotenv->load();
// Database configuration
$host = $_ENV['DB_HOST'];
$user = $_ENV['DB_USER'];
$pass = $_ENV['DB_PASS'];
$db = $_ENV['DB_NAME'];
// Establish database connection
$conn = mysqli_connect($host, $user, $pass, $db);
if (!$conn) {
die("Database connection error: " . mysqli_connect_error());

29
htdocs/core/forgot_pass_action_one.php
View File

@@ -1,10 +1,8 @@
<?php
// Start timer for debugging
$start_time = microtime(true);
error_reporting(E_ALL);
ini_set('display_errors', 1);
// Include the environment variables and PHPMailer
require 'vendor/autoload.php';
use PHPMailer\PHPMailer\PHPMailer;
@@ -14,37 +12,30 @@ use Dotenv\Dotenv;
$dotenv = Dotenv::createImmutable(__DIR__ . '/../');
$dotenv->load();
// Database connection
require_once 'config.php';
$email = $_POST['email'];
if (filter_var($email, FILTER_VALIDATE_EMAIL)) {
// Generate a 6-digit OTP
$otp = rand(100000, 999999); // 6-digit OTP
$otp = rand(100000, 999999);
// Update the OTP in the database using mysqli
$sql = "UPDATE user SET user_otp = '$otp' WHERE user_email = '$email'";
if ($conn->query($sql) === TRUE) {
// Send OTP email
$mail = new PHPMailer(true);
try {
// Server settings
$mail->isSMTP();
$mail->Host = $_ENV['SMTP_HOST']; // Set the SMTP server to send through
$mail->Host = $_ENV['SMTP_HOST'];
$mail->SMTPAuth = true;
$mail->Username = $_ENV['SMTP_USER']; // SMTP username
$mail->Password = $_ENV['SMTP_PASS']; // SMTP password
$mail->Username = $_ENV['SMTP_USER'];
$mail->Password = $_ENV['SMTP_PASS'];
$mail->SMTPSecure = PHPMailer::ENCRYPTION_STARTTLS;
$mail->Port = $_ENV['SMTP_PORT'];
// Recipients
$mail->setFrom($_ENV['SMTP_USER'], 'Xeorl Support');
$mail->addAddress($email); // Add a recipient
$mail->addAddress($email);
// Content
$mail->isHTML(true);
$mail->Subject = 'Password Reset - Xeorl';
$mail->Body =
@@ -62,11 +53,11 @@ if (filter_var($email, FILTER_VALIDATE_EMAIL)) {
$mail->AltBody = 'Your OTP code is ' . $otp;
$mail->send();
// Redirect to ../forgot_pass_step_two.php
session_start(); // Start the session
$_SESSION['email'] = $email; // Store the email in the session
header('Location: ../forgot_pass_step_two.php'); // Redirect to the next page
exit; // Ensure no further script execution after redirection
session_start();
$_SESSION['email'] = $email;
header('Location: ../forgot_pass_step_two.php');
exit;
} catch (Exception $e) {
echo "Message could not be sent. Mailer Error: {$mail->ErrorInfo}";
}

11
htdocs/core/forgot_pass_action_three.php
View File

@@ -1,10 +1,9 @@
<?php
session_start(); // Start the session to access session variables
require_once 'config.php'; // Ensure this is your mysqli connection file
session_start();
require_once 'config.php';
error_reporting(E_ALL);
ini_set('display_errors', 1);
// Check if the email is stored in the session
if (!isset($_SESSION['email'])) {
header('Location: login.php');
exit();
@@ -16,28 +15,22 @@ if (isset($_POST['newPassword']) && isset($_POST['confirmPassword'])) {
$newPassword = $_POST['newPassword'];
$confirmPassword = $_POST['confirmPassword'];
// Check if the new password is at least 8 characters long
if (strlen($newPassword) < 8) {
$_SESSION['error_message'] = 'Password must be at least 8 characters long.';
header('Location: ../forgot_pass_step_three.php');
exit();
}
// Check if the new password and confirm password match
if ($newPassword !== $confirmPassword) {
$_SESSION['error_message'] = 'Passwords do not match.';
header('Location: ../forgot_pass_step_three.php');
exit();
}
// Hash the new password before storing it
$hashedPassword = password_hash($newPassword, PASSWORD_BCRYPT);
// Prepare the SQL query using mysqli
$sql = "UPDATE user SET user_pass = '$hashedPassword' WHERE user_email = '$email'";
if (mysqli_query($conn, $sql)) {
// No additional code needed here
header('Location: ../password_reset_success.php');
exit();
} else {

24
htdocs/core/forgot_pass_action_two.php
View File

@@ -1,44 +1,40 @@
<?php
session_start(); // Start the session to access session variables
require_once 'config.php'; // Include the database connection
session_start();
require_once 'config.php';
error_reporting(E_ALL);
ini_set('display_errors', 1);
$email = isset($_SESSION['email']) ? $_SESSION['email'] : ''; // Retrieve the email from the session
$email = $_SESSION['email'] ?? '';
if ($_SERVER['REQUEST_METHOD'] == 'POST') {
$userOtp = $_POST['otp']; // Get the OTP entered by the user
$userOtp = $_POST['otp'];
// Validate if email and OTP are set
if (!empty($email) && !empty($userOtp)) {
// Query the database to get the OTP for the user with the provided email using MySQLi
$sql = "SELECT user_otp FROM user WHERE user_email = '$email'";
$result = $conn->query($sql); // Execute the query
$sql = "SELECT user_otp FROM user WHERE user_email = ?";
$stmt = $conn->prepare($sql);
$stmt->bind_param('s', $email);
$stmt->execute();
$result = $stmt->get_result();
if ($result && $result->num_rows > 0) {
$row = $result->fetch_assoc();
$dbOtp = $row['user_otp']; // Fetch the OTP from the result set
$dbOtp = $row['user_otp'];
// Check if the OTP entered by the user matches the one in the database
if ($userOtp == $dbOtp) {
// OTP is correct, redirect to the next step
header('Location: ../forgot_pass_step_three.php');
exit;
} else {
// OTP is incorrect, set error message
$_SESSION['error_message'] = "Invalid OTP. Please double-check the OTP.";
header('Location: ../forgot_pass_step_two.php');
exit;
}
} else {
// Query failed or no result, set error message
$_SESSION['error_message'] = "Failed to retrieve OTP from the database.";
header('Location: ../forgot_pass_step_two.php');
exit;
}
} else {
// If email or OTP is empty, set error message
$_SESSION['error_message'] = "Please fill out the OTP.";
header('Location: ../forgot_pass_step_two.php');
exit;

2
htdocs/core/get_session_links.php
View File

@@ -4,12 +4,10 @@ include "config.php";
error_reporting(E_ALL);
ini_set('display_errors', 1);
// Check if the session variable for storing shortened links exists
if (!isset($_SESSION['shortened_links'])) {
$_SESSION['shortened_links'] = array();
}
// Retrieve and return the list of shortened links for the current session
$links = array();
foreach ($_SESSION['shortened_links'] as $link_id) {
$sql = mysqli_query($conn, "SELECT * FROM url WHERE id = '{$link_id}'");

10
htdocs/core/get_statistics.php
View File

@@ -1,16 +1,12 @@
<?php
// core/get_statistics.php
require 'config.php'; // Assuming config.php contains your database connection setup
require 'config.php';
error_reporting(E_ALL);
ini_set('display_errors', 1);
// Initialize variables in case the queries fail
$total_links = 0;
$total_clicks = 0;
$active_users = 0;
// Calculate total links
$sql_total_links = "SELECT COUNT(*) as total_links FROM url";
$result_total_links = mysqli_query($conn, $sql_total_links);
if ($result_total_links) {
@@ -20,7 +16,6 @@ if ($result_total_links) {
echo "Error fetching total links: " . mysqli_error($conn);
}
// Calculate total clicks
$sql_total_clicks = "SELECT SUM(clicks) as total_clicks FROM url";
$result_total_clicks = mysqli_query($conn, $sql_total_clicks);
if ($result_total_clicks) {
@@ -30,7 +25,6 @@ if ($result_total_clicks) {
echo "Error fetching total clicks: " . mysqli_error($conn);
}
// Calculate active users
$sql_total_users = "SELECT COUNT(*) as total_users FROM user";
$result_total_users = mysqli_query($conn, $sql_total_users);
if ($result_total_users) {
@@ -39,6 +33,4 @@ if ($result_total_users) {
} else {
echo "Error fetching total users: " . mysqli_error($conn);
}
?>

7
htdocs/core/login_action.php
View File

@@ -8,7 +8,6 @@ if (isset($_POST['login_btn'])) {
$email = mysqli_real_escape_string($conn, $_POST['user_email']);
$password = $_POST['user_pass'];
// Check if the email exists
$stmt = mysqli_prepare($conn, "SELECT * FROM user WHERE user_email = ?");
mysqli_stmt_bind_param($stmt, "s", $email);
mysqli_stmt_execute($stmt);
@@ -17,22 +16,18 @@ if (isset($_POST['login_btn'])) {
if (mysqli_num_rows($result) > 0) {
$row = mysqli_fetch_assoc($result);
// Check if the user is banned
if ($row['user_type'] == 4) {
$_SESSION['error'] = "Your account is banned. Please contact support.";
header('Location: ../login.php');
exit();
}
// Verify the password
if (password_verify($password, $row['user_pass'])) {
// Set session variables
$_SESSION['user_id'] = $row['id'];
$_SESSION['user_name'] = $row['user_name'];
$_SESSION['user_email'] = $row['user_email'];
$_SESSION['user_type'] = $row['user_type'];
// Redirect to monetization after successful login
header('Location: ../monetization.php');
exit();
} else {
@@ -46,4 +41,4 @@ if (isset($_POST['login_btn'])) {
exit();
}
}
?>
?>

19
htdocs/core/process.php
View File

@@ -1,57 +1,42 @@
<?php
// Enable error reporting
ini_set('display_errors', 1);
ini_set('display_startup_errors', 1);
error_reporting(E_ALL);
// Include the configuration file
include "core/config.php";
// Start session management
session_start();
// Initialize dotenv and load environment variables
$dotenv = Dotenv\Dotenv::createImmutable(__DIR__ . '/../');
$dotenv->load();
// Retrieve environment variables
$host = $_ENV['DB_HOST'];
$user = $_ENV['DB_USER'];
$pass = $_ENV['DB_PASS'];
$db = $_ENV['DB_NAME'];
// Establish database connection
$conn = mysqli_connect($host, $user, $pass, $db);
if (!$conn) {
die("Database connection error: " . mysqli_connect_error());
}
// Initialize the shortened URL variable
$new_url = "";
// Check if there's a GET request and process the shortened URL
if (isset($_GET)) {
foreach ($_GET as $key => $val) {
$u = mysqli_real_escape_string($conn, $key);
$new_url = str_replace('/', '', $u);
}
// Query the database for the full URL associated with the shortened URL
$sql = mysqli_query($conn, "SELECT full_url FROM url WHERE shorten_url = '{$new_url}'");
if (mysqli_num_rows($sql) > 0) {
// Increment the click count for the shortened URL
$sql2 = mysqli_query($conn, "UPDATE url SET clicks = clicks + 1 WHERE shorten_url = '{$new_url}'");
if ($sql2) {
// Fetch the full URL and store it in the session
$full_url = mysqli_fetch_assoc($sql);
$_SESSION['redirect_url'] = $full_url['full_url'];
// Instead of header redirect, include the unzipper.php page here
include 'unzipper.php'; // Include the unzipper.php page in this URL
exit(); // Exit to ensure the rest of the script doesn't run
include 'unzipper.php';
exit();
}
} else {
}
}
?>

14
htdocs/core/redirect_google.php
View File

@@ -1,17 +1,14 @@
<?php
session_start();
// Load Composer's autoloader
require_once __DIR__ . '/vendor/autoload.php'; // Correct path for vendor directory in core
require_once __DIR__ . '/vendor/autoload.php';
require_once 'config.php';
// Initialize dotenv and load environment variables
$dotenv = Dotenv\Dotenv::createImmutable(__DIR__ . '/../'); // Adjusted to point to htdocs/.env
$dotenv = Dotenv\Dotenv::createImmutable(__DIR__ . '/../');
$dotenv->load();
error_reporting(E_ALL);
ini_set('display_errors', 1);
// Database configuration
$clientID = $_ENV['CLIENT_ID'];
$clientSecret = $_ENV['CLIENT_SECRET'];
$redirectUri = $_ENV['REDIRECT_URI'];
@@ -34,33 +31,28 @@ if (isset($_GET['code'])) {
$name = $google_account_info->name;
$email = $google_account_info->email;
// Check if user exists in database
$stmt = $conn->prepare("SELECT id, user_name, user_email, user_type FROM user WHERE google_id = ? OR user_email = ?");
$stmt->bind_param("ss", $google_id, $email);
$stmt->execute();
$result = $stmt->get_result();
if ($result->num_rows == 0) {
// Insert new user
$default_user_type = 3; // Default user type
$default_user_type = 3;
$stmt = $conn->prepare("INSERT INTO user (google_id, user_email, user_name, user_type) VALUES (?, ?, ?, ?)");
$stmt->bind_param("sssi", $google_id, $email, $name, $default_user_type);
$stmt->execute();
$user_id = $stmt->insert_id;
} else {
// User exists, fetch user ID
$row = $result->fetch_assoc();
$user_id = $row['id'];
$name = $row['user_name'];
$email = $row['user_email'];
}
// Store user session
$_SESSION['user_id'] = $user_id;
$_SESSION['user_name'] = $name;
$_SESSION['user_email'] = $email;
// Redirect to monetization
header("Location: ../monetization.php");
exit();
} else {

87
htdocs/core/register_action.php
View File

@@ -1,57 +1,52 @@
<?php
include('config.php');
session_start(); // Start the session for storing error messages
error_reporting(E_ALL);
ini_set('display_errors', 1);
session_start();
require_once 'config.php';
if (isset($_POST['submit_btn'])) {
$fName = mysqli_real_escape_string($conn, $_POST['f_name']);
$lName = mysqli_real_escape_string($conn, $_POST['l_name']);
$email = mysqli_real_escape_string($conn, $_POST['user_email']);
$password = mysqli_real_escape_string($conn, $_POST['user_pass']); // Plain text password
$uName = $fName . " " . $lName;
$uType = 3; // Default user type (can be changed as per requirements)
// Check if password is at least 8 characters long
if (strlen($password) < 8) {
$_SESSION['error'] = "Password must be at least 8 characters long.";
header('Location: ../register.php'); // Redirect to the register page
if ($_SERVER["REQUEST_METHOD"] == "POST") {
if (!isset($_POST['user_agree'])) {
$_SESSION['error'] = "You must agree to the Terms & Conditions.";
header("Location: ../register.php");
exit();
}
// Check if email already exists
$checkEmail = "SELECT * FROM user WHERE user_email = '$email'";
$result = $conn->query($checkEmail);
if (isset($_POST['submit_btn'])) {
$fName = mysqli_real_escape_string($conn, $_POST['f_name']);
$lName = mysqli_real_escape_string($conn, $_POST['l_name']);
$email = mysqli_real_escape_string($conn, $_POST['user_email']);
$password = mysqli_real_escape_string($conn, $_POST['user_pass']);
$uName = $fName . " " . $lName;
$uType = 3;
if ($result->num_rows > 0) {
// Store the error message in the session
$_SESSION['error'] = "Email already exists. Please use a different email.";
header('Location: ../register.php'); // Redirect to the register page
exit();
} else {
// Hash the password before storing it
$hashedPassword = password_hash($password, PASSWORD_BCRYPT);
// Insert the user data with hashed password
$sql = "INSERT INTO user (`user_name`, `user_email`, `user_pass`, `user_type`, `user_otp`)
VALUES ('$uName', '$email', '$hashedPassword', '$uType', NULL)";
if ($conn->query($sql) === TRUE) {
// Get the user ID of the newly registered user
$userId = $conn->insert_id;
// Optionally, send an email or OTP for verification here
// Redirect to login page after successful registration
header('Location: ../login.php');
exit();
} else {
$_SESSION['error'] = "Error: " . $sql . "<br>" . $conn->error;
if (strlen($password) < 8) {
$_SESSION['error'] = "Password must be at least 8 characters long.";
header('Location: ../register.php');
exit();
}
}
}
$conn->close();
$checkEmail = "SELECT * FROM user WHERE user_email = '$email'";
$result = $conn->query($checkEmail);
if ($result->num_rows > 0) {
$_SESSION['error'] = "Email already exists. Please use a different email.";
header('Location: ../register.php');
exit();
} else {
$hashedPassword = password_hash($password, PASSWORD_BCRYPT);
$sql = "INSERT INTO user (`user_name`, `user_email`, `user_pass`, `user_type`, `user_otp`)
VALUES ('$uName', '$email', '$hashedPassword', '$uType', NULL)";
if ($conn->query($sql) === TRUE) {
$userId = $conn->insert_id;
header('Location: ../login.php');
exit();
} else {
$_SESSION['error'] = "Error: " . $sql . "<br>" . $conn->error;
header('Location: ../register.php');
exit();
}
}
}
$conn->close();
}
?>

47
htdocs/core/resend.php
View File

@@ -1,70 +1,46 @@
<?php
// Start the session
session_start();
// Include necessary files
require_once 'config.php'; // Ensure this is your mysqli connection file
require_once 'config.php';
require 'vendor/autoload.php';
error_reporting(E_ALL);
ini_set('display_errors', 1);
use PHPMailer\PHPMailer\PHPMailer;
use PHPMailer\PHPMailer\Exception;
use Dotenv\Dotenv;
// Load environment variables using Dotenv
$dotenv = Dotenv::createImmutable(__DIR__ . '/../');
$dotenv->load();
// Check if the email is stored in the session
if (isset($_SESSION['email'])) {
$email = $_SESSION['email'];
$otp = rand(100000, 999999);
// Generate a new 6-digit OTP
$otp = rand(100000, 999999); // Change this to generate a 6-digit OTP
// Update the OTP in the database for the user using mysqli
$sql = "UPDATE user SET user_otp = '$otp' WHERE user_email = '$email'";
if (mysqli_query($conn, $sql)) {
// Send the OTP to the user's email
$mail = new PHPMailer(true);
try {
// Server settings
$mail->isSMTP();
$mail->Host = $_ENV['SMTP_HOST']; // SMTP server
$mail->SMTPAuth = true;
$mail->Username = $_ENV['SMTP_USER']; // SMTP username
$mail->Password = $_ENV['SMTP_PASS']; // SMTP password
$mail->Host = $_ENV['SMTP_HOST'];
$mail->SMTPAuth = true;
$mail->Username = $_ENV['SMTP_USER'];
$mail->Password = $_ENV['SMTP_PASS'];
$mail->SMTPSecure = PHPMailer::ENCRYPTION_STARTTLS;
$mail->Port = $_ENV['SMTP_PORT'];
$mail->Port = $_ENV['SMTP_PORT'];
// Recipients
$mail->setFrom($_ENV['SMTP_USER'], 'Xeorl Support');
$mail->addAddress($email); // Add a recipient
$mail->addAddress($email);
// Content
$mail->isHTML(true);
$mail->Subject = 'Password Reset - Xeorl';
$mail->Body =
'Hello User,<br><br>
Your one time password: <b>' . $otp . '</b>.<br><br>
Your one-time password (OTP) is valid for a single session. If you refresh the page or exit the Next Step portal, you will need to regenerate a new OTP.<br><br>
If you did not request this OTP, please contact us immediately at www.xeorl.buzz<br><br>
Regards,<br>
Xeorl<br>
' . date("Y") . ' © All rights reserved';
$mail->Body = 'Hello User,<br><br>Your one time password: <b>' . $otp . '</b>.<br><br>Your one-time password (OTP) is valid for a single session. If you refresh the page or exit the Next Step portal, you will need to regenerate a new OTP.<br><br>If you did not request this OTP, please contact us immediately at www.xeorl.buzz<br><br>Regards,<br>Xeorl<br>' . date("Y") . ' © All rights reserved';
$mail->AltBody = 'Your OTP code is ' . $otp;
// Send the email
$mail->send();
$_SESSION['success_message'] = 'A new OTP has been sent to your email address.';
header('Location: ../forgot_pass_step_two.php'); // Redirect back to the confirmation page
header('Location: ../forgot_pass_step_two.php');
exit;
} catch (Exception $e) {
echo "Message could not be sent. Mailer Error: {$mail->ErrorInfo}";
}
@@ -72,7 +48,6 @@ if (isset($_SESSION['email'])) {
echo "Failed to update OTP in the database: " . mysqli_error($conn);
}
// Close the MySQLi statement
mysqli_close($conn);
} else {
echo "No email found in session.";

17
htdocs/core/url-controll.php
View File

@@ -3,6 +3,7 @@ session_start();
include "config.php";
error_reporting(E_ALL);
ini_set('display_errors', 1);
$full_url = mysqli_real_escape_string($conn, $_POST['full_url']);
if (!empty($full_url) && filter_var($full_url, FILTER_VALIDATE_URL)) {
@@ -12,14 +13,22 @@ if (!empty($full_url) && filter_var($full_url, FILTER_VALIDATE_URL)) {
if (mysqli_num_rows($sql) > 0) {
echo "Something went wrong. Please generate again!";
} else {
$sql2 = mysqli_query($conn, "INSERT INTO url (full_url, shorten_url, clicks)
VALUES ('{$full_url}', '{$ran_url}', '0')");
$user_email = isset($_SESSION['user_email']) ? $_SESSION['user_email'] : NULL;
if ($user_email !== NULL) {
$sql2 = mysqli_query($conn, "INSERT INTO url (full_url, shorten_url, clicks, user_email)
VALUES ('{$full_url}', '{$ran_url}', '0', '{$user_email}')");
} else {
$sql2 = mysqli_query($conn, "INSERT INTO url (full_url, shorten_url, clicks)
VALUES ('{$full_url}', '{$ran_url}', '0')");
}
if ($sql2) {
$link_id = mysqli_insert_id($conn); // Get the ID of the newly inserted row
$link_id = mysqli_insert_id($conn);
if (!isset($_SESSION['shortened_links'])) {
$_SESSION['shortened_links'] = array();
}
$_SESSION['shortened_links'][] = $link_id; // Store the link ID in session
$_SESSION['shortened_links'][] = $link_id;
$shorten_url = $ran_url;
echo $shorten_url;