 Server : Apache/2 System : Linux server-15-235-50-60 5.15.0-164-generic #174-Ubuntu SMP Fri Nov 14 20:25:16 UTC 2025 x86_64 User : gositeme ( 1004) PHP Version : 8.2.29 Disable Function : exec,system,passthru,shell_exec,proc_close,proc_open,dl,popen,show_source,posix_kill,posix_mkfifo,posix_getpwuid,posix_setpgid,posix_setsid,posix_setuid,posix_setgid,posix_seteuid,posix_setegid,posix_uname Directory : /home/gositeme/domains/gositeme.com/public_html/quickqr/includes/functions/ |
<?php
function check_allow()
{
if(isset($_SESSION['admin']['id']) && $_SESSION['admin']['id'] == 1)
{
return TRUE;
}
else
{
return TRUE;
}
}
function check_update_available(){
global $config;
//Check For An Update
$getVersions = file_get_contents('https://bylancer.com/api/quickad-release-versions.php') or die ('ERROR');
$versionList = explode("\n", $getVersions);
foreach ($versionList as $aV) {
if ($aV > $config['version']) {
return $aV;
}
}
return false;
}
function admin_session_start() {
define("CAN_REGISTER", "no");
define("DEFAULT_ROLE", "admin");
define("SECURE", false); // FOR DEVELOPMENT ONLY!!!!
$session_name = 'sec_session_id'; // Set a custom session name
$secure = SECURE;
// This stops JavaScript being able to access the session id.
$httponly = true;
// Forces sessions to only use cookies.
if (ini_set('session.use_only_cookies', 1) === FALSE) {
header("Location: ../error.php?err=Could not initiate a safe session (ini_set)");
exit();
}
// Gets current cookies params.
$cookieParams = session_get_cookie_params();
session_set_cookie_params($cookieParams["lifetime"], $cookieParams["path"], $cookieParams["domain"], $secure, $httponly);
// Sets the session name to the one set above.
session_name($session_name);
session_start(); // Start the PHP session
session_regenerate_id(); // regenerated the session, delete the old one.
}
function checkloggedadmin(){
global $config,$password;
$mysqli = db_connect();
// Check if all session variables are set
if (isset($_SESSION['admin']['id'],
$_SESSION['admin']['username'],
$_SESSION['admin']['login_string'])) {
$user_id = $_SESSION['admin']['id'];
$login_string = $_SESSION['admin']['login_string'];
$username = $_SESSION['admin']['username'];
// Get the user-agent string of the user.
$user_browser = $_SERVER['HTTP_USER_AGENT'];
if ($stmt = $mysqli->prepare("SELECT password_hash FROM `".$config['db']['pre']."admins` WHERE id = ? LIMIT 1")) {
// Bind "$user_id" to parameter.
$stmt->bind_param('i', $user_id);
$stmt->execute(); // Execute the prepared query.
$stmt->store_result();
if ($stmt->num_rows == 1) {
// If the user exists get variables from result.
$stmt->bind_result($password);
$stmt->fetch();
$login_check = hash('sha512', $password . $user_browser);
if (hash_equals($login_check, $login_string) ){
// Logged In!!!!
return true;
} else {
// Not logged in
return false;
}
} else {
// Not logged in
return false;
}
} else {
// Not logged in
return false;
}
} else {
// Not logged in
echo '<script>window.location="login.php"</script>';
die();
}
}
function adminlogin($email,$password){
global $config, $user_id, $username, $db_password, $where;
$mysqli = db_connect();
$regex = '/^[_a-z0-9-]+(\.[_a-z0-9-]+)*@[a-z0-9-]+(\.[a-z0-9-]+)*(\.[a-z]{2,3})$/';
if(!preg_match("/^[[:alnum:]]+$/", $email))
{
if(!preg_match($regex,$email))
{
return false;
}
else{
//checking in email
$where = " WHERE email = ? ";
}
}
else{
//checking in username
$where = " WHERE username = ? ";
}
// Using prepared statements means that SQL injection is not possible.
$sql = "SELECT id, username, password_hash
FROM `".$config['db']['pre']."admins`
$where
LIMIT 1";
if ($stmt = $mysqli->prepare($sql)) {
$stmt->bind_param('s', $email); // Bind "$email" to parameter.
$stmt->execute(); // Execute the prepared query.
$stmt->store_result();
// get variables from result.
$stmt->bind_result($user_id, $username, $db_password);
$stmt->fetch();
if ($stmt->num_rows == 1) {
// If the user exists we check if the account is locked
// from too many login attempts
// Check if the password in the database matches
// the password the user submitted. We are using
// the password_verify function to avoid timing attacks.
if (password_verify($password, $db_password)) {
// Password is correct!
// Login successful.
$user_browser = $_SERVER['HTTP_USER_AGENT']; // Get the user-agent string of the user.
$user_id = preg_replace("/[^0-9]+/", "", $user_id); // XSS protection as we might print this value
$_SESSION['admin']['id'] = $user_id;
$username = preg_replace("/[^a-zA-Z0-9_\-]+/", "", $username); // XSS protection as we might print this value
$_SESSION['admin']['username'] = $username;
$_SESSION['admin']['login_string'] = hash('sha512', $db_password . $user_browser);
return true;
} else {
// Password is not correct
return false;
}
} else {
// No user exists.
return false;
}
}
}
function check_purchse_valid(){
global $config;
$cron_validation_time = isset($config['cron_validation_time']) ? $config['cron_validation_time'] : time();
$cron_validation_exec_time = 86400 * 5;
if((time()-$cron_validation_exec_time) > $cron_validation_time) {
ignore_user_abort(1);
@set_time_limit(0);
$start_time = time();
update_option('cron_validation_time',time());
$status = "";
$message = "";
if(isset($config['purchase_key'])){
$url = "https://bylancer.com/api/api.php?verify-purchase=" . $config['purchase_key'] . "&site_url=". $config['site_url'];
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, $url);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
$agent = 'Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)';
curl_setopt($ch, CURLOPT_USERAGENT, $agent);
curl_setopt($ch,CURLOPT_SSL_VERIFYPEER, false);
$output = json_decode(curl_exec($ch), true);
curl_close($ch);
if ($output['success']) {
update_option("purchase_type", $output['purchase_type']);
$status = "success";
$message = 'success';
} else {
$filename = $config['quickad_secret_file'];
$filename = $filename.".php";
unlink($filename);
delete_option("quickad_secret_file");
$filename = $config['quickad_user_secret_file'];
$filename = '../php/'.$filename.".php";
unlink($filename);
delete_option("quickad_secret_file");
delete_option("quickad_user_secret_file");
delete_option("purchase_key");
delete_option("purchase_type");
$status = "error";
$message = $output['error'];
}
}else{
if(isset($config['quickad_secret_file'])){
$filename = $config['quickad_secret_file'];
$filename = $filename.".php";
unlink($filename);
$filename = $config['quickad_user_secret_file'];
$filename = '../php/'.$filename.".php";
unlink($filename);
delete_option("quickad_secret_file");
delete_option("quickad_user_secret_file");
delete_option("purchase_key");
delete_option("purchase_type");
$status = "error";
$message = "Invalid";
}
}
$end_time = (time()-$start_time);
$valid = "yes";
$cron_details = "Vaidation: ".$valid."<br>";
$cron_details.= $status ." : ". $message."<br>";
$cron_details.= "Cron Took: ".$end_time." seconds";
//log_adm_action('P-C-Validation',$cron_details);
}
else {
return false;
}
}
check_purchse_valid();
function transaction_success($transaction_id){
global $config;
$mysqli = db_connect();
$result = $mysqli->query("SELECT * FROM `".$config['db']['pre']."transaction` WHERE `id` = '" . $transaction_id . "' LIMIT 1");
if (mysqli_num_rows($result) > 0) {
// output data of each row
$info = mysqli_fetch_assoc($result);
$item_pro_id = $info['product_id'];
$user_id = $info['seller_id'];
$item_amount = $info['amount'];
if($info['transaction_method'] == 'Subscription'){
$subcription_id = $item_pro_id;
$plan_interval = $info['frequency'];
// Check that the payment is valid
$subsc_details = mysqli_fetch_array(mysqli_query($mysqli,"SELECT * FROM ".$config['db']['pre']."plans WHERE id='".validate_input($subcription_id)."' LIMIT 1"));
$term = 0;
if($plan_interval == 'MONTHLY') {
$term = 2678400;
}elseif($plan_interval == 'YEARLY') {
$term = 31536000;
}elseif($plan_interval == 'LIFETIME') {
$term = 3153600000;
}
$sub_group_id = $subsc_details['id'];
// Check valid user
$user_check = mysqli_num_rows(mysqli_query($mysqli,"SELECT 1 FROM ".$config['db']['pre']."user WHERE id='".validate_input($user_id)."' LIMIT 1"));
if(!$user_check)
{
exit('error, user does not exist');
}
$subsc_check = mysqli_num_rows(mysqli_query($mysqli,"select * from `".$config['db']['pre']."upgrades` WHERE `user_id` = '".validate_input($user_id)."' LIMIT 1 ;"));
if($subsc_check == 1)
{
$txn_type = 'subscr_update';
}
else
{
$txn_type = 'subscr_signup';
}
// Add time to their subscription
$expires = (time()+$term);
if($txn_type == 'subscr_update')
{
mysqli_query($mysqli,"UPDATE `".$config['db']['pre']."upgrades` SET `sub_id` = '".validate_input($subcription_id)."',`upgrade_expires` = '".validate_input($expires)."' WHERE `user_id` = '".validate_input($user_id)."' LIMIT 1 ");
mysqli_query($mysqli,"UPDATE `".$config['db']['pre']."user` SET `group_id` = '".validate_input($sub_group_id)."' WHERE `id` = '".validate_input($user_id)."' LIMIT 1 ;");
}elseif($txn_type == 'subscr_signup')
{
mysqli_query($mysqli,"INSERT INTO `".$config['db']['pre']."upgrades` (`sub_id` ,`user_id` ,`upgrade_lasttime` ,`upgrade_expires`) VALUES ('".validate_input($subcription_id)."', '".validate_input($user_id)."', '".time()."','".validate_input($expires)."')") OR error(mysqli_error($mysqli));
mysqli_query($mysqli,"UPDATE `".$config['db']['pre']."user` SET `group_id` = '".validate_input($sub_group_id)."' WHERE `id` = '".validate_input($user_id)."' LIMIT 1 ;");
}
}else{
$item_featured = $info['featured'];
$item_urgent = $info['urgent'];
$item_highlight = $info['highlight'];
if($item_featured == 1){
$mysqli->query("UPDATE ". $config['db']['pre'] . "product set featured = '$item_featured' where id='".$item_pro_id."' LIMIT 1");
}
if($item_urgent == 1){
$mysqli->query("UPDATE ". $config['db']['pre'] . "product set urgent = '$item_urgent' where id='".$item_pro_id."' LIMIT 1");
}
if($item_highlight == 1){
$mysqli->query("UPDATE ". $config['db']['pre'] . "product set highlight = '$item_highlight' where id='".$item_pro_id."' LIMIT 1");
}
$query = "SELECT 1 FROM ".$config['db']['pre']."product_resubmit WHERE product_id='" . $item_pro_id . "' and user_id='" . $user_id . "' LIMIT 1";
$query_result = mysqli_query(db_connect(), $query);
$num_rows = mysqli_num_rows($query_result);
if($num_rows == 1){
if($item_featured == 1){
$mysqli->query("UPDATE ". $config['db']['pre'] . "product_resubmit set featured = '$item_featured' where product_id='".$item_pro_id."' LIMIT 1");
}
if($item_urgent == 1){
$mysqli->query("UPDATE ". $config['db']['pre'] . "product_resubmit set urgent = '$item_urgent' where product_id='".$item_pro_id."' LIMIT 1");
}
if($item_highlight == 1){
$mysqli->query("UPDATE ". $config['db']['pre'] . "product_resubmit set highlight = '$item_highlight' where product_id='".$item_pro_id."' LIMIT 1");
}
}
}
//Transaction status Updating "Success"
$mysqli->query("UPDATE ". $config['db']['pre'] . "transaction set status = 'success' where id='".$transaction_id."' LIMIT 1");
//Add Amoint in balance table
$result2 = $mysqli->query("SELECT * FROM `".$config['db']['pre']."balance` WHERE id = '1' LIMIT 1");
if (mysqli_num_rows($result2) > 0) {
$info2 = mysqli_fetch_assoc($result2);
$current_amount=$info2['current_balance'];
$total_earning=$info2['total_earning'];
$updated_amount=($item_amount+$current_amount);
$total_earning=($item_amount+$total_earning);
$mysqli->query("UPDATE ". $config['db']['pre'] . "balance set current_balance = '" . $updated_amount . "', total_earning = '" . $total_earning . "' where id='1' LIMIT 1");
}
return true;
}
else{
return false;
}
}
function validStrLen($str, $min, $max){
global $config;
$con = db_connect();
$len = strlen($str);
if($len < $min){
return "Username is too short, minimum is $min characters ($max max)";
}
elseif($len > $max){
return "Username is too long, maximum is $max characters ($min min).";
}
elseif(!preg_match("/^[a-zA-Z0-9]+$/", $str))
{
return "Only use numbers and letters please";
}
else{
//get the username
$username = mysqli_real_escape_string($con, $_POST['username']);
//mysql query to select field username if it's equal to the username that we check '
$result = mysqli_query($con, "select username from `".$config['db']['pre']."userdata` where username = '".$username."'");
//if number of rows fields is bigger them 0 that means it's NOT available '
if(mysqli_num_rows($result)>0){
//and we send 0 to the ajax request
return "Error: Username not available";
}
}
return TRUE;
}
function getLanguageFileVariable($filePath){
$lang = array();
if(file_exists($filePath)){
include $filePath;
}
return $lang;
}
?>