403Webshell
Server IP : 119.59.102.212  /  Your IP : 3.149.249.184
Web Server : Apache/2
System : Linux narin 2.6.32-042stab142.1 #1 SMP Tue Jan 28 23:44:17 MSK 2020 x86_64
User : yangkam ( 1022)
PHP Version : 5.6.40
Disable Function : exec,system,passthru,shell_exec,proc_close,proc_open,dl,popen,show_source,posix_kill,posix_mkfifo,posix_getpwuid,posix_setpgid,posix_setsid,posix_setuid,posix_setgid,posix_seteuid,posix_setegid,posix_uname
MySQL : ON  |  cURL : ON  |  WGET : OFF  |  Perl : OFF  |  Python : OFF  |  Sudo : OFF  |  Pkexec : OFF
Directory :  /home/yangkam/domains/yangkam.go.th/public_html/coremain/module/sponser/

Upload File :
current_dir [ Writeable ] document_root [ Writeable ]

 

Command :

[ Back ]     

Current File : /home/yangkam/domains/yangkam.go.th/public_html/coremain/module/sponser/sponser_edit_output.php
<?php
$navig['news']="แก้ไขข้อมูล";
navigator($navig);
echo"<br>";
bar_header("แก้ไขข้อมูล"); // Bar_Header
check_user_permission($_SESSION[admin_web]);
fieldset_top("ลิงค์");
import_request_variables('pG', 'p_');
$userfile1_name=trim($_FILES['userfile1']['name']);

$sql="SELECT * FROM cms_link_sponser WHERE id_sponser='$id_sponser'";
$re=mysql_query($sql);
$data=mysql_fetch_array($re);
$strings1=substr($data[pic_name],-4);
$strings1=strtolower($strings1); 

// เช็คไฟล์ว่าถูกต้องหรือไม่
if($p_id_sponser!="")						{	     	$id_sponser=trim($p_id_sponser);						}
if($p_pic_description!="")				{	     	$pic_description=trim($p_pic_description);			}
if($p_link_target!="")						{	     	$link_target=trim($p_link_target);							}

// Create_Filename
if($userfile1_name!="")	{	
		$name1=create_filename($userfile1_name);		
		$dlink="$_SESSION[web_name]/module_sponser/".$name1;
		delete_filename("cms_link_sponser","pic_name",$id_update,"$_SESSION[web_name]/module_sponser/","id_sponser");
		upload_file_to_server($dlink,$_FILES['userfile1']);		
		list($width, $height, $type, $attr) = getimagesize($_SESSION['web_name']."/module_sponser/$name1");
} 

//*******แก้ไขข้อมูลลงในฐาน*************************************************
$sql="select pic_name from cms_link_sponser where id_sponser='$id_sponser'";
$result=mysql_query($sql);
$data=mysql_fetch_row($result);
		if($userfile1_name=="")	{		
			$name1=$data[0];
			$sql="UPDATE `cms_link_sponser` SET `pic_description` = '$pic_description', `link` = '$link_target' WHERE id_sponser='$id_sponser'";
			$result = mysql_query($sql) or die(mysql_error());	
		}else{
			$sql="SELECT `pic_name` FROM `cms_link_sponser` WHERE id_sponser='$id_sponser'";
			$re=mysql_query($sql);
			$data=mysql_fetch_array($re);
			if($data[0]!=""){
				unlink("$_SESSION[web_name]/module_sponser/$data[0]");
				}
			if($strings1!=".swf"){
						$sql="UPDATE `cms_link_sponser` SET `pic_name`='$name1',`pic_description` = '$pic_description', `link` = '$link_target' WHERE id_sponser='$id_sponser'";
			}else{
						$sql="UPDATE `cms_link_sponser` SET `pic_name`='$name1',`pic_description` = '$width', `link` = '$height' WHERE id_sponser='$id_sponser'";
			}
			$result = mysql_query($sql) or die(mysql_error());			
		}


msg_update_data(); // ข้อความแก้ไขแล้ว
refresh_data('index.php',2);	// refresh หน้าจอ
fieldset_down();
?>

Youez - 2016 - github.com/yon3zu
LinuXploit