!C99Shell v. 2.5 [PHP 8 Update] [24.05.2025]!

Software: Apache/2.4.41 (Ubuntu). PHP/8.0.30 

uname -a: Linux apirnd 5.4.0-204-generic #224-Ubuntu SMP Thu Dec 5 13:38:28 UTC 2024 x86_64 

uid=33(www-data) gid=33(www-data) groups=33(www-data) 

Safe-mode: OFF (not secure)

/usr/local/lib/node_modules/homebridge-camera-ui/server/middlewares/   drwxr-xr-x
Free 13.11 GB of 57.97 GB (22.62%)
Home    Back    Forward    UPDIR    Refresh    Search    Buffer    Encoder    Tools    Proc.    FTP brute    Sec.    SQL    PHP-code    Update    Self remove    Logout    


Viewing file:     user.validation.middleware.js (2.26 KB)      -rw-r--r--
Select action/file-type:
(+) | (+) | (+) | Code (+) | Session (+) | (+) | SDB (+) | (+) | (+) | (+) | (+) | (+) |
/* eslint-disable unicorn/prevent-abbreviations */
'use-strict';

const crypto = require('crypto');

const UserModel = require('../components/users/users.model');

const config = require('../../services/config/config.service.js');

const validPermissions = config.ui.permissionLevels;

exports.hasAuthValidFields = (req, res, next) => {
  let errors = [];

  if (req.body) {
    if (!req.body.username) {
      errors.push('Missing username field');
    }

    if (!req.body.password) {
      errors.push('Missing password field');
    }

    return errors.length > 0
      ? res.status(422).send({
          statusCode: 422,
          message: errors.join(','),
        })
      : next();
  } else {
    return res.status(400).send({
      statusCode: 400,
      message: 'Bad request',
    });
  }
};

exports.hasValidFields = (req, res, next) => {
  let errors = [];

  if (req.body) {
    if (!req.body.username) {
      errors.push('Missing username field');
    }

    if (!req.body.password) {
      errors.push('Missing password field');
    }

    if (req.body.permissionLevel && !req.body.permissionLevel.some((level) => validPermissions.includes(level))) {
      errors.push('Permission level is not valid');
    }

    return errors.length > 0
      ? res.status(422).send({
          statusCode: 422,
          message: errors.join(','),
        })
      : next();
  } else {
    return res.status(400).send({
      statusCode: 400,
      message: 'Bad request',
    });
  }
};

exports.isPasswordAndUserMatch = async (req, res, next) => {
  const user = await UserModel.findByName(req.body.username);

  if (!user) {
    res.status(403).send({
      statusCode: 403,
      message: 'Forbidden',
    });
  } else {
    let passwordFields = user.password.split('$');
    let salt = passwordFields[0];
    let hash = crypto.createHmac('sha512', salt).update(req.body.password).digest('base64');

    if (hash === passwordFields[1]) {
      req.body = {
        id: user.id,
        username: user.username,
        sessionTimer: user.sessionTimer,
        permissionLevel: user.permissionLevel,
        photo: user.photo,
      };

      return next();
    } else {
      return res.status(401).send({
        statusCode: 401,
        message: 'Invalid username or password',
      });
    }
  }
};

:: Command execute ::

Enter:
 
Select:
 

:: Search ::
  - regexp 
:: Upload ::
 
[ Read-Only ]

:: Make Dir ::
 
[ Read-Only ]
:: Make File ::
 
[ Read-Only ]

:: Go Dir ::
 
:: Go File ::
 

--[ c99shell v. 2.5 [PHP 8 Update] [24.05.2025] | Generation time: 0.0186 ]--