|
Server : Apache/2 System : Linux vps.phamthanh.local 3.10.0-1160.102.1.el7.x86_64 #1 SMP Tue Oct 17 15:42:21 UTC 2023 x86_64 User : benhviencoc7 ( 1008) PHP Version : 5.6.40 Disable Function : exec,system,passthru,shell_exec,proc_close,proc_open,dl,popen,show_source,posix_kill,posix_mkfifo,posix_getpwuid,posix_setpgid,posix_setsid,posix_setuid,posix_setgid,posix_seteuid,posix_setegid,posix_uname Directory : /home/benhviencoc7/public_html/adminvn/ |
Upload File : |
<?php
/*----------------------------------------*\
| Copyright © C-ILY |
| Phone: 0983.998.994 |
| Y!m: notepad.html |
| Email: truongpv87@gmail.com |
\*----------------------------------------*/
define('CILY',true);
include('../#includes/config.php');
if(check_log() == true && check_level() >= 4) {
if($_GET['type'] == 'add' && strlen($_POST['title']) >=2){
$_SESSION['albumpost'] = $_POST['cat'];
@mysql_query("INSERT INTO cily_album (album_name, album_image_ascii, album_image, album_fullimg, attach_image, album_cat, album_time, album_timeup, album_order, album_value1) VALUES ('".addsla($_POST['title'])."', '".ascii($_POST['title'])."', '".$_POST['img']."', '".str_replace('thumbs-','',$_POST['img'])."','" . $_POST['attach_image'] . "', '".$_POST['cat']."', ".time().", ".time().", '".$_POST['order']."', '".addsla($_POST['value1'])."')");
header('Location: index.php?m=17');
}
elseif($_GET['type'] == 'edit' && strlen($_POST['title']) >=2){
@mysql_query("UPDATE cily_album SET album_name = '".addsla($_POST['title'])."', album_image_ascii = '".ascii($_POST['title'])."', album_image = '".$_POST['img']."', album_fullimg = '".str_replace('thumbs-','',$_POST['img'])."', attach_image = '" . $_POST['attach_image'] . "', album_cat = '".$_POST['cat']."', album_order = '".$_POST['order']."', album_value1 = '".addsla($_POST['value1'])."' WHERE id = ".$_POST['id']);
Redirect("","http://".$_SESSION['link']);
}
elseif($_GET['type'] == 'del' && $_POST['action'] == 1 && $_POST['id']){
$tongdong = count($_POST['id']);
for($i=0; $i<$tongdong; $i++) {
$data = @mysql_fetch_array(@mysql_query("SELECT * FROM cily_album WHERE id = ".$_POST['id'][$i]));
$url = @str_replace(URL_SITE, "..", $data['album_fullimg']);
$thumb = @str_replace(URL_SITE, "..", $data['album_image']);
if ($url != $thumb) {
@unlink($url);
@unlink($thumb);
}
$deldata = $data['album_fullimg'];
$listImages = explode(',', $data['attach_image']);
$total2 = count($listImages);
for($ii=0; $ii<$total2 - 1; $ii++) {
$thumb1 = explode('/', $listImages[$ii]);
$thumb1[count($thumb1) - 1] = 'thumbs-' . $thumb1[count($thumb1) - 1];
$thumbs = implode('/', $thumb1);
$url1 = @str_replace(URL_SITE, "..", $listImages[$ii]);
$xoathumbs = @str_replace(URL_SITE, "..", $thumbs);
@mysql_query("DELETE FROM cily_datas WHERE data_url LIKE '%".$listImages[$ii]."%'");
if ($url1 != $xoathumbs) {
@unlink($url1);
@unlink($xoathumbs);
}
}
@mysql_query("DELETE FROM cily_datas WHERE data_url LIKE '%".$deldata."%'");
@mysql_query("DELETE FROM cily_album WHERE id = ".$_POST['id'][$i]);
@mysql_query("INSERT INTO cily_log (log_state, log_proid, log_priced, log_time, log_user, log_table) VALUES ('10', '".$data['album_name']."', '1', ". time() .", ".$_SESSION['user']['id'].", 'album')");
}
if ($_SESSION['link'] == NULL){header('Location: index.php?m=17');}else {Redirect("","http://".$_SESSION['link']);}
}
elseif($_GET['type'] == 'state'){
@mysql_query("UPDATE cily_album SET album_hot = '".$getoc."' WHERE id = ".$getid);
Redirect("","http://".$_SESSION['link']);
}
elseif($_GET['type'] == 'uptime'){
$getid = $_GET['id'];
@mysql_query("UPDATE cily_album SET album_timeup = '" . time() . "' WHERE id = ".$getid);
if ($_SESSION['link'] == NULL){header('Location: index.php?m=17');}else {Redirect("Bạn đã Uptime thành công","http://".$_SESSION['link']);}
}
elseif($_GET['type'] == 'show'){
@mysql_query("UPDATE cily_album SET album_show = '".$getoc."' WHERE id = ".$getid);
Redirect("","http://".$_SESSION['link']);
}
else Redirect("","http://".$_SESSION['link']);
}
else echo "Hacking attempt";
?>