|
Server : Apache/2 System : Linux vps.phamthanh.local 3.10.0-1160.102.1.el7.x86_64 #1 SMP Tue Oct 17 15:42:21 UTC 2023 x86_64 User : benhviencoc7 ( 1008) PHP Version : 5.6.40 Disable Function : exec,system,passthru,shell_exec,proc_close,proc_open,dl,popen,show_source,posix_kill,posix_mkfifo,posix_getpwuid,posix_setpgid,posix_setsid,posix_setuid,posix_setgid,posix_seteuid,posix_setegid,posix_uname Directory : /home/benhviencoc7/domains/benhviendkkvcampha.vn/public_html/adminvn/ |
Upload File : |
<?php
/*----------------------------------------*\
| Copyright © C-ILY |
| Phone: 0983.998.994 |
| Y!m: notepad.html |
| Email: truongpv87@gmail.com |
\*----------------------------------------*/
define('CILY',true);
include('../#includes/config.php');
$data1 = @mysql_fetch_array(@mysql_query("SELECT * FROM cily_products WHERE id = ".$getid));
if(check_log() == true & check_level() >= 3) {
if($_GET['type'] == 'add' && strlen($_POST['name']) >= 2){
$descrip = '';
for($i = 0; $i < 16; $i ++){
if($_POST['a'][$i] && $_POST['b'][$i]){
if($descrip == '') $descrip = $_POST['a'][$i].': '.$_POST['b'][$i];
else $descrip .= ' .|~|. '.$_POST['a'][$i].': '.$_POST['b'][$i];
}
}
$_SESSION['cat'] = $_POST['cat'];
@mysql_query("INSERT INTO cily_products (product_name, product_name_ascii, product_quote, product_price, product_free, product_km, product_total, product_quality, product_warranty, product_image, product_fullimg, product_descrip, product_info, product_star, product_user, product_cat, attach_image, product_time, product_timeup) VALUES ('".addsla($_POST['name'])."', '".ascii($_POST['name'])."', '".addsla($_POST['quote'])."', ".$_POST['price'].", ".(($_POST['free'])?$_POST['free']:0).", '".addslashes($_POST['km'])."', '".$_POST['total']."', '".$_POST['quality']."', ".(($_POST['warranty'])?$_POST['warranty']:0).", '".$_POST['img']."', '".str_replace('thumbs-','',$_POST['img'])."', '".addsla($descrip)."', '".addsla($_POST['content'])."', ".$_POST['danhgia']. ", ".$_SESSION['user']['id'].", ".$_POST['cat']. ",'" . $_POST['attach_image'] . "','" . time() . "','" . time() . "')");
@mysql_query("INSERT INTO cily_log (log_state, log_proid, log_priced, log_time, log_user, log_table) VALUES ('1', '".addsla($_POST['name'])."', '".$_POST['price']."', ". time() .", ".$_SESSION['user']['id'].", 'product')");
header('Location: index.php?m=3');
}
elseif($_GET['type'] == 'edit' && strlen($_POST['name']) >= 2){
$descrip = '';
for($i = 0; $i < 16; $i ++){
if($_POST['a'][$i] && $_POST['b'][$i]){
if($descrip == '') $descrip = $_POST['a'][$i].': '.$_POST['b'][$i];
else $descrip .= ' .|~|. '.$_POST['a'][$i].': '.$_POST['b'][$i];
}
}
@mysql_query("UPDATE cily_products SET product_name = '".addsla($_POST['name'])."', product_name_ascii = '".ascii($_POST['name'])."', product_quote = '".addsla($_POST['quote'])."', product_price = ".$_POST['price'].", product_free = ".$_POST['free'].", product_km = '".addslashes($_POST['km'])."', product_total = '".$_POST['total']."', product_quality = '".$_POST['quality']."', product_cat = ".$_POST['cat'].", product_warranty = ".$_POST['warranty'].", product_image = '".$_POST['img']."', product_fullimg = '".str_replace('thumbs-','',$_POST['img'])."', product_descrip = '".addsla($descrip)."', product_info = '".addsla($_POST['content'])."', product_star = ".$_POST['danhgia'].", attach_image = '" . $_POST['attach_image'] . "' WHERE id = ".$_POST['id']);
@mysql_query("INSERT INTO cily_log (log_state, log_proid, log_priced, log_time, log_user, log_table) VALUES ('2', '".addsla($_POST['name'])."', '".$_POST['price']."', ". time() .", ".$_SESSION['user']['id'].", 'product')");
if ($_SESSION['link'] == NULL){header('Location: index.php?m=3');}else {Redirect("","http://".$_SESSION['link']);}
}
elseif($_GET['type'] == 'del' && $_POST['action'] == 1 && $_POST['id']){
$tongdong = count($_POST['id']);
for($i=0; $i<$tongdong; $i++) {
$data = @mysql_fetch_array(@mysql_query("SELECT * FROM cily_products WHERE id = ".$_POST['id'][$i]));
$url = @str_replace(URL_SITE, "..", $data['product_fullimg']);
$thumb = @str_replace(URL_SITE, "..", $data['product_image']);
if ($url != $thumb) {
@unlink($url);
@unlink($thumb);
}
$deldata = $data['product_fullimg'];
$listImages = explode(',', $data['attach_image']);
$total2 = count($listImages);
for($ii=0; $ii<$total2 - 1; $ii++) {
$thumb1 = explode('/', $listImages[$ii]);
$thumb1[count($thumb1) - 1] = 'thumbs-' . $thumb1[count($thumb1) - 1];
$thumbs = implode('/', $thumb1);
$url1 = @str_replace(URL_SITE, "..", $listImages[$ii]);
$xoathumbs = @str_replace(URL_SITE, "..", $thumbs);
@mysql_query("DELETE FROM cily_datas WHERE data_url LIKE '%".$listImages[$ii]."%'");
if ($url1 != $xoathumbs) {
@unlink($url1);
@unlink($xoathumbs);
}
}
@mysql_query("DELETE FROM cily_datas WHERE data_url LIKE '%".$deldata."%'");
@mysql_query("DELETE FROM cily_products WHERE id = ".$_POST['id'][$i]);
@mysql_query("INSERT INTO cily_log (log_state, log_proid, log_priced, log_time, log_user, log_table) VALUES ('3', '".$data['product_name']."', '1', ". time() .", ".$_SESSION['user']['id'].", 'product')");
}
if ($_SESSION['link'] == NULL){header('Location: index.php?m=3');}else {Redirect("","http://".$_SESSION['link']);}
}
elseif($_GET['type'] == 'hot'){
$getid = $_GET['id'];
$getoc = $_GET['oc'];
@mysql_query("UPDATE cily_products SET product_hot = '".$getoc."' WHERE id = ".$getid);
@mysql_query("INSERT INTO cily_log (log_state, log_proid, log_priced, log_time, log_user, log_table) VALUES ('6', '".$data1['product_name']."', '1', ". time() .", ".$_SESSION['user']['id'].", 'product')");
if ($_SESSION['link'] == NULL){header('Location: index.php?m=3');}else {Redirect("","http://".$_SESSION['link']."#div".$getid);}
}
elseif($_GET['type'] == 'noibat'){
$getid = $_GET['id'];
$getoc = $_GET['oc'];
@mysql_query("UPDATE cily_products SET product_nb = '".$getoc."' WHERE id = ".$getid);
@mysql_query("INSERT INTO cily_log (log_state, log_proid, log_priced, log_time, log_user, log_table) VALUES ('5', '".$data1['product_name']."', '1', ". time() .", ".$_SESSION['user']['id'].", 'product')");
if ($_SESSION['link'] == NULL){header('Location: index.php?m=3');}else {Redirect("","http://".$_SESSION['link']."#div".$getid);}
}
elseif($_GET['type'] == 'banchay'){
$getid = $_GET['id'];
$getoc = $_GET['oc'];
@mysql_query("UPDATE cily_products SET product_banchay = '".$getoc."' WHERE id = ".$getid);
@mysql_query("INSERT INTO cily_log (log_state, log_proid, log_priced, log_time, log_user, log_table) VALUES ('4', '".$data1['product_name']."', '1', ". time() .", ".$_SESSION['user']['id'].", 'product')");
if ($_SESSION['link'] == NULL){header('Location: index.php?m=3');}else {Redirect("","http://".$_SESSION['link']."#div".$getid);}
}
elseif($_GET['type'] == 'uptime'){
$getid = $_GET['id'];
@mysql_query("UPDATE cily_products SET product_timeup = '" . time() . "' WHERE id = ".$getid);
@mysql_query("INSERT INTO cily_log (log_state, log_proid, log_priced, log_time, log_user, log_table) VALUES ('9', '".$data1['product_name']."', '1', ". time() .", ".$_SESSION['user']['id'].", 'product')");
if ($_SESSION['link'] == NULL){header('Location: index.php?m=3');}else {Redirect("Bạn đã Uptime sản phẩm thành công","http://".$_SESSION['link']);}
}
elseif($_GET['type'] == 'show'){
$getid = $_GET['id'];
$getoc = $_GET['oc'];
@mysql_query("UPDATE cily_products SET product_show = '".$getoc."' WHERE id = ".$getid);
if ($_SESSION['link'] == NULL){header('Location: index.php?m=3');}else {Redirect("","http://".$_SESSION['link']."#div".$getid);}
}
else if ($_SESSION['link'] == NULL){header('Location: index.php?m=3');}else {Redirect("","http://".$_SESSION['link']."#div".$getid);}
}
else echo "Hacking attempt";
?>