<?php
/*-----------------------------------*\
| Copyright © CNT |
| Phone: 0986.901.797 |
| Y!m: banmai_xanhmai |
| Website: CongNgheTre.Vn |
| Email: PeakOfMusic@Gmail.Com |
\*-----------------------------------*/
define('CNT', true);
include '../cnt-includes/config.php';
include '../cnt-includes/functions.php';
if (check_log() == true) {
if ($_GET['type'] == 'add' && strlen($_POST['content']) >= 10 && $_POST['captcha'] == $_SESSION['captcha']) {
@mysql_query("INSERT INTO cnt_comments (comment_content, comment_pid, comment_user, comment_time) VALUES ('" . br($_POST['content']) . "', " . $_POST['pid'] . ", " . $_SESSION['user']['id'] . ", " . time() . ")");
header('Location: ' . $_POST['back']);
} elseif ($_GET['type'] == 'reply' && check_level() >= 2) {
@mysql_query("INSERT INTO cnt_comments (comment_content, comment_pid, comment_sid, comment_user, comment_time) VALUES ('" . br($_POST['content']) . "', " . $_POST['pid'] . ", " . $_POST['id'] . ", " . $_SESSION['user']['id'] . ", " . time() . ")");
header('Location: index.php?m=2');
} elseif ($_GET['type'] == 'edit' && check_level() >= 2) {
@mysql_query("UPDATE cnt_comments SET comment_content = '" . br($_POST['content']) . "' WHERE id = " . $_POST['id']);
header('Location: index.php?m=2');
} elseif ($_GET['type'] == 'del' && $_POST['action'] == 1 && $_POST['id'] && check_level() >= 2) {
$total = count($_POST['id']);
for ($i = 0; $i < $total; $i++) {
@mysql_query("DELETE FROM cnt_comments WHERE id = " . $_POST['id'][$i]);
}
header('Location: index.php?m=2');
} else {
echo "Hacking attempt";
}
<h3>Please wait</h3>
<?php
require_once '../../lib/functions.php';
require_once '../../lib/config.php';
require_once '../../lib/db_conn.php';
check_log();
check_log_admin();
$motor = $_POST['motor'];
$godiste = $_POST['godiste'];
$serijski_broj = $_POST['serijski_broj'];
$dimenzija_guma = $_POST['dimenzija_guma'];
$motor_id = $_POST['motor_id'];
$query = "UPDATE motori SET \r\n\tMOTOR = '{$motor}', \r\n\tGODISTE = '{$godiste}', \r\n\tSERIJSKI_BROJ = '{$serijski_broj}', \r\n\tDIMENZIJA_GUMA = '{$dimenzija_guma}' \r\n\tWHERE id ='{$motor_id}'";
if (mysqli_query($con, $query)) {
?>
<script type="text/javascript">
var motor_id = <?php
echo $motor_id;
?>
;
window.location = "../?action=motor_read&motor_id="+motor_id;
</script>
<?php
}
<?php
/*-----------------------------------*\
| Copyright © CNT |
| Phone: 0986.901.797 |
| Y!m: banmai_xanhmai |
| Website: CongNgheTre.Vn |
| Email: PeakOfMusic@Gmail.Com |
\*-----------------------------------*/
define('CNT', true);
include '../cnt-includes/config.php';
if (check_log() & check_level() >= 3) {
$total = @mysql_num_rows(@mysql_query("SELECT id FROM cnt_products"));
$data = '<?xml version="1.0"?>
<?mso-application progid="Excel.Sheet"?>
<Workbook xmlns="urn:schemas-microsoft-com:office:spreadsheet"
xmlns:o="urn:schemas-microsoft-com:office:office"
xmlns:x="urn:schemas-microsoft-com:office:excel"
xmlns:ss="urn:schemas-microsoft-com:office:spreadsheet"
xmlns:html="http://www.w3.org/TR/REC-html40">
<DocumentProperties xmlns="urn:schemas-microsoft-com:office:office">
<Author>Admin</Author>
<LastAuthor>Admin</LastAuthor>
<Created>2010-08-12T12:09:16Z</Created>
<Company>- ETH0 -</Company>
<Version>11.9999</Version>
</DocumentProperties>
<ExcelWorkbook xmlns="urn:schemas-microsoft-com:office:excel">
<WindowHeight>9720</WindowHeight>
<WindowWidth>15195</WindowWidth>
<WindowTopX>480</WindowTopX>
<?php
/*-----------------------------------*\
| Copyright © CNT |
| Phone: 0986.901.797 |
| Y!m: banmai_xanhmai |
| Website: CongNgheTre.Vn |
| Email: PeakOfMusic@Gmail.Com |
\*-----------------------------------*/
define('CNT', true);
include '../cnt-includes/config.php';
if (check_log() == true && check_level() >= 4) {
if ($_GET['type'] == 'add' && strlen($_POST['name']) >= 3 && strlen($_POST['img']) > 1) {
@mysql_query("INSERT INTO cnt_ads (ad_name, ad_image, ad_link, ad_type) VALUES ('" . $_POST['name'] . "', '" . $_POST['img'] . "', '" . $_POST['url'] . "', " . $_POST['type'] . ")");
header('Location: index.php?m=6');
} elseif ($_GET['type'] == 'edit') {
@mysql_query("UPDATE cnt_ads SET ad_name = '" . $_POST['name'] . "', ad_image = '" . $_POST['img'] . "', ad_link = '" . $_POST['url'] . "', ad_type = " . $_POST['type'] . " WHERE id = " . $_POST['id']);
header('Location: index.php?m=6');
} elseif ($_GET['type'] == 'del' && $_POST['action'] == 1 && $_POST['id']) {
$total = count($_POST['id']);
for ($i = 0; $i < $total; $i++) {
@mysql_query("DELETE FROM cnt_ads WHERE id = " . $_POST['id'][$i]);
}
header('Location: index.php?m=6');
} else {
header('Location: index.php?m=6');
}
} else {
echo "Hacking attempt";
}
<?php
/*-----------------------------------*\
| Copyright © CNT |
| Phone: 0986.901.797 |
| Y!m: banmai_xanhmai |
| Website: CongNgheTre.Vn |
| Email: PeakOfMusic@Gmail.Com |
\*-----------------------------------*/
define('CNT', true);
include '../cnt-includes/config.php';
if (check_log() == true & check_level() >= 3) {
function number($str)
{
$str = preg_replace('|[^0-9]?|U', '', $str);
return $str;
}
$data = @file_get_contents($_FILES['file']['tmp_name']);
if ($data != null) {
$total = 0;
$start = 0;
preg_match_all('/<Row>(.*?)<\\/Row>/is', $data, $rows);
foreach ($rows[1] as $row) {
if ($start >= $_POST['start']) {
preg_match_all('/<Data ss:Type="[A-Za-z]+?">(.*?)<\\/Data>/is', $row, $cell);
if ($_POST['total']) {
@mysql_query("UPDATE cnt_products SET product_total = " . number($cell[1][$_POST['total']]) . " WHERE product_code = '" . $cell[1][$_POST['code']] . "'");
}
if ($_POST['price']) {
@mysql_query("UPDATE cnt_products SET product_price = " . number($cell[1][$_POST['price']]) . " WHERE product_code = '" . $cell[1][$_POST['code']] . "'");
}
/*-----------------------------------*\
| Copyright © CNT |
| Phone: 0986.901.797 |
| Y!m: banmai_xanhmai |
| Website: CongNgheTre.Vn |
| Email: PeakOfMusic@Gmail.Com |
\*-----------------------------------*/
define('CNT', true);
include '../cnt-includes/config.php';
include '../cnt-includes/functions.php';
include '../cnt-includes/cp.class.php';
include 'version.php';
if (strpos($_SERVER['HTTP_USER_AGENT'], 'MSIE 6') != 0) {
echo 'Dung trinh duyet khac';
} elseif (check_log()) {
$tpl = new Template('main.html');
$menu = isset($_GET['m']) ? $_GET['m'] : '0';
$sub_menu = isset($_GET['sm']) ? $_GET['sm'] : '0';
switch ($menu) {
// Bảng tiền khởi
case '0':
list($totalvisit) = @mysql_fetch_array(@mysql_query("SELECT MAX(id) FROM cnt_onlines"));
list($temp) = @mysql_fetch_array(@mysql_query("SELECT tpl_name FROM cnt_templates WHERE tpl_active = 1"));
list($lang) = @mysql_fetch_array(@mysql_query("SELECT language_name FROM cnt_languages WHERE language_active = 1"));
$comment = @mysql_fetch_array(@mysql_query("SELECT * FROM cnt_comments WHERE comment_sid = 0 ORDER id DESC LIMIT 0,1"));
$comment_from = @mysql_fetch_array(@mysql_query("SELECT post_name, post_name_ascii FROM cnt_posts WHERE id = " . $comment['comment_pid']));
list($comment_by) = @mysql_fetch_array(@mysql_query("SELECT user_nick FROM cnt_users WHERE id = " . $comment['comment_user']));
$tpl->assign(array('start_comment' => $_COOKIE['comment'] ? $_COOKIE['comment'] : 'show', 'start_quick' => $_COOKIE['quick'] ? $_COOKIE['quick'] : 'show', 'start_info' => $_COOKIE['info'] ? $_COOKIE['info'] : 'show', 'total_post' => @mysql_num_rows(@mysql_query("SELECT id FROM cnt_posts WHERE post_type = 1")), 'total_comment' => @mysql_num_rows(@mysql_query("SELECT id FROM cnt_comments")), 'total_admin' => @mysql_num_rows(@mysql_query("SELECT id FROM cnt_users WHERE user_level = 9")), 'total_online' => @mysql_num_rows(@mysql_query("SELECT id FROM cnt_onlines")), 'total_visit' => $totalvisit, 'curent_tpl' => $temp, 'curent_language' => $lang, 'comment_new_from' => $comment_from['post_name'], 'comment_new_link' => get_option('url') . '/news/' . $comment_from['post_name_ascii'] . '.html', 'comment_new_content' => $comment['comment_content'], 'comment_new_id' => $comment['id'], 'comment_new_by' => $comment_by));
$cats = @mysql_query("SELECT id, cat_name FROM cnt_cats WHERE cat_sub = 0 and cat_type = 1 ORDER BY cat_order ASC");
while ($listcat = @mysql_fetch_array($cats)) {
if ($_GET['type'] == 'add' && strlen($_POST['name']) >= 3 && $_POST['order']) {
@mysql_query("INSERT INTO cnt_cats (cat_name, cat_name_ascii, cat_info, cat_type, cat_order, cat_sub) VALUES ('" . $_POST['name'] . "', '" . ascii($_POST['name']) . "', '" . $_POST['desc'] . "', " . $_POST['type'] . ", " . $_POST['order'] . ", " . $_POST['sub'] . ")");
header('Location: index.php?m=1&sm=2');
} elseif ($_GET['type'] == 'edit') {
@mysql_query("UPDATE cnt_cats SET cat_name = '" . $_POST['name'] . "', cat_info = '" . $_POST['desc'] . "', cat_order = " . $_POST['order'] . ", cat_sub = " . $_POST['sub'] . " WHERE id = " . $_POST['id']);
header('Location: index.php?m=1&sm=2');
} elseif ($_GET['type'] == 'del' && $_POST['action'] == 1 && $_POST['id']) {
$total = count($_POST['id']);
for ($i = 0; $i < $total; $i++) {
@mysql_query("DELETE FROM cnt_cats WHERE id = " . $_POST['id'][$i]);
}
header('Location: index.php?m=1&sm=2');
} else {
header('Location: index.php?m=1&sm=2');
}
} elseif (check_log() == true && check_level() >= 3 && $_POST['type'] == 2) {
if ($_GET['type'] == 'add' && strlen($_POST['name']) >= 3 && $_POST['order']) {
@mysql_query("INSERT INTO cnt_cats (cat_name, cat_name_ascii, cat_info, cat_type, cat_order, cat_sub) VALUES ('" . $_POST['name'] . "', '" . ascii($_POST['name']) . "', '" . $_POST['desc'] . "', " . $_POST['type'] . ", " . $_POST['order'] . ", " . $_POST['sub'] . ")");
header('Location: index.php?m=3&sm=2');
} elseif ($_GET['type'] == 'edit') {
@mysql_query("UPDATE cnt_cats SET cat_name = '" . $_POST['name'] . "', cat_info = '" . $_POST['desc'] . "', cat_order = " . $_POST['order'] . ", cat_sub = " . $_POST['sub'] . " WHERE id = " . $_POST['id']);
header('Location: index.php?m=3&sm=2');
} elseif ($_GET['type'] == 'del' && $_POST['action'] == 1 && $_POST['id']) {
$total = count($_POST['id']);
for ($i = 0; $i < $total; $i++) {
@mysql_query("DELETE FROM cnt_cats WHERE id = " . $_POST['id'][$i]);
}
header('Location: index.php?m=3&sm=2');
} else {
header('Location: index.php?m=3&sm=2');
}
//$row_inform_user = mysql_fetch_array;
$user_now = $_SESSION['user_id'];
$query_pass = mysql_query("SELEcT * FROM users WHERE id = '{$user_now}'");
$row_pass = mysql_fetch_array($query_pass);
include 'Blocks/functions.php';
if ($_POST['submit']) {
$charrus = mysql_query("set names 'cp1251'");
$name = $_POST['user_name'];
$surname = $_POST['surname'];
$mail = $_POST['mail'];
$login = $_POST['login'];
$c_password = $_POST['c_password'];
$l_password = $_POST['l_password'];
$r_password = $_POST['r_password'];
$checking_pass = pass($l_password, $r_password);
$checking_nsm = check_log($login);
$checking_mail = my_mail($mail);
$user_id = $_SESSION['user_id'];
if ($name) {
$query = mysql_query("UPDATE users SET name = '{$name}' WHERE id='{$user_id}'");
}
if ($surname) {
$query = mysql_query("UPDATE users SET surname = '{$surname}' WHERE id='{$user_id}'");
}
if ($mail) {
//if($cheking_mail == true)
$query = mysql_query("UPDATE users SET mail = '{$mail}' WHERE id='{$user_id}'");
//else echo"Такий mail невірний";
}
if ($login) {
if ($checking_nsm == true) {
$list_com = @mysql_query("SELECT id, comment_content, comment_user, comment_time FROM cnt_comments WHERE comment_sid = 0 and comment_pid = " . $cnt->rewrite_id);
while ($com = @mysql_fetch_array($list_com)) {
list($com_user) = @mysql_fetch_array(@mysql_query("SELECT user_nick FROM cnt_users WHERE id = " . $com['comment_user']));
$cnt->assign(array('com_user' => $com_user, 'com_time' => formatTime($com['comment_time'], 1), 'com_content' => $com['comment_content'], 'com_id' => $com['id']));
$list_reply = @mysql_query("SELECT comment_content, comment_user, comment_time FROM cnt_comments WHERE comment_sid = " . $com['id']);
while ($reply = @mysql_fetch_array($list_reply)) {
list($reply_user) = @mysql_fetch_array(@mysql_query("SELECT user_nick FROM cnt_users WHERE id = " . $reply['comment_user']));
$cnt->assign(array('reply_user' => $reply_user, 'reply_time' => formatTime($reply['comment_time'], 1), 'reply_content' => $reply['comment_content']));
$cnt->parse('reply_com');
}
if (check_level() >= 3) {
$cnt->parse('reply_bt');
}
$cnt->parse('list_com');
}
if (check_log()) {
$cnt->assign('com_post', $cnt->rewrite_id);
$cnt->parse('reply_form');
}
$cnt->assign('total_com', @mysql_num_rows(@mysql_query("SELECT id FROM cnt_comments WHERE comment_pid = " . $cnt->rewrite_id)));
$cnt->parse('comment');
}
$this_title = $cat['cat_name'] . ' | ' . $this_post['post_name'];
break;
case 'shopcart':
$this_title = 'Giỏ hàng';
if (!$_SESSION['shopcart']) {
$cnt->assign(array('cart_total' => 'không có sản phẩm nào', 'monney' => '0'));
} else {
foreach ($_SESSION['shopcart'] as $id => $total) {
$tt++;
<?php
/*-----------------------------------*\
| Copyright © CNT |
| Phone: 0986.901.797 |
| Y!m: banmai_xanhmai |
| Website: CongNgheTre.Vn |
| Email: PeakOfMusic@Gmail.Com |
\*-----------------------------------*/
define('CNT', true);
include '../cnt-includes/config.php';
if (check_log() == true && check_level() == 9) {
if ($_GET['type'] == 'add' && strlen($_POST['name']) >= 3) {
@mysql_query("INSERT INTO cnt_class (class_name) VALUES ('" . $_POST['name'] . "')");
header('Location: index.php?m=11&sm=2');
} elseif ($_GET['type'] == 'edit') {
@mysql_query("UPDATE cnt_class SET class_name = '" . $_POST['name'] . "' WHERE id = " . $_POST['id']);
header('Location: index.php?m=11&sm=2');
} elseif ($_GET['type'] == 'del' && $_POST['action'] == 1 && $_POST['id']) {
$total = count($_POST['id']);
for ($i = 0; $i < $total; $i++) {
@mysql_query("DELETE FROM cnt_class WHERE id = " . $_POST['id'][$i]);
}
header('Location: index.php?m=11&sm=2');
} else {
header('Location: index.php?m=11&sm=2');
}
} else {
echo "Hacking attempt";
}
function firewall()
{
return;
//!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
do_log("Restart ufw now", 'v', 'info', __FILE__, __LINE__);
//$output = shell_exec("ufw reset");
$output[] = shell_exec("ufw delete allow 5060");
$output[] = shell_exec("ufw delete allow 4569");
if ($mypbx['ip4'] && is_numeric($mypbx['wsport'])) {
$output[] = shell_exec("ufw allow " . $mypbx['wsport']);
$output[] = shell_exec("ufw allow " . ($mypbx['wsport'] + 1));
}
if ($mypbx['ip4'] && $mypbx['sipport'] != '5060') {
$output[] = shell_exec("iptables -t nat -D PREROUTING -p udp -d " . $mypbx['ip4'] . " --dport 5060 -j DNAT --to " . $mypbx['ip4'] . ":" . $mypbx['sipport']);
$output[] = shell_exec("iptables -t nat -A PREROUTING -p udp -d " . $mypbx['ip4'] . " --dport 5060 -j DNAT --to " . $mypbx['ip4'] . ":" . $mypbx['sipport']);
$output[] = shell_exec("ufw allow 5060");
}
if ($mypbx['ip4'] && $mypbx['iaxport'] != '4569') {
$output[] = shell_exec("iptables -t nat -D PREROUTING -p udp -d " . $mypbx['ip4'] . " --dport 4569 -j DNAT --to " . $mypbx['ip4'] . ":" . $mypbx['iaxport']);
$output[] = shell_exec("iptables -t nat -A PREROUTING -p udp -d " . $mypbx['ip4'] . " --dport 4569 -j DNAT --to " . $mypbx['ip4'] . ":" . $mypbx['iaxport']);
$output[] = shell_exec("ufw allow 4569");
}
if ($mypbx['sipport']) {
$output[] = shell_exec("ufw allow " . $mypbx['sipport']);
}
if ($mypbx['iaxport']) {
$output[] = shell_exec("ufw allow " . $mypbx['iaxport']);
}
$output[] = shell_exec("ufw allow 22:23/tcp");
if ($site_settings['Node_Centers']) {
$centers = siteopt_array('Node_Centers', '|');
foreach ($centers as $k => $center) {
if ($center['0'] && $mypbx['ip4'] && $mypbx['astmanport']) {
$output[] = shell_exec("ufw allow from " . $center['0'] . " to " . $mypbx['ip4'] . " port " . $mypbx['astmanport']);
} else {
do_log("firewall:myip=" . $mypbx['ip4'] . ",myiaxport=" . $mypbx['iaxport'], 'd', 'info', __FILE__, __LINE__);
}
if ($center['0'] && $mypbx['ip4']) {
$output[] = shell_exec("ufw allow from " . $center['0'] . " to " . $mypbx['ip4'] . " port 3306");
} else {
do_log("firewall:myip=" . $mypbx['ip4'] . ",myiaxport=" . $mypbx['iaxport'], 'd', 'info', __FILE__, __LINE__);
}
}
}
if (isset($output)) {
check_log($output, 'firewall', false, 'problem', __FILE__, __LINE__);
}
}
<?php
session_start();
function string_prepare($string)
{
global $mysql_conn;
return trim(mysqli_real_escape_string($mysql_conn, $string));
}
function check_log()
{
$username = "******" . $_SESSION['username'];
if (strcmp($username, " ") == 0) {
?>
<script>window.location.href="action_post.php"</script><?php
}
return $username;
}
$username = check_log();
<?php
/*-----------------------------------*\
| Copyright © CNT |
| Phone: 0986.901.797 |
| Y!m: banmai_xanhmai |
| Website: CongNgheTre.Vn |
| Email: PeakOfMusic@Gmail.Com |
\*-----------------------------------*/
define('CNT', true);
include '../cnt-includes/config.php';
if (check_log() & check_level() >= 9) {
$match = @mysql_fetch_array(@mysql_query("SELECT VERSION()"));
$match = explode('.', $match[0]);
define('MYSQL_VERSION', (int) sprintf('%d%02d%02d', $match[0], $match[1], intval($match[2])));
unset($match);
define('NOW', gmmktime());
if (MYSQL_VERSION >= 40102) {
define('ENGINE_KEYWORD', 'ENGINE');
} else {
define('ENGINE_KEYWORD', 'TYPE');
}
$q_tb = @mysql_query("SHOW TABLES LIKE 'cnt_%'");
$sql = "-- --------------------------------------------------------\n" . "-- CNT DATABASE BACKUP\n" . "-- DATE : " . date('d m Y', NOW) . "\n" . "-- --------------------------------------------------------\n\n";
while ($r_tb = @mysql_fetch_array($q_tb)) {
$table_name = $r_tb[0];
$q_cl = @mysql_query("SHOW COLUMNS FROM `{$table_name}`");
$str = "-- --------------------------------------------------------\n" . "-- TABLE {$table_name}\n" . "-- --------------------------------------------------------\n\n";
$str .= "DROP TABLE IF EXISTS `{$table_name}`;\n";
$str .= "CREATE TABLE `{$table_name}` (\n";
$pri_arr = array();
