function wifiapp_service() { $stsp = XNODE_getpathbytarget("/runtime", "phyinf", "uid", "BAND24G-1.1", 0); $phy1 = XNODE_getpathbytarget("", "phyinf", "uid", "BAND24G-1.1", 0); $wifi1 = XNODE_getpathbytarget("/wifi", "entry", "uid", query($phy1 . "/wifi"), 0); /* Is the phyinf active? */ $active1 = query($phy1 . "/active"); if ($active1 != 1) { return; } $winfname = query($stsp . "/name"); $ssid = query($wifi1 . "/ssid"); $authtype = query($wifi1 . "/authtype"); $encrtype = query($wifi1 . "/encrtype"); $psk = query($wifi1 . "/nwkey/psk/key"); $wep_defkey = query($wifi1 . "/nwkey/wep/defkey"); $ascii = query($wifi1 . "/nwkey/wep/ascii"); $wep_key_1 = query($wifi1 . "/nwkey/wep/key:1"); $wep_key_2 = query($wifi1 . "/nwkey/wep/key:2"); $wep_key_3 = query($wifi1 . "/nwkey/wep/key:3"); $wep_key_4 = query($wifi1 . "/nwkey/wep/key:4"); if ($ascii == 1) { $wep_key_1 = ascii($wep_key_1); $wep_key_2 = ascii($wep_key_2); $wep_key_3 = ascii($wep_key_3); $wep_key_4 = ascii($wep_key_4); } // WPS config START $wscd_conf = "/var/wsc.conf"; $wps_en = query($wifi1 . "/wps/enable"); $wps_configured = query($wifi1 . "/wps/configured"); $wps_pin = query($wifi1 . "/wps/pin"); if ($wps_pin == "") { $wps_pin = query("/runtime/devdata/pin"); } /* Factory default PIN. (label) */ $dtype = "urn:schemas-wifialliance-org:device:WFADevice:1"; $dpath = XNODE_getpathbytarget("/runtime/upnp", "dev", "deviceType", $dtype, 0); if ($dpath != "") { $UUID_tmp = query($dpath . "/guid"); $UUID = cut($UUID_tmp, "0", "-") . cut($UUID_tmp, "1", "-") . cut($UUID_tmp, "2", "-") . cut($UUID_tmp, "3", "-") . cut($UUID_tmp, "4", "-"); $uuid = tolower($UUID); $modelname = query($dpath . "/devdesc/device/modelName"); $modelnum = query($dpath . "/devdesc/device/modelNumber"); $serialnum = query($dpath . "/devdesc/device/serialNumber"); $vendor = query($dpath . "/devdesc/device/manufacturer"); $vendorurl = query($dpath . "/devdesc/device/manufacturerURL"); $modeldesc = query($dpath . "/devdesc/device/modelDescription"); } // WPS config END $iapp = query($phy1 . "/media/iapp"); $phy2 = XNODE_getpathbytarget("", "phyinf", "uid", "BAND24G-1.2", 0); $phy3 = XNODE_getpathbytarget("", "phyinf", "uid", "BAND24G-1.3", 0); $phy4 = XNODE_getpathbytarget("", "phyinf", "uid", "BAND24G-1.4", 0); $phy5 = XNODE_getpathbytarget("", "phyinf", "uid", "BAND24G-1.5", 0); $mssid1active = query($phy2 . "/active"); $mssid2active = query($phy3 . "/active"); $mssid3active = query($phy4 . "/active"); $mssid4active = query($phy5 . "/active"); if ($iapp == 1) { $infstr = ""; if ($mssid1active == 1) { $infstr = $infstr . "wlan0-va0 "; } if ($mssid2active == 1) { $infstr = $infstr . "wlan0-va1 "; } if ($mssid3active == 1) { $infstr = $infstr . "wlan0-va2 "; } if ($mssid4active == 1) { $infstr = $infstr . "wlan0-va3 "; } } //-----------------------------IAPP & iwcontrol setting------------------------------------------------------------------// fwrite("a", $_GLOBALS["START"], 'xmldbc -k "WSCWAITUP"\\n'); fwrite("a", $_GLOBALS["START"], 'shell="/var/run/wscwaitup.sh"\\n'); fwrite("a", $_GLOBALS["START"], 'rm -f $shell\\n'); fwrite("a", $_GLOBALS["START"], 'killall iwcontrol\\n'); fwrite("a", $_GLOBALS["START"], 'rm -f /var/run/iwcontrol.pid\\n'); fwrite("a", $_GLOBALS["START"], 'killall wscd\\n'); fwrite("a", $_GLOBALS["START"], 'rm -f /var/run/wscd-wlan0.pid\\n'); fwrite("a", $_GLOBALS["START"], 'killall iapp\\n'); fwrite("a", $_GLOBALS["START"], 'rm -f /var/wscd-' . $winfname . '.fifo\\n'); if ($iapp == 1 && $wps_en != 1) { fwrite("a", $_GLOBALS["START"], 'iapp br0 ' . $winfname . ' ' . $infstr . '\\n'); } //--------------------------WSC/WPS setting------------------------------------------------------------------------------// if ($wps_en == 1) { // WSCD config START // if ($wps_configured == 1) { fwrite("w", $wscd_conf, 'mode = 5\\n'); //MODE_AP_PROXY_REGISTRAR//a if ($authtype == "OPEN") { fwrite("a", $wscd_conf, 'auth_type = 1\\n'); //AUTH_OPEN=1 } else { if ($authtype == "SHARED") { fwrite("a", $wscd_conf, 'auth_type = 4\\n'); //AUTH_SHARED=4 } else { if ($authtype == "WPAPSK") { fwrite("a", $wscd_conf, 'auth_type = 2\\n'); //AUTH_WPAPSK=2 } else { if ($authtype == "WPA2PSK") { fwrite("a", $wscd_conf, 'auth_type = 32\\n'); //AUTH_WPA2PSK=0x20 // } else if($authtype=="WPA+2PSK"){ } else { //WPA+2PSK fwrite("a", $wscd_conf, 'auth_type = 34\\n'); } } } } if ($encrtype == "NONE") { fwrite("a", $wscd_conf, 'encrypt_type = 1\\n'); //ENCRYPT_NONE=1 } else { if ($encrtype == "WEP") { fwrite("a", $wscd_conf, 'encrypt_type = 2\\n'); //ENCRYPT_WEP=2 } else { if ($encrtype == "TKIP") { fwrite("a", $wscd_conf, 'encrypt_type = 4\\n'); //ENCRYPT_TKIP=4 } else { if ($encrtype == "AES") { fwrite("a", $wscd_conf, 'encrypt_type = 8\\n'); //ENCRYPT_AES=8 // } else if($encrtype=="TKIP+AES"){ } else { //TKIP+AES fwrite("a", $wscd_conf, 'encrypt_type = 12\\n'); } } } } fwrite("a", $wscd_conf, 'manual_config = 0\\n'); if ($encrtype == "WEP") { fwrite("a", $wscd_conf, 'wep_transmit_key = ' . $wep_defkey . '\\n'); fwrite("a", $wscd_conf, 'network_key = ' . $wep_key_1 . '\\n'); fwrite("a", $wscd_conf, 'wep_key2 = ' . $wep_key_2 . '\\n'); fwrite("a", $wscd_conf, 'wep_key3 = ' . $wep_key_3 . '\\n'); fwrite("a", $wscd_conf, 'wep_key4 = ' . $wep_key_4 . '\\n'); // } else if($authtype=="WPAPSK" || $authtype=="WPA2PSK" || $authtype=="WPA+2PSK"){ } else { fwrite("a", $wscd_conf, 'network_key = ' . $psk . '\\n'); } fwrite("a", $wscd_conf, 'ssid = ' . $ssid . '\\n'); } else { fwrite("w", $wscd_conf, 'mode = 1\\n'); //MODE_AP_UNCONFIG// fwrite("a", $wscd_conf, 'auth_type = 32\\n'); //AUTH_WPAPSK=2 + AUTH_WPA2PSK=0x20 fwrite("a", $wscd_conf, 'encrypt_type = 8\\n'); //ENCRYPT_TKIP=4 + ENCRYPT_AES=8 fwrite("a", $wscd_conf, 'manual_config = 0\\n'); if ($ssid == "") { $ssid1 = query("/runtime/devdata/lanmac"); $defssid = ""; $defssid = $defssid . cut($ssid1, "3", ":"); $defssid = $defssid . cut($ssid1, "4", ":"); $defssid = $defssid . cut($ssid1, "5", ":"); fwrite("a", $wscd_conf, 'ssid = ap-pc-' . $defssid . '\\n'); } else { fwrite("a", $wscd_conf, 'ssid = ' . $ssid . '\\n'); } } fwrite("a", $wscd_conf, 'upnp = 1\\n'); fwrite("a", $wscd_conf, 'config_method = 134\\n'); fwrite("a", $wscd_conf, 'connection_type = 1\\n'); fwrite("a", $wscd_conf, 'pin_code = ' . $wps_pin . '\\n'); fwrite("a", $wscd_conf, 'rf_band = 1\\n'); fwrite("a", $wscd_conf, 'config_by_ext_reg = 1\\n'); fwrite("a", $wscd_conf, 'device_name = "' . $modelname . '"\\n'); fwrite("a", $wscd_conf, 'use_ie = 1\\n'); fwrite("a", $wscd_conf, 'auth_type_flags = 39\\n'); //AUTH_OPEN=1, AUTH_WPAPSK=2, AUTH_SHARED=4, AUTH_WPA2PSK=0x20 // fwrite("a", $wscd_conf, 'encrypt_type_flags = 15\\n'); //ENCRYPT_NONE=1, ENCRYPT_WEP=2, ENCRYPT_TKIP=4, ENCRYPT_AES=8 // fwrite("a", $wscd_conf, 'uuid = ' . $uuid . '\\n'); fwrite("a", $wscd_conf, 'device_name = "' . $modelname . '"\\n'); fwrite("a", $wscd_conf, 'manufacturer = "' . $vendor . '"\\n'); fwrite("a", $wscd_conf, 'manufacturerURL = "' . $vendorurl . '"\\n'); fwrite("a", $wscd_conf, 'modelURL = "' . $vendorurl . '"\\n'); fwrite("a", $wscd_conf, 'model_name = "' . $modelname . '"\\n'); fwrite("a", $wscd_conf, 'model_num = "' . $modelnum . '"\\n'); fwrite("a", $wscd_conf, 'serial_num = "' . $serialnum . '"\\n'); fwrite("a", $wscd_conf, 'modelDescription = "' . $modeldesc . '"\\n'); fwrite("a", $wscd_conf, 'device_attrib_id = 1\\n'); fwrite("a", $wscd_conf, 'device_oui = 0050f204\\n'); fwrite("a", $wscd_conf, 'device_category_id = 6\\n'); fwrite("a", $wscd_conf, 'device_sub_category_id = 1\\n'); fwrite("a", $wscd_conf, 'device_password_id = 0\\n'); fwrite("a", $wscd_conf, 'tx_timeout = 5\\n'); fwrite("a", $wscd_conf, 'resent_limit = 2\\n'); fwrite("a", $wscd_conf, 'reg_timeout = 120\\n'); fwrite("a", $wscd_conf, 'block_timeout = 60\\n'); fwrite("a", $wscd_conf, 'WPS_START_LED_GPIO_number = 2\\n'); fwrite("a", $wscd_conf, 'WPS_END_LED_unconfig_GPIO_number = 0\\n'); fwrite("a", $wscd_conf, 'WPS_END_LED_config_GPIO_number = 0\\n'); fwrite("a", $wscd_conf, 'WPS_PBC_overlapping_GPIO_number = 1\\n'); fwrite("a", $wscd_conf, 'PBC_overlapping_LED_time_out = 30\\n'); fwrite("a", $wscd_conf, 'No_ifname_for_flash_set = 2\\n'); fwrite("a", $wscd_conf, 'disable_auto_gen_ssid = 1\\n'); fwrite("a", $wscd_conf, 'disable_hidden_ap = 1\\n'); fwrite("a", $wscd_conf, 'button_hold_time = 3\\n'); fwrite("a", $wscd_conf, 'fix_wzc_wep = 1\\n'); fwrite("a", $wscd_conf, 'WPS_SUCCESS_LED_time_out = 300\\n'); // WSCD config END // fwrite("a", $_GLOBALS["START"], 'mkdir /var/wps\\n'); fwrite("a", $_GLOBALS["START"], 'cp /etc/simplecfg*.xml /var/wps/\\n'); // fwrite("a", $_GLOBALS["START"], 'flash upd-wsc-conf /etc/wscd.conf /var/wsc.conf\n'); fwrite("a", $_GLOBALS["START"], 'shell="/var/run/wscwaitup.sh"\\n'); fwrite("a", $_GLOBALS["START"], 'echo "#!/bin/sh" > $shell\\n'); fwrite("a", $_GLOBALS["START"], 'echo "if [ -f "/var/run/BRIDGE-1.UP" ] || [ -f "/var/run/LAN-1.UP" ]; then" >> $shell\\n'); fwrite("a", $_GLOBALS["START"], 'echo "\\tsleep 1" >> $shell\\n'); fwrite("a", $_GLOBALS["START"], 'echo "\\troute del -net 239.255.255.250 netmask 255.255.255.255 br0" >> $shell\\n'); fwrite("a", $_GLOBALS["START"], 'echo "\\troute add -net 239.255.255.250 netmask 255.255.255.255 br0" >> $shell\\n'); if ($iapp == 1) { fwrite("a", $_GLOBALS["START"], 'echo "\\tiapp br0 ' . $winfname . ' ' . $infstr . '" >> $shell\\n'); } fwrite("a", $_GLOBALS["START"], 'echo "\\twscd -start -c /var/wsc.conf -w ' . $winfname . ' -fi /var/wscd-' . $winfname . '.fifo -daemon" >> $shell\\n'); fwrite("a", $_GLOBALS["START"], 'echo "\\tsleep 1" >> $shell\\n'); fwrite("a", $_GLOBALS["START"], 'echo "\\tiwcontrol ' . $winfname . ' ' . $infstr . '" >> $shell\\n'); fwrite("a", $_GLOBALS["START"], 'echo "\\trm -f $shell" >> $shell\\n'); fwrite("a", $_GLOBALS["START"], 'echo "else" >> $shell\\n'); fwrite("a", $_GLOBALS["START"], 'echo "\\tsleep 1" >> $shell\\n'); fwrite("a", $_GLOBALS["START"], 'echo "\\txmldbc -t WSCWAITUP:1:\'sh $shell\' > /dev/console" >> $shell\\n'); fwrite("a", $_GLOBALS["START"], 'echo "fi" >> $shell\\n'); fwrite("a", $_GLOBALS["START"], 'xmldbc -t "WSCWAITUP:1:sh $shell" > /dev/console\\n'); // fwrite("a", $_GLOBALS["START"], 'wscd -start -c /var/wsc.conf -w '.$winfname.' -fi /var/wscd-'.$winfname.'.fifo -daemon\n'); fwrite("a", $_GLOBALS["START"], 'event WPSPIN add "/etc/scripts/wps_tmp.sh pin"\\n'); fwrite("a", $_GLOBALS["START"], 'event WPSPBC.PUSH add "/etc/scripts/wps_tmp.sh pbc"\\n'); fwrite("a", $_GLOBALS["STOP"], 'event WPSPBC.PUSH add true\\n'); fwrite("a", $_GLOBALS["STOP"], 'event WPSPIN add true\\n'); fwrite("a", $_GLOBALS["STOP"], 'xmldbc -k "WSCWAITUP"\\n'); fwrite("a", $_GLOBALS["STOP"], 'shell="/var/run/wscwaitup.sh"\\n'); fwrite("a", $_GLOBALS["STOP"], 'rm -f $shell\\n'); fwrite("a", $_GLOBALS["STOP"], 'killall wscd\\n'); fwrite("a", $_GLOBALS["STOP"], 'rm -f /var/run/wscd-wlan0.pid\\n'); if ($iapp == 1) { fwrite("a", $_GLOBALS["STOP"], 'killall iapp\\n'); } fwrite("a", $_GLOBALS["STOP"], 'killall iwcontrol\\n'); fwrite("a", $_GLOBALS["STOP"], 'rm -f /var/run/iwcontrol.pid\\n'); } if ($iapp == 1 && $wps_en != 1) { fwrite("a", $_GLOBALS["START"], 'iwcontrol ' . $winfname . ' ' . $infstr . '\\n'); fwrite("a", $_GLOBALS["STOP"], 'killall iwcontrol\\n'); fwrite("a", $_GLOBALS["STOP"], 'rm -f /var/run/iwcontrol.pid\\n'); fwrite("a", $_GLOBALS["STOP"], 'rm -f /var/wscd-' . $winfname . '.fifo\\n'); } }
<?php /** * @author Trung Hieu * @copyright 2010 */ define('CNT', true); include 'cnt-includes/functions.php'; if ($_POST['search'] && $_POST['search'] != ' ') { header('Location: search/' . ascii($_POST['search']) . '.html'); } else { echo 'Hacking attempt'; }
define('CNT', true); include '../cnt-includes/config.php'; include '../cnt-includes/functions.php'; if (check_log() == true & check_level() >= 3) { if ($_GET['type'] == 'add' && strlen($_POST['name']) >= 3 && strlen($_POST['code']) >= 1) { $descrip = ''; for ($i = 0; $i < 10; $i++) { if ($_POST['a'][$i] && $_POST['b'][$i]) { if ($descrip == '') { $descrip = $_POST['a'][$i] . ': ' . $_POST['b'][$i]; } else { $descrip .= ' / ' . $_POST['a'][$i] . ': ' . $_POST['b'][$i]; } } } @mysql_query("INSERT INTO cnt_products (product_name, product_name_ascii, product_code, product_price, product_free, product_total, product_quality, product_warranty, product_image, product_fullimg, product_descrip, product_info, product_cat) VALUES ('" . $_POST['name'] . "', '" . ascii($_POST['name']) . "', '" . $_POST['code'] . "', " . $_POST['price'] . ", " . ($_POST['free'] ? $_POST['free'] : 0) . ", " . $_POST['total'] . ", '" . $_POST['quality'] . "', " . ($_POST['warranty'] ? $_POST['warranty'] : 0) . ", '" . $_POST['img'] . "', '" . str_replace('thumbs-', '', $_POST['img']) . "', '" . $descrip . "', '" . $_POST['content'] . "', " . $_POST['cat'] . ")"); header('Location: index.php?m=3'); } elseif ($_GET['type'] == 'edit' && strlen($_POST['name']) >= 3 && strlen($_POST['code']) >= 1) { $descrip = ''; for ($i = 0; $i < 10; $i++) { if ($_POST['a'][$i] && $_POST['b'][$i]) { if ($descrip == '') { $descrip = $_POST['a'][$i] . ': ' . $_POST['b'][$i]; } else { $descrip .= ' / ' . $_POST['a'][$i] . ': ' . $_POST['b'][$i]; } } } @mysql_query("UPDATE cnt_products SET product_name = '" . $_POST['name'] . "', product_code = '" . $_POST['code'] . "', product_price = " . $_POST['price'] . ", product_free = " . $_POST['free'] . ", product_cat = " . $_POST['cat'] . ", product_total = " . $_POST['total'] . ", product_warranty = " . $_POST['warranty'] . ", product_quality = '" . $_POST['quality'] . "', product_image = '" . $_POST['img'] . "', product_fullimg = '" . str_replace('thumbs-', '', $_POST['img']) . "', product_descrip = '" . $descrip . "', product_info = '" . $_POST['content'] . "' WHERE id = " . $_POST['id']); header('Location: index.php?m=3'); } elseif ($_GET['type'] == 'del' && $_POST['action'] == 1 && $_POST['id']) {
| Copyright © CNT | | Phone: 0986.901.797 | | Y!m: banmai_xanhmai | | Website: CongNgheTre.Vn | | Email: PeakOfMusic@Gmail.Com | \*-----------------------------------*/ define('CNT', true); include '../cnt-includes/config.php'; include '../cnt-includes/functions.php'; if (check_log() == true & check_level() >= 2) { if ($_GET['type'] == 'qadd' && strlen($_POST['title']) >= 3 && strlen($_POST['content']) >= 3) { @mysql_query("INSERT INTO cnt_posts (post_name, post_name_ascii, post_content, post_cat, post_time, post_user) VALUES ('" . $_POST['title'] . "', '" . ascii($_POST['title']) . "', '" . $_POST['content'] . "', '" . $_POST['cat'] . "', " . time() . ", " . $_SESSION['user']['id'] . ")"); header('Location: index.php?m=1'); } elseif ($_GET['type'] == 'add' && strlen($_POST['title']) >= 3 && strlen($_POST['content']) >= 3) { $_POST['comment'] = $_POST['comment'] ? $_POST['comment'] : 0; @mysql_query("INSERT INTO cnt_posts (post_name, post_name_ascii, post_quote, post_content, post_cat, post_comment, post_image, post_file, post_time, post_user) VALUES ('" . $_POST['title'] . "', '" . ascii($_POST['title']) . "', '" . $_POST['quote'] . "', '" . $_POST['content'] . "', " . $_POST['cat'] . ", " . $_POST['comment'] . ", '" . $_POST['img'] . "', '" . $_POST['file'] . "', " . time() . ", " . $_SESSION['user']['id'] . ")"); header('Location: index.php?m=1'); } elseif ($_GET['type'] == 'edit') { $_POST['comment'] = $_POST['comment'] ? $_POST['comment'] : 0; @mysql_query("UPDATE cnt_posts SET post_name = '" . $_POST['title'] . "', post_quote = '" . $_POST['quote'] . "', post_content = '" . $_POST['content'] . "', post_cat = " . $_POST['cat'] . ", post_comment = " . $_POST['comment'] . ", post_image = '" . $_POST['img'] . "', post_file = '" . $_POST['file'] . "' WHERE id = " . $_POST['id']); header('Location: index.php?m=1'); } elseif ($_GET['type'] == 'del' && $_POST['action'] == 1 && $_POST['id']) { $total = count($_POST['id']); for ($i = 0; $i < $total; $i++) { @mysql_query("DELETE FROM cnt_posts WHERE id = " . $_POST['id'][$i]); } header('Location: index.php?m=1'); } else { header('Location: index.php?m=1'); } } else {
header('Location: index.php?m=1&sm=2'); } elseif ($_GET['type'] == 'edit') { @mysql_query("UPDATE cnt_cats SET cat_name = '" . $_POST['name'] . "', cat_info = '" . $_POST['desc'] . "', cat_order = " . $_POST['order'] . ", cat_sub = " . $_POST['sub'] . " WHERE id = " . $_POST['id']); header('Location: index.php?m=1&sm=2'); } elseif ($_GET['type'] == 'del' && $_POST['action'] == 1 && $_POST['id']) { $total = count($_POST['id']); for ($i = 0; $i < $total; $i++) { @mysql_query("DELETE FROM cnt_cats WHERE id = " . $_POST['id'][$i]); } header('Location: index.php?m=1&sm=2'); } else { header('Location: index.php?m=1&sm=2'); } } elseif (check_log() == true && check_level() >= 3 && $_POST['type'] == 2) { if ($_GET['type'] == 'add' && strlen($_POST['name']) >= 3 && $_POST['order']) { @mysql_query("INSERT INTO cnt_cats (cat_name, cat_name_ascii, cat_info, cat_type, cat_order, cat_sub) VALUES ('" . $_POST['name'] . "', '" . ascii($_POST['name']) . "', '" . $_POST['desc'] . "', " . $_POST['type'] . ", " . $_POST['order'] . ", " . $_POST['sub'] . ")"); header('Location: index.php?m=3&sm=2'); } elseif ($_GET['type'] == 'edit') { @mysql_query("UPDATE cnt_cats SET cat_name = '" . $_POST['name'] . "', cat_info = '" . $_POST['desc'] . "', cat_order = " . $_POST['order'] . ", cat_sub = " . $_POST['sub'] . " WHERE id = " . $_POST['id']); header('Location: index.php?m=3&sm=2'); } elseif ($_GET['type'] == 'del' && $_POST['action'] == 1 && $_POST['id']) { $total = count($_POST['id']); for ($i = 0; $i < $total; $i++) { @mysql_query("DELETE FROM cnt_cats WHERE id = " . $_POST['id'][$i]); } header('Location: index.php?m=3&sm=2'); } else { header('Location: index.php?m=3&sm=2'); } } else { echo "Hacking attempt";
<?php /*-----------------------------------*\ | Copyright © CNT | | Phone: 0986.901.797 | | Y!m: banmai_xanhmai | | Website: CongNgheTre.Vn | | Email: PeakOfMusic@Gmail.Com | \*-----------------------------------*/ define('CNT', true); include '../cnt-includes/config.php'; include '../cnt-includes/functions.php'; if (check_log() == true && check_level() >= 4) { if ($_GET['type'] == 'add' && strlen($_POST['title']) >= 3 && strlen($_POST['content']) >= 3) { @mysql_query("INSERT INTO cnt_posts (post_name, post_name_ascii, post_content, post_type, post_time, post_user) VALUES ('" . $_POST['title'] . "', '" . ascii($_POST['title']) . "', '" . $_POST['content'] . "', 2, " . time() . ", " . $_SESSION['user']['id'] . ")"); header('Location: index.php?m=7'); } elseif ($_GET['type'] == 'edit') { @mysql_query("UPDATE cnt_posts SET post_name = '" . $_POST['title'] . "', post_content = '" . $_POST['content'] . "' WHERE id = " . $_POST['id']); header('Location: index.php?m=7'); } elseif ($_GET['type'] == 'del' && $_POST['action'] == 1 && $_POST['id']) { $total = count($_POST['id']); for ($i = 0; $i < $total; $i++) { @mysql_query("DELETE FROM cnt_posts WHERE id = " . $_POST['id'][$i]); } header('Location: index.php?m=7'); } else { header('Location: index.php?m=7'); } } else { echo "Hacking attempt"; }
/** * Generate a URL friendly "slug" from a given string. * * @param string $title * @param string $separator * @return string */ function str_slug($title, $separator = '-') { $title = ascii($title); // Convert all dashes/underscores into separator $flip = $separator == '-' ? '_' : '-'; $title = preg_replace('![' . preg_quote($flip) . ']+!u', $separator, $title); // Remove all characters that are not the separator, letters, numbers, or whitespace. $title = preg_replace('![^' . preg_quote($separator) . '\\pL\\pN\\s]+!u', '', mb_strtolower($title)); // Replace all separator characters and whitespace by a single separator $title = preg_replace('![' . preg_quote($separator) . '\\s]+!u', $separator, $title); return trim($title, $separator); }