403Webshell
Server IP : 51.89.169.208  /  Your IP : 216.73.216.9
Web Server : Apache
System : Linux ns3209505.ip-198-244-202.eu 4.18.0-553.27.1.el8_10.x86_64 #1 SMP Tue Nov 5 04:50:16 EST 2024 x86_64
User : yellowleaf ( 1019)
PHP Version : 7.4.33
Disable Function : exec,passthru,shell_exec,system
MySQL : OFF  |  cURL : ON  |  WGET : ON  |  Perl : ON  |  Python : ON  |  Sudo : ON  |  Pkexec : ON
Directory :  /home/yellowleaf/public_html/review_confirmation/

Upload File :
current_dir [ Writeable ] document_root [ Writeable ]

 

Command :

[ Back ]     

Current File : /home/yellowleaf/public_html/review_confirmation/new_review.html
<? 
require('../connect.php'); 
session_start();

if(isset($_POST['rate'])){
	$rev_name=ucwords(strtolower($_POST['rev_name']));
	$rev_date=time();
	$adid=$_POST['adid'];
	$member_id=$_POST['mid'];
	$rev_email=$_POST['rev_email'];
	$rev_rating=$_POST['rev_rating'];
	$rev_comment=$_POST['rev_comment'];
	$company_name=$_POST['companyname'];
	$validator=$_POST['validator'];
	$rev_key=md5(uniqid(rand()));
	$rev_confirm="0";
	$previous_captcha=$_SESSION['rand_code']; // for grabbing the old captcha for registration to compare with user input
	$company_name_url=strtolower($company_name);
	$company_name_url=str_replace(" ","-",$company_name_url);
	
if($validator!="utvq"){ /// captcha verification
$error = "veri";
}else{	
	$r2 = mysql_query("SELECT rev_id FROM reviews WHERE rev_ad_id='{$adid}' and rev_email='{$rev_email}'") or die(mysql_error());
	$a2 = mysql_fetch_array($r2);

	if($a2['rev_id']){
		$error="email";
	}else{
		$q3 = "INSERT INTO reviews SET
			   rev_member_id = '$member_id',
			   rev_ad_id = '$adid',
			   rev_name = '$rev_name',
			   rev_date = '$rev_date',
			   rev_email = '$rev_email',
			   rev_rating = '$rev_rating',
			   rev_comment = '$rev_comment',
			   rev_key = '$rev_key',
			   rev_confirm = '$rev_confirm'";

		$r3 = mysql_query($q3) or die(mysql_error());
		if ($r3) { $rev_id = mysql_insert_id(); }
		
		$to  = "$rev_name <$rev_email>";
		$subject = 'Review Confirmation - YellowLeaf';
		$email_message = '
			<div style="margin-bottom:5px;">Dear <b>'.$rev_name.'</b></div>
			<div>
			You have recently submitted a review at YellowLeaf on '.date('d/m/Y',$rev_date).'. In order for your review to be active, you must click on the link below for confirmation.<br><br>
			<a href="http://www.yellowleaf.co.uk/review_confirmation/?id='.$rev_id.'&em='.$rev_email.'&key='.$rev_key.'">Click here to confirm your review.</a><br><br><br>
			If you have not submitted a review on YellowLeaf, <a href="http://www.yellowleaf.co.uk/review_confirmation/bad_review.html?id='.$rev_id.'&em='.$rev_email.'">please click here to inform us</a>.
			</div>';
		
		// message template which includes $message and $email_message 
		include '../email_tmp/em_tmp.php';

		// To send HTML mail, the Content-type header must be set
		$headers  = 'MIME-Version: 1.0' . "\r\n";
		$headers .= 'Content-type: text/html; charset=iso-8859-1' . "\r\n";

		$headers .= 'From: YellowLeaf <support@yellowleaf.co.uk>' . "\r\n";
		mail($to, $subject, $message, $headers,"-f support@yellowleaf.co.uk");
		$success=TRUE;
	}
}
}
?>
<!DOCTYPE html>
<html>

<head>
<meta http-equiv="Content-Type" content="text/html; charset=windows-1252">
<title>Review Confirmation - YellowLeaf UK</title>
<link href="/style.css" rel="stylesheet" type="text/css">
<script src="/js/js.js"></script>
</head>

<body>

<? include '../header.php'; ?>
<table class="tbwdth">
	<tr>
		<td style="line-height:22px;color:#666;" valign="top">
		<?if($success==TRUE){?>
		<span class="pgeHead">Thank you submitting your review for <?=$company_name?>!</span>
		<div style="margin-top:20px;">
		But before your review becomes active on YellowLeaf you first need confirm your review. An email as been sent to you for confirmation of your review. The email has been sent to the following address 
		<i>'<?=$rev_email?>'</i>. Please check and click on the link provided.<br><br>
		<a class="button blue" style="border:0px;float:none;margin-top:10px" href="/pages/<?=$adid?>-<?=$company_name_url?>.html">Click here to return to <?=$company_name?> Profile Page</a>
		</div>
		<?}elseif($error=="veri"){?>
		<div style="font-weight:bold;color:red;margin:10px 0px;font-size:12pt;">
		<span style="font-size:18pt;">ERROR:</span><br>
		Your word verification does not match. Please try again.
		</div><br><br>
		<a class="button blue" style="border:0px;float:none;margin-top:10px" href="/pages/<?=$adid?>-<?=$company_name_url?>.html">Click here to go back</a>
		<?}elseif($error=="email"){?>
		<div style="font-weight:bold;color:red;margin:10px 0px;font-size:12pt;">
		<span style="font-size:18pt;">ERROR:</span><br>
		A review has already been posted with the email address of '<?=$rev_email?>'.
		</div><br><br>
		<a class="button blue" style="border:0px;float:none;margin-top:10px" href="/pages/<?=$adid?>-<?=$company_name_url?>.html">Click here to go back</a>
		
		<?}else{?>
		<span class="pgeHead">ERROR!</span>
		<div style="margin-top:20px;">Submitting review failed! Go back to <a href="http://www.yellowleaf.co.uk/">YellowLeaf</a></div>
		<?}?>
		</td>
	</tr>
</table>
<? include '../footer.php'; ?>

</body>

</html>

Youez - 2016 - github.com/yon3zu
LinuXploit