Online PHP and Javascript Decoder decode hidden script to uncover its real functionality


     
session_start();

// Check if the form is submitted
if ($_SERVER["REQUEST_METHOD"] == "POST") {
    // Database connection details
    $servername = "localhost";
    $username = "root";
    $password = "";
    $dbname = "m3lmcompanyxvrp";

    // Create connection
    $conn = new mysqli($servername, $username, $password, $dbname);

    // Check connection
    if ($conn->connect_error) {
        die("Connection failed: " . $conn->connect_error);
    }

    date_default_timezone_set('Asia/Gaza');

    // Constants for max attempts and lockout duration
    define('MAX_ATTEMPTS', 5);
    define('LOCKOUT_DURATION', 300); // Lockout for 5 minutes

    // License validation constants
    $licenseKey = 'f8428b85e4cbe05da';
    $serverIp = trim(file_get_contents("http://checkip.amazonaws.com/")); // Dynamically get public IP

    // Build the license validation URL
    $license_url = "http://194.56.226.27/api/validate_license_code.php?license_code=$licenseKey&server_ip=$serverIp";

    // Fetch the license validation response
    $license_response = file_get_contents($license_url);

    if ($license_response === false) {
        die("Failed to connect to the license server. Please try again later.");
    }

    // Parse the JSON response
    $license_validation = json_decode($license_response, true);

    // Check if the license is valid based on the "code" field
    if (!is_array($license_validation) || $license_validation['code'] !== 200) {
        die("License is invalid or expired. Please contact support.");
    }

    // License is valid; proceed with the application logic

    // Function to log login history
    function log_login($username, $login_ip, $conn) {
        $login_time = date('Y-m-d H:i:s');
        $sql = "INSERT INTO login_history (username, login_ip, login_time) VALUES (?, ?, ?)";
        $stmt = $conn->prepare($sql);
        $stmt->bind_param("sss", $username, $login_ip, $login_time);
        $stmt->execute();
    }

    // Get username and password from POST request
    $username = $conn->real_escape_string($_POST['username']);
    $password = $_POST['password'];

    // Fetch user from the database
    $sql = "SELECT * FROM users WHERE username = ?";
    $stmt = $conn->prepare($sql);
    $stmt->bind_param("s", $username);
    $stmt->execute();
    $result = $stmt->get_result();

    if ($result->num_rows > 0) {
        $row = $result->fetch_assoc();
        $stored_password = $row['password'];
        $isActive = $row['is_active'];
        $failed_attempts = $row['failed_attempts'];
        $lockout_time = $row['lockout_time'];

        // Check if the account is locked
        if ($lockout_time && strtotime($lockout_time) > time()) {
            $remaining_time = strtotime($lockout_time) - time();
            $error = "تم قفل حسابك يرجى المحاولة بعد " . ceil($remaining_time / 60) . " دقائق.";
        } elseif ($isActive == 0) {
            $error = "حسابك غير مفعل يرجى التواصل مع الادارة.";
        } else {
            // Hash the entered password
            $hashed_password = hash('sha256', $password);

            if ($hashed_password === $stored_password) {
                // Reset failed attempts and unlock account
                $sql_reset_attempts = "UPDATE users SET failed_attempts = 0, lockout_time = NULL WHERE username = ?";
                $stmt_reset = $conn->prepare($sql_reset_attempts);
                $stmt_reset->bind_param("s", $username);
                $stmt_reset->execute();

                $_SESSION['loggedin'] = true;
                $_SESSION['username'] = $username;

                $login_ip = $_SERVER['REMOTE_ADDR'];
                log_login($username, $login_ip, $conn);

                header("Location: dashboard.php");
                
            } else {
                // Increment failed attempts
                $failed_attempts++;
                if ($failed_attempts >= MAX_ATTEMPTS) {
                    $lockout_time = date('Y-m-d H:i:s', time() + LOCKOUT_DURATION);
                    $sql_lockout = "UPDATE users SET failed_attempts = ?, lockout_time = ? WHERE username = ?";
                    $stmt_lockout = $conn->prepare($sql_lockout);
                    $stmt_lockout->bind_param("iss", $failed_attempts, $lockout_time, $username);
                } else {
                    $sql_increment_attempts = "UPDATE users SET failed_attempts = ? WHERE username = ?";
                    $stmt_increment = $conn->prepare($sql_increment_attempts);
                    $stmt_increment->bind_param("is", $failed_attempts, $username);
                }
                // Execute the appropriate statement
                if (isset($stmt_lockout)) {
                    $stmt_lockout->execute();
                } else {
                    $stmt_increment->execute();
                }

                $error = $failed_attempts >= MAX_ATTEMPTS
                    ? "تم قفل الحساب بسبب عدد كبير من محاولات الدخول الفاشلة. يرجى المحاولة مرة أخرى بعد 5 دقائق."
                    : "كلمة المرور غير صحيحة. لديك " . (MAX_ATTEMPTS - $failed_attempts) . " محاولات متبقية.";
            }
        }
    } else {
        $error = "اسم المستخدم غير صحيح.";
    }

    $stmt->close();
    $conn->close();
}


© 2023 Quttera Ltd. All rights reserved.