Tul xxx Tul
User / IP
:
216.73.216.217
Host / Server
:
45.84.207.204 / aircan.me
System
:
Linux lt-bnk-web1726.main-hosting.eu 5.14.0-611.36.1.el9_7.x86_64 #1 SMP PREEMPT_DYNAMIC Tue Mar 3 11:23:52 EST 2026 x86_64
Command
|
Upload
|
Create
Mass Deface
|
Jumping
|
Symlink
|
Reverse Shell
Ping
|
Port Scan
|
DNS Lookup
|
Whois
|
Header
|
cURL
:
/
home
/
u931257429
/
domains
/
aircan.me
/
public_html
/
francisco
/
Viewing: clientes_satisfechos.php
<?php require_once 'conexion.php'; header('Content-Type: application/json; charset=utf-8'); $action = $_GET['action'] ?? ''; function respond($data) { echo json_encode($data); exit; } // Ensure upload directory exists $uploadDir = __DIR__ . DIRECTORY_SEPARATOR . 'uploads' . DIRECTORY_SEPARATOR . 'clientes' . DIRECTORY_SEPARATOR; if (!is_dir($uploadDir)) { @mkdir($uploadDir, 0777, true); } // Ensure table exists try { $conn->exec("CREATE TABLE IF NOT EXISTS clientes_satisfechos ( id INT(11) NOT NULL AUTO_INCREMENT, nombre VARCHAR(150) NOT NULL, logo VARCHAR(255) DEFAULT NULL, video_url VARCHAR(255) DEFAULT NULL, creado_en TIMESTAMP NOT NULL DEFAULT CURRENT_TIMESTAMP, PRIMARY KEY (id) ) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_general_ci;"); } catch (Exception $e) { // ignore on read-only environments } if ($action === 'list') { $res = $conn->query('SELECT * FROM clientes_satisfechos ORDER BY id DESC'); respond($res->fetchAll(PDO::FETCH_ASSOC)); } if ($action === 'count') { $res = $conn->query('SELECT COUNT(*) AS total FROM clientes_satisfechos'); $row = $res->fetch(PDO::FETCH_ASSOC); respond(['total' => intval($row['total'] ?? 0)]); } if ($action === 'get') { $id = intval($_GET['id'] ?? 0); $stmt = $conn->prepare('SELECT * FROM clientes_satisfechos WHERE id = ?'); $stmt->execute([$id]); respond($stmt->fetch(PDO::FETCH_ASSOC) ?: []); } if ($action === 'add') { $nombre = trim($_POST['nombre'] ?? ''); $video_url = trim($_POST['video_url'] ?? ''); // optional $logoPath = null; if (!$nombre) { respond(['success' => false, 'error' => 'El nombre es obligatorio.']); } if (isset($_FILES['logo']) && $_FILES['logo']['error'] === UPLOAD_ERR_OK) { $ext = strtolower(pathinfo($_FILES['logo']['name'], PATHINFO_EXTENSION)); $allowed = ['png','jpg','jpeg','webp','gif','svg']; if (!in_array($ext, $allowed)) { respond(['success' => false, 'error' => 'Formato de imagen no permitido.']); } $fileName = uniqid('cli_') . '.' . $ext; $dest = $uploadDir . $fileName; if (move_uploaded_file($_FILES['logo']['tmp_name'], $dest)) { $logoPath = 'uploads/clientes/' . $fileName; } } $stmt = $conn->prepare('INSERT INTO clientes_satisfechos (nombre, logo, video_url) VALUES (?, ?, ?)'); $ok = $stmt->execute([$nombre, $logoPath, $video_url ?: null]); respond(['success' => $ok]); } if ($action === 'edit') { $id = intval($_POST['id'] ?? 0); $nombre = trim($_POST['nombre'] ?? ''); $video_url = trim($_POST['video_url'] ?? ''); if (!$id || !$nombre) { respond(['success' => false, 'error' => 'ID y nombre son obligatorios.']); } // Current record $stmt = $conn->prepare('SELECT * FROM clientes_satisfechos WHERE id = ?'); $stmt->execute([$id]); $curr = $stmt->fetch(PDO::FETCH_ASSOC); $logo_sql = ''; if (isset($_FILES['logo']) && $_FILES['logo']['error'] === UPLOAD_ERR_OK) { // delete old if ($curr && !empty($curr['logo']) && file_exists(__DIR__ . DIRECTORY_SEPARATOR . str_replace(['/', '\\'], DIRECTORY_SEPARATOR, $curr['logo']))) { @unlink(__DIR__ . DIRECTORY_SEPARATOR . str_replace(['/', '\\'], DIRECTORY_SEPARATOR, $curr['logo'])); } $ext = strtolower(pathinfo($_FILES['logo']['name'], PATHINFO_EXTENSION)); $allowed = ['png','jpg','jpeg','webp','gif','svg']; if (!in_array($ext, $allowed)) { respond(['success' => false, 'error' => 'Formato de imagen no permitido.']); } $fileName = uniqid('cli_') . '.' . $ext; $dest = $uploadDir . $fileName; if (move_uploaded_file($_FILES['logo']['tmp_name'], $dest)) { $newPath = 'uploads/clientes/' . $fileName; $logo_sql = ', logo = ' . $conn->quote($newPath); } } $sql = 'UPDATE clientes_satisfechos SET nombre = ?, video_url = ?' . $logo_sql . ' WHERE id = ?'; $ok = $conn->prepare($sql)->execute([$nombre, $video_url ?: null, $id]); respond(['success' => $ok]); } if ($action === 'delete') { $id = intval($_POST['id'] ?? 0); if (!$id) respond(['success' => false, 'error' => 'ID inválido']); // delete logo file $stmt = $conn->prepare('SELECT logo FROM clientes_satisfechos WHERE id = ?'); $stmt->execute([$id]); $row = $stmt->fetch(PDO::FETCH_ASSOC); if ($row && !empty($row['logo'])) { $filePath = __DIR__ . DIRECTORY_SEPARATOR . str_replace(['/', '\\'], DIRECTORY_SEPARATOR, $row['logo']); if (file_exists($filePath)) @unlink($filePath); } $ok = $conn->prepare('DELETE FROM clientes_satisfechos WHERE id = ?')->execute([$id]); respond(['success' => $ok]); } respond(['error' => 'Acción no válida']);
Coded With 💗 by
0x6ick