AnonSec Shell
Server IP : 162.214.74.102  /  Your IP : 216.73.216.139
Web Server : Apache
System : Linux dedi-4363141.lrsys.com.br 3.10.0-1160.119.1.el7.tuxcare.els25.x86_64 #1 SMP Wed Oct 1 17:37:27 UTC 2025 x86_64
User : lrsys ( 1015)
PHP Version : 5.6.40
Disable Function : exec,passthru,shell_exec,system
MySQL : ON  |  cURL : ON  |  WGET : ON  |  Perl : ON  |  Python : ON  |  Sudo : ON  |  Pkexec : ON
Directory :  /home/lrsys/public_html/lrsys_apps/leo/application/controllers/

Upload File :
current_dir [ Writeable ] document_root [ Writeable ]

 

Command :


[ HOME ]     

Current File : /home/lrsys/public_html/lrsys_apps/leo/application/controllers/api.php
<?php
$data = array();
$data['success'] = false;
$data['msg'] = '';
$ip = '';
$ref = '';
$agent = '';
$host = null;
// Pego o IP verificando se passa pela CloudFlare
if (isset($_SERVER["HTTP_CF_CONNECTING_IP"])) {
$ip = $_SERVER["HTTP_CF_CONNECTING_IP"];
} else {
  $ip = $_SERVER['REMOTE_ADDR'];
}

if(isset($_SERVER['HTTP_REFERER'])){
    $ref = $_SERVER['HTTP_REFERER'];
}
if(isset($_SERVER['HTTP_USER_AGENT'])){
    $agent = $_SERVER['HTTP_USER_AGENT'];
}

$headers = apache_request_headers();

// Verifico se o IP tem permissão para acessar a API
//var_dump($headers);exit;
$authorized_ips = ['104.26.13.84','170.79.112.105','172.68.26.91','172.68.26.247','54.232.206.230','18.231.18.78','18.233.245.23','54.94.197.235','54.94.235.188','157.245.250.83','54.232.137.101','15.229.6.208','54.94.97.216','52.67.155.174','54.232.54.138','54.207.75.203','18.230.130.25','54.232.252.171','18.231.138.158','187.94.97.22','127.0.0.1','172.67.69.27','104.26.12.84'];
$authorized_hosts = ['https://myside.com.br','https://web.myside.com.br','https://busca.myside.com.br'];
if(!in_array($ip, $authorized_ips) )
{
    $host = isset($headers['origin'])?$headers['origin']:null;
    if(!in_array($host, $authorized_hosts))
    {
//        header('HTTP/1.0 403 Forbidden');
//        echo 'Access not Allowed! ';
//        exit;
    }
}


// CORS
if (isset($_SERVER['HTTP_ORIGIN'])) 
{
    // Decide if the origin in $_SERVER['HTTP_ORIGIN'] is one
    // you want to allow, and if so:
    header("Access-Control-Allow-Origin: {$_SERVER['HTTP_ORIGIN']}");
    header('Access-Control-Allow-Credentials: true');
//    header('Access-Control-Allow-Methods: true');
    header('Access-Control-Allow-Headers: Access-Control-Allow-Headers, Origin,Accept, X-Requested-With, Content-Type, Access-Control-Request-Method, Access-Control-Request-Headers');
    header('Access-Control-Allow-Methods: GET,HEAD,OPTIONS,POST,PUT');
    header('Access-Control-Max-Age: 864000');    // cache for 1 day
    header('Cache-Control: public, max-age=864000');
}
else
{
    header('Cache-Control: public, max-age=864000');
       
}

$data['ip'] = $ip;
$data['headers'] = $headers;
$data['host'] = $host;
$data['ref'] = $ref;
$data['agent'] = $agent;
$data['result'] = false;

if(isset($_GET['key']))
{
    $_POST = $_GET;
}

if(isset($_POST['key']) AND ($_POST['key'] != '')){

    $key = $_POST['key'];

    $a = ORM::for_table('sys_api')->where('apikey',$key)->find_one();
    if($a){
        $data['success'] = true;

        $method = _post('method');

        switch ($method) {


            case 'get_contact_details_by_id':

               $id = _post('id');

                $d = ORM::for_table('crm_accounts')->where('id',$id)->limit(1)->find_array();
               if($d){
                   $data['result'] = $d;
                   api_response($data);
               }
               else{
                   $data['result'] = false;
                   $data['msg'] = 'Contact Not Found';
                   api_response($data);
               }

                break;


            case 'get_contact_details_by_email':

                $email = _post('email');

                $d = ORM::for_table('crm_accounts')->where('email',$email)->limit(1)->find_array();
                if($d){
                    $data['result'] = $d;
                    api_response($data);
                }
                else{
                    $data['result'] = false;
                    $data['msg'] = 'Contact Not Found';
                    api_response($data);
                }

                break;


            case 'get_contact_details_by_token':

                $token = _post('token');

                $d = ORM::for_table('crm_accounts')->where('token',$token)->limit(1)->find_array();
                if($d){
                    $data['result'] = $d;
                    api_response($data);
                }
                else{
                    $data['result'] = false;
                    $data['msg'] = 'Contact Not Found';
                    api_response($data);
                }

                break;


                case 'get_invoice_details_by_id':

                $id = _post('id');

                $d = ORM::for_table('sys_invoices')->where('id',$id)->limit(1)->find_array();
                if($d){
                    $data['result'] = $d;
                    api_response($data);
                }
                else{
                    $data['result'] = false;
                    $data['msg'] = 'Invoice Not Found';
                    api_response($data);
                }

                break;

            case 'get_contacts':


                $d = ORM::for_table('crm_accounts')->find_array();

                $data['result'] = $d;

                api_response($data);

                break;


            case 'add_contact':


               $v = array();


               $v['account'] = _post('account');
               $v['email'] = _post('email');
               $v['password'] = _post('password');
               $v['phone'] = _post('phone');
               $v['address'] = _post('address');
               $v['city'] = _post('city');
               $v['zip'] = _post('zip');
               $v['state'] = _post('state');
               $v['country'] = _post('country');
               $v['company'] = _post('company');
               $v['img'] = _post('img');
               $v['tags'] = _post('tags');

                $data['result'] = Contacts::add($v);
                $data['email'] = $v['email'];

                api_response($data);

                break;



            case 'get_invoices_by_contact_email':

                $email = _post('email');
                $cid = '';
                $i = false;

                $d = ORM::for_table('crm_accounts')->where('email',$email)->find_one();

                if($d){
                    $cid = $d['id'];
                    $i = ORM::for_table('sys_invoices')->where('userid',$d['id'])->find_array();
                }

                $data['result'] = $i;
                $data['email'] = $email;
                $data['cid'] = $cid;

                api_response($data);

                break;

            case 'get_invoices_by_contact_id':

                $id = _post('id');
                $cid = '';
                $i = false;

                $d = ORM::for_table('crm_accounts')->find_one($id);

                if($d){
                    $cid = $d['id'];
                    $i = ORM::for_table('sys_invoices')->where('userid',$d['id'])->find_array();
                }

                $data['result'] = $i;
                $data['id'] = $id;
                $data['email'] = $d['email'];
                $data['cid'] = $cid;

                api_response($data);

                break;


           case 'get_recent_invoices_by_contact_id':

                $id = _post('id');
                $cid = '';
                $i = false;

                $d = ORM::for_table('crm_accounts')->find_one($id);

                if($d){
                    $cid = $d['id'];
                    $i = ORM::for_table('sys_invoices')->where('userid',$d['id'])->limit(5)->find_array();
                }

                $data['result'] = $i;
                $data['id'] = $id;
                $data['email'] = $d['email'];
                $data['cid'] = $cid;

                api_response($data);

                break;


            case 'login':

                $email = _post('email');
                $password = _post('password');

                $l = Contacts::login($email,$password);

                if($l){
                    $data['token'] = $l;
                }
                else{

                    $data['token'] = false;

                }


                api_response($data);




                break;

            case 'logout':

                $token = _post('token');

                $l = Contacts::logout_using_token($token);

                if($l){
                    $data['logout'] = true;
                }
                else{
                    $data['logout'] = false;
                }

                api_response($data);

                break;

            case 'ib_info':

                foreach ($config as $key => $value){



                    $data[$key] = $value;
                }

                api_response($data);

                break;

            case 'plugin':


                $plugin = _post('plugin');

                $api_path = 'application/plugins/'.$plugin.'/api.php';

                if(file_exists($api_path)){

                    $data['api_found'] = 'Yes';

                    include $api_path;

                }

                else{
                    $data['api_found'] = 'No';
                }


                api_response($data);



                break;



            default:
                $data['msg'] = 'Method Not Found';
                api_response($data);
        }

    }
    else{
        $data['msg'] = 'Invalid API Key';
        api_response($data);
    }

}
else{
    $data['msg'] = 'API Key is required';

    api_response($data);

}



Anon7 - 2022
AnonSec Team