shell bypass 403

GrazzMean-Shell Shell

: /home/allssztx/needapair.com/ [ drwxr-x--- ]
Uname: Linux business55.web-hosting.com 4.18.0-553.lve.el8.x86_64 #1 SMP Mon May 27 15:27:34 UTC 2024 x86_64
Software: LiteSpeed
PHP version: 8.1.31 [ PHP INFO ] PHP os: Linux
Server Ip: 162.213.251.212
Your Ip: 18.216.91.245
User: allssztx (535) | Group: allssztx (533)
Safe Mode: OFF
Disable Function:
NONE

name : index.js
// require('dotenv').config();
const express = require("express");
const path = require('path')
const app = express();
const bodyParser = require('body-parser');
const connectionWithDb = require('./db')
const cookieParser = require('cookie-parser')
const cookieAuth = require('./middleware/cookievalidator')
const validateResetToken = require('./middleware/validateResetToken')
// const fetchCertificateByUserId = require('./routes/certificate/fetchCertificateByUserId')
const cron = require('node-cron');
const fetchCertificateById = require('./routes/certificate/fetchCertificateById')
const Certificate = require("./schema/Certificate");
const ECard = require("./schema/E-Card");
const Sale = require("./schema/Sale");
const User = require("./schema/User");
const Content = require("./schema/Content");
const Package = require("./schema/Package");
const sendMail = require("./routes/email/sendMail");

// const sendMail = require("./routes/email/sendMail");
// const CheckForEmailVerification = require('./middleware/EmailVerificationCheck')

// connection with database
connectionWithDb()

app.use(cookieParser())


// set the view engine to ejs
app.set('view engine', 'ejs');
app.set('views', path.resolve('./public'))

// middle wares
app.use(express.json());
app.use(express.urlencoded({ extended: false }));
app.use(express.static(__dirname + '/public'));
app.use(bodyParser.json({ limit: '500mb' }));
app.use(bodyParser.urlencoded({ limit: "500mb", extended: true, parameterLimit: 5000000 }));
app.use(cookieAuth('authtoken'));

app.use((req, res, next) => {
    req.baseUrl = "/"
    // req.baseUrl = "https://htmldigitaltest.site/"
    // req.baseUrl = "http://localhost:8000/"
    next();
});
// app.use(CheckForEmailVerification());

const PORT = process.env.PORT || 8000;

// rendering client side code
app.get('/', async(req, res) => {
    var baseUrl = req.baseUrl
    var error = req.query.error;
    var message = req.query.message;
    var user = req.user
    const content = await Content.find({page:'home'})
    res.render('index', { error, baseUrl, message, user, content });
});

    
app.get('/contact-us', (req, res) => {
    var baseUrl = req.baseUrl
    var error = req.query.error;
    var message = req.query.message;
    var user = req.user
    res.render('contact-us', { error, baseUrl, message, user });
})
app.get('/packages', async(req, res) => {
    var baseUrl = req.baseUrl
    var error = req.query.error;
    var message = req.query.message;
    var user = req.user
    const url = "/packages"
    const packages = await Package.find()
    if (user) {
        if (user.verified) {
            res.render('packages', { error, baseUrl, message, user, packages });
        }
        else {
            error = "Verify your email to see packages..."
            res.render('email-verification', { error, baseUrl, message, user });
        }
    }
    else {
        res.redirect(`/login?error=You need to Log in to see Packages...&url=${url}`);
    }
})
app.get('/register', (req, res) => {
    var baseUrl = req.baseUrl
    var error = req.query.error;
    var message = req.query.message;
    var user = req.user
    res.render('register', { error, baseUrl, message, user });
})
app.get('/dashboard', (req, res) => {
    var baseUrl = req.baseUrl
    var error = req.query.error;
    var message = req.query.message;
    var user = req.user
    var url = req.query.url
    res.render('dashboard', { error, baseUrl, message, user, url });
})

app.get('/login', (req, res) => {
    var baseUrl = req.baseUrl
    var error = req.query.error;
    var message = req.query.message;
    var user = req.user
    var url = req.query.url
    res.render('login', { error, baseUrl, message, user, url });
})
app.get('/about-us', async(req, res) => {
    var baseUrl = req.baseUrl
    var error = req.query.error;
    var message = req.query.message;
    var user = req.user
    const url = "/about-us"
    const content = await Content.find({page:'about'})
    res.render('about-us', { error, baseUrl, message, user, content });
})
app.get('/privacy-policy', (req, res) => {
    var baseUrl = req.baseUrl
    var error = req.query.error;
    var message = req.query.message;
    var user = req.user
    res.render('privacy-policy', { error, baseUrl, message, user });
})
app.get('/terms-condition', (req, res) => {
    var baseUrl = req.baseUrl
    var error = req.query.error;
    var message = req.query.message;
    var user = req.user
    res.render('terms-condition', { error, baseUrl, message, user });
})
app.get('/return-policy', (req, res) => {
    var baseUrl = req.baseUrl
    var error = req.query.error;
    var message = req.query.message;
    var user = req.user
    res.render('return-policy', { error, baseUrl, message, user });
})
app.get('/reset-password', (req, res) => {
    var baseUrl = req.baseUrl
    var error = req.query.error;
    var message = req.query.message;
    var user = req.user
    res.render('reset-password', { error, baseUrl, message, user });
})
app.get('/error', (req, res) => {
    var baseUrl = req.baseUrl
    var error = req.query.error;
    var message = req.query.message;
    var statusCode = req.query.statusCode;
    var errorMessage = req.query.errorMessage;
    var user = req.user
    res.render('error', { error, baseUrl, message, user, statusCode, errorMessage });
})
app.get('/email-verification', (req, res) => {
    var baseUrl = req.baseUrl
    var error = req.query.error;
    var message = req.query.message;
    var url = req.query.url
    var user = req.user
    if (user) {
        if (!user.verified) {
            return res.render('email-verification', { error, baseUrl, message, user, url });
        }
    }
    res.redirect(`/login?error=You need to Log in first...&url=/email-verification`);
})
app.get('/cart', (req, res) => {
    var baseUrl = req.baseUrl
    var error = req.query.error;
    var message = req.query.message;
    var user = req.user
    var url = '/cart'
    if (user) {
        if (user.verified) {
            return res.render('cart', { error, baseUrl, message, user });
        } else {
            error = "Verify your email to see Dashboard..."
            // res.render('email-verification', { error, baseUrl, message, user });
            res.redirect(`/email-verification?error=${error}&url=${url}`);
        }
    }
    res.redirect(`/login?error=You need to Log in first...&url=${url}`);
})
app.get('/new-password', validateResetToken, (req, res) => {
    var baseUrl = req.baseUrl
    var error = req.query.error;
    var message = req.query.message;
    var user = req.user
    var email = req.email
    var token = req.query.token
    return res.render('new-password', { error, baseUrl, message, user, email, token });
})
app.get('/send-now', async (req, res) => {
    var baseUrl = req.baseUrl
    var error = req.query.error;
    var message = req.query.message;
    var user = req.user
    // const certificates = []
    url = "/send-now"
    if (user) {
        const certificatesReceived = await Certificate.find({ receiver: user.id })
        const certificates = await Certificate.find({
            $or: [
                { sender: user.id },
                { receiver: user.id },
            ]
        }).populate('sender').populate('receiver')
            .sort({ createdAt: -1 })
        // console.log(certificates)
        const cardReceived = await ECard.find({ receiver: user.id, sent: true })
        const cards = await ECard.find({
            $or: [
                { sender: user.id },
                {
                    receiver: user.id,
                    sent: true
                },
            ],
        }).populate('sender').populate('receiver').sort({ createdAt: -1 })
        // console.log(cards)
        if (user.verified) {
            // certificates = await fetchCertificateByUserId(user.id)
            return res.render('send-now', { error, baseUrl, message, user, certificates, certificatesReceived, cardReceived, cards });
        }
        else {
            error = "Verify your email to see Dashboard..."
            // res.render('email-verification', { error, baseUrl, message, user });
            res.redirect(`/email-verification?error=${error}&url=${url}`);
        }
    }
    else {
        error = "You need to Log in to see E-Cards..."
        res.redirect(`/login?error=${error}&url=${url}`);
    }
})
app.get('/e-card-design', async (req, res) => {
    var baseUrl = req.baseUrl
    var error = req.query.error;
    var message = req.query.message;
    var id = req.query.id;
    const user = req.user
    url = "/e-card-design"
    if (user) {
        const certificatesReceived = await Certificate.find({ receiver: user.id })
        const cardReceived = await ECard.find({ receiver: user.id, sent: true })
        let card;
        if (id) {
            card = await ECard.findById(id)
        }
        if (user.verified) {
            return res.render('e-card-design', { error, baseUrl, message, user, certificatesReceived, cardReceived, card });
        }
        else {
            error = "Verify your email to see packages..."
            // res.render('email-verification', { error, baseUrl, message, user });
            res.redirect(`/email-verification?error=${error}&url=${url}`);
        }
    }
    else {
        error = "You need to Log in to see Dashboard..."
        res.redirect(`/login?error=${error}&url=${url}`);
    }
})
app.get('/certificate/:id', async (req, res) => {
    try {
        var baseUrl = req.baseUrl
        var error = req.query.error;
        var message = req.query.message;
        const id = req.params.id;
        var user = req.user;
        const months = [
            'January',
            'February',
            'March',
            'April',
            'May',
            'June',
            'July',
            'August',
            'September',
            'October',
            'November',
            'December'
        ];
        if (user) {
            if (user.verified) {
                const certificate = await fetchCertificateById(id)
                console.log(certificate)
                if (certificate) {
                    return res.render('certificate', { error, baseUrl, message, user, certificate, months });
                }
                error = "Certificate you're looking for Not Found..."
                res.redirect(`/error?error=${error}`);
            }
            else {
                error = "Verify your email to see certificate..."
                res.render('email-verification', { error, baseUrl, message, user });
            }
        }
        else {
            error = "You need to Log in to see Certificate..."
            url = "/certificate/" + id
            res.redirect(`/login?error=${error}&url=${url}`);
        }
    }
    catch (err) {
        console.log(err.message)
        const error = err.message
        res.redirect(`/?error=${error}`);
    }
})
app.get('/e-card-preview/:id', async (req, res) => {
    try {
        var baseUrl = req.baseUrl
        var error = req.query.error;
        var message = req.query.message;
        const email = req.query.email;
        const id = req.params.id;
        const url = `/e-card-preview/${id}`
        var user = req.user;
        if (user) {
            if (user.verified) {
                const eCard = await ECard.findById(id).populate('receiver').exec()
                if (eCard) {
                    const cardJson = eCard.cardJson
                    return res.render('e-card-preview', { error, baseUrl, message, user, eCard, cardJson, email });
                }
                error = "Card you're looking for Not Found..."
                res.redirect(`/error?error=${error}`);
            }
            else {
                error = "Verify your email to see Card..."
                res.render('email-verification', { error, baseUrl, message, user });
            }
        }
        else {
            error = "You need to Log in to see card..."
            // url = "/e-card-preview/" + id
            res.redirect(`/login?error=${error}&url=${url}`);
        }
    }
    catch (err) {
        console.log(err.message)
        const error = "Card you're looking for Not Found..."
        res.redirect(`/error?error=${error}`);
    }
})
app.get('/received-certificate/:id', async (req, res) => {
    try {
        var baseUrl = req.baseUrl
        var error = req.query.error;
        var message = req.query.message;
        const id = req.params.id;
        var user = req.user;
        const url = `/received-certificate/${id}`
        const months = [
            'January',
            'February',
            'March',
            'April',
            'May',
            'June',
            'July',
            'August',
            'September',
            'October',
            'November',
            'December'
        ];
        if (user) {
            if (user.verified) {
                // const certificate = await fetchCertificateById(id)
                const certificate = await Certificate.findById(id).populate("receiver").exec()
                certificate.read = true
                await certificate.save()
                console.log(certificate)
                if (certificate) {
                    if(certificate.receiver.email == user.email){
                        return res.render('received-certificate', { error, baseUrl, message, user, certificate, months });
                    }
                    return res.redirect(`/error?error=403 Forbidden`);
                }
                error = "Certificate you're looking for Not Found..."
                res.redirect(`/error?error=${error}`);
            }
            else {
                error = "Verify your email to see certificate..."
                res.render('email-verification', { error, baseUrl, message, user, url });
            }
        }
        else {
            error = "You need to Log in to see Certificate..."
            res.redirect(`/login?error=${error}&url=${url}`);
        }
    }
    catch (err) {
        console.log(err.message)
        const error = "Certificate you're looking for Not Found..."
        res.redirect(`/error?error=${error}`);
    }
})

// cron.schedule('* * * * *', async () => {
//     const cardsToMails = await ECards.find({ deliveryDate: { $lte: new Date() }, scheduled: true }).populate('receiver'.exec());
//     for (const card of cardsToMails) {
//         const id = card._id
//         const email = card.receiver.email
//         const to = email
//         const subject = 'You Just Received Bill Hess Card'
//         const html = `<table role="presentation"
//             style="width: 100%; border-collapse: collapse; border: 0px; border-spacing: 0px; font-family: Arial, Helvetica, sans-serif; background-color: rgb(239, 239, 239);">
//                 <tbody>
//                     <tr>
//                         <td align="center" style="padding: 1rem 2rem; vertical-align: top; width: 100%;">
//                             <table role="presentation"
//                                 style="max-width: 600px; border-collapse: collapse; border: 0px; border-spacing: 0px; text-align: left;">
//                                 <tbody>
//                                     <tr>
//                                         <td style="padding: 40px 0px 0px;">
//                                             <div style="text-align: left;">
//                                                 <div style="padding-bottom: 20px;"><img src="https://htmldigitaltest.site/images/dashboard-logo.png" alt="Company" style="width: 100px;"></div>
//                                             </div>
//                                             <div style="padding: 20px; background-color: rgb(255, 255, 255);">
//                                                 <div style="color: rgb(0, 0, 0); text-align: left;">
//                                                     <h1 style="margin: 1rem 0">Card...</h1>
//                                                     <p style="padding-bottom: 16px">Follow this link to Get Your Card
//                                                     </p>
//                                                     <p style="padding-bottom: 16px">
//                                                     <a href="https://htmldigitaltest.site/e-card-preview/${id}"
//                                                     style="padding: 12px 24px; border-radius: 4px; color: #FFF; background: #2B52F5;display: inline-block;margin: 0.5rem 0;">Get Card</a></p>                                                
//                                                     <p style="padding-bottom: 16px">Thanks,<br> Bill Hess</p>
//                                                 </div>
//                                             </div>
//                                             <div style="padding-top: 20px; color: rgb(153, 153, 153); text-align: center;">
//                                                 <p style="padding-bottom: 16px">Bill Hess</p>
//                                             </div>
//                                         </td>
//                                     </tr>
//                                 </tbody>
//                             </table>
//                         </td>
//                     </tr>
//                 </tbody>
//             </table>`
//         sendMail(to, subject, html).then(async (success) => {
//             if (success) {
//                 card.sent = true;
//                 await card.save()
//                 console.log(`Card sent to ${to}`)
//             }
//             else {
//                 console.log('error mailing ecard')
//             }
//         })
//     }
// })
app.get('/admin/dashboard', async (req, res) => {
    try {
        const url = '/admin/dashboard'
        var baseUrl = req.baseUrl
        console.log("baseUrl", baseUrl)
        var error = req.query.error;
        var message = req.query.message;
        var user = req.user;
        var sales = await Sale.find().sort({ createdAt: -1 })
        var customers = await User.find().sort({ createdAt: -1 })
        const content = await Content.find()
        const packages = await Package.find()

        if (user) {

            if (user.role == 'admin') {
                return res.render('dashboard', { error, baseUrl, message, user, sales, customers, content, packages });
            }
        }
        res.redirect(`/login?error=Login with Admin Credentials to see admin Dashboard...&url=${url}`);


    }
    catch (error) {
        console.log(error)
    }

})
app.get('/admin/dashboard/content/:id', async (req, res) => {
    try {
        var baseUrl = req.baseUrl
        const id = req.params.id
        const url = '/admin/dashboard/content/' + id
        var error = req.query.error;
        var message = req.query.message
        var user = req.user;
        if (user) {
            if (user.role == 'admin') {
                const content = await Content.findById(id)
                return res.render('content', { error, baseUrl, message, user, content });
            }
        }
        res.redirect(`/login?error=Login with Admin Credentials to see admin Dashboard...&url=${url}`);
    }
    catch (error) {
        console.log(error)
    }

})

app.get('/admin/dashboard/package/:id', async (req, res) => {
    try {
        var baseUrl = req.baseUrl
        const id = req.params.id
        const url = '/admin/dashboard/package/' + id
        var error = req.query.error;
        var message = req.query.message
        var user = req.user;
        if (user) {
            if (user.role == 'admin') {
                const package = await Package.findById(id)
                return res.render('pack', { error, baseUrl, message, user, package });
            }
        }
        res.redirect(`/login?error=Login with Admin Credentials to see admin Dashboard...&url=${url}`);
    }
    catch (error) {
        console.log(error)
    }

})

// app.use('/api/dashboard', require('./routes/dashboard'))
app.use('/api/user', require('./routes/user'))
app.use('/api/admin', require('./routes/admin'))
app.use('/api/email', require('./routes/email/emailhandler'))
app.use('/api/certificate', require('./routes/certificate/certificatehandler'))
app.use('/api/e-card', require('./routes/e-card/e-cardHandler'))
app.use('/api/payment', require('./routes/paypal/createPayment'))
app.use('/api/sale/', require('./routes/sale/sale'))
app.use('/api/admin/cms', require('./routes/cms/editContent'))
app.use('/api/admin/package', require('./routes/package/editPackage'))

cron.schedule('0 0 * * *', async () => {
    const threeDaysAgo = new Date();
        threeDaysAgo.setDate(threeDaysAgo.getDate() - 3);


    try {
        const certificates = await Certificate.find({
            createdAt: { $lte: threeDaysAgo },
            reminderEmailSent: false,
            read: false
        });
        certificates.forEach(async (certificate) => {
            const html = `<table role="presentation"
            style="width: 100%; border-collapse: collapse; border: 0px; border-spacing: 0px; font-family: Arial, Helvetica, sans-serif; background-color: rgb(239, 239, 239);">
            <tbody>
                <tr>
                    <td align="center" style="padding: 1rem 2rem; vertical-align: top; width: 100%;">
                        <table role="presentation"
                            style="max-width: 600px; border-collapse: collapse; border: 0px; border-spacing: 0px; text-align: left;">
                            <tbody>
                                <tr>
                                    <td style="padding: 40px 0px 0px;">
                                        <div style="padding: 20px; background-color: rgb(255, 255, 255);">
                                            <div style="color: rgb(0, 0, 0); text-align: left;">
                                                <img src="https://needapair.com/images/dashboard-logo.png"
                                                    alt="Company" style="width: 60px;">
                                                <h1 style="margin: 1rem 0">Hello ${certificate.name}!</h1>
                                                <p style="padding-bottom: 16px">${certificate.senderName} has recognized your achievement and sent you a certificate. This is reminder email.</p>
                                                <p style="padding-bottom: 16px">Click <a href="http://localhost:8000//received-certificate/${certificate._id}">Retrieve Certificate</a> to view and print.</p>
                                                <p style="padding-bottom: 16px">Thank you,<br>- Ballmaster</p>
                                            </div>
                                        </div>
                                    </td>
                                </tr>
                            </tbody>
                        </table>
                    </td>
                </tr>
            </tbody>
        </table>`
            await sendMail(certificate.recipentemail, 're: Reminder Email for Certificate', html, "admin");
            certificate.reminderEmailSent = true;
            certificate.save()
            console.log(`Reminder emails sent to ${certificate.recipentemail} and certificates updated.`);
        });

    } catch (error) {
        console.error('Error:', error);
    }
});

app.listen(PORT, () => {
    console.log(`http://localhost:8000/`)
})
© 2025 GrazzMean-Shell