T.ME/BIBIL_0DAY
CasperSecurity


Server : Apache/2
System : Linux server-15-235-50-60 5.15.0-164-generic #174-Ubuntu SMP Fri Nov 14 20:25:16 UTC 2025 x86_64
User : gositeme ( 1004)
PHP Version : 8.2.29
Disable Function : exec,system,passthru,shell_exec,proc_close,proc_open,dl,popen,show_source,posix_kill,posix_mkfifo,posix_getpwuid,posix_setpgid,posix_setsid,posix_setuid,posix_setgid,posix_seteuid,posix_setegid,posix_uname
Directory :  /home/gositeme/.cursor-server/data/User/History/-253a5ec/

Upload File :
current_dir [ Writeable ] document_root [ Writeable ]

 

Current File : /home/gositeme/.cursor-server/data/User/History/-253a5ec/KLEd.php
<?php
session_start();
require_once 'includes/db.php';

// Handle return to admin action
if (isset($_GET['return_to_admin']) && $_GET['return_to_admin'] === '1') {
    if (isset($_SESSION['admin_user_id']) && isset($_SESSION['logged_in_as_user'])) {
        // Get admin user info
        $stmt = $pdo->prepare("SELECT * FROM users WHERE id = ?");
        $stmt->execute([$_SESSION['admin_user_id']]);
        $admin_user = $stmt->fetch();
        
        if ($admin_user) {
            // Restore admin session
            $_SESSION['user_id'] = $admin_user['id'];
            $_SESSION['username'] = $admin_user['username'];
            $_SESSION['email'] = $admin_user['email'];
            $_SESSION['credits'] = $admin_user['credits'];
            $_SESSION['plan'] = $admin_user['plan'];
            $_SESSION['is_admin'] = $admin_user['is_admin'];
            
            // Clear temporary session data
            unset($_SESSION['admin_user_id']);
            unset($_SESSION['admin_username']);
            unset($_SESSION['logged_in_as_user']);
            
            // Log the return action
            $stmt = $pdo->prepare("INSERT INTO admin_logs (admin_id, action, target_user_id, details, created_at) VALUES (?, ?, ?, ?, NOW())");
            $stmt->execute([$_SESSION['user_id'], 'return_to_admin', null, "Admin returned to admin mode"]);
            
            header('Location: admin.php?message=Successfully returned to admin mode');
            exit;
        }
    }
    header('Location: login.php');
    exit;
}

// Check if user is admin
if (!isset($_SESSION['user_id']) || !isset($_SESSION['is_admin']) || !$_SESSION['is_admin']) {
    header('Location: login.php');
    exit;
}

if ($_POST['action'] === 'login_as_user' && isset($_POST['user_id'])) {
    $user_id = (int)$_POST['user_id'];
    
    // Get the target user's information
    $stmt = $pdo->prepare("SELECT * FROM users WHERE id = ?");
    $stmt->execute([$user_id]);
    $target_user = $stmt->fetch();
    
    if ($target_user) {
        // Store admin session info
        $_SESSION['admin_user_id'] = $_SESSION['user_id'];
        $_SESSION['admin_username'] = $_SESSION['username'];
        $_SESSION['logged_in_as_user'] = true; // Flag to indicate admin is logged in as user
        
        // Switch to target user
        $_SESSION['user_id'] = $target_user['id'];
        $_SESSION['username'] = $target_user['username'];
        $_SESSION['email'] = $target_user['email'];
        $_SESSION['credits'] = $target_user['credits'];
        $_SESSION['plan'] = $target_user['plan'];
        $_SESSION['is_admin'] = false; // Temporarily remove admin status
        
        // Log the action
        $admin_id = $_SESSION['admin_user_id'];
        $stmt = $pdo->prepare("INSERT INTO admin_logs (admin_id, action, target_user_id, details, created_at) VALUES (?, ?, ?, ?, NOW())");
        $stmt->execute([$admin_id, 'login_as_user', $user_id, "Admin logged in as user: {$target_user['username']}"]);
        
        header('Location: dashboard.php');
        exit;
    } else {
        $_SESSION['error'] = 'User not found';
        header('Location: admin.php?tab=users');
        exit;
    }
} else {
    $_SESSION['error'] = 'Invalid request';
    header('Location: admin.php?tab=users');
    exit;
}
?>

CasperSecurity Mini