HEX
Server: Apache
System: Linux msm5694.mjhst.com 3.10.0-1160.119.1.el7.x86_64 #1 SMP Tue Jun 4 14:43:51 UTC 2024 x86_64
User: camjab_ssh (1000)
PHP: 5.3.29
Disabled: NONE
$ pwd: /home/httpd/html/porn.tw/public_html/controllers/
Upload Files
File: /home/httpd/html/porn.tw/public_html/controllers/control.upload.php
<?php
    if (!$_SESSION['userid']) {
        header("Location: $basehttp/login");
        exit();
    }

    $_GET['mode'] = $_GET['option'];

    if ($allowUploads) {
        if ($_SESSION['user_level'] == 0) {
            if ($allowSurferUploads) {
                $allowThisUpload = true;
            } else {
                $allowThisUpload = false;
            }
        } else {
            $allowThisUpload = true;
        }
    } else {
        $allowThisUpload = false;
    }

    if ($allowThisUpload) {
        if ($_GET['option'] == 'photo') {
            $title = 'Upload';
            $headertitle = 'Upload Your Photos!';
            $optionUpload = 'photo';
            $optionTitle = 'Images';
            $allowedExtensions = "['png','jpg','gif','jpeg','bmp']";
            $acceptFiles = 'png, jpg, gif, bmp, jpeg';
            $sizeLimit = '5120000';
            $multiple = 'true';
        } else {
            $title = 'Upload';
            $headertitle = 'Upload Your Movie !';
            $optionUpload = 'video';
            $optionTitle = 'Video';
            $allowedExtensions = "['flv','mpg','wmv','avi','3gp','qt','mp4','mov','m4v','f4v']";
            $acceptFiles = 'flv,mpg,wmv,avi,3gp,qt,mp4,mov';
            $sizeLimit = '512000000';
            $multiple = 'false';
        }

        if ($_POST) {

            $_POST = mysqli_real_escape_array($_POST);

            if ($_POST['title'] == '') {
                setMessage(_t("'Title' input can't be empty !"),'error');
            }
            if ($_POST['description'] == '') {
                setMessage(_t("'Description' input can't be empty !"),'error');
            }
            if ($_POST['tags'] == '') {
                setMessage(_t("'Tags' input can't be empty !"),'error');
            }
            if (!$_SESSION['correctCaptcha']) {
                setMessage(_t("Incorrect CAPTCHA Response.!"),'error');
            }
            if (count(dbQuery("SELECT record_num FROM content WHERE token = '$_SESSION[token]' AND token != '' AND  submitter = '$_SESSION[userid]'",false)) < 1) {
                setMessage(_t("Please choose file to upload"),'error');
                unset($_SESSION['correctCaptcha']);
            }


            $title = strip_tags($_POST['title']);
            $tags = strip_tags($_POST['tags']);
            $description = strip_tags($_POST['description']);

            if (!getMessages(false,'error')) {
                $checkUpdate = mysqli_query($dblink,"UPDATE
                                            content SET
                                            title = '$title',
                                            description = '$description',		
                                            keywords = '$tags', 
                                            submitter = '$_SESSION[userid]', 
                                            approved = 0
                                        WHERE token = '$_SESSION[token]' AND token != '' AND  submitter = '$_SESSION[userid]'");
                if ($checkUpdate) {
                    $result = dbQuery("SELECT record_num, filename, orig_filename FROM content WHERE token = '$_SESSION[token]' AND token != '' AND  submitter = '$_SESSION[userid]'", false);
                    $result = $result[0];
                    dbQuery("INSERT INTO content_views (content,views) VALUES ('$result[record_num]',0)");

                    if (is_array($_POST['channels'])) {
                        foreach ($_POST['channels'] as $k => $v) {
                            if (is_numeric($v) && $k < 6) {
                                dbQuery("INSERT INTO content_niches(content,niche) VALUES ('$result[record_num]','$v')");
                            }
                        }
                    }

                    if ($optionUpload == 'video') {
                        //save video
                        $fromFile = $temp_users_uploads . '/' . $result['orig_filename'];
                        $toFile = $content_path . '/' . $result['orig_filename'];

                        if (rename($fromFile, $toFile)) {
                            @chmod($toFile, 0777);
                            header("Location: " . $basehttp . "/upload?success=done");
                        } else {
                            setMessage(_t("Can't move file. Please try to upload one more time."), 'error');
                            unset($_POST);
                        }
                    } else {
                        //save photos
                        unset($_POST);
                        header("Location: " . $basehttp . "/upload_photo?success=done");
                    }

                    unset($_SESSION['correctCaptcha']);
                } else {
                    setMessage(_t("Database error occured."), 'error');
                }
            }
        } else {
            $_SESSION['token'] = $_SESSION['userid'] . uniqid();
            unset($_SESSION['correctCaptcha']);
        }
    }
    
    if (!$allowThisUpload) {
        setMessage(_t("We're sorry, uploading is currently disabled."), 'error');
        $_template_content = '404';
    }
?>
@ Telegram