@Ghazascanner
_2019runbot
Ghazascanner File Manager
server :Linux adweb87 2.6.32-754.el6.x86_64 #1 SMP Tue Jun 19 21:26:04 UTC 2018 x86_64
Current Path :
/
home
/
sanchung
/
public_html
/
admin
/
_file
/
Path :
Upload File :
New :
File
Dir
/home/sanchung/public_html/admin/_file/proc.php
<? include"../_setup.php"; // Æú´õ»ý¼º if(!@is_dir("$_SERVER[DOCUMENT_ROOT]/admin/updata/file")){ @exec("mkdir $_SERVER[DOCUMENT_ROOT]/admin/updata/file"); @exec("chmod 757 $_SERVER[DOCUMENT_ROOT]/admin/updata/file"); } switch($mode){ case"regist": if(!eregi("index.htm", $_SERVER[HTTP_REFERER])) $lib->alert_go("Á¤»óÀûÀÎ Á¢¼ÓÀÌ ¾Æ´Õ´Ï´Ù. ", "../admin_login.htm"); for( ; ; ){ $_POST[code] = "P".rand(1000, 9899); $row = $mysql->row("adw_file_manager", "num", "where code='$_POST[code]'"); if(!$row) break; } $mysql->insert("adw_file_manager", $_POST); $_POST[top_content] = stripslashes($_POST[top_content]); $_POST[content] = stripslashes($_POST[content]); $_POST[bottom_content] = stripslashes($_POST[bottom_content]); // ÆÄÀÏ ÀúÀå // »ó´Ü $fp = fopen("$_SERVER[DOCUMENT_ROOT]/admin/updata/file/$_POST[code]_top.php", "w+"); fwrite($fp, $_POST[top_content]); // ³»¿ë $fp = fopen("$_SERVER[DOCUMENT_ROOT]/admin/updata/file/$_POST[code].php", "w+"); fwrite($fp, $_POST[content]); // ÇÏ´Ü $fp = fopen("$_SERVER[DOCUMENT_ROOT]/admin/updata/file/$_POST[code]_bottom.php", "w+"); fwrite($fp, $_POST[bottom_content]); header("location: ../index.htm?amode=file_list"); break; case"modify": $mysql->update("adw_file_manager", $_POST, "where num='$num'"); $_POST[top_content] = stripslashes($_POST[top_content]); $_POST[content] = stripslashes($_POST[content]); $_POST[bottom_content] = stripslashes($_POST[bottom_content]); // ÆÄÀÏ ÀúÀå // »ó´Ü $fp = fopen("$_SERVER[DOCUMENT_ROOT]/admin/updata/file/$_POST[code]_top.php", "w+"); fwrite($fp, $_POST[top_content]); // ³»¿ë $fp = fopen("$_SERVER[DOCUMENT_ROOT]/admin/updata/file/$_POST[code].php", "w+"); fwrite($fp, $_POST[content]); // ÇÏ´Ü $fp = fopen("$_SERVER[DOCUMENT_ROOT]/admin/updata/file/$_POST[code]_bottom.php", "w+"); fwrite($fp, $_POST[bottom_content]); header("location: ../index.htm?amode=file_list&page=$page"); break; case"delete": $row = $mysql->row("adw_file_manager", "*", "where num='$_GET[num]'"); $top = $row[code]."_top.php"; $body = $row[code].".php"; $bottom = $row[code]."_bottom.php"; @unlink("../updata/file/$top"); @unlink("../updata/file/$body"); @unlink("../updata/file/$bottom"); $sql = "delete from adw_file_manager where num='$_GET[num]'"; @mysql_query($sql); header("location: ../index.htm?amode=file_list&page=$page"); break; } ?>