shell bypass 403
<?php
date_default_timezone_set("Asia/Bangkok");
include('../config/config.php');
$project_name = $_POST['project_name'];
$project_desc = mysqli_real_escape_string($conn,$_POST['project_desc']);
$layout = $_POST['layout'];
$location = $_POST['location'];
$owner = $_POST['owner'];
$types = $_POST['types'];
$cats = $_POST['cats'];
$q = $_POST['q'];
$sql1 = "SELECT * FROM projects WHERE p_id = ".$q." ";
$res1 = $conn->query($sql1);
while($row1 = $res1->fetch_assoc()){
$p_tt = $row1['p_im_show'];
$p_tt_gif = substr($row1['p_im_show'],-3,3);
}
if(isset($_POST['title_youtube'])){
$title_youtube = $_POST['title_youtube'];
}else{
$title_youtube = "";
}
if(isset($_FILES['file']['tmp_name'])){
$title_images = $_FILES['file']['tmp_name'];
}else{
$title_images = "";
}
if(isset($_FILES['im_cover']['tmp_name'])){
$im_cover = $_FILES['im_cover']['tmp_name'];
}else{
$im_cover = "";
}
if($title_youtube != ""){
if($im_cover != ""){
$type_image = $_FILES['im_cover']['type'];
$sql = "SELECT * FROM projects WHERE p_id = ".$q." ";
$res = $conn->query($sql);
while($row = $res->fetch_assoc()){
$test = substr($row['p_tt'],0,6);
if($test == "upload"){
$oldPicture = "../".$row['p_tt'];
if (file_exists($oldPicture)) {
unlink($oldPicture);
}
$oldPicture1 = "../".$row['p_im_show'];
if (file_exists($oldPicture1)) {
unlink($oldPicture1);
}
}else{
$oldPicture = "../".$row['p_im_show'];
if (file_exists($oldPicture)) {
unlink($oldPicture);
}
}
}
$title_youtube = substr( $title_youtube ,32,11);
$date_current = date("l jS \of F Y h:i:s A");
$images_name1 = $_FILES['im_cover']['name'];
$upload_path = substr($p_tt ,7,33);
$images = "upload/".$upload_path."/".$date_current.$images_name1;
$images1 = $_FILES['im_cover']['tmp_name'];
$images_2 = "upload/".$upload_path.md5($date_current.$_FILES['im_cover']['size'].rand(1,1000000).time()).$images_name1;
$file = strtolower($_FILES["im_cover"]["name"]);
$type= strrchr($file,".");
if($type == ".mp4"){
$types_video = "1";
}else{
$types_video = "2";
}
move_uploaded_file($_FILES['im_cover']['tmp_name'],"../".$images_2);
$sql = "UPDATE projects SET p_name = '".$project_name."', p_tt = '".$title_youtube."', p_im_show = '".$images_2."',";
$sql .= "p_t_id = '".$types."',p_c_id ='". $cats."', p_desc ='". $project_desc."',p_location = '".$location."',p_owner ='".$owner."', p_modify_at = now(), p_typecover = '".$types_video."' WHERE p_id = ".$q." ";
}else{
$sql = "SELECT * FROM projects WHERE p_id = ".$q." ";
$res = $conn->query($sql);
while($row = $res->fetch_assoc()){
$test = substr($row['p_tt'],0,6);
if($test == "upload"){
$oldPicture = "../".$row['p_tt'];
if (file_exists($oldPicture)) {
unlink($oldPicture);
}
}
}
$title_youtube = substr( $title_youtube ,32,11);
$sql = "UPDATE projects SET p_name = '".$project_name."', p_tt = '".$title_youtube."',";
$sql .= "p_t_id = '".$types."',p_c_id ='". $cats."', p_desc ='". $project_desc."',p_location = '".$location."',p_owner ='".$owner."', p_modify_at = now() WHERE p_id = ".$q." ";
}
}
if($title_images != ""){
if($im_cover != ""){
$images = $_FILES['file']['tmp_name'];
$images_name = $_FILES['file']['name'];
$sql = "SELECT * FROM projects WHERE p_id = ".$q." ";
$res = $conn->query($sql);
while($row = $res->fetch_assoc()){
$test = substr($row['p_tt'],0,6);
if($test != "upload"){
$oldPicture = "../".$row['p_im_show'];
if (file_exists($oldPicture)) {
unlink($oldPicture);
}
}else{
$oldPicture = "../".$row['p_im_show'];
$oldPicture1 = "../".$row['p_tt'];
if (file_exists($oldPicture)) {
unlink($oldPicture);
}
if (file_exists($oldPicture1)) {
unlink($oldPicture1);
}
}
}
$upload_path = substr($p_tt ,7,33);
$images = "upload/".$upload_path."".$date_current.$images_name;
$images1 = $_FILES['im_cover']['tmp_name'];
$date_current = date("l jS \of F Y h:i:s A");
$images_name1 = $_FILES['im_cover']['name'];
$images_name2 = $_FILES['file']['name'];
$images_2 = "upload/".$upload_path."".md5($date_current.$_FILES['im_cover']['size'].rand(1,1000000).time()).$images_name1;
$images_3 = "upload/".$upload_path."".md5($date_current.$_FILES['file']['size'].rand(1,1000000).time()).$images_name2;
$file = strtolower($_FILES["im_cover"]["name"]);
$type= strrchr($file,".");
if($type == ".mp4"){
$types_video = "1";
}else{
$types_video = "2";
}
move_uploaded_file($_FILES['file']['tmp_name'],"../".$images_2);
move_uploaded_file($_FILES['im_cover']['tmp_name'],"../".$images_3);
$sql = "UPDATE projects SET p_name = '".$project_name."', p_tt = '".$images_2."', p_im_show = '".$images_3."',";
$sql .= "p_t_id = '".$types."',p_c_id ='".$cats."', p_desc ='".$project_desc."',p_location ='".$location."',p_owner = '".$owner."', p_modify_at = now(), p_typecover = '".$types_video."' WHERE p_id = ".$q." ";
}else{
$sql = "SELECT * FROM projects WHERE p_id = ".$q." ";
$res = $conn->query($sql);
while($row = $res->fetch_assoc()){
$test = substr($row['p_tt'],0,6);
if($test != "upload"){
}else{
$oldPicture = "../".$row['p_tt'];
if (file_exists($oldPicture)) {
unlink($oldPicture);
}
}
}
$images = $_FILES['file']['tmp_name'];
$images_name = $_FILES['file']['name'];
$upload_path = substr($p_tt,7,32);
$images = "upload/".$upload_path."/".md5($date_current.$_FILES['file']['size'].rand(1,1000000).time()).$images_name;
move_uploaded_file($_FILES['file']['tmp_name'],"../".$images);
$sql = "UPDATE projects SET p_name = '".$project_name."', p_tt = '".$images."',";
$sql .= "p_t_id = '".$types."',p_c_id ='".$cats."', p_desc ='".$project_desc."',p_location ='".$location."',p_owner = '".$owner."', p_modify_at = now() WHERE p_id = ".$q." ";
}
}
if($im_cover != "" && $title_images == "" && $title_youtube == ""){
$sql = "SELECT * FROM projects WHERE p_id = ".$q." ";
$res = $conn->query($sql);
while($row = $res->fetch_assoc()){
$test = substr($row['p_im_show'],0,6);
if($test == "upload"){
$oldPicture = "../".$row['p_im_show'];
if (file_exists($oldPicture)) {
unlink($oldPicture);
}
}
}
$images1 = $_FILES['im_cover']['tmp_name'];
$date_current = date("l jS \of F Y h:i:s A");
$images_name1 = $_FILES['im_cover']['name'];
$upload_path = substr($p_tt,7,32);
$images_2 = "upload/".$upload_path."/".md5($date_current.$_FILES['im_cover']['size'].rand(1,1000000).time()).$images_name1;
$file = strtolower($_FILES["im_cover"]["name"]);
$type= strrchr($file,".");
if($type == ".mp4"){
$types_video = "1";
}else{
$types_video = "2";
}
move_uploaded_file($_FILES['im_cover']['tmp_name'],"../".$images_2);
$sql = "UPDATE projects SET p_name = '".$project_name."', p_im_show = '".$images_2."',";
$sql .= "p_t_id = '".$types."',p_c_id ='".$cats."', p_desc ='".$project_desc."',p_location ='".$location."',p_owner = '".$owner."', p_modify_at = now(), p_typecover = '".$types_video."' WHERE p_id = ".$q." ";
}
if($title_images == "" && $im_cover == "" && $title_youtube == ""){
$sql = "UPDATE projects SET ";
$sql .= "p_name = '".$project_name."', p_t_id = '".$types."',p_c_id ='".$cats."', p_desc ='".$project_desc."',p_location ='".$location."',p_owner = '".$owner."', p_modify_at = now() WHERE p_id = ".$q." ";
}
$res = $conn->query($sql);
if($res === TRUE){
echo 1;
}else{
echo 0;
}
?>