!C99Shell v.2.1 [PHP 7 Update] [1.12.2019]!

Software: Apache/2.2.8 (Ubuntu) PHP/5.2.4-2ubuntu5.12 with Suhosin-Patch mod_ssl/2.2.8 OpenSSL/0.9.8g. PHP/5.2.4-2ubuntu5.12 

uname -a: Linux forum.circlefusion.com 2.6.24-19-server #1 SMP Wed Jun 18 15:18:00 UTC 2008 i686 

uid=33(www-data) gid=33(www-data) groups=33(www-data) 

Safe-mode: OFF (not secure)

/home/doku/axrepos/axess/new_axess/   drwxr-xr-x
Free 11.57 GB of 97.11 GB (11.92%)
Home    Back    Forward    UPDIR    Refresh    Search    Buffer    Encoder    Tools    Proc.    FTP brute    Sec.    SQL    PHP-code    Update    Feedback    Self remove    Logout    


Viewing file:     topics.inc (9.04 KB)      -rw-r--r--
Select action/file-type:
(+) | (+) | (+) | Code (+) | Session (+) | (+) | SDB (+) | (+) | (+) | (+) | (+) | (+) |
<?php
function disp_table($conn$table)
{
    global $PHP_SELF$HTTP_GET_VARS;

    $offset=$HTTP_GET_VARS['offset']+0;

    //$query = "select oid,* from msgboard_topics ";
    $query "select id, text, creator, messagecount, viewcount, closed, type, modified, expired, ipaddr, textidx, oid from msgboard_topics ";

    if ($_REQUEST['topicgroup']) {
        $cond[]= " topicgroup='".addslashes($_REQUEST['topicgroup'])."' ";
    }
    
switch ($HTTP_GET_VARS[mode]) {
        case 4:
            $cond[]=" id = '".trim($HTTP_GET_VARS[searchtopicid])."'";
            $order[]=" modified desc,expired offset ".$offset." limit 76";
            break;
        case 3:
            $cond[]=" text ~* '".trim($HTTP_GET_VARS[searchtopictitle])."'";
            $order[]=" modified desc,expired offset ".$offset." limit 76";
            break;
        case 2:
            $cond[]=" creator ~* '".trim($HTTP_GET_VARS[searchtopicuser2])."'";
            $order[]=" modified desc,expired offset ".$offset." limit 76";
            break;
        case 1:
            $cond[]=" creator = '".trim($HTTP_GET_VARS[searchtopicuser1])."'";
            $order[]=" modified desc,expired offset ".$offset." limit 76";
            break;
        default:
            $order[]=" modified desc,expired offset ".$offset." limit 76";
            break;
    }

    if (count($cond)) $query.=" where ".join(' and ',$cond);
    if (count($order)) $query.=" order by ".join('',$order);

    $result pg_Exec($conn$query.";");
    if (!$result) {
        echo $query;
        echo pg_result_error($result);
    }

    $rows=pg_numrows($result);
    
    echo "<div id=\"queryView\"><b>SQL:</b> ".$query."</div>\n";
    echo "<div id=\"queryDetails\"><b>Results:</b> ".$rows." row(s)</div>\n";
    echo "<div class=\"pagination\">\n";
    if ($offset>0) {
        $_GET['offset']-=75;
        echo "  <a href=\"".htmlentities($PHP_SELF."?".join('&',array_map(create_function('$a,$b','return urlencode($a)."=".urlencode($b);'),array_keys($_GET),array_values($_GET))))."\">Previous 75</a>";
    }
    if ($rows>75) {
        $_GET['offset']+=75;
        echo "  <a href=\"".htmlentities($PHP_SELF."?".join('&',array_map(create_function('$a,$b','return urlencode($a)."=".urlencode($b);'),array_keys($_GET),array_values($_GET))))."\">Next 75</a>";
        $rows=75;
    }    
    echo "</div>\n";
    
    echo "<form method=\"post\">\n";
    echo "  <div id=\"userActions\">\n";
    echo "      <input id=\"newButton\" type=\"submit\" name=\"action\" value=\"new\" />\n"// "<input type=submit name=action value=preferences>";
    echo "      <input id=\"editButton\" type=\"submit\" name=\"action\" value=\"edit\" />\n";
    echo "      <input id=\"expireButton\" type=\"submit\" name=\"action\" value=\"expire\" />\n";
    echo "  </div>\n";
    echo "  <table id=\"topicsTable\" cellspacing=\"0\" cellpadding=\"0\">\n";
    echo "      <tr>\n";
    
    for($field=0;$field<pg_numfields($result);$field++) {
        $fieldname=pg_fieldname($result,$field);
        echo "          <th>".$fieldname."</th>\n";
    }
    echo "      </tr>\n";
    
    for($row=0;$row<$rows;$row++) {
        $obj=pg_Fetch_Row($result,$row);
        echo "      <tr";
        if ($obj[8]=='t') {
            echo " class=\"expired\" ";
        } elseif ($obj[5]=='t') {
            echo " class=\"closed\" ";
        } elseif ($obj[6]=='1') {
            echo " class=\"sticky\" ";
        } elseif ($obj[6]=='2') {
            echo " class=\"news\" ";
        }
        echo ">\n";
        echo "          <td class=\"col1\">\n";
        echo "              <input type=\"checkbox\" name=\"id[]\" value=\"".$obj[0]."\" /> ".$obj[0]."\n";
        echo "          </td>\n";
        echo "          <td class=\"col2\">\n";
        echo "              <a href=\"posts?mode=5&topic=".$obj[0]."\">".htmlspecialchars($obj[1])."</a>\n";
        echo "          </td>\n";
        echo "          <td class=\"col3\">\n";
        echo "              <a href=\"users?mode=5&searchname=".htmlspecialchars(urlencode($obj[2]))."\">".htmlspecialchars($obj[2])."</a>\n";
        echo "          </td>\n";        
        foreach($obj as $key=>$val$obj[$key]=nl2br(htmlspecialchars($val));
        
        foreach($obj as $key=>$val) {
            if ($key 2) {
                echo "          <td class=\"col".($key 1)."\">\n";
                if ($key == 7) {
                    echo "              ".substr($obj[$key],0,16)."\n";
                } else {
                    echo "              ".$obj[$key]."\n";
                }
                echo "          </td>\n";
            }
        }
        echo "      </tr>\n";
    }
    
    echo("   </table>");
    echo("</form>");

    $rows=pg_numrows($result);
    echo "<div class=\"pagination\">\n";
    if ($offset>0) {
        $_GET['offset']-=75;
        echo "  <a href=\"".htmlentities($PHP_SELF."?".join('&',array_map(create_function('$a,$b','return urlencode($a)."=".urlencode($b);'),array_keys($_GET),array_values($_GET))))."\">Previous 75</a>";
    }
    if ($rows>75) {
        $_GET['offset']+=75;
        echo "  <a href=\"".htmlentities($PHP_SELF."?".join('&',array_map(create_function('$a,$b','return urlencode($a)."=".urlencode($b);'),array_keys($_GET),array_values($_GET))))."\">Next 75</a>";
        //$rows=75;
    }    
    echo "<br /><br /></div>\n";
    
}

function edit_dialog($result,$id) {
    $obj=pg_fetch_row($result,0);
    echo "<form method=\"post\">\n";
    echo "<input type=\"hidden\" name=\"id[]\" value=".$id." />\n";
    echo "<table id=\"editFormTable\" cellpadding=\"0\" cellspacing=\"0\">\n";
    for($field=0;$field<pg_numfields($result);$field++) {
        echo "<tr><th align=\"right\">".pg_fieldname($result,$field).":";
        echo "<td>";
        switch (pg_fieldname($result,$field)) {
        case 'type':
            echo '<select name="fields['.htmlspecialchars(pg_fieldname($result,$field)).']">';
            foreach(array(0=>'normal'1=>'sticky'2=>'news') as $id=>$name) {
                echo '<option value="'.htmlspecialchars($id).'"'.($obj[$field]==$id?" selected":"").'>'.htmlspecialchars($name).'</option>';
            }
            echo "</select>";
            break;
        case 'topicgroup':
            echo '<select name="fields['.htmlspecialchars(pg_fieldname($result,$field)).']">';
            foreach(pg_fetch_all(pg_query("select * from msgboard_topicgroups;")) as $topicgroup) {
                echo '<option value="'.htmlspecialchars($topicgroup['id']).'"'.($obj[$field]==$topicgroup['id']?" selected":"").'>'.htmlspecialchars($topicgroup['name']).'</option>';
            }
            echo "</select>";
            break;
        default:
            if (strchr($obj[$field],"\n") || strchr($obj[$field],"\r")) {
                echo "<textarea name=\"fields[".pg_fieldname($result,$field)."]\" rows=10 cols=80>\n";
                echo htmlentities($obj[$field]);
                echo "</textarea>";
            } else {
                echo "<input type=text size=".strlen($obj[$field])." name=\"fields[".pg_fieldname($result,$field)."]\"";
                echo " value=\"".htmlentities($obj[$field])."\">";
            }
        }
        echo "</tr>\n";
    }
    echo "<tr><td><th><input type=submit name=action value=update> <input type=submit name=action value=cancel>";
    echo "</table>\n";
    echo "</form>\n";
}

function new_dialog($result) {
    echo "<form method=\"post\">\n";
    echo "<table id=\"newTopic\">\n";
    for($field=0;$field<pg_numfields($result);$field++) {
        echo "<tr><th align=\"right\">".pg_fieldname($result,$field).":";
        echo "<td><input type=\"text\" size=\"40\" name=\"fields[".pg_fieldname($result,$field)."]\" /></tr>\n";
    }
    echo "<tr><td><th><input type=\"submit\" name=\"action\" value=\"insert\" /> <input type=\"submit\" name=\"action\" value=\"cancel\" />";
    echo "</table>\n";
    echo "</form>\n";
}

function handle_table($conn,$table) {
    global $HTTP_POST_VARS;

    if (isset($HTTP_POST_VARS[action])) {

        if ($p=strpos($HTTP_POST_VARS[action]," ")) {
            $HTTP_POST_VARS[id][]=substr($HTTP_POST_VARS[action],$p+1);
            $HTTP_POST_VARS[action]=substr($HTTP_POST_VARS[action],0,$p);
        }

        switch ($HTTP_POST_VARS[action]) {
            case "delete":
                if(pg_exec($conn,"delete from ".$table." where id in (".join($HTTP_POST_VARS[id],", ").");"))
                    disp_table($conn,$table);
                break;
            case "expire":
                if(pg_exec($conn,"update ".$table." set expired='t' where id in (".join($HTTP_POST_VARS[id],", ").");"))
                    disp_table($conn,$table);
                break;
            case "edit":
                if ($result=pg_exec($conn,"select * from ".$table." where id=".current($HTTP_POST_VARS[id]).";"))
                    edit_dialog($result,current($HTTP_POST_VARS[id]));
                break;
            case "new":
                $result=pg_exec($conn,"select * from ".$table." where id=0;");
                new_dialog($result);
                break;
            case "insert":
                unset($k);
                unset($v);
                while ($a=each($HTTP_POST_VARS[fields])) {
                    if ($a[value]!="") {
                        $k[]=$a[key];
                        $v[]="'".addslashes($a[value])."'";
                    }
                }
                if (sizeof($k)==0) {
                    echo "Empty form - not inserting.";
                    exit();
                }
                if (pg_exec($conn,"insert into ".$table." (".join($k,", ").") VALUES (".join($v,", ").");")) {
                    // $result=pg_exec($conn,"select * from ".$table." where oid=1;");
                    // new_dialog($result);
                    disp_table($conn,$table);
                }
                break;
            case "update":
                unset($q);
                while (list($key$value)=each($HTTP_POST_VARS[fields])) {
                    if ($value=="")
                        $q[]="\"".$key."\" = null";
                    else
                        $q[]="\"".$key."\" = '".addslashes($value)."'";
                }
                if (pg_exec($conn,"update ".$table." set ".join($q,", ")." where id=".current($HTTP_POST_VARS[id]).";"))
                    disp_table($conn,$table);
                break;
            case "order":
                break;
            default:
                disp_table($conn,$table);
        }
        
    } else
                disp_table($conn,$table);
}
?>

:: Command execute ::

Enter:
 
Select:
 

:: Search ::
  - regexp 
:: Upload ::
 
[ Read-Only ]

:: Make Dir ::
 
[ Read-Only ]
:: Make File ::
 
[ Read-Only ]

:: Go Dir ::
 
:: Go File ::
 

--[ c99shell v.2.1 [PHP 7 Update] [1.12.2019] maintained by KaizenLouie and updated by cermmik | C99Shell Github (MySQL update) | Generation time: 0.0315 ]--