KucukHacker0088 Shell

Current Path : G:/PleskVhosts/mpcdp.in/cmamp.mpcdp.in/CP/

Windows NT SG2NWVPWEB022 10.0 build 17763 (Windows Server 2016) i586 Upload File :

Current File : G:/PleskVhosts/mpcdp.in/cmamp.mpcdp.in/CP/CPMasterPublication-Exec.php

<?php
set_time_limit(300);

ini_set("max_execution_time", "200");
ini_set("max_input_time", "200");

if (isset($_POST['BtnAdd']))
	{
	$mStart = $_GET['start'];
	$mPublicationID = $_GET['PublicationID'];
	header("location: CPMasterPublication.php?start=$mStart&PublicationID=$mPublicationID&mMode=Add");
	}
else if (isset($_POST['BtnModify']))
	{
	$mStart = $_GET['start'];
	$mPublicationID = $_GET['PublicationID'];
	header("location: CPMasterPublication.php?start=$mStart&PublicationID=$mPublicationID&mMode=Modify");
	}
else if (isset($_POST['BtnSave']))
	{
	require_once('CPConfig.php');
	
	if (isset($_GET['mMode']))
		{
		$mMode = $_GET['mMode'];
		}
	else
		{
		$mMode = '';
		}
	
	$mStart = $_GET['start'];
	$mPublicationID = $_GET['PublicationID'];
	
	 $link = mysql_connect($hostname, $username, $password) ;
$db= mysql_select_db($dbname);

	$PName = addslashes(str_replace("'", "&#39;", $_POST['TxtPName']));
	$PDescription = addslashes(str_replace("'", "&#39;", $_POST['TxtPDescription']));
	$PRemarks = addslashes(str_replace("'", "&#39;", $_POST['TxtPRemarks']));
	
	if ($PName == '')
		{
		session_start();
		$_SESSION['mPName'] = str_replace("'", "&#39;", $_POST['TxtPName']);
		$_SESSION['mPDescription'] = str_replace("'", "&#39;", $_POST['TxtPDescription']);
		$_SESSION['mPRemarks'] = str_replace("'", "&#39;", $_POST['TxtPRemarks']);
		
		header("location: CPMasterPublication.php?start=$mStart&PublicationID=$mPublicationID&mMode=$mMode&mError=Invalid Name...");
		exit;
		}
		
	if ($mMode == 'Add')
		{
		$PDocumentPath = 'Publication/Document/';
		$PDocumentName = basename($_FILES['PDocumentPath']['name']);
		$PDocumentFile = $PDocumentPath . $PDocumentName;
		if ($PDocumentName != '')
			{
			move_uploaded_file($_FILES['PDocumentPath']['tmp_name'], $PDocumentFile);
			}
		
		$PImagePath = 'Publication/Image/';
		$PImageName = basename($_FILES['PImagePath']['name']);
		$PImageFile = $PImagePath . $PImageName;
		if ($PImageName != '')
			{
			move_uploaded_file($_FILES['PImagePath']['tmp_name'], $PImageFile);
			}
		//Thumbs
		if ($PImageName != '')
			{
			$save = "Publication/Image/Thumbs/" . $PImageName;
			$file = $PImageFile; 
			list($width, $height) = getimagesize($file); 
			$modheight = $height * (200 / $width); 
			$modwidth = 200; 
			$tn= imagecreatetruecolor($modwidth, $modheight); 
			$ext=strtolower(pathinfo($PImageName, PATHINFO_EXTENSION));
			if(!strcmp("jpg",$ext) || !strcmp("jpeg",$ext))
				{
				Header("Content-type: image/jpeg");
				$source = imagecreatefromjpeg($file); 
				}
			else if(!strcmp("png",$ext))
				{
				Header("Content-type: image/png");
				$source = imagecreatefrompng($file); 
				}
			else if(!strcmp("gif",$ext))
				{
				Header("Content-type: image/gif");
				$source = imagecreatefromgif($file); 
				}
			imagecopyresampled($tn, $source, 0, 0, 0, 0, $modwidth, $modheight, $width, $height); 
			imagejpeg($tn, $save, 100);
			}
		//Thumbs
		
		$qry = "INSERT INTO masterpublication(PName, PDescription, PRemarks, PImagePath, PImageName, PDocumentPath, PDocumentName) VALUES('$PName', '$PDescription', '$PRemarks', '$PImagePath', '$PImageName', '$PDocumentPath', '$PDocumentName')";
		}
	else if ($mMode == 'Modify')
		{
		$PDocumentPath = 'Publication/Document/';
		$PDocumentName = basename($_FILES['PDocumentPath']['name']);
		$PDocumentFile = $PDocumentPath . $PDocumentName;
		if ($PDocumentName != '')
			{
			move_uploaded_file($_FILES['PDocumentPath']['tmp_name'], $PDocumentFile);
			}
		
		$PImagePath = 'Publication/Image/';
		$PImageName = basename($_FILES['PImagePath']['name']);
		$PImageFile = $PImagePath . $PImageName;
		if ($PImageName != '')
			{
			move_uploaded_file($_FILES['PImagePath']['tmp_name'], $PImageFile);
			}
			
		//Thumbs
		if ($PImageName != '')
			{
			$save = "Publication/Image/Thumbs/" . $PImageName;
			$file = $PImageFile; 
			list($width, $height) = getimagesize($file); 
			$modheight = $height * (200 / $width); 
			$modwidth = 200; 
			$tn= imagecreatetruecolor($modwidth, $modheight); 
			$ext=strtolower(pathinfo($PImageName, PATHINFO_EXTENSION));
			if(!strcmp("jpg",$ext) || !strcmp("jpeg",$ext))
				{
				Header("Content-type: image/jpeg");
				$source = imagecreatefromjpeg($file); 
				}
			else if(!strcmp("png",$ext))
				{
				Header("Content-type: image/png");
				$source = imagecreatefrompng($file); 
				}
			else if(!strcmp("gif",$ext))
				{
				Header("Content-type: image/gif");
				$source = imagecreatefromgif($file); 
				}
			imagecopyresampled($tn, $source, 0, 0, 0, 0, $modwidth, $modheight, $width, $height); 
			imagejpeg($tn, $save, 100);
			}
		//Thumbs
		
		$qry = "UPDATE masterpublication SET PName='$PName', PDescription='$PDescription', PRemarks='$PRemarks'";
		if ($PImageName != '')
			{
			$qry = $qry . ", PImageName='$PImageName'";
			}
		if ($PDocumentName != '')
			{
			$qry = $qry . ", PDocumentName='$PDocumentName'";
			}
		$qry = $qry . " WHERE PublicationID=$mPublicationID";
		}
	
	$result = @mysql_query($qry);
	
	if($result) 
		{
		CreateScrollHTMLFile();
		header("location: CPMasterPublication.php?start=$mStart&PublicationID=$mPublicationID&mMode=Save");
		}
	else 
		{
		die("Query failed");
		}
	}
else if (isset($_POST['BtnCancel']))
	{
	$mStart = $_GET['start'];
	$mPublicationID = $_GET['PublicationID'];
	header("location: CPMasterPublication.php?start=$mStart&PublicationID=$mPublicationID&mMode=Cancel");
	}
else if (isset($_POST['BtnDelete']))
	{
	require_once('CPConfig.php');
	
	$mStart = $_GET['start'];
	$mPublicationID = $_GET['PublicationID'];
	
	$link = mysql_connect(DB_HOST, DB_USER, DB_PASSWORD);
	$db = mysql_select_db(DB_DATABASE);
	
	$qry = "DELETE FROM masterpublication WHERE PublicationID = '$mPublicationID'";
	$result = @mysql_query($qry);
	
	if($result) 
		{
		header("location: CPMasterPublication.php?start=$mStart&mMode=Delete");
		}
	}


function CreateScrollHTMLFile()
	{
	$filename = 'SSPublication.html';
	$html_original = file_get_contents($filename);
	
	$publishStartEnd = explode("<!--PublicationStartEnd-->",$html_original);
	$publishStart = $publishStartEnd[0] . "<!--PublicationStartEnd-->";
	$publishEnd = "<!--PublicationStartEnd-->" . $publishStartEnd[2];
	$fp = fopen($filename, "w");
	$appended_text = "";
	
	if (is_writable($filename)) 
		{
		require_once('CPConfig.php');
		$link = mysql_connect(DB_HOST, DB_USER, DB_PASSWORD);
		$db = mysql_select_db(DB_DATABASE);
		
		@$column_name='PublicationID Desc';
		
		$eu = 0; 
		$limit = 10;
		
		$bgcolor="#ffffff";
		
		$query="SELECT * FROM masterpublication ";
		
		if(isset($column_name) and strlen($column_name)>0)
			{
			$query = $query . " order by $column_name";
			}
		$query = $query . " limit $eu, $limit ";
		$result=mysql_query($query);
		
		echo mysql_error();
		
		while($noticia = mysql_fetch_array($result))
			{
			if($bgcolor=='#f1f1f1')
				{
				$bgcolor='#ffffff';
				}
			else
				{
				$bgcolor='#f1f1f1';
				}
			$appended_text = $appended_text . "<table cellpadding='0' cellspacing='0' border='0'><tr>";
			if ($noticia[PImageName] == "")
				{
				$appended_text = $appended_text . "<td class='StyleTableBodyMembership'><a href='CPDownload.php?filename=$noticia[PDocumentPath]$noticia[PDocumentName]'><b>$noticia[PName]</b><br />$noticia[PDescription]</a></td>";
				}
			else
				{
				$appended_text = $appended_text . "<td align='left'><img src='$noticia[PImagePath]Thumbs/$noticia[PImageName]' alt='' width='72' /></td>";
				$appended_text = $appended_text . "<td class='StyleTableBodyMembership'><a href='CPDownload.php?filename=$noticia[PDocumentPath]$noticia[PDocumentName]'><b>$noticia[PName]</b><br />$noticia[PDescription]</a></td>";
				}
			$appended_text = $appended_text . "</tr></table>";
			}
		}
	
	fwrite($fp, $publishStart . $appended_text . $publishEnd); 
	fclose($fp); 
	}

?>

Discord hacker0088#9402

FSecurity.org