KucukHacker0088 Shell
| Current Path : G:/PleskVhosts/mpcdp.in/cmamp.mpcdp.in/CP/ |
Windows NT SG2NWVPWEB022 10.0 build 17763 (Windows Server 2016) i586 |
| Current File : G:/PleskVhosts/mpcdp.in/cmamp.mpcdp.in/CP/CPMasterNews-Exec.php |
<?php
if (isset($_POST['BtnAdd']))
{
$mStart = $_GET['start'];
$mNewsID = $_GET['NewsID'];
header("location: CPMasterNews.php?start=$mStart&NewsID=$mNewsID&mMode=Add");
}
else if (isset($_POST['BtnModify']))
{
$mStart = $_GET['start'];
$mNewsID = $_GET['NewsID'];
header("location: CPMasterNews.php?start=$mStart&NewsID=$mNewsID&mMode=Modify");
}
else if (isset($_POST['BtnSave']))
{
require_once('CPConfig.php');
if (isset($_GET['mMode']))
{
$mMode = $_GET['mMode'];
}
else
{
$mMode = '';
}
$mStart = $_GET['start'];
$mNewsID = $_GET['NewsID'];
$link = mysql_connect($hostname, $username, $password) ;
$db= mysql_select_db($dbname);
$NewsName = addslashes(str_replace("'", "'", $_POST['TxtNewsName']));
$NewsDescription = addslashes(str_replace("'", "'", $_POST['TxtNewsDescription']));
$PublishedDay = addslashes(str_replace("'", "'", $_POST['CmbPublishedDay']));
$PublishedMonth = addslashes(str_replace("'", "'", $_POST['CmbPublishedMonth']));
$PublishedYear = addslashes(str_replace("'", "'", $_POST['CmbPublishedYear']));
$NewsRemarks = addslashes(str_replace("'", "'", $_POST['TxtNewsRemarks']));
if ($NewsName == '')
{
session_start();
$_SESSION['mNewsName'] = str_replace("'", "'", $_POST['TxtNewsName']);
$_SESSION['mNewsDescription'] = str_replace("'", "'", $_POST['TxtNewsDescription']);
$_SESSION['mPublishedDay'] = str_replace("'", "'", $_POST['CmbPublishedDay']);
$_SESSION['mPublishedMonth'] = str_replace("'", "'", $_POST['CmbPublishedMonth']);
$_SESSION['mPublishedYear'] = str_replace("'", "'", $_POST['CmbPublishedYear']);
$_SESSION['mNewsRemarks'] = str_replace("'", "'", $_POST['TxtNewsRemarks']);
header("location: CPMasterNews.php?start=$mStart&NewsID=$mNewsID&mMode=$mMode&mError=Invalid Name...");
exit;
}
if ($mMode == 'Add')
{
$ImagePath = 'News/';
$ImageName = basename($_FILES['ImagePath']['name']);
$ImageFile = $ImagePath . $ImageName;
move_uploaded_file($_FILES['ImagePath']['tmp_name'], $ImageFile);
//Thumbs
if ($ImageName != '')
{
$save = "News/Thumbs/" . $ImageName;
$file = $ImageFile;
list($width, $height) = getimagesize($file);
$modheight = $height * (200 / $width);
$modwidth = 200;
$tn= imagecreatetruecolor($modwidth, $modheight);
$ext=strtolower(pathinfo($ImageName, PATHINFO_EXTENSION));
if(!strcmp("jpg",$ext) || !strcmp("jpeg",$ext))
{
Header("Content-type: image/jpeg");
$source = imagecreatefromjpeg($file);
}
else if(!strcmp("png",$ext))
{
Header("Content-type: image/png");
$source = imagecreatefrompng($file);
}
else if(!strcmp("gif",$ext))
{
Header("Content-type: image/gif");
$source = imagecreatefromgif($file);
}
imagecopyresampled($tn, $source, 0, 0, 0, 0, $modwidth, $modheight, $width, $height);
imagejpeg($tn, $save, 100);
}
//Thumbs
$mPMonth = date("m", strtotime($PublishedDay . "-" . $PublishedMonth . "-" . $PublishedYear));
$PublishedDate = date("Y-m-d", mktime(0, 0, 0, $mPMonth, $PublishedDay, $PublishedYear));
$qry = "INSERT INTO masternews(NewsName, NewsDescription, PublishedDay, PublishedMonth, PublishedYear, PublishedDate, NewsRemarks, ImagePath, ImageName) VALUES('$NewsName', '$NewsDescription', '$PublishedDay', '$PublishedMonth', '$PublishedYear', '$PublishedDate', '$NewsRemarks', '$ImagePath', '$ImageName')";
}
else if ($mMode == 'Modify')
{
$ImagePath = 'News/';
$ImageName = basename($_FILES['ImagePath']['name']);
$ImageFile = $ImagePath . $ImageName;
move_uploaded_file($_FILES['ImagePath']['tmp_name'], $ImageFile);
//Thumbs
if ($ImageName != '')
{
$save = "News/Thumbs/" . $ImageName;
$file = $ImageFile;
list($width, $height) = getimagesize($file);
$modheight = $height * (200 / $width);
$modwidth = 200;
$tn= imagecreatetruecolor($modwidth, $modheight);
$ext=strtolower(pathinfo($ImageName, PATHINFO_EXTENSION));
if(!strcmp("jpg",$ext) || !strcmp("jpeg",$ext))
{
Header("Content-type: image/jpeg");
$source = imagecreatefromjpeg($file);
}
else if(!strcmp("png",$ext))
{
Header("Content-type: image/png");
$source = imagecreatefrompng($file);
}
else if(!strcmp("gif",$ext))
{
Header("Content-type: image/gif");
$source = imagecreatefromgif($file);
}
imagecopyresampled($tn, $source, 0, 0, 0, 0, $modwidth, $modheight, $width, $height);
imagejpeg($tn, $save, 100);
}
//Thumbs
$mPMonth = date("m", strtotime($PublishedDay . "-" . $PublishedMonth . "-" . $PublishedYear));
$PublishedDate = date("Y-m-d", mktime(0, 0, 0, $mPMonth, $PublishedDay, $PublishedYear));
$qry = "UPDATE masternews SET NewsName='$NewsName', NewsDescription='$NewsDescription', PublishedDay='$PublishedDay', PublishedMonth='$PublishedMonth', PublishedYear='$PublishedYear', PublishedDate='$PublishedDate', NewsRemarks='$NewsRemarks'";
if ($ImageName != '')
{
$qry = $qry . ", ImageName='$ImageName'";
}
$qry = $qry . " WHERE NewsID=$mNewsID";
}
$result = @mysql_query($qry);
if($result)
{
header("location: CPMasterNews.php?start=$mStart&NewsID=$mNewsID&mMode=Save");
}
else
{
die("Query failed");
}
}
else if (isset($_POST['BtnCancel']))
{
$mStart = $_GET['start'];
$mNewsID = $_GET['NewsID'];
header("location: CPMasterNews.php?start=$mStart&NewsID=$mNewsID&mMode=Cancel");
}
else if (isset($_POST['BtnDelete']))
{
require_once('CPConfig.php');
$mStart = $_GET['start'];
$mNewsID = $_GET['NewsID'];
$link = mysql_connect(DB_HOST, DB_USER, DB_PASSWORD);
$db = mysql_select_db(DB_DATABASE);
$qry = "DELETE FROM masternews WHERE NewsID = '$mNewsID'";
$result = @mysql_query($qry);
if($result)
{
header("location: CPMasterNews.php?start=$mStart&mMode=Delete");
}
}
?>Discord hacker0088#9402
FSecurity.org