OXIESEC PANEL

Name	Size	Modified	Perms
📁 ..	-	06/17/2025 10:17:24 AM	rwxrwxr-x
📄 .htaccess	643 bytes	11/27/2024 05:19:36 AM	rw-r--r--
📄 _compatibility.php	3.83 KB	05/19/2025 10:07:15 AM	rw-r--r--
📄 _install.php	7.3 KB	05/19/2025 10:07:16 AM	rw-r--r--
📁 api	-	05/19/2025 10:07:15 AM	rwxr-xr-x
📄 app.php	33.77 KB	05/19/2025 10:07:16 AM	rw-r--r--
📄 autoresponders-create.php	23.29 KB	05/19/2025 10:07:16 AM	rw-r--r--
📄 autoresponders-edit.php	28.89 KB	05/19/2025 10:07:16 AM	rw-r--r--
📄 autoresponders-emails.php	26.81 KB	05/19/2025 10:07:15 AM	rw-r--r--
📄 autoresponders-list.php	15.85 KB	05/19/2025 10:07:16 AM	rw-r--r--
📄 autoresponders-report.php	40.18 KB	05/19/2025 10:07:16 AM	rw-r--r--
📄 autoresponders.php	77.28 KB	05/19/2025 10:07:15 AM	rw-r--r--
📄 blacklist-blocked-domains.php	13.39 KB	05/19/2025 10:07:15 AM	rw-r--r--
📄 blacklist-suppression.php	13.34 KB	05/19/2025 10:07:16 AM	rw-r--r--
📄 campaigns-rss.php	8.35 KB	05/19/2025 10:07:16 AM	rw-r--r--
📁 certs	-	11/27/2024 05:20:18 AM	rwxr-xr-x
📄 clear-queue.php	996 bytes	05/19/2025 10:07:16 AM	rw-r--r--
📄 confirm.php	9.34 KB	05/19/2025 10:07:15 AM	rw-r--r--
📄 create-template.php	3.99 KB	05/19/2025 10:07:15 AM	rw-r--r--
📄 create.php	15.92 KB	05/19/2025 10:07:16 AM	rw-r--r--
📁 css	-	11/27/2024 05:21:35 AM	rwxr-xr-x
📄 custom-fields.php	8.5 KB	05/19/2025 10:07:16 AM	rw-r--r--
📄 delete-from-list.php	5.29 KB	05/19/2025 10:07:15 AM	rw-r--r--
📄 detect-table-conflicts.php	2.47 KB	05/19/2025 10:07:15 AM	rw-r--r--
📄 edit-brand.php	57.32 KB	05/19/2025 10:07:15 AM	rw-r--r--
📄 edit-list.php	20.97 KB	05/19/2025 10:07:16 AM	rw-r--r--
📄 edit-template.php	4.65 KB	05/19/2025 10:07:16 AM	rw-r--r--
📄 edit.php	19.04 KB	05/19/2025 10:07:16 AM	rw-r--r--
📄 eula.txt	6.5 KB	11/27/2024 05:19:44 AM	rw-r--r--
📄 housekeeping-inactive.php	12.54 KB	05/19/2025 10:07:16 AM	rw-r--r--
📄 housekeeping-unconfirmed.php	14.01 KB	05/19/2025 10:07:15 AM	rw-r--r--
📁 img	-	11/27/2024 05:20:27 AM	rwxr-xr-x
📄 import-csv.php	18.68 KB	05/19/2025 10:07:16 AM	rw-r--r--
📁 includes	-	05/27/2025 10:27:13 AM	rwxr-xr-x
📄 index.php	18.77 KB	05/19/2025 10:07:16 AM	rw-r--r--
📁 js	-	11/27/2024 05:22:39 AM	rwxr-xr-x
📄 l.php	10.63 KB	05/19/2025 10:07:15 AM	rw-r--r--
📄 list.php	12.3 KB	05/19/2025 10:07:15 AM	rw-r--r--
📁 locale	-	11/27/2024 05:22:57 AM	rwxr-xr-x
📄 login.php	4.84 KB	05/19/2025 10:07:16 AM	rw-r--r--
📄 logout.php	133 bytes	05/19/2025 10:07:15 AM	rw-r--r--
📄 new-brand.php	46.35 KB	05/19/2025 10:07:15 AM	rw-r--r--
📄 new-list.php	1.98 KB	05/19/2025 10:07:15 AM	rw-r--r--
📄 payment.php	7.41 KB	05/19/2025 10:07:15 AM	rw-r--r--
📄 phpinfo.php	1.39 KB	05/19/2025 10:07:15 AM	rw-r--r--
📄 r.php	11 KB	05/19/2025 10:07:15 AM	rw-r--r--
📄 reconsent-success.php	3.91 KB	05/19/2025 10:07:16 AM	rw-r--r--
📄 remove-duplicates.php	2.94 KB	05/19/2025 10:07:16 AM	rw-r--r--
📄 report.php	48.79 KB	05/19/2025 10:07:16 AM	rw-r--r--
📄 reports.php	10.7 KB	05/19/2025 10:07:15 AM	rw-r--r--
📄 reset-cron.php	999 bytes	05/19/2025 10:07:16 AM	rw-r--r--
📄 rules.php	37.35 KB	05/19/2025 10:07:15 AM	rw-r--r--
📄 scheduled.php	39.51 KB	05/19/2025 10:07:15 AM	rw-r--r--
📄 search-all-brands.php	7.07 KB	05/19/2025 10:07:16 AM	rw-r--r--
📄 search-all-lists.php	10.68 KB	05/19/2025 10:07:16 AM	rw-r--r--
📄 search-campaigns.php	30.29 KB	05/19/2025 10:07:15 AM	rw-r--r--
📄 segment.php	45.8 KB	05/19/2025 10:07:16 AM	rw-r--r--
📄 segments-list.php	6.84 KB	05/19/2025 10:07:16 AM	rw-r--r--
📄 send-to.php	57.72 KB	05/19/2025 10:07:16 AM	rw-r--r--
📄 sending.php	8.9 KB	05/19/2025 10:07:16 AM	rw-r--r--
📄 settings.php	41.29 KB	05/19/2025 10:07:15 AM	rw-r--r--
📄 subscribe.php	29.26 KB	05/19/2025 10:07:15 AM	rw-r--r--
📄 subscribers.php	44.09 KB	05/19/2025 10:07:16 AM	rw-r--r--
📄 subscription.php	9.01 KB	05/19/2025 10:07:16 AM	rw-r--r--
📄 t.php	4.22 KB	05/19/2025 10:07:15 AM	rw-r--r--
📄 template-preview.php	4.55 KB	05/19/2025 10:07:16 AM	rw-r--r--
📄 templates.php	7.35 KB	05/19/2025 10:07:16 AM	rw-r--r--
📄 two-factor.php	4.33 KB	05/19/2025 10:07:16 AM	rw-r--r--
📄 unsubscribe-from-list.php	5.33 KB	05/19/2025 10:07:15 AM	rw-r--r--
📄 unsubscribe-success.php	3.9 KB	05/19/2025 10:07:16 AM	rw-r--r--
📄 unsubscribe.php	16.19 KB	05/19/2025 10:07:16 AM	rw-r--r--
📄 update-list.php	13.88 KB	05/19/2025 10:07:15 AM	rw-r--r--
📄 update-segments.php	3.09 KB	05/19/2025 10:07:16 AM	rw-r--r--
📁 uploads	-	05/27/2025 12:24:46 PM	rwxrwxrwx
📄 verification-status.php	3.63 KB	05/19/2025 10:07:16 AM	rw-r--r--
📄 w.php	17.76 KB	05/19/2025 10:07:15 AM	rw-r--r--
📄 webhooks-log.php	4.28 KB	05/19/2025 10:07:15 AM	rw-r--r--

Editing: confirm.php

<?php 
	ini_set('display_errors', 0);
	include('includes/config.php');
	include('includes/helpers/locale.php');
	include('includes/helpers/integrations/zapier/triggers/functions.php');
	include('includes/helpers/integrations/rules.php');
	include('includes/helpers/subscription.php');
	//--------------------------------------------------------------//
	function dbConnect() { //Connect to database
	//--------------------------------------------------------------//
	    // Access global variables
	    global $mysqli;
	    global $dbHost;
	    global $dbUser;
	    global $dbPass;
	    global $dbName;
	    global $dbPort;
	    
	    // Attempt to connect to database server
	    if(isset($dbPort)) $mysqli = new mysqli($dbHost, $dbUser, $dbPass, $dbName, $dbPort);
	    else $mysqli = new mysqli($dbHost, $dbUser, $dbPass, $dbName);
	
	    // If connection failed...
	    if ($mysqli->connect_error) {
	        fail("<!DOCTYPE html><html><head><meta http-equiv=\"Content-Type\" content=\"text/html;charset=utf-8\"/><link rel=\"Shortcut Icon\" type=\"image/ico\" href=\"/img/favicon.png\"><title>"._('Can\'t connect to database')."</title></head><style type=\"text/css\">body{background: #ffffff;font-family: Helvetica, Arial;}#wrapper{background: #f2f2f2;width: 300px;height: 110px;margin: -140px 0 0 -150px;position: absolute;top: 50%;left: 50%;-webkit-border-radius: 5px;-moz-border-radius: 5px;border-radius: 5px;}p{text-align: center;line-height: 18px;font-size: 12px;padding: 0 30px;}h2{font-weight: normal;text-align: center;font-size: 20px;}a{color: #000;}a:hover{text-decoration: none;}</style><body><div id=\"wrapper\"><p><h2>"._('Can\'t connect to database')."</h2></p><p>"._('There is a problem connecting to the database. Please try again later.')."</p></div></body></html>");
	    }
	    
	    global $charset; mysqli_set_charset($mysqli, isset($charset) ? $charset : "utf8");
	    
	    return $mysqli;
	}
	//--------------------------------------------------------------//
	function fail($errorMsg) { //Database connection fails
	//--------------------------------------------------------------//
	    echo $errorMsg;
	    exit;
	}
	// connect to database
	dbConnect();
?>
<?php 
	include('includes/helpers/short.php');
	include_once('includes/helpers/PHPMailerAutoload.php');
	
	//Decrypt string
	$email_id = decrypt_int($_GET['e']);
	$list_id = decrypt_int($_GET['l']);
	
	$time = time();
	$join_date = round($time/60)*60;
	
	//Set language
	$q = 'SELECT login.language FROM lists, login WHERE lists.id = '.$list_id.' AND login.app = lists.app';
	$r = mysqli_query($mysqli, $q);
	if ($r && mysqli_num_rows($r) > 0) while($row = mysqli_fetch_array($r)) $language = $row['language'];
	set_locale($language);
	
	$q = 'UPDATE subscribers SET confirmed = 1, timestamp = "'.$time.'", join_date = CASE WHEN join_date IS NULL THEN '.$join_date.' ELSE join_date END WHERE id = '.$email_id.' AND list = '.$list_id;
	$r = mysqli_query($mysqli, $q);
	if ($r)
	{
		//get thank you message etc
		$q2 = 'SELECT app, name, userID, thankyou, thankyou_subject, thankyou_message, confirm_url, custom_fields FROM lists WHERE id = '.$list_id;
		$r2 = mysqli_query($mysqli, $q2);
		if ($r2)
		{
		    while($row = mysqli_fetch_array($r2))
		    {
				$userID = $row['userID'];
				$app = $row['app'];
				$list_name = $row['name'];
				$thankyou = $row['thankyou'];
				$thankyou_subject = stripslashes($row['thankyou_subject']);
				$thankyou_message = stripslashes($row['thankyou_message']);
				$confirm_url = stripslashes($row['confirm_url']);
				$custom_fields = $row['custom_fields'];
		    }  
		}
		//get email address of subscribing user
		$q3 = 'SELECT name, email, custom_fields FROM subscribers WHERE id = '.$email_id;
		$r3 = mysqli_query($mysqli, $q3);
		if ($r3)
		{
		    while($row = mysqli_fetch_array($r3))
		    {
				$name = $row['name'];
				$email = $row['email'];
				$custom_values = $row['custom_fields'];
		    }  
		}
		//get smtp credentials and other data
		$q4 = 'SELECT from_name, from_email, reply_to, smtp_host, smtp_port, smtp_ssl, smtp_username, smtp_password, allocated_quota, custom_domain, custom_domain_protocol, custom_domain_enabled FROM apps WHERE id = '.$app;
		$r4 = mysqli_query($mysqli, $q4);
		if ($r4)
		{
		    while($row = mysqli_fetch_array($r4))
		    {
				$from_name = $row['from_name'];
				$from_email = $row['from_email'];
				$reply_to = $row['reply_to'];
				$smtp_host = $row['smtp_host'];
				$smtp_port = $row['smtp_port'];
				$smtp_ssl = $row['smtp_ssl'];
				$smtp_username = $row['smtp_username'];
				$smtp_password = $row['smtp_password'];
				$allocated_quota = $row['allocated_quota'];
				$custom_domain = $row['custom_domain'];
				$custom_domain_protocol = $row['custom_domain_protocol'];
				$custom_domain_enabled = $row['custom_domain_enabled'];
				if($custom_domain!='' && $custom_domain_enabled)
				{
					$parse = parse_url(APP_PATH);
					$domain = $parse['host'];
					$protocol = $parse['scheme'];
					$app_path = str_replace($domain, $custom_domain, APP_PATH);
					$app_path = str_replace($protocol, $custom_domain_protocol, $app_path);
				}
				else $app_path = APP_PATH;
		    }  
		}
		//get AWS creds
		$q = 'SELECT s3_key, s3_secret FROM login WHERE id = '.$userID;
		$r = mysqli_query($mysqli, $q);
		if ($r)
		{
		    while($row = mysqli_fetch_array($r))
		    {
				$s3_key = $row['s3_key'];
				$s3_secret = $row['s3_secret'];
		    }
		}
		
		//Zapier Trigger 'new_user_subscribed' event
		zapier_trigger_new_user_subscribed($name, $email, $list_id);
		
		//Run rules
		$rules_data = array(
		    'trigger' => 'subscribe',
		    'name' => $name,
		    'email' => $email,
		    'list_id' => encrypt_val($list_id),
		    'list_name' => $list_name,
		    'list_url' => $app_path.'/subscribers?i='.$app.'&l='.$list_id,
		    'gravatar' => get_gravatar($email, 88)
	    );
	    
	    //Populate custom fields (if available)
		if($custom_fields!='')
		{
			$custom_field_lines = '';
			$custom_fields_array = explode('%s%', $custom_fields);
			$custom_fields_values_array = explode('%s%', $custom_values);
			for($c=0;$c<count($custom_fields_array);$c++)
			{
				$fields_array = explode(':', $custom_fields_array[$c]);
				$values_array = $fields_array[1]=='Date' ? strftime("%b %d, %Y", (int)$custom_fields_values_array[$c]) : $custom_fields_values_array[$c];
				$rules_data[$fields_array[0]] = $values_array;
			}
		}
	    
	    //Run rules
		run_rule($rules_data);
		
		//Update segments
		update_segments($app_path, $list_id);
	}
	
	if($thankyou)
	{		
		//Convert personaliztion tags
		convert_tags($thankyou_subject, $email_id, 'thankyou', 'subject');
		convert_tags($thankyou_message, $email_id, 'thankyou', 'message');
		
		//Convert name tag
		$thankyou_message = str_replace('[Name]', $name, $thankyou_message);
		$thankyou_subject = str_replace('[Name]', $name, $thankyou_subject);
		
		//Convert email tag
		$thankyou_message = str_replace('[Email]', $email, $thankyou_message);
		$thankyou_subject = str_replace('[Email]', $email, $thankyou_subject);
		
		//Unsubscribe tag
		$thankyou_message = str_replace('<unsubscribe', '<a href="'.$app_path.'/unsubscribe/'.encrypt_val($email).'/'.encrypt_val($list_id).'" ', $thankyou_message);
    	$thankyou_message = str_replace('</unsubscribe>', '</a>', $thankyou_message);
		$thankyou_message = str_replace('[unsubscribe]', $app_path.'/unsubscribe/'.encrypt_val($email).'/'.encrypt_val($list_id), $thankyou_message);
		
		//Send thankyou email
		send_email($thankyou_subject, $thankyou_message, $email, $name);
		
		//Update quota if a monthly limit was set
		if($allocated_quota!=-1)
		{
			//if so, update quota
			$q4 = 'UPDATE apps SET current_quota = current_quota+1 WHERE id = '.$app;
			mysqli_query($mysqli, $q4);
		}
	}
	
	//if user sets a redirection URL
	if($confirm_url != ''):
		$confirm_url = str_replace('%n', urlencode($name), $confirm_url);
		$confirm_url = str_replace('%e', urlencode($email), $confirm_url);
		$confirm_url = str_replace('%l', encrypt_val($list_id), $confirm_url);
		header("Location: ".$confirm_url);
	else:
?>
<!DOCTYPE html>
<html>
	<head>
		<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
		<meta name="viewport" content="width=device-width, initial-scale=1">
		<meta name="robots" content="noindex, nofollow">
		<link rel="Shortcut Icon" type="image/ico" href="<?php echo $app_path;?>/img/favicon.png">
		<title><?php echo _('You\'re subscribed!');?></title>
	</head>
	<style type="text/css">
		body{
			background: #f7f9fc;
			font-family: Helvetica, Arial;
		}
		#wrapper 
		{
			background: #ffffff;
			-webkit-box-shadow: 0px 16px 46px -22px rgba(0,0,0,0.75);
			-moz-box-shadow: 0px 16px 46px -22px rgba(0,0,0,0.75);
			box-shadow: 0px 16px 46px -22px rgba(0,0,0,0.75);
			
			width: 300px;
			padding-bottom: 10px;
			
			margin: -170px 0 0 -150px;
			position: absolute;
			top: 50%;
			left: 50%;
			-webkit-border-radius: 5px;
			-moz-border-radius: 5px;
			border-radius: 5px;
		}
		p{
			text-align: center;
		}
		h2{
			font-weight: normal;
			text-align: center;
		}
		a{
			color: #000;
			text-decoration: none;
		}
		a:hover{
			text-decoration: underline;
		}
		#top-pattern{
			margin-top: -8px;
			height: 8px;
			background: url("<?php echo $app_path; ?>/img/top-pattern2.gif") repeat-x 0 0;
			background-size: auto 8px;
		}
	</style>
	<body>
		<div id="top-pattern"></div>
		<div id="wrapper">
			<h2><?php echo _('You\'re subscribed!');?></h2>
			<p><img src="img/tick.jpg" height="92" /></p>
		</div>
	</body>
</html>
<?php endif;?>