KucukHacker0088 Shell
| Current Path : G:/PleskVhosts/mpcdp.in/cmamp.mpcdp.in/CP/ |
Windows NT SG2NWVPWEB022 10.0 build 17763 (Windows Server 2016) i586 |
| Current File : G:/PleskVhosts/mpcdp.in/cmamp.mpcdp.in/CP/CPMasterTeamMember-Exec.php |
<?php
if (isset($_POST['BtnAdd']))
{
$mStart = $_GET['start'];
$mTMID = $_GET['TeamMemberID'];
header("location: CPMasterTeamMember.php?start=$mStart&TeamMemberID=$mTMID&mMode=Add");
}
else if (isset($_POST['BtnModify']))
{
$mStart = $_GET['start'];
$mTMID = $_GET['TeamMemberID'];
header("location: CPMasterTeamMember.php?start=$mStart&TeamMemberID=$mTMID&mMode=Modify");
}
else if (isset($_POST['BtnSave']))
{
require_once('CPConfig.php');
if (isset($_GET['mMode']))
{
$mMode = $_GET['mMode'];
}
else
{
$mMode = '';
}
$mStart = $_GET['start'];
$mTMID = $_GET['TeamMemberID'];
$link = mysql_connect($hostname, $username, $password) ;
$db= mysql_select_db($dbname);
$TMName = addslashes(str_replace("'", "'", $_POST['TxtTMName']));
$TMDesg = addslashes(str_replace("'", "'", $_POST['TxtTMDesg']));
$TMMobile = addslashes(str_replace("'", "'", $_POST['TxtTMMobile']));
$TMPhone = addslashes(str_replace("'", "'", $_POST['TxtTMPhone']));
$TMEmail = addslashes(str_replace("'", "'", $_POST['TxtTMEmail']));
$TMDuration = addslashes(str_replace("'", "'", $_POST['TxtTMDuration']));
$TMStatus = addslashes(str_replace("'", "'", $_POST['CmbTMStatus']));
$TMRemarks = addslashes(str_replace("'", "'", $_POST['TxtTMRemarks']));
if (is_numeric($_POST['TxtTMOrder']))
{
$TMOrder = $_POST['TxtTMOrder'];
}
else
{
$TMOrder = 0;
}
if ($TMName == '')
{
session_start();
$_SESSION['mTMName'] = str_replace("'", "'", $_POST['TxtTMName']);
$_SESSION['mTMDesg'] = str_replace("'", "'", $_POST['TxtTMDesg']);
$_SESSION['mTMMobile'] = str_replace("'", "'", $_POST['TxtTMMobile']);
$_SESSION['mTMPhone'] = str_replace("'", "'", $_POST['TxtTMPhone']);
$_SESSION['mTMEmail'] = str_replace("'", "'", $_POST['TxtTMEmail']);
$_SESSION['mTMDuration'] = str_replace("'", "'", $_POST['TxtTMDuration']);
$_SESSION['mTMStatus'] = str_replace("'", "'", $_POST['CmbTMStatus']);
$_SESSION['mTMOrder'] = str_replace("'", "'", $_POST['TxtTMOrder']);
$_SESSION['mTMRemarks'] = str_replace("'", "'", $_POST['TxtTMRemarks']);
header("location: CPMasterTeamMember.php?start=$mStart&TeamMemberID=$mTMID&mMode=$mMode&mError=Invalid Name...");
exit;
}
if ($mMode == 'Add')
{
$TMImagePath = 'TMImage/';
$TMImageName = basename($_FILES['TMImagePath']['name']);
$TMImageFile = $TMImagePath . $TMImageName;
move_uploaded_file($_FILES['TMImagePath']['tmp_name'], $TMImageFile);
$qry = "INSERT INTO masterteammember(TeamMemberName, TeamMemberDesg, TeamMemberMobile, TeamMemberPhone, TeamMemberEMail, TeamMemberDuration, TeamMemberOrder, TeamMemberStatus, TeamMemberRemarks, TeamMemberImagePath, TeamMemberImageName) VALUES('$TMName', '$TMDesg', '$TMMobile', '$TMPhone', '$TMEmail', '$TMDuration', $TMOrder, '$TMStatus', '$TMRemarks', '$TMImagePath', '$TMImageName')";
}
else if ($mMode == 'Modify')
{
$TMImagePath = 'TMImage/';
$TMImageName = basename($_FILES['TMImagePath']['name']);
$TMImageFile = $TMImagePath . $TMImageName;
move_uploaded_file($_FILES['TMImagePath']['tmp_name'], $TMImageFile);
if ($TMImageName == '')
{
$qry = "UPDATE masterteammember SET TeamMemberName='$TMName', TeamMemberDesg='$TMDesg', TeamMemberMobile='$TMMobile', TeamMemberPhone='$TMPhone', TeamMemberEMail='$TMEmail', TeamMemberDuration='$TMDuration', TeamMemberOrder=$TMOrder, TeamMemberStatus='$TMStatus', TeamMemberRemarks='$TMRemarks', TeamMemberImagePath='$TMImagePath' WHERE TeamMemberID='$mTMID'";
}
else
{
$qry = "UPDATE masterteammember SET TeamMemberName='$TMName', TeamMemberDesg='$TMDesg', TeamMemberMobile='$TMMobile', TeamMemberPhone='$TMPhone', TeamMemberEMail='$TMEmail', TeamMemberDuration='$TMDuration', TeamMemberOrder=$TMOrder, TeamMemberStatus='$TMStatus', TeamMemberRemarks='$TMRemarks', TeamMemberImagePath='$TMImagePath', TeamMemberImageName='$TMImageName' WHERE TeamMemberID='$mTMID'";
}
}
$result = @mysql_query($qry);
if($result)
{
header("location: CPMasterTeamMember.php?start=$mStart&TeamMemberID=$mTMID&mMode=Save");
}
else
{
die("Query failed");
}
}
else if (isset($_POST['BtnCancel']))
{
$mStart = $_GET['start'];
$mTMID = $_GET['TeamMemberID'];
header("location: CPMasterTeamMember.php?start=$mStart&TeamMemberID=$mTMID&mMode=Cancel");
}
else if (isset($_POST['BtnDelete']))
{
require_once('CPConfig.php');
$mStart = $_GET['start'];
$mTMID = $_GET['TeamMemberID'];
$link = mysql_connect(DB_HOST, DB_USER, DB_PASSWORD);
$db = mysql_select_db(DB_DATABASE);
$qry = "DELETE FROM masterteammember WHERE TeamMemberID = '$mTMID'";
$result = @mysql_query($qry);
if($result)
{
header("location: CPMasterTeamMember.php?start=$mStart&mMode=Delete");
}
}
?>Discord hacker0088#9402
FSecurity.org