shell bypass 403
const express = require('express')
const app = express()
const bodyParser = require('body-parser')
const cookieParser = require('cookie-parser')
const nodemailer = require('nodemailer')
const requestIp = require('request-ip');
const pool = require('./db')
const { default: axios } = require('axios')
const authValidator = require('./middlewares/authValidator');
app.use(bodyParser.urlencoded({ extended: false }))
app.use(bodyParser.json())
app.use(cookieParser())
const Team = require('./Schema/team')
const Blogs = require('./Schema/blog')
const Projects = require('./Schema/projectdoc')
app.use(express.json());
app.use(requestIp.mw());
app.use(bodyParser.urlencoded({ extended: false }))
app.use(bodyParser.json())
app.set('view engine', 'ejs');
app.use('/sites/pioneer-reality', express.static(__dirname + '/views'));
const PORT = process.env.PORT || 1545
app.post('/sites/pioneer-reality/send', async (req, res) => {
try {
const formData = req.body
const ipAddress = req.clientIp
// return res.json({
// formData
// })
// response = await axios.get(`https://ipinfo.io/${ipAddress}/json`);
// clientInfo = response.data;
console.log('req',req)
console.log('formData',formData)
const transporter = await nodemailer.createTransport({
host: 'allsitelive.center',
port: 465,
secure: true,
auth: {
user: 'info@allsitelive.center',
pass: 'piCls5llK7Vv'
},
tls: {
// Do not fail on invalid certs (self-signed certs)
rejectUnauthorized: false
}
});
let tableRow = ''
Object.keys(formData).forEach(key => {
// console.log(`${key}: ${formData[key]}`);
tableRow += `<tr>
<td style="border: 1px solid black; padding: 15px; text-align: left; font-size:15px; font-weight: 500;">${key}</td>
<td style="border: 1px solid black; padding: 15px; text-align: left; font-size:15px;">${formData[key]}</td>
</tr>`
});
tableRow += `<tr>
<td style="border: 1px solid black; padding: 15px; text-align: left; font-size:15px; font-weight: 500;">IP Address</td>
<td style="border: 1px solid black; padding: 15px; text-align: left; font-size:15px;">${ipAddress}</td>
</tr>`
// tableRow += `<tr>
// <td style="border: 1px solid black; padding: 15px; text-align: left; font-size:15px; font-weight: 500;">Country</td>
// <td style="border: 1px solid black; padding: 15px; text-align: left; font-size:15px;">${clientInfo.country}</td>
// </tr>`
// tableRow += `<tr>
// <td style="border: 1px solid black; padding: 15px; text-align: left; font-size:15px; font-weight: 500;">Region</td>
// <td style="border: 1px solid black; padding: 15px; text-align: left; font-size:15px;">${clientInfo.region}</td>
// </tr>`
// tableRow += `<tr>
// <td style="border: 1px solid black; padding: 15px; text-align: left; font-size:15px; font-weight: 500;">City</td>
// <td style="border: 1px solid black; padding: 15px; text-align: left; font-size:15px;">${clientInfo.city}</td>
// </tr>`
// tableRow += `<tr>
// <td style="border: 1px solid black; padding: 15px; text-align: left; font-size:15px; font-weight: 500;">TimeZone</td>
// <td style="border: 1px solid black; padding: 15px; text-align: left; font-size:15px;">${clientInfo.timezone}</td>
// </tr>`
const html = `
<table style="width:100%; border: 1px solid black; border-collapse: collapse;">
${tableRow}
</table>
`
// Construct the email message
const mailOptions = {
from: 'info@allsitelive.center',
to: 'huzaifamalik.dev@gmail.com',
cc: 'huzaifamalik.dev@gmail.com',
subject: 'Sign Up Form - pioneer-realty',
html
};
var success = false
const sendEmail = await transporter.sendMail(mailOptions);
// await transporter.sendMail(mailOptions, (error, info) => {
// if (error) {
// } else {
// }
// });
// console.log('sendEmail',sendEmail)
return res.redirect('thank-you')
} catch (error) {
console.log(error)
res.send(error)
console.log(error.message)
}
})
function filterListings(data, filters) {
const { address, beds, baths, pricerange } = filters;
// Safely parse the price range
const [minPrice, maxPrice] = pricerange
? pricerange.split('-').map((price) => parseFloat(price))
: [0, Infinity]; // Default to broad range if pricerange is missing
// Filter the data
const filteredData = data.filter((item) => {
const property = item.property || {};
const matchesBeds = beds == null || Number(beds) <= property.beds;
const matchesBaths = baths == null || Number(baths) <= property.baths;
const matchesPrice =
(item.price_from >= minPrice && item.price_from <= maxPrice) ||
(item.price_to >= minPrice && item.price_to <= maxPrice);
const matchesAddress =
address == null || property.suburb?.toLowerCase().includes(address.toLowerCase());
// Return true if all conditions are met
return (matchesBeds && matchesBaths && matchesPrice && matchesAddress);
});
console.log("Filtered Data:", filteredData.length);
return filteredData;
}
app.get('/sites/pioneer-reality', async (req, res) => {
const teams = await Team.find()
const blogs = await Blogs.find()
const project = await Projects.find()
try {
const after = req.params.after
const response = await axios.get('https://pioneer-realty-australia.boxdice.com/website_api/sales_listings', {
headers: {
Authorization: 'Api-Key token=acea568316467778e1bf0d8a0b062075e71a32e5',
'Content-Type': 'application/json',
'HOST': 'pioneer-realty-australia.boxdice.com'
},
params: {
after
}
})
const responseTeam = await axios.get('https://pioneer-realty-australia.boxdice.com/website_api/consultants', {
headers: {
Authorization: 'Api-Key token=acea568316467778e1bf0d8a0b062075e71a32e5',
'Content-Type': 'application/json',
'HOST': 'pioneer-realty-australia.boxdice.com'
}
})
console.log('total items: ', response?.data?.data?.length)
res.render('index', { salesListing: response.data, team: responseTeam?.data?.data , teams , blogs , project})
} catch (error) {
console.log('error on homepage: ', error)
console.log('error on homepage: ', error.message)
res.json({
error: error.message
})
}
})
app.get('/sites/pioneer-reality/about-us', async (req, res) => {
try {
const response = await axios.get('https://pioneer-realty-australia.boxdice.com/website_api/consultants', {
headers: {
Authorization: 'Api-Key token=acea568316467778e1bf0d8a0b062075e71a32e5',
'Content-Type': 'application/json',
'HOST': 'pioneer-realty-australia.boxdice.com'
}
})
res.render('about-us', { team: response.data?.data })
} catch (error) {
res.json({ error: error.message })
}
})
app.get('/sites/pioneer-reality/buy', async (req, res) => {
try {
const after = req.params.after
const filters = req.query
const response = await axios.get('https://pioneer-realty-australia.boxdice.com/website_api/sales_listings', {
headers: {
Authorization: 'Api-Key token=acea568316467778e1bf0d8a0b062075e71a32e5',
'Content-Type': 'application/json',
'HOST': 'pioneer-realty-australia.boxdice.com'
},
params: {
after
}
})
if (Object.keys(filters).length === 0) {
res.render('buy', { salesListing: response.data })
} else {
const filteredList = filterListings(response.data?.data, filters)
console.log('filteredList', filteredList.length)
res.render('buy', { salesListing: {data: filteredList } })
}
} catch (error) {
console.log('error on homepage: ', error)
console.log('error on homepage: ', error.message)
res.json({
error: error.message
})
}
})
app.get('/sites/pioneer-reality/rental', async (req, res) => {
try {
const after = req.params.after
const filters = req.query
const response = await axios.get('https://pioneer-realty-australia.boxdice.com/website_api/rental_listings', {
headers: {
Authorization: 'Api-Key token=acea568316467778e1bf0d8a0b062075e71a32e5',
'Content-Type': 'application/json',
'HOST': 'pioneer-realty-australia.boxdice.com'
},
params: {
after
}
})
if (Object.keys(filters).length === 0) {
res.render('rental', { salesListing: response.data })
} else {
const filteredList = filterListings(response.data?.data, filters)
console.log('filteredList', filteredList.length)
res.render('rental', { salesListing: {data: filteredList } })
}
} catch (error) {
console.log('error on homepage: ', error)
console.log('error on homepage: ', error.message)
res.json({
error: error.message
})
}
})
app.get('/sites/pioneer-reality/career', async (req, res) => {
res.render('career')
})
app.get('/sites/pioneer-reality/lease', async (req, res) => {
try {
const after = req.params.after
const response = await axios.get('https://pioneer-realty-australia.boxdice.com/website_api/sales_listings', {
headers: {
Authorization: 'Api-Key token=acea568316467778e1bf0d8a0b062075e71a32e5',
'Content-Type': 'application/json',
'HOST': 'pioneer-realty-australia.boxdice.com'
},
params: {
after
}
})
const responseTeam = await axios.get('https://pioneer-realty-australia.boxdice.com/website_api/consultants', {
headers: {
Authorization: 'Api-Key token=acea568316467778e1bf0d8a0b062075e71a32e5',
'Content-Type': 'application/json',
'HOST': 'pioneer-realty-australia.boxdice.com'
}
})
console.log('total items: ', response?.data?.data?.length)
res.render('buy', { salesListing: response.data, team: responseTeam?.data?.data })
} catch (error) {
console.log('error on homepage: ', error)
console.log('error on homepage: ', error.message)
res.json({
error: error.message
})
}
})
app.get('/sites/pioneer-reality/terms-condition', async (req, res) => {
res.render('terms-condition')
})
app.get('/sites/pioneer-reality/blog/:url', async (req, res) => {
try {
const {url} = req.params
const blog = await Blogs.findOne({url})
res.render('blog', { blog })
} catch (error) {
res.json({ error: error.message })
}
})
app.get('/sites/pioneer-reality/project-ex/:url', async (req, res) => {
try {
const {url} = req.params
const project = await Projects.findOne({url})
res.render('project-ex', { project })
} catch (error) {
res.json({ error: error.message })
}
})
app.get('/sites/pioneer-reality/allblogs', async (req, res) => {
const blogs = await Blogs.find()
res.render('allblogs' , {blogs})
})
app.get('/sites/pioneer-reality/contact-us', async (req, res) => {
res.render('contact-us')
})
app.get('/sites/pioneer-reality/faqs', async (req, res) => {
res.render('faqs')
})
app.get('/sites/pioneer-reality/landing', async (req, res) => {
const teams = await Team.find()
res.render('landing', { teams })
})
app.get('/sites/pioneer-reality/our-mission', async (req, res) => {
res.render('our-mission')
})
app.get('/sites/pioneer-reality/projects', async (req, res) => {
const project = await Projects.find()
res.render('projects', { project })
})
app.get('/sites/pioneer-reality/properties', async (req, res) => {
res.render('properties')
})
app.get('/sites/pioneer-reality/reports', async (req, res) => {
res.render('reports')
})
app.get('/sites/pioneer-reality/thank-you', async (req, res) => {
res.render('thank-you')
})
app.get('/sites/pioneer-reality/services', async (req, res) => {
res.render('services')
})
app.get('/sites/pioneer-reality/generalenquiry', async (req, res) => {
res.render('generalenquiry')
})
app.get('/sites/pioneer-reality/sell', async (req, res) => {
try {
const after = req.params.after
const response = await axios.get('https://pioneer-realty-australia.boxdice.com/website_api/sales_listings', {
headers: {
Authorization: 'Api-Key token=acea568316467778e1bf0d8a0b062075e71a32e5',
'Content-Type': 'application/json',
'HOST': 'pioneer-realty-australia.boxdice.com'
},
params: {
after
}
})
const responseTeam = await axios.get('https://pioneer-realty-australia.boxdice.com/website_api/consultants', {
headers: {
Authorization: 'Api-Key token=acea568316467778e1bf0d8a0b062075e71a32e5',
'Content-Type': 'application/json',
'HOST': 'pioneer-realty-australia.boxdice.com'
}
})
console.log('total items: ', response?.data?.data?.length)
res.render('sell', { salesListing: response.data, team: responseTeam?.data?.data })
} catch (error) {
console.log('error on homepage: ', error)
console.log('error on homepage: ', error.message)
res.json({
error: error.message
})
}
})
app.get('/sites/pioneer-reality/request-appraisal', async (req, res) => {
res.render('request-appraisal')
})
app.get('/sites/pioneer-reality/team', async (req, res) => {
try {
const response = await axios.get('https://pioneer-realty-australia.boxdice.com/website_api/consultants', {
headers: {
Authorization: 'Api-Key token=acea568316467778e1bf0d8a0b062075e71a32e5',
'Content-Type': 'application/json',
'HOST': 'pioneer-realty-australia.boxdice.com'
}
})
res.render('team', { team: response.data?.data })
} catch (error) {
res.json({ error: error.message })
}
})
app.get('/sites/pioneer-reality/team/:url', async (req, res) => {
try {
const {url} = req.params
const team = await Team.findOne({url})
res.render('trusted-pilot', { team })
} catch (error) {
res.json({ error: error.message })
}
})
app.get('/sites/pioneer-reality/trusted-pilot', async (req, res) => {
const teams = await Team.find()
res.render('trusted-pilot', {teams} ,{ item })
})
app.get('/sites/pioneer-reality/request-appraisal/:id', async (req, res) => {
try {
const id = req.params.id
const response = await axios.get(`https://pioneer-realty-australia.boxdice.com/website_api/sales_listings`, {
headers: {
Authorization: 'Api-Key token=acea568316467778e1bf0d8a0b062075e71a32e5',
'Content-Type': 'application/json',
'HOST': 'pioneer-realty-australia.boxdice.com'
}
})
const propertyDetail = response?.data?.data?.find((item) => item.id == id)
const consultantsResponse = await axios.get(`https://pioneer-realty-australia.boxdice.com/website_api/consultants`, {
headers: {
Authorization: 'Api-Key token=acea568316467778e1bf0d8a0b062075e71a32e5',
'Content-Type': 'application/json',
'HOST': 'pioneer-realty-australia.boxdice.com'
}
})
// console.log('consultantsResponse', consultantsResponse.data)
const consultants = consultantsResponse?.data?.data?.filter(item => propertyDetail.consultant_ids.includes(item.id))
console.log('propertyDetail',propertyDetail)
res.render('request-appraisal', { propertyDetail, consultants })
} catch (error) {
console.log('error on homepage: ', error)
console.log('error on homepage: ', error.message)
res.json({
error: error.message
})
}
})
app.post('/sites/pioneer-reality/filter', async (req, res) => {
const { address, type, beds, baths, pricerange } = req.body
let query = '?'
if (address) {
query += `address=${address}&`
}
if (beds) {
query += `beds=${beds}&`
}
if (baths) {
query += `baths=${baths}&`
}
if (pricerange) {
query += `pricerange=${pricerange}&`
}
res.redirect(`/sites/pioneer-reality/buy${query}`)
})
app.use('/sites/pioneer-reality/admin', authValidator(), require('./admin'))
app.use('/sites/pioneer-reality/api', require('./apiHandler'))
app.listen(PORT, () => {
console.log(`App is live on: http://localhost:${PORT}/sites/pioneer-reality`)
})