OXIESEC PANEL

Name	Size	Modified	Perms
📁 ..	-	10/11/2024 05:53:15 AM	rwxr-xr-x
📄 .htaccess	129 bytes	10/11/2024 05:50:59 AM	rw-rw-rw-
📄 .htpasswd	48 bytes	10/11/2024 05:50:59 AM	rw-rw-rw-
📄 WS_FTP.LOG	61.05 KB	10/11/2024 05:50:59 AM	rw-rw-rw-
📄 access_control.php	6.46 KB	10/11/2024 05:50:59 AM	rw-rw-rw-
📄 admin_details.inc	961 bytes	10/11/2024 05:50:59 AM	rw-rw-rw-
📄 admin_footer.inc	501 bytes	10/11/2024 05:50:59 AM	rw-rw-rw-
📄 admin_footer.php	48 bytes	10/11/2024 05:50:59 AM	rw-rw-rw-
📄 admin_header.php	4.2 KB	10/11/2024 05:50:59 AM	rw-rw-rw-
📄 admin_header.php.1.6.2015	3.94 KB	10/11/2024 05:50:59 AM	rw-rw-rw-
📄 admin_links.inc	1.1 KB	10/11/2024 05:50:59 AM	rw-rw-rw-
📄 admin_login.php	2.21 KB	10/11/2024 05:50:59 AM	rw-rw-rw-
📄 admin_new-06-02-2019.php	30.19 KB	10/11/2024 05:50:59 AM	rw-rw-rw-
📄 admin_new.php	30.6 KB	10/11/2024 05:50:59 AM	rw-rw-rw-
📄 admin_setup.sql	1.82 KB	10/11/2024 05:50:59 AM	rw-rw-rw-
📄 admin_style.inc	652 bytes	10/11/2024 05:50:59 AM	rw-rw-rw-
📄 admin_style.sql	1.67 KB	10/11/2024 05:50:59 AM	rw-rw-rw-
📄 admin_table.php	829 bytes	10/11/2024 05:50:59 AM	rw-rw-rw-
📁 assetmanager	-	10/11/2024 05:50:59 AM	rwxr-xr-x
📄 banners.inc	867 bytes	10/11/2024 05:50:59 AM	rw-rw-rw-
📁 bootstrap	-	10/11/2024 05:50:59 AM	rwxr-xr-x
📄 cms_links.inc	1.65 KB	10/11/2024 05:50:59 AM	rw-rw-rw-
📄 commitee-4.10.19.inc	2.38 KB	10/11/2024 05:50:59 AM	rw-rw-rw-
📄 commitee-4.7.19.inc	2.33 KB	10/11/2024 05:50:59 AM	rw-rw-rw-
📄 commitee.inc	2.53 KB	10/11/2024 05:50:59 AM	rw-rw-rw-
📄 committee_main_cat.inc	1.63 KB	10/11/2024 05:50:59 AM	rw-rw-rw-
📄 committee_sub_cat.inc	1.74 KB	10/11/2024 05:50:59 AM	rw-rw-rw-
📄 contact_form.inc	1.6 KB	10/11/2024 05:50:59 AM	rw-rw-rw-
📄 content.inc	2.14 KB	10/11/2024 05:50:59 AM	rw-rw-rw-
📄 dblib.php	4.55 KB	10/11/2024 05:50:59 AM	rw-rw-rw-
📄 dblib.php.old	4.25 KB	10/11/2024 05:50:59 AM	rw-rw-rw-
📄 event_budget.inc	1.91 KB	10/11/2024 05:50:59 AM	rw-rw-rw-
📄 event_documents.inc	1.73 KB	10/11/2024 05:50:59 AM	rw-rw-rw-
📄 event_gallery.inc	1.71 KB	10/11/2024 05:50:59 AM	rw-rw-rw-
📄 events.inc	2.46 KB	10/11/2024 05:50:59 AM	rw-rw-rw-
📄 func_lib.php	33.68 KB	10/11/2024 05:50:59 AM	rw-rw-rw-
📄 gallery.inc	1.57 KB	10/11/2024 05:50:59 AM	rw-rw-rw-
📄 genmodfile.php	4.61 KB	10/11/2024 05:50:59 AM	rw-rw-rw-
📄 headers.inc	825 bytes	10/11/2024 05:50:59 AM	rw-rw-rw-
📁 images	-	10/11/2024 05:50:59 AM	rwxr-xr-x
📄 imc_journals.inc	1.78 KB	10/11/2024 05:50:59 AM	rw-rw-rw-
📄 index.html	227 bytes	10/11/2024 05:50:59 AM	rw-rw-rw-
📄 index.php	1.47 KB	10/11/2024 05:50:59 AM	rw-rw-rw-
📄 industry_notifications.inc	1.89 KB	10/11/2024 05:50:59 AM	rw-rw-rw-
📄 international_collaborations.inc	1.51 KB	10/11/2024 05:50:59 AM	rw-rw-rw-
📄 job_applications.inc	1.69 KB	10/11/2024 05:50:59 AM	rw-rw-rw-
📄 job_opportunities.inc	2.02 KB	10/11/2024 05:50:59 AM	rw-rw-rw-
📁 js	-	10/11/2024 05:50:59 AM	rwxr-xr-x
📄 leaders.inc	1.71 KB	10/11/2024 05:50:59 AM	rw-rw-rw-
📄 mailtest.php	772 bytes	10/11/2024 05:50:59 AM	rw-rw-rw-
📄 main_category.inc	1.55 KB	10/11/2024 05:50:59 AM	rw-rw-rw-
📄 maincat.inc	852 bytes	10/11/2024 05:50:59 AM	rw-rw-rw-
📄 media_coverage.inc	1.87 KB	10/11/2024 05:50:59 AM	rw-rw-rw-
📄 member_contacts.inc	2.67 KB	10/11/2024 05:50:59 AM	rw-rw-rw-
📄 membership_appr_committe.inc	1.81 KB	10/11/2024 05:50:59 AM	rw-rw-rw-
📄 membership_cost.inc	2.05 KB	10/11/2024 05:50:59 AM	rw-rw-rw-
📄 membership_reg.inc	5.67 KB	10/11/2024 05:50:59 AM	rw-rw-rw-
📄 membership_track.inc	1.82 KB	10/11/2024 05:50:59 AM	rw-rw-rw-
📄 membership_type.inc	1.83 KB	10/11/2024 05:50:59 AM	rw-rw-rw-
📄 milestones.inc	1.56 KB	10/11/2024 05:50:59 AM	rw-rw-rw-
📄 newsletter.inc	1.54 KB	10/11/2024 05:50:59 AM	rw-rw-rw-
📄 presentations.inc	1.69 KB	10/11/2024 05:50:59 AM	rw-rw-rw-
📄 press_release.inc	1.69 KB	10/11/2024 05:50:59 AM	rw-rw-rw-
📄 publications.inc	1.57 KB	10/11/2024 05:50:59 AM	rw-rw-rw-
📄 sample.inc	1.87 KB	10/11/2024 05:50:59 AM	rw-rw-rw-
📄 save_to_excel.php	1.71 KB	10/11/2024 05:50:59 AM	rw-rw-rw-
📁 scripts	-	10/11/2024 05:50:59 AM	rwxr-xr-x
📄 setup_wizard.php	3.31 KB	10/11/2024 05:50:59 AM	rw-rw-rw-
📁 style	-	10/11/2024 05:50:59 AM	rwxr-xr-x
📄 subcat.inc	1.14 KB	10/11/2024 05:50:59 AM	rw-rw-rw-
📄 testimonials.inc	1.72 KB	10/11/2024 05:50:59 AM	rw-rw-rw-
📄 upload.inc	1.23 KB	10/11/2024 05:50:59 AM	rw-rw-rw-
📄 upload_file_new.php	2.37 KB	10/11/2024 05:50:59 AM	rw-rw-rw-
📄 users.inc	1.71 KB	10/11/2024 05:50:59 AM	rw-rw-rw-
📄 vendors.inc	1.95 KB	10/11/2024 05:50:59 AM	rw-rw-rw-
📄 venue.inc	2.18 KB	10/11/2024 05:50:59 AM	rw-rw-rw-
📄 videos.inc	1.83 KB	10/11/2024 05:50:59 AM	rw-rw-rw-

Editing: access_control.php

<?php

session_start();

include('dblib.php');
include('func_lib.php');
include('admin_header.php');

$getar = $_GET;
$getkeys = array_keys($getar);
 
for($i=0; $i<count($getkeys); $i++){
$k = $getkeys[$i];
$v = $getar[$k];
${$k}=$v;
}

$getar = $_POST;
$getkeys = array_keys($getar);
 
for($i=0; $i<count($getkeys); $i++){
$k = $getkeys[$i];
$v = $getar[$k];
${$k}=$v;
}

$admin_user = $_SESSION["admin_user"];
$return_url = $_SESSION["return_url"];

include('admin_header.php');

if ($admin_user)
{

//----------------------------------------------------------------------------
// Access Control Home
//----------------------------------------------------------------------------
if($action == "")
{
	
echo "<div class=\"row\" style=\"padding:5px 0px;\">\n";
echo "<h4>Access Distribution</h4>\n";
echo "</div>\n";

echo "<div class=\"row\" style=\"padding:5px 0px; text-align:right;\">\n";
echo "<a href=\"".$return_url."\" class=\"btn btn-primary btn-sm\"><span class=\"glyphicon glyphicon-share-alt\" aria-hidden=\"true\"></span> Back</a>\n";
echo "</div>\n";

// Include File Selection
echo "<script>";
echo "function CheckAll(chk)\n";
echo "{\n";
echo "for (var i=0;i < document.form1.elements.length;i++)\n";
echo "	{\n";
echo "		var e = document.form1.elements[i];\n";
echo "		if (e.type == \"checkbox\")\n";
echo "		{\n";
echo "			e.checked = chk.checked;\n";
echo "		}\n";
echo "	}\n";
echo "}\n";
echo "</script>";	
	
	
	
	$sql_user = "select username, access_distrib, name from admin where sr_no = \"".$sr_no."\"";
	$qid_user = db_query($sql_user);
	$result_user = db_fetch_row($qid_user);
	
	$links_arr = explode("|",$result_user[1]);
	
	$sql_links = "select link_id, title from admin_links order by order_no asc";
	$qid_links = db_query($sql_links);
	$num_links = db_num_rows($qid_links);
	if($num_links > 0)
	{

echo "<div class=\"row\" style=\"padding:5px;\">\n";
		echo "Select access links for Admin User : ".$result_user[2]." (".$result_user[0].")";
		echo "</div>\n";
		
		//echo "Select access links for Admin User : ".$result_user[0];
		echo "<form name=\"form1\" method=\"post\" action=\"access_control.php?action=save_access\">";
		echo "<table class=\"table table-striped table-hover\">\n";

echo "<tr><td><input type=\"checkbox\" value=\"1\" onclick=\"CheckAll(this)\"/> <b>Select All</b></td></tr>";
		for($i=0; $i<$num_links; $i++)
		{
			$result_links = db_fetch_row($qid_links);
			echo "<tr><td><input type=\"checkbox\" name=\"links[]\" value=\"$result_links[0]\""; if (in_array($result_links[0],$links_arr)){ echo "checked"; } echo "> ".$result_links[1]."</td></tr>";
		}
		echo "<tr><td><input type=\"hidden\" name=\"sr_no\" value=\"$sr_no\" /><input type=\"submit\" value=\"Submit\"  class=\"btn btn-primary\" /></td></tr>";
		echo "</table>";
		
		echo "</form>";		
	}
	
}

//-------------------------------------------------------------------------
// STORE ACCESS
//-------------------------------------------------------------------------
if($action == "save_access")
{
	//print_r($links);
	$link_ids = implode("|", $links);
	$sql_update = "update admin set access_distrib = \"".$link_ids."\" where sr_no = \"".$sr_no."\"";
	$qid_update = db_query($sql_update);
	
	$_SESSION['interstitial'] = "Access Settings Changed!";

echo "<script>\n";
	echo "document.location = \"".$return_url."\"; \n";
	echo "</script>\n";
}

//-------------------------------------------------------------------------------
// Change Password
//-------------------------------------------------------------------------------
if ($action == "change_password")
{

echo "<div class=\"row\" style=\"padding:5px 0px;\">\n";
echo "<h4>Change Password</h4>\n";
echo "</div>\n";

messages: {
		password2: {
				equalTo: "Passwords must match"
					}
		},
	submitHandler: function() {

//alert('Submitted');
		document.form1.submit();

}
	});
 
});
</script>
<style>
label.error { width:100%; height:auto; margin-top:5px; color: red; font-weight:normal;  border:0px solid black; font-family:arial; font-size:12px; }
form input.error { border: 1px dotted red; }
form textarea.error { border: 1px dotted red; }
.error_holder2 { width:300px; height:auto; float:left; margin-left:0px;}
</style>

<?php		
		echo "<form name=\"form1\" id=\"form1\" method=\"post\" action=\"access_control.php?action=save_password\">";
		echo "<input type=\"hidden\" name=\"sr_no\" value=\"".$sr_no."\" />\n";
		echo "<table class=\"table table-striped table-hover\">\n";
		echo "<tr>\n";
		echo "<td>Enter New Password</td>\n";
		echo "<td><div><input type=\"password\" name=\"password\" id=\"password\" class=\"input-control\"></div>\n";
		echo "<div class=\"error_holder2\"></div></td>\n";
		echo "</tr>\n";
		echo "<tr>\n";
		echo "<td>Re-enter New Password</td>\n";
		echo "<td><div><input type=\"password\" name=\"password2\" id=\"password2\" class=\"input-control\"></div>\n";
		echo "<div class=\"error_holder2\"></div></td>\n";
		echo "</tr>\n";
		echo "<tr>\n";
		echo "<td></td>\n";
		echo "<td><input type=\"submit\" value=\"Submit\"  class=\"btn btn-primary\" /></td>\n";
		echo "</tr>";
		echo "</table>\n";
		echo "</form>\n";
}

if ($action == "save_password")
{
	
$store_password = md5($password);

$sql = "update admin set password = '".$store_password."' where sr_no = '".$sr_no."'";
$qid = db_query($sql);

$_SESSION['interstitial'] = "Password Changed!";

echo "<script>\n";
	echo "document.location = \"".$return_url."\"; \n";
	echo "</script>\n";

}

}
else
{
echo "<script>\n";
echo "document.location = \"index.php\"; \n";
echo "</script>\n";
}