interiorvisions.co.th

upload mass deface mass delete console info server
name : setting_images.php
<?php 
include('../config/config.php');
date_default_timezone_set("Asia/Bangkok");
$date_current = date("l jS \of F Y h:i:s A");
$q            = $_POST['q'];
$pro_name     = $_POST['pro_name'];
$file1        = $_FILES['file1']['tmp_name']; 
$file2        = $_FILES['file2']['tmp_name']; 
$file3        = $_FILES['file3']['tmp_name']; 
$file4        = $_FILES['file4']['tmp_name']; 
$file5        = $_FILES['file5']['tmp_name']; 

$sql = "SELECT * FROM projects WHERE p_id = ".$q." ";
$res = $conn->query($sql);
while($row = $res->fetch_assoc()){
    $im_show = $row['p_im_show'];
    $check_path = substr($im_show,7,32);
}

$sql  = "SELECT * FROM project_details WHERE p_pd_id = ".$q." ";
$res = $conn->query($sql);
$num_rows = $res->num_rows;
if($num_rows >= 5) {
    echo 3;
}else{

    $images = $_FILES['file1']['tmp_name'];
    $images_name = $_FILES['file1']['name'];
    $images1 = "upload/".$check_path."/".md5($date_current.$_FILES['file1']['size'].rand(1,1000000).time()).$images_name;
    move_uploaded_file($_FILES['file1']['tmp_name'],"../".$images1);
    $sql1 = "INSERT INTO project_details (p_pd_id,im_pd_id,pd_position,pd_no) VALUES (".$q.",'".$images1."',8,1)";
    $res1 = $conn->query($sql1);


    $images = $_FILES['file2']['tmp_name'];
    $images_name = $_FILES['file2']['name'];
    $images2 = "upload/".$check_path."/".md5($date_current.$_FILES['file2']['size'].rand(1,1000000).time()).$images_name;
    move_uploaded_file($_FILES['file2']['tmp_name'],"../".  $images2);
    $sql2 = "INSERT INTO project_details (p_pd_id,im_pd_id,pd_position,pd_no) VALUES (".$q.",'".$images2."',4,2)";
    $res2 = $conn->query($sql2);


    $images = $_FILES['file3']['tmp_name'];
    $images_name = $_FILES['file3']['name'];
    $images3 = "upload/".$check_path."/".md5($date_current.$_FILES['file3']['size'].rand(1,1000000).time()).$images_name;
    move_uploaded_file($_FILES['file3']['tmp_name'],"../".$images3);
    $sql3 = "INSERT INTO project_details (p_pd_id,im_pd_id,pd_position,pd_no) VALUES (".$q.",'".$images3."',6,3)";
    $res3 = $conn->query($sql3);


    $images = $_FILES['file4']['tmp_name'];
    $images_name = $_FILES['file4']['name'];
    $images4 = "upload/".$check_path."/".md5($date_current.$_FILES['file4']['size'].rand(1,1000000).time()).$images_name;
    move_uploaded_file($_FILES['file4']['tmp_name'],"../".$images4);
    $sql4 = "INSERT INTO project_details (p_pd_id,im_pd_id,pd_position,pd_no) VALUES (".$q.",'".$images4."',6,4)";
    $res4 = $conn->query($sql4);


    $images = $_FILES['file5']['tmp_name'];
    $images_name = $_FILES['file5']['name'];
    $images5 = "upload/".$check_path."/".md5($date_current.$_FILES['file5']['size'].rand(1,1000000).time()).$images_name;
    move_uploaded_file($_FILES['file5']['tmp_name'],"../".$images5);
    $sql5 = "INSERT INTO project_details (p_pd_id,im_pd_id,pd_position,pd_no) VALUES (".$q.",'".$images5."',12,5)";
    $res5 = $conn->query($sql5);

    if(($res1 === true) and ($res2 === true) and ($res3 === true) and ($res4 === true) and ($res5 === true)){
        $sql = "UPDATE projects SET p_status= 1 WHERE p_id=".$q ."";
        $res = $conn->query($sql );
        if($res === true){
            echo 1;
        }else{
            echo 0;
        }
    }else{
        echo 0;
    }
    
}
?>
UnknownSec Shell
