403Webshell
Server IP : 51.89.169.208  /  Your IP : 18.219.194.82
Web Server : Apache
System : Linux ns3209505.ip-198-244-202.eu 4.18.0-553.27.1.el8_10.x86_64 #1 SMP Tue Nov 5 04:50:16 EST 2024 x86_64
User : yellowleaf ( 1019)
PHP Version : 7.4.33
Disable Function : exec,passthru,shell_exec,system
MySQL : OFF  |  cURL : ON  |  WGET : ON  |  Perl : ON  |  Python : ON  |  Sudo : ON  |  Pkexec : ON
Directory :  /home/yellowleaf/www/staff/advert/member_accounts/

Upload File :
current_dir [ Writeable ] document_root [ Writeable ]

 

Command :

[ Back ]     

Current File : /home/yellowleaf/www/staff/advert/member_accounts/index.php
<?php
//error_reporting(E_ALL);
header('Content-Type: text/html; charset=utf-8');
$path  = $_SERVER['DOCUMENT_ROOT'];
include_once $path.'/connect_db.php';
include '../../accesscontrol.php';  
if(isset($_POST['submit'])){

	foreach(addslashes($_POST['ls']) as $listing){
		$aa = explode(" || ", $listing);
		$ls_id = $aa[0];
		$ls_mid = $aa[1];
		// deleting ad
		$q6 = "DELETE FROM ads WHERE adid='{$ls_id}' AND memberid ='{$ls_mid}'";
		$r6 = $connect->query($q6) or die($connect ->error);
		$del_query = "SELECT image, photo_1, photo_2, photo_3, photo_4 FROM ads WHERE  adid='{$ls_id}' AND memberid = '{$ls_mid}' GROUP BY adid";
		$del_result = $connect->query($del_query) or die($connect -> connect_errno);
		$del_row = $del_result->fetch_array();
		$photos_array=array(1 =>$del_row['photo_1'],$del_row['photo_2'],$del_row['photo_3'],$del_row['photo_4']);
		// deleting associating photos to ad
		foreach($photos_array as $photo_key=>$photo_array){
			$file = 'uploads/'.$photo_key.'/'.$photo_array; // name of file
			if (file_exists($file)) {
				@unlink($file);
			}
		}
		$logo_file= 'uploads/logo/'.$del_row['image']; // name of file
		if (file_exists($logo_file)) {
				@unlink($logo_file);
		}
		$message = 'Your Ad has been successfully deleted.';
	}
}

if(addslashes($_GET['del'])=="yes"){
	$adid=addslashes($_GET['adid']);
	$memberid=addslashes($_GET['memberid']);
	// deleting ad
	$q6 = "DELETE FROM ads WHERE adid='{$adid}' AND memberid ='{$memberid}'";
	$r6 = $connect->query($q6) or die($connect->error);
	$del_query = "SELECT image, photo_1, photo_2, photo_3, photo_4 FROM ads WHERE  adid='{$adid}' AND memberid = '{$memberid}' GROUP BY adid";
	$del_result = $connect->query($del_query) or die($connect->error);
	$del_row = $del_result->fetch_array();
	$photos_array=array(1 =>$del_row['photo_1'],$del_row['photo_2'],$del_row['photo_3'],$del_row['photo_4']);

	foreach($photos_array as $photo_key=>$photo_array){
		$file = 'uploads/'.$photo_key.'/'.$photo_array; // name of file
		if (file_exists($file)) {
			@unlink($file);
		}
	}
	// deleting logo
	$logo_file= 'uploads/logo/'.$del_row['image']; // name of file
	if (file_exists($logo_file)) {
			@unlink($logo_file);
	}
	$message = 'Your Ad has been successfully deleted.';
	//header( "refresh:5;url=index.php" );
}



if(addslashes($_GET['del'])=="yes"){
	$memberid=addslashes($_GET['memberid']);
	
	// deleting ad
	$q6 = "DELETE FROM ads WHERE memberid ='{$memberid}'";
	$r6 = $connect->query($q6) or die($connect->error);
	$del_query = "SELECT image, photo_1, photo_2, photo_3, photo_4 FROM ads WHERE  memberid = '{$memberid}' GROUP BY adid";
	$del_result = $connect->query($del_query) or die($connect->error);
	$del_row = $del_result->fetch_array();
	$photos_array=array(1 =>$del_row['photo_1'],$del_row['photo_2'],$del_row['photo_3'],$del_row['photo_4']);

	foreach($photos_array as $photo_key=>$photo_array){
		$file = 'uploads/'.$photo_key.'/'.$photo_array; // name of file
		if (file_exists($file)) {
			@unlink($file);
		}
	}
	// deleting logo
	$logo_file= 'uploads/logo/'.$del_row['image']; // name of file
	if (file_exists($logo_file)) {
			@unlink($logo_file);
	}

	// deleting member account
	$connect->query("DELETE from members WHERE memberid ='{$memberid}'");
	
	$message = 'Accounts has been deleted.';
	// header( "refresh:0;url=index.php" );
}



?>



<!-- start: HTML -->
<!DOCTYPE html>
<html lang="en">
<head>
	<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
	<meta http-equiv="X-UA-Compatible" content="IE=edge">
	<meta name="viewport" content="width=device-width, initial-scale=1.0">
	<link rel="stylesheet" href="/header-footer/global.css">
	<link rel="stylesheet" href="/staff/style_staff.css">
	<title>Staff Area</title>
	<script src="https://code.jquery.com/jquery-3.6.0.min.js" integrity="sha256-/xUj+3OJU5yExlq6GSYGSHk7tPXikynS7ogEvDej/m4=" crossorigin="anonymous"></script>
	<style>
	input#search {
		width: 86%;
		float: left;
		margin: 0 15px 0px 0px;
	}

	.successDvBx{
		padding: 10px; 
		font-weight: bold; 
		border: 1px solid green; 
		font-size: 16px;
		margin-bottom: 15px;
	}
	</style>
</head>
<body>
	
<?
include '../../staff_header.php';
if($updated==TRUE){
	echo '<div class="successDvBx">ACTIVATED</div>';
}
if($message){ 
}
?>
	<!-- start: Table -->
	<div class="table-section">
		<div class="container lg">
			<div class="table-responsive">
			<form>
				<?
				$Active = $connect->query("SELECT * FROM ads WHERE active = 1 ")->num_rows;
				$Inactive = $connect->query("SELECT * FROM ads WHERE active = 0 and decline = 0")->num_rows;
				$Declined = $connect->query("SELECT * FROM ads WHERE decline = 1 ")->num_rows;
				$Featured = $connect->query("SELECT * FROM ads WHERE featured = 1 ")->num_rows;
				$free_websites = $connect->query("SELECT * FROM `members` as `m` INNER JOIN `page_configuration` as `pc` ON m.memberid = pc.memberid GROUP BY m.memberid")->num_rows;
				$dr = $_SERVER['DOCUMENT_ROOT'].'/members/uploads/logo/';
                $logo =  scandir($dr);
				
				?>
				<div class="submit-advert-form-group">
					<a href="/staff/advert/approved/" class="btn btn-yellow">Active (<?=$Active?>)</a>
					<a href="/staff/" class="btn btn-yellow">Inactive (<?=$Inactive?>)</a>
					<a href="/staff/advert/declined/" class="btn btn-yellow">Declined (<?=$Declined?>)</a>
					<a href="/staff/advert/no_images" class="btn btn-yellow">No image Businesses (<?=$Inactive-count($logo)?>)</a>
					<a href="/staff/advert/featured/" class="btn btn-yellow">Featured (<?=$Featured?>)</a>
						<a href="/staff/advert/free_websites" class="btn btn-yellow">Used Free Website (<?=$free_websites?>)</a>
				</div>
				<div class="submit-advert-form-group">
				<input type="text" name="search" id="search" class="form-control"  placeholder="Enter user email" value="<?=addslashes($_GET['search']) ?>">
				<button  class="btn btn-yellow" type="submit">Search
							<svg viewBox="0 0 21 16" fill="none" xmlns="http://www.w3.org/2000/svg">
							<path d="M13.0998 15.5L11.7582 14.1902L17 8.95114H0.588135V7.08004H17L11.727 1.80977L13.0686 0.5L20.5881 8.01559L13.0998 15.5Z"></path>
							</svg>
				</button>
				</div>
				
				<?php if($message): ?>
					<div class="message successDvBx"><?=$message?></div>
				<?php endif ?>
			</form>
				<table class="table">
					<thead>
						<tr>
							<th></th>
							<th>Email</th>
							<th>Action</th>
						</tr>
					</thead>
					<tbody>
					<?
					$search = addslashes($_GET['search']);
					$limit = 100;
					$page = addslashes($_GET['page'])?addslashes($_GET['page']):1;
					$offset = ($page-1)*$limit;

				// $a = $connect->query("SELECT * FROM ads WHERE active = 1 ORDER BY adid DESC LIMIT $offset,$limit") or die($connect->error);
				$a = $connect->query("SELECT * FROM members WHERE ename LIKE '%{$search}%'") or die($connect->error);
				
				if($a->num_rows > 0){
					while($b = $a->fetch_array(MYSQLI_ASSOC)){
						$r_ad_name=strtolower($b['ename']);

					// $ads_query = $connect->query("SELECT * FROM ads WHERE memberid='{$username_row['memberid']}' ORDER BY adid DESC LIMIT $offset,$limit") or die($connect->error);
					// while($b = $ads_query->fetch_array()){
					// 	$r_ad_name=strtolower($b['companyname']);
					// 	$r_ad_name = preg_replace("/[^A-Za-z 0-9]/", "", $r_ad_name); 
					// 	$r_ad_name=str_replace("  "," ",$r_ad_name);
					// 	$company_name_url=str_replace(" ","-",$r_ad_name);

				?>

				<tr onclick="chbox(<?=$b['memberid']?>);" id="tr_<?=$b['memberid']?>" <?=(strpos($r_ad_name,'clean') !== false
				? 'class="selected"' : '' )?>>
				<td><input id="inp_<?=$b['memberid']?>" type="checkbox" name="ls[]"
						value="<?=$b['memberid']?> || <?=$b['memberid']?>"></td>
				<td>
					<?=$b['ename']?>
				</td>
				<td>
					<a onclick="return confirm('Do you want to delete this account?')" style="color:red" href="/staff/advert/member_accounts/?del=yes&memberid=<?=$b['memberid']?>">Delete</a>
				</td>
			</tr>
			<? }} ?>
					</tbody>
				</table>
			</div>
			<div class="table-pagination">
				<a href="?page=<?=$page+1?>">Next Page</a>
			</div>
			<!-- <div class="table-action">
				<a href="#" class="btn btn-red">Delete Selected</a>
			</div> -->
		</div>
	</div>
	<!-- end: Table -->
	
	<script>
		$( document ).ready(function() {
			var msg = <?=$message?>;
			if(msg){
				$(".message").text(msg);
			}
		});
		var topbarToggle = document.querySelector('.topbar-menu-toggle')
		var topbarMenu = document.querySelector('.topbar-menu')

		topbarToggle.addEventListener('click', function() {
			topbarMenu.classList.toggle('show')
		})
		
		function chbox(id) {
			document.getElementById('inp_' + id).click()

			if (document.getElementById('inp_' + id).checked) {
				document.getElementById('tr_' + id).classList.add('selected');
			} else {
				document.getElementById('tr_' + id).classList.remove('selected');
			}
		}
	</script>
</body>
</html>
<!-- end: HTML -->

Youez - 2016 - github.com/yon3zu
LinuXploit