LittleDemon WebShell


Linux in-mum-web1499.main-hosting.eu 5.14.0-503.40.1.el9_5.x86_64 #1 SMP PREEMPT_DYNAMIC Mon May 5 06:06:04 EDT 2025 x86_64
Path : /home/u901718425/domains/cdn.urbanpillar.in/public_html/
File Upload :
Command :
Current File : /home/u901718425/domains/cdn.urbanpillar.in/public_html/file.php

<?php
include 'conn.php';

$dsn = 'mysql:host='.getenv('DB_HOST').';dbname='.getenv('DB_DATABASE');
$username = getenv('DB_USERNAME');
$password = getenv('DB_PASSWORD');

function convert_img_to_webp($file, $targetDir) {
    $sourceFile = pathinfo($file, PATHINFO_FILENAME);
    $outputFile = $targetDir . $sourceFile . '.webp';

    $image = @imagecreatefromstring(file_get_contents($file));

    if ($image !== false) {
        imagewebp($image, $outputFile);
        imagedestroy($image);
        return $outputFile;
    }

    return false;
}

if ($_SERVER['REQUEST_METHOD'] === 'POST') {
    // Check if the client is sending a file in the $_POST['name'] field
    if (isset($_FILES[$_POST['name']]) && is_uploaded_file($_FILES[$_POST['name']]['tmp_name'])) {
        try {
            $pdo = new PDO($dsn, $username, $password);
            $pdo->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);

            $filename = $_FILES[$_POST['name']]['name'];
            $tempPath = $_FILES[$_POST['name']]['tmp_name'];
            $targetDir = 'uploads/' . date('Y/m/d') . '/';
            $targetPath = $targetDir .'urbanpillar_'.$_POST['title']."_".rand()."_". basename($filename);

            // Create the directory structure if it doesn't exist
            if (!is_dir($targetDir)) {
                mkdir($targetDir, 0777, true);
            }

            // Move the file to the specified path
            move_uploaded_file($tempPath, $targetPath);

            // Convert to WebP if it's not already
            if (pathinfo($filename, PATHINFO_EXTENSION) != 'webp') {
                $targetPath = convert_img_to_webp($targetPath, $targetDir);
            }

            // Insert record into the database
            $max = $pdo->prepare('SELECT MAX(id) FROM `image`');
            $max->execute();
            $maxId = $max->fetchAll(PDO::FETCH_ASSOC);
            $id = ($maxId[0]['MAX(id)'] != "" ? (int)$maxId[0]['MAX(id)'] + 1 : 1);

            $insertQuery = "INSERT INTO `image`(`id`, `f_id`, `path`, `default`, `is`, `updated_by`, `date`) VALUES (?,?,?,?,?,?,?)";
            $insertStmt = $pdo->prepare($insertQuery);
            $insertStmt->execute([$id, $_POST['f_id'], $targetPath, 0, $_POST['is'], $_POST['upload_by'], date('Y-m-d H:i:s')]);
            
            echo json_encode([0 => 'success', 'message' => 'File uploaded and record inserted.' , 'file' => $targetPath , 'resopnse' => $insertStmt->fetchAll(PDO::FETCH_ASSOC), 'data' => [$id, $_POST['f_id'], $targetPath, 0, $_POST['is'], $_POST['upload_by'], date('Y-m-d H:i:s')]]);
        } catch (PDOException $e) {
            echo json_encode([0 => 'error', 'message' => 'Database error: ' . $e->getMessage()]);
        }
    } else {
        echo json_encode([0 => 'error', 'message' => 'No file uploaded.' , 'data' => $_POST]);
    }
} else {
    echo json_encode([0 => 'error', 'message' => 'Invalid request method.']);
}
?>

LittleDemon - FACEBOOK
[ KELUAR ]