OXIESEC PANEL

Name	Size	Modified	Perms
📁 ..	-	05/19/2025 10:07:16 AM	rwxr-xr-x
📄 check-email-verification.php	1.53 KB	05/19/2025 10:07:16 AM	rw-r--r--
📄 create.php	8.6 KB	05/19/2025 10:07:16 AM	rw-r--r--
📄 delete-logo.php	919 bytes	05/19/2025 10:07:16 AM	rw-r--r--
📄 delete.php	2.86 KB	05/19/2025 10:07:16 AM	rw-r--r--
📄 download-errors-csv.php	1.3 KB	05/19/2025 10:07:16 AM	rw-r--r--
📄 duplicate.php	2.28 KB	05/19/2025 10:07:16 AM	rw-r--r--
📄 edit.php	8.45 KB	05/19/2025 10:07:16 AM	rw-r--r--
📄 generate-password.php	1.57 KB	05/19/2025 10:07:16 AM	rw-r--r--
📄 main.php	1.66 KB	05/19/2025 10:07:16 AM	rw-r--r--
📄 progress.php	881 bytes	05/19/2025 10:07:16 AM	rw-r--r--
📄 verify-email.php	2.27 KB	05/19/2025 10:07:16 AM	rw-r--r--
📄 verify-login-email.php	808 bytes	05/19/2025 10:07:16 AM	rw-r--r--

Editing: generate-password.php

<?php include('../functions.php');?>
<?php include('../login/auth.php');?>
<?php 
	//------------------------------------------------------//
	//                      VARIABLES                       //
	//------------------------------------------------------//
	
	//Only allow script to continue if it's the main admin user generating a password for a brand
	if(get_app_info('is_sub_user')) exit;
	
	//Init
	$app = isset($_POST['app']) && is_numeric($_POST['app']) ? mysqli_real_escape_string($mysqli, (int)$_POST['app']) : exit;
	$company = mysqli_real_escape_string($mysqli, $_POST['brand_name']);
	$name = mysqli_real_escape_string($mysqli, $_POST['from_name']);
	$username = mysqli_real_escape_string($mysqli, $_POST['from_email']);
	$password = ran_string(12, 12, true, false, true);
	$pass_encrypted = hash('sha512', $password.'PectGtma');
	
	//------------------------------------------------------//
	//                      FUNCTIONS                       //
	//------------------------------------------------------//
	
	$q = 'SELECT id FROM login WHERE app = '.$app;
	$r = mysqli_query($mysqli, $q);
	if ($r && mysqli_num_rows($r) > 0)
	{
		//update password
	    $q = 'UPDATE login SET password = "'.$pass_encrypted.'" WHERE app = '.$app;
	    $r = mysqli_query($mysqli, $q);
	    if ($r) echo $password;
	}
	else
	{
		//insert new record
		$q = 'INSERT INTO login (name, company, username, password, tied_to, app) VALUES ("'.$name.'", "'.$company.'", "'.$username.'", "'.$pass_encrypted.'", '.get_app_info('userID').', '.$app.')';
		$r = mysqli_query($mysqli, $q);
		if ($r)  echo $password;
	}
?>