MOON
Server: Apache/2.2.23 (Unix) mod_ssl/2.2.23 OpenSSL/0.9.8e-fips-rhel5 mod_auth_passthrough/2.1 mod_bwlimited/1.4 PHP/5.4.10
System: Linux vps.presagepowered.net 2.6.18-398.el5 #1 SMP Tue Sep 16 20:51:48 EDT 2014 i686
User: mckernan (512)
PHP: 5.4.10
Disabled: NONE
$ pwd: /home/mckernan/public_html/iJournal/includes/session/
Upload Files
File: /home/mckernan/public_html/iJournal/includes/session/start.php
<?php

// session start
	usleep(500000);

	// set database name
	$database = DB_PREFIX . 'system';
	
	
	// process request
	if (isset($_POST['key']))
	{
		$rv = '<root>' . PHP_EOL;
		$rv .= '<session>' . PHP_EOL;
	
		require "includes/db.php";

		$key = $db->real_escape_string($_POST['key']);
		
		// get installation status
		$query = "SELECT in_id as id, in_status AS status FROM installations WHERE in_key = '" . $key . "'";
		
				
		if ($result = $db->query($query)) 
		{
			$row = $result->fetch_assoc();
			
			$rv .= '<status>' . $row['status'] . '</status>' . PHP_EOL;
			$rv .= '<id>' . $row['id'] . '</id>' . PHP_EOL;
			
			
			// generate sid
			$tmp = uniqid('#ijournalsession#', true);
			$sid = sha1($row['id'] . $tmp);
					
			
			// start session
			$query = "INSERT INTO sessions (ses_id, ses_ws, ses_ip, ses_start) VALUES ('" . $sid . "', '" . $row['id'] . "', '" . $_SERVER['REMOTE_ADDR'] . "', NOW())";
			
			if ($result2 = $db->query($query))
			{
				$rv .= '<sid>' . $sid . '</sid>' . PHP_EOL;
			}
		}
		
		
		$rv .= '</session>' . PHP_EOL;
		$rv .= '</root>' . PHP_EOL;
				
		
		// return data
		echo $rv;
		
		die;
	}
	else
	{
		header('Server: ');
		header('X-Powered-By: ');
		header("HTTP/1.0 404 Not Found");
	}

?>
@ Telegram