|
Server : Apache/2 System : Linux vps.phamthanh.local 3.10.0-1160.102.1.el7.x86_64 #1 SMP Tue Oct 17 15:42:21 UTC 2023 x86_64 User : benhviencoc7 ( 1008) PHP Version : 5.6.40 Disable Function : exec,system,passthru,shell_exec,proc_close,proc_open,dl,popen,show_source,posix_kill,posix_mkfifo,posix_getpwuid,posix_setpgid,posix_setsid,posix_setuid,posix_setgid,posix_seteuid,posix_setegid,posix_uname Directory : /home/benhviencoc7/public_html/adminvn/ |
Upload File : |
<?php
/*----------------------------------------*\
| Copyright © C-ILY |
| Phone: 0983.998.994 |
| Y!m: notepad.html |
| Email: truongpv87@gmail.com |
\*----------------------------------------*/
define('CILY',true);
include('../#includes/config.php');
$datapost1 = @mysql_fetch_array(@mysql_query("SELECT * FROM cily_posts WHERE id = ".$getid));
if(check_log() == true & check_level() >= 2) {
$timestamp = strtotime(''.$_POST['datewrite'].'');
if($_GET['type'] == 'add' && strlen($_POST['title']) >= 2){
$_SESSION['catpost'] = $_POST['cat'];
@mysql_query("INSERT INTO cily_posts (post_name, post_name_ascii, post_quote, post_content, post_cat, post_image, post_file, post_star, post_time, post_timeup, post_user, post_writer, post_source, post_tags) VALUES ('".addsla($_POST['title'])."', '".ascii($_POST['title'])."', '".addsla($_POST['quote'])."', '".addsla($_POST['content'])."', ".$_POST['cat'].", '".$_POST['img']."', '".$_POST['file']."', ".$_POST['danhgia'].", ".$timestamp.", ".$timestamp.", ".$_SESSION['user']['id'].", '".addsla($_POST['tentacgia'])."', '".addsla($_POST['nguontin'])."', '".addsla($_POST['tags'])."')");
@mysql_query("INSERT INTO cily_log (log_state, log_proid, log_priced, log_time, log_user, log_table) VALUES ('1', '".addsla($_POST['title'])."', '1', ". time() .", ".$_SESSION['user']['id'].", 'post')");
header('Location: index.php?m=1');
}
elseif($_GET['type'] == 'edit'){
@mysql_query("UPDATE cily_posts SET post_name = '".addsla($_POST['title'])."', post_name_ascii = '".ascii($_POST['title'])."', post_quote = '".addsla($_POST['quote'])."', post_content = '".addsla($_POST['content'])."', post_cat = ".$_POST['cat'].", post_image = '".$_POST['img']."', post_time = '".$timestamp."', post_file = '".$_POST['file']."', post_star = ".$_POST['danhgia'].", post_writer = '".addsla($_POST['tentacgia'])."', post_source = '".addsla($_POST['nguontin'])."', post_tags = '".addsla($_POST['tags'])."' WHERE id = ".$_POST['id']);
@mysql_query("INSERT INTO cily_log (log_state, log_proid, log_priced, log_time, log_user, log_table) VALUES ('2', '".addsla($_POST['title'])."', '1', ". time() .", ".$_SESSION['user']['id'].", 'post')");
if ($_SESSION['link'] == NULL){header('Location: index.php?m=3');}else {Redirect("","http://".$_SESSION['link']);}
}
elseif($_GET['type'] == 'del' && $_POST['action'] == 1 && $_POST['id']){
$total = count($_POST['id']);
for($i=0; $i<$total; $i++) {
$datapost = @mysql_fetch_array(@mysql_query("SELECT * FROM cily_posts WHERE id = ".$_POST['id'][$i]));
$dtfullimg = @str_replace('thumbs-','',$datapost['post_image']);
$url = @str_replace(URL_SITE, "..", $dtfullimg);
$thumb = @str_replace(URL_SITE, "..", $datapost['post_image']);
$deldata = $dtfullimg;
if ($url != $thumb) {
@unlink($url);
@unlink($thumb);
}
@mysql_query("INSERT INTO cily_log (log_state, log_proid, log_priced, log_time, log_user, log_table) VALUES ('3', '".addsla($datapost['post_name'])."', '1', ". time() .", ".$_SESSION['user']['id'].", 'post')");
@mysql_query("DELETE FROM cily_datas WHERE data_url LIKE '%".$deldata."%'");
@mysql_query("DELETE FROM cily_posts WHERE id = ".$_POST['id'][$i]);
}
if ($_SESSION['link'] == NULL){header('Location: index.php?m=3');}else {Redirect("","http://".$_SESSION['link']);}
}
elseif($_GET['type'] == 'state'){
$getid = $_GET['id'];
$getoc = $_GET['oc'];
@mysql_query("UPDATE cily_posts SET post_hot = '".$getoc."' WHERE id = ".$getid);
@mysql_query("INSERT INTO cily_log (log_state, log_proid, log_priced, log_time, log_user, log_table) VALUES ('7', '".addsla($datapost1['post_name'])."', '1', ". time() .", ".$_SESSION['user']['id'].", 'post')");
if ($_SESSION['link'] == NULL){header('Location: index.php?m=3');}else {Redirect("","http://".$_SESSION['link']);}
}
elseif($_GET['type'] == 'sukien'){
$getid = $_GET['id'];
$getoc = $_GET['oc'];
@mysql_query("UPDATE cily_posts SET post_sukien = '".$getoc."' WHERE id = ".$getid);
@mysql_query("INSERT INTO cily_log (log_state, log_proid, log_priced, log_time, log_user, log_table) VALUES ('8', '".addsla($datapost1['post_name'])."', '1', ". time() .", ".$_SESSION['user']['id'].", 'post')");
if ($_SESSION['link'] == NULL){header('Location: index.php?m=3');}else {Redirect("","http://".$_SESSION['link']);}
}
elseif($_GET['type'] == 'noibat'){
$getid = $_GET['id'];
$getoc = $_GET['oc'];
@mysql_query("UPDATE cily_posts SET post_nb = '".$getoc."' WHERE id = ".$getid);
if ($_SESSION['link'] == NULL){header('Location: index.php?m=3');}else {Redirect("","http://".$_SESSION['link']);}
}
elseif($_GET['type'] == 'uptime'){
$getid = $_GET['id'];
@mysql_query("UPDATE cily_posts SET post_timeup = '" . time() . "' WHERE id = ".$getid);
@mysql_query("INSERT INTO cily_log (log_state, log_proid, log_priced, log_time, log_user, log_table) VALUES ('9', '".$data1['post_name']."', '1', ". time() .", ".$_SESSION['user']['id'].", 'post')");
if ($_SESSION['link'] == NULL){header('Location: index.php?m=1');}else {Redirect("Bạn đã Uptime bài viết thành công","http://".$_SESSION['link']);}
}
elseif($_GET['type'] == 'show'){
$getid = $_GET['id'];
$getoc = $_GET['oc'];
@mysql_query("UPDATE cily_posts SET post_show = '".$getoc."' WHERE id = ".$getid);
if ($_SESSION['link'] == NULL){header('Location: index.php?m=3');}else {Redirect("","http://".$_SESSION['link']);}
}
else if ($_SESSION['link'] == NULL){header('Location: index.php?m=3');}else {Redirect("","http://".$_SESSION['link']);}
}
else echo "Hacking attempt";
?>