KucukHacker0088 Shell
| Current Path : G:/PleskVhosts/mpcdp.in/cmamp.mpcdp.in/CP/ |
Windows NT SG2NWVPWEB022 10.0 build 17763 (Windows Server 2016) i586 |
| Current File : G:/PleskVhosts/mpcdp.in/cmamp.mpcdp.in/CP/CPMasterPhotoGallery-Exec.php |
<?php
if (isset($_POST['BtnAdd']))
{
$mStart = $_GET['start'];
$mPGID = $_GET['PGID'];
header("location: CPMasterPhotoGallery.php?start=$mStart&PGID=$mPGID&mMode=Add");
}
else if (isset($_POST['BtnModify']))
{
$mStart = $_GET['start'];
$mPGID = $_GET['PGID'];
header("location: CPMasterPhotoGallery.php?start=$mStart&PGID=$mPGID&mMode=Modify");
}
else if (isset($_POST['BtnSave']))
{
require_once('CPConfig.php');
if (isset($_GET['mMode']))
{
$mMode = $_GET['mMode'];
}
else
{
$mMode = '';
}
$mStart = $_GET['start'];
$mPGID = $_GET['PGID'];
$link = mysql_connect($hostname, $username, $password) ;
$db= mysql_select_db($dbname);
$PGName = addslashes(str_replace("'", "'", $_POST['TxtPGName']));
$PGDescription = addslashes(str_replace("'", "'", $_POST['TxtPGDescription']));
$PGRemarks = addslashes(str_replace("'", "'", $_POST['TxtPGRemarks']));
if ($PGName == '')
{
session_start();
$_SESSION['mPGName'] = str_replace("'", "'", $_POST['TxtPGName']);
$_SESSION['mPGDescription'] = str_replace("'", "'", $_POST['TxtPGDescription']);
$_SESSION['mPGRemarks'] = str_replace("'", "'", $_POST['TxtPGRemarks']);
header("location: CPMasterPhotoGallery.php?start=$mStart&PGID=$mPGID&mMode=$mMode&mError=Invalid Album Name...");
exit;
}
if ($mMode == 'Add')
{
$PGImagePath = '../CP/PGImage/';
$PGImageName = basename($_FILES['PGImagePath']['name']);
$PGImageFile = $PGImagePath . $PGImageName;
if (move_uploaded_file($_FILES['PGImagePath']['tmp_name'], $PGImageFile))
{
}
else
{
echo $PGImagePath . $PGImageName . "Unable to Upload";
}
$PGDir = 'PGImage/' . uniqid('PG_') . '_' . date("d-M-Y") ;
mkdir($PGDir);
mkdir($PGDir . "/Thumbs");
//Thumbs
if ($PGImageName != '')
{
$save = "PGImage/Thumbs/" . $PGImageName;
$file = $PGImageFile;
list($width, $height) = getimagesize($file);
$modheight = $height * (200 / $width);
$modwidth = 200;
$tn= imagecreatetruecolor($modwidth, $modheight);
$ext=strtolower(getExtension($PGImageName));
if(!strcmp("jpg",$ext) || !strcmp("jpeg",$ext))
{
Header("Content-type: image/jpeg");
$source = imagecreatefromjpeg($file);
}
else if(!strcmp("png",$ext))
{
Header("Content-type: image/png");
$source = imagecreatefrompng($file);
}
else if(!strcmp("gif",$ext))
{
Header("Content-type: image/gif");
$source = imagecreatefromgif($file);
}
imagecopyresampled($tn, $source, 0, 0, 0, 0, $modwidth, $modheight, $width, $height);
imagejpeg($tn, $save, 100);
}
//Thumbs
$qry = "INSERT INTO masterphotogallery(PGName, PGDescription, PGRemarks, PGImagePath, PGImageName, PGDir) VALUES('$PGName', '$PGDescription', '$PGRemarks', '$PGImagePath', '$PGImageName', '$PGDir')";
}
else if ($mMode == 'Modify')
{
$PGImagePath = 'PGImage/';
$PGImageName = basename($_FILES['PGImagePath']['name']);
$PGImageFile = $PGImagePath . $PGImageName;
if ($PGImageName == '')
{
$qry = "UPDATE masterphotogallery SET PGName='$PGName', PGDescription='$PGDescription', PGRemarks='$PGRemarks' WHERE PGID='$mPGID'";
}
else
{
move_uploaded_file($_FILES['PGImagePath']['tmp_name'], $PGImageFile);
//Thumbs
$save = "PGImage/Thumbs/" . $PGImageName;
$file = $PGImageFile;
list($width, $height) = getimagesize($file);
$modheight = $height * (200 / $width);
$modwidth = 200;
$tn= imagecreatetruecolor($modwidth, $modheight);
$ext=strtolower(getExtension($PGImageName));
if(!strcmp("jpg",$ext) || !strcmp("jpeg",$ext))
{
Header("Content-type: image/jpeg");
$source = imagecreatefromjpeg($file);
}
else if(!strcmp("png",$ext))
{
Header("Content-type: image/png");
$source = imagecreatefrompng($file);
}
else if(!strcmp("gif",$ext))
{
Header("Content-type: image/gif");
$source = imagecreatefromgif($file);
}
imagecopyresampled($tn, $source, 0, 0, 0, 0, $modwidth, $modheight, $width, $height);
imagejpeg($tn, $save, 100);
//Thumbs
$qry = "UPDATE masterphotogallery SET PGName='$PGName', PGDescription='$PGDescription', PGRemarks='$PGRemarks', PGImagePath='$PGImagePath', PGImageName='$PGImageName' WHERE PGID='$mPGID'";
}
}
$result = @mysql_query($qry);
if($result)
{
header("location: CPMasterPhotoGallery.php?start=$mStart&PGID=$mPGID&mMode=Save");
}
else
{
die("Query failed");
}
}
else if (isset($_POST['BtnCancel']))
{
$mStart = $_GET['start'];
$mPGID = $_GET['PGID'];
header("location: CPMasterPhotoGallery.php?start=$mStart&PGID=$mPGID&mMode=Cancel");
}
else if (isset($_POST['BtnDelete']))
{
require_once('CPConfig.php');
$mStart = $_GET['start'];
$mPGID = $_GET['PGID'];
$link = mysql_connect(DB_HOST, DB_USER, DB_PASSWORD);
$db = mysql_select_db(DB_DATABASE);
$qry = "DELETE FROM masterphotogallery WHERE PGID = '$mPGID'";
$result = @mysql_query($qry);
if($result)
{
header("location: CPMasterPhotoGallery.php?start=$mStart&mMode=Delete");
}
}
//Details
//Add
else if (isset($_POST['BtnDAdd']))
{
$mStart = $_GET['start'];
$mPGID = $_GET['PGID'];
$mStartD = $_GET['startD'];
$mPGDID = $_GET['PGDID'];
if (isset($_GET['mMode']))
{
$mMode = $_GET['mMode'];
}
else
{
$mMode = '';
}
header("location: CPMasterPhotoGallery.php?start=$mStart&PGID=$mPGID&mMode=$mMode&startD=$mStartD&PGDID=$mPGDID&mModeD=Add");
}
//Modify
else if (isset($_POST['BtnDModify']))
{
$mStart = $_GET['start'];
$mPGID = $_GET['PGID'];
$mStartD = $_GET['startD'];
$mPGDID = $_GET['PGDID'];
if (isset($_GET['mMode']))
{
$mMode = $_GET['mMode'];
}
else
{
$mMode = '';
}
header("location: CPMasterPhotoGallery.php?start=$mStart&PGID=$mPGID&mMode=$mMode&startD=$mStartD&PGDID=$mPGDID&mModeD=Modify");
}
//Save
else if (isset($_POST['BtnDSave']))
{
require_once('CPConfig.php');
if (isset($_GET['mMode']))
{
$mMode = $_GET['mMode'];
}
else
{
$mMode = '';
}
if (isset($_GET['mModeD']))
{
$mModeD = $_GET['mModeD'];
}
else
{
$mModeD = '';
}
$mStart = $_GET['start'];
$mPGID = $_GET['PGID'];
$mStartD = $_GET['startD'];
$mPGDID = $_GET['PGDID'];
$link = mysql_connect(DB_HOST, DB_USER, DB_PASSWORD);
$db = mysql_select_db(DB_DATABASE);
$PGDName = addslashes(str_replace("'", "'", $_POST['TxtPGDName']));
$PGDDescription = addslashes(str_replace("'", "'", $_POST['TxtPGDDescription']));
$PGDRemarks = addslashes(str_replace("'", "'", $_POST['TxtPGDRemarks']));
$PGDDir = addslashes($_POST['TxtPGDDir']);
$PGDImagePath = $PGDDir . '/';
$PGDImageName = basename($_FILES['PGDImagePath']['name']);
$PGDImageFile = $PGDImagePath . $PGDImageName;
if ($mModeD == 'Add')
{
if ($PGDImageName == '')
{
session_start();
$_SESSION['mPGDName'] = str_replace("'", "'", $_POST['TxtPGDName']);
$_SESSION['mPGDDescription'] = str_replace("'", "'", $_POST['TxtPGDDescription']);
$_SESSION['mPGDRemarks'] = str_replace("'", "'", $_POST['TxtPGDRemarks']);
$_SESSION['mPGDDir'] = $_POST['TxtPGDDir'];
header("location: CPMasterPhotoGallery.php?start=$mStart&PGID=$mPGID&mMode=$mMode&startD=$mStartD&PGDID=$mPGDID&mModeD=$mModeD&mErrorD=Invalid Image File...");
exit;
}
move_uploaded_file($_FILES['PGDImagePath']['tmp_name'], $PGDImageFile);
//Thumbs
if ($PGDImageName != '')
{
$save = $PGDImagePath . "Thumbs/" . $PGDImageName;
$file = $PGDImageFile;
list($width, $height) = getimagesize($file);
$modheight = $height * (200 / $width);
$modwidth = 200;
$tn= imagecreatetruecolor($modwidth, $modheight);
$ext= strtolower(getExtension($PGDImageName));
if(!strcmp("jpg",$ext) || !strcmp("jpeg",$ext))
{
Header("Content-type: image/jpeg");
$source = imagecreatefromjpeg($file);
}
else if(!strcmp("png",$ext))
{
Header("Content-type: image/png");
$source = imagecreatefrompng($file);
}
else if(!strcmp("gif",$ext))
{
Header("Content-type: image/gif");
$source = imagecreatefromgif($file);
}
imagecopyresampled($tn, $source, 0, 0, 0, 0, $modwidth, $modheight, $width, $height);
imagejpeg($tn, $save, 100);
}
//Thumbs
$qry = "INSERT INTO detailphotogallery(PGID, PGDName, PGDDescription, PGDRemarks, PGDImagePath, PGDImageName) VALUES('$mPGID', '$PGDName', '$PGDDescription', '$PGDRemarks', '$PGDImagePath', '$PGDImageName')";
}
else if ($mModeD == 'Modify')
{
move_uploaded_file($_FILES['PGDImagePath']['tmp_name'], $PGDImageFile);
if ($PGDImageName == '')
{
$qry = "UPDATE detailphotogallery SET PGDName='$PGDName', PGDDescription='$PGDDescription', PGDRemarks='$PGDRemarks' WHERE PGDID='$mPGDID'";
}
else
{
//Thumbs
if ($PGDImageName != '')
{
$save = $PGDImagePath . "Thumbs/" . $PGDImageName;
$file = $PGDImageFile;
list($width, $height) = getimagesize($file);
$modheight = $height * (200 / $width);
$modwidth = 200;
$tn= imagecreatetruecolor($modwidth, $modheight);
$ext= strtolower(getExtension($PGDImageName));
if(!strcmp("jpg",$ext) || !strcmp("jpeg",$ext))
{
Header("Content-type: image/jpeg");
$source = imagecreatefromjpeg($file);
}
else if(!strcmp("png",$ext))
{
Header("Content-type: image/png");
$source = imagecreatefrompng($file);
}
else if(!strcmp("gif",$ext))
{
Header("Content-type: image/gif");
$source = imagecreatefromgif($file);
}
imagecopyresampled($tn, $source, 0, 0, 0, 0, $modwidth, $modheight, $width, $height);
imagejpeg($tn, $save, 100);
}
//Thumbs
$qry = "UPDATE detailphotogallery SET PGDName='$PGDName', PGDDescription='$PGDDescription', PGDRemarks='$PGDRemarks', PGDImagePath='$PGDImagePath', PGDImageName='$PGDImageName' WHERE PGDID='$mPGDID'";
}
}
$result = @mysql_query($qry);
if($result)
{
header("location: CPMasterPhotoGallery.php?start=$mStart&PGID=$mPGID&mMode=$mMode&startD=$mStartD&PGDID=$mPGDID&mModeD=Save");
}
else
{
die("Query failed");
}
}
else if (isset($_POST['BtnDCancel']))
{
$mStart = $_GET['start'];
$mPGID = $_GET['PGID'];
$mStartD = $_GET['startD'];
$mPGDID = $_GET['PGDID'];
if (isset($_GET['mMode']))
{
$mMode = $_GET['mMode'];
}
else
{
$mMode = '';
}
header("location: CPMasterPhotoGallery.php?start=$mStart&PGID=$mPGID&mMode=$mMode&startD=$mStartD&PGDID=$mPGDID&mModeD=Cancel");
}
else if (isset($_POST['BtnDDelete']))
{
require_once('CPConfig.php');
$mStart = $_GET['start'];
$mPGID = $_GET['PGID'];
$mStartD = $_GET['startD'];
$mPGDID = $_GET['PGDID'];
if (isset($_GET['mMode']))
{
$mMode = $_GET['mMode'];
}
else
{
$mMode = '';
}
$link = mysql_connect(DB_HOST, DB_USER, DB_PASSWORD);
$db = mysql_select_db(DB_DATABASE);
$qry = "DELETE FROM detailphotogallery WHERE PGDID = '$mPGDID'";
$result = @mysql_query($qry);
if($result)
{
header("location: CPMasterPhotoGallery.php?start=$mStart&PGID=$mPGID&mMode=$mMode&startD=$mStartD&mModeD=Delete");
}
}
function getExtension($str)
{
$i = strrpos($str,".");
if (!$i) { return ""; }
$l = strlen($str) - $i;
$ext = substr($str,$i+1,$l);
return $ext;
}
?>Discord hacker0088#9402
FSecurity.org