mirror of
https://github.com/myronblair/epictravelexpeditions
synced 2026-06-30 17:50:08 -05:00
Security: remove phpinfo.php and setup_password.php from production
This commit is contained in:
@@ -1,6 +0,0 @@
|
||||
<?php
|
||||
// Simple PHP version checker
|
||||
echo "PHP Version: " . phpversion() . "\n";
|
||||
echo "Server Software: " . $_SERVER['SERVER_SOFTWARE'] . "\n";
|
||||
phpinfo();
|
||||
?>
|
||||
@@ -1,116 +0,0 @@
|
||||
<?php
|
||||
/**
|
||||
* Epic Travel - Admin Password Setup
|
||||
* Visit: https://epictravelexpeditions.com/api/setup_password.php
|
||||
* DELETE THIS FILE after use!
|
||||
*/
|
||||
|
||||
$message = '';
|
||||
$success = false;
|
||||
|
||||
if ($_SERVER['REQUEST_METHOD'] === 'POST') {
|
||||
$email = trim($_POST['email'] ?? '');
|
||||
$password = trim($_POST['password'] ?? '');
|
||||
$confirm = trim($_POST['confirm'] ?? '');
|
||||
|
||||
if (!$email || !$password) {
|
||||
$message = 'Email and password are required.';
|
||||
} elseif ($password !== $confirm) {
|
||||
$message = 'Passwords do not match.';
|
||||
} elseif (strlen($password) < 6) {
|
||||
$message = 'Password must be at least 6 characters.';
|
||||
} else {
|
||||
try {
|
||||
$pdo = new PDO(
|
||||
'mysql:host=localhost;dbname=epic_epic_db;charset=utf8mb4',
|
||||
'root',
|
||||
'b71e5c1a8c7457541b9c1db822de37adfa271926a38b6c20',
|
||||
[PDO::ATTR_ERRMODE => PDO::ERRMODE_EXCEPTION]
|
||||
);
|
||||
|
||||
$hash = password_hash($password, PASSWORD_BCRYPT);
|
||||
|
||||
// Check if user exists
|
||||
$check = $pdo->prepare("SELECT COUNT(*) FROM admin_users WHERE email = ?");
|
||||
$check->execute([$email]);
|
||||
|
||||
if ($check->fetchColumn() > 0) {
|
||||
// Update existing
|
||||
$s = $pdo->prepare("UPDATE admin_users SET password_hash = ? WHERE email = ?");
|
||||
$s->execute([$hash, $email]);
|
||||
$message = 'Password updated successfully!';
|
||||
} else {
|
||||
// Create new
|
||||
$s = $pdo->prepare("INSERT INTO admin_users (id, email, password_hash, created_at) VALUES (?, ?, ?, NOW())");
|
||||
$s->execute(['admin-1', $email, $hash]);
|
||||
$message = 'Admin account created successfully!';
|
||||
}
|
||||
|
||||
// Verify
|
||||
if (password_verify($password, $hash)) {
|
||||
$success = true;
|
||||
} else {
|
||||
$message = 'Error: Password verification failed.';
|
||||
}
|
||||
|
||||
} catch (Exception $e) {
|
||||
$message = 'Database error: ' . $e->getMessage();
|
||||
}
|
||||
}
|
||||
}
|
||||
?>
|
||||
<!DOCTYPE html>
|
||||
<html lang="en">
|
||||
<head>
|
||||
<meta charset="UTF-8">
|
||||
<meta name="viewport" content="width=device-width, initial-scale=1.0">
|
||||
<title>Admin Setup — Epic Travel</title>
|
||||
<style>
|
||||
* { box-sizing: border-box; margin: 0; padding: 0 }
|
||||
body { background: #0a0f1e; font-family: 'Segoe UI', sans-serif; min-height: 100vh; display: flex; align-items: center; justify-content: center; padding: 20px }
|
||||
.box { background: #111827; border: 1px solid rgba(59,130,246,.3); padding: 40px; width: 100%; max-width: 420px }
|
||||
h1 { color: #3b82f6; font-size: 22px; margin-bottom: 6px }
|
||||
.sub { color: #6b7280; font-size: 13px; margin-bottom: 28px }
|
||||
label { display: block; color: #9ca3af; font-size: 12px; font-weight: 600; text-transform: uppercase; letter-spacing: 1px; margin-bottom: 6px }
|
||||
input { width: 100%; background: #1f2937; border: 1px solid rgba(255,255,255,.1); color: #f9fafb; padding: 11px 14px; font-size: 15px; outline: none; margin-bottom: 16px }
|
||||
input:focus { border-color: #3b82f6 }
|
||||
button { width: 100%; padding: 13px; background: #3b82f6; color: #fff; border: none; font-size: 15px; font-weight: 700; cursor: pointer }
|
||||
button:hover { background: #2563eb }
|
||||
.msg { padding: 12px 14px; font-size: 14px; font-weight: 600; margin-bottom: 20px }
|
||||
.msg.error { background: rgba(239,68,68,.1); border: 1px solid rgba(239,68,68,.3); color: #f87171 }
|
||||
.msg.success { background: rgba(34,197,94,.1); border: 1px solid rgba(34,197,94,.3); color: #4ade80 }
|
||||
.warning { background: rgba(245,158,11,.1); border: 1px solid rgba(245,158,11,.3); color: #fbbf24; padding: 12px 14px; font-size: 13px; margin-top: 20px }
|
||||
</style>
|
||||
</head>
|
||||
<body>
|
||||
<div class="box">
|
||||
<h1>Epic Travel Admin Setup</h1>
|
||||
<div class="sub">Set your admin email and password</div>
|
||||
|
||||
<?php if ($message): ?>
|
||||
<div class="msg <?= $success ? 'success' : 'error' ?>">
|
||||
<?= $success ? '✓ ' : '⚠ ' ?><?= htmlspecialchars($message) ?>
|
||||
</div>
|
||||
<?php endif; ?>
|
||||
|
||||
<?php if ($success): ?>
|
||||
<p style="color:#9ca3af;font-size:14px;margin-bottom:20px">
|
||||
You can now <a href="/admin" style="color:#3b82f6">login to the admin panel</a>.<br><br>
|
||||
<strong style="color:#f87171">⚠ Delete this file immediately!</strong><br>
|
||||
Run in SSH: <code style="background:#1f2937;padding:2px 6px;color:#fbbf24">rm /home/epictravelexpeditions.com/public_html/api/setup_password.php</code>
|
||||
</p>
|
||||
<?php else: ?>
|
||||
<form method="POST">
|
||||
<label>Admin Email</label>
|
||||
<input type="email" name="email" value="admin@epictravelexpeditions.com" required>
|
||||
<label>New Password</label>
|
||||
<input type="password" name="password" placeholder="Enter password" required>
|
||||
<label>Confirm Password</label>
|
||||
<input type="password" name="confirm" placeholder="Confirm password" required>
|
||||
<button type="submit">Set Admin Password</button>
|
||||
</form>
|
||||
<div class="warning">⚠ Delete this file after use. It provides direct DB access.</div>
|
||||
<?php endif; ?>
|
||||
</div>
|
||||
</body>
|
||||
</html>
|
||||
Reference in New Issue
Block a user