interiorvisions.co.th

upload mass deface mass delete console info server
name : joinussave.php
<?php
session_start();
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
    <head>
        <link rel="shortcut icon" href="favicon.ico"/>
        <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
        <title>Email Sending..</title>
        <link href="style.css" rel="stylesheet" type="text/css" />
    </head>
    <body>
        <div id="box">
            <?php
            $pass = false;
            require_once('class.phpmailer.php');
            $submit = $_POST['submit'];
//            $captcha = $_POST['captcha'];
//            //
////            echo $_SESSION['sCaptcha'] . '++' . $base['session']['sCaptcha'] . '--' . $captcha;
////            exit();
//            if ($_SESSION['sCaptcha'] != $captcha) {
//                echo 'ขออภัย คุณกรอกภาพตัวอักษร(Captcha)ไม่ถูกต้อง!!';
//                echo '<br/><INPUT TYPE="BUTTON" VALUE="กลับไปแก้ไข" ONCLICK="history.go(-1)"/>';
//                exit();
//            }

            $name = $_POST['name'];
            $lastname = $_POST['lastname'];
            $mobile = $_POST['mobile'];
            $email = $_POST['email'];
            $msg = $_POST['message'];
//            $attachment = $_POST['attachment'];
//
            if ($submit != "") {
                if ($name != "" && $mobile != "" && $email != "") {
                    //check file upload
                    if (is_uploaded_file($_FILES['attachment']['tmp_name'])) {
                        $realname = strtolower($_FILES["attachment"]["name"]);
                        $sizefile = $_FILES["attachment"]["size"];
                        $type = strtolower(strrchr($realname, "."));
                        if ($sizefile > 2048000) {
                            echo 'ขออภัย ไฟล์แนบของคุณมีขนาดใหญ่เกิน 2MB!!';
                            echo '<br/><INPUT TYPE="BUTTON" VALUE="กลับไปแก้ไข" ONCLICK="history.go(-1)"/>';
                            exit();
                        } elseif (($type != ".jpg") && ($type != ".jpeg") && ($type != ".gif") && ($type != ".png")
                                && ($type != ".doc") && ($type != ".docx")
                                && ($type != ".pdf") && ($type != ".ppt") && ($type != ".pptx")
                                && ($type != ".dwg") && ($type != ".ai") && ($type != ".psd")
                                && ($type != ".zip") && ($type != ".rar") && ($type != ".7z")) {
                            echo 'ขออภัย ไฟล์แนบของคุณเป็นชนิด(' . $type . ') ซึ่งไม่อนุญาตให้แนบไฟล์ได้ กรุณาแก้ไข!!';
                            echo '<br/>แนบไฟล์ได้เฉพาะนามสกุล.jpg, .jpeg, .gif, .png, .doc, .docx, .pdf, .ppt, .pptx, .dwg, .ai, .psd, .zip, .rar, .7z เท่านั้น';
                            echo '<br/><INPUT TYPE="BUTTON" VALUE="กลับไปแก้ไข" ONCLICK="history.go(-1)"/>';
                            exit();
                        }
                        $tempfile = date("Y-m-d-H-i-s") . "-" . $realname;
                        $tempfile = str_replace(" ","_",$tempfile);
                        copy($HTTP_POST_FILES['attachment']['tmp_name'], "webupload/$tempfile");
//                        echo "Upload Filename: " . $_FILES['userfile']['name'];
                    }
                    //check gmail account
                    $gmailUsername = "map2iv@gmail.com";
                    $gmailPassword = "mapinterior";
                    $auther = "Joinus - web:interiorvisions.co.th";
                    $contactMail = "hr@interiorvisions.co.th";
//                    $contactMail = "homelyboyz@gmail.com";
                    $contactName = "contact - web:interiorvisions.co.th";
                    //////////////////////////////////////////////////////////
                    $msg = nl2br($msg);
                    /////////////////////start send message///////////////////
                    $mail = new PHPMailer();
                    $msg = eregi_replace("<>[\]", '', $msg);
                    $mail->IsSMTP(); // telling the class to use SMTP
                    $mail->SMTPAuth = true;                  // enable SMTP authentication
                    $mail->SMTPSecure = "ssl";                 // sets the prefix to the servier
                    $mail->Host = "smtp.gmail.com";      // sets GMAIL as the SMTP server
                    $mail->Port = 465;                   // set the SMTP port for the GMAIL server
                    $mail->Username = $gmailUsername;  // GMAIL username
                    $mail->Password = $gmailPassword;            // GMAIL password
                    $mail->SetFrom($gmailUsername, $auther);  //Sender
                    $mail->Subject = 'E-mail via Joinus Page';
                    //$mail->AltBody    = "To view the message, please use an HTML compatible email viewer!"; // optional, comment out and test
                    $mail->MsgHTML('E-mail via Joinus Page<br/' . $msg . '<br/>From:' . $name . $lastname . '<br/>E-mail:' . $email . '<br/>Mobile:' . $mobile . '<br/>Attachment:' . '<a href="http://www.interiorvisions.co.th/email/download.php?file=' . $tempfile . '">' . $realname . '</a>');
                    $mail->AddAddress($contactMail, $contactName);
                    if (!$mail->Send()) {
                        echo $mail->ErrorInfo;
                    } else {
                        echo 'ส่ง E-mail สำเร็จแล้ว ทางเราจะทำการติดต่อกลับไปภายหลัง';
                        $pass = true;
                    }
                } else {
                    echo 'กรุณากรอกข้อมูลให้ครบทุกช่อง!!';
                }
            }
            if ($pass) {
                echo '<br/><a href="http://interiorvisions.co.th">กลับสู่หน้าเว็บไซต์</a>';
            } else {
                echo '<br/><INPUT TYPE="BUTTON" VALUE="กลับไปแก้ไข" ONCLICK="history.go(-1)"/>';
            }
            ?>
        </div>
    </body>
</html>
UnknownSec Shell
