<?php /*-----------------------------------*\ | Copyright © CNT | | Phone: 0986.901.797 | | Y!m: banmai_xanhmai | | Website: CongNgheTre.Vn | | Email: PeakOfMusic@Gmail.Com | \*-----------------------------------*/ define('CNT', true); include '../cnt-includes/config.php'; include '../cnt-includes/functions.php'; if (check_log() == true) { if ($_GET['type'] == 'add' && strlen($_POST['content']) >= 10 && $_POST['captcha'] == $_SESSION['captcha']) { @mysql_query("INSERT INTO cnt_comments (comment_content, comment_pid, comment_user, comment_time) VALUES ('" . br($_POST['content']) . "', " . $_POST['pid'] . ", " . $_SESSION['user']['id'] . ", " . time() . ")"); header('Location: ' . $_POST['back']); } elseif ($_GET['type'] == 'reply' && check_level() >= 2) { @mysql_query("INSERT INTO cnt_comments (comment_content, comment_pid, comment_sid, comment_user, comment_time) VALUES ('" . br($_POST['content']) . "', " . $_POST['pid'] . ", " . $_POST['id'] . ", " . $_SESSION['user']['id'] . ", " . time() . ")"); header('Location: index.php?m=2'); } elseif ($_GET['type'] == 'edit' && check_level() >= 2) { @mysql_query("UPDATE cnt_comments SET comment_content = '" . br($_POST['content']) . "' WHERE id = " . $_POST['id']); header('Location: index.php?m=2'); } elseif ($_GET['type'] == 'del' && $_POST['action'] == 1 && $_POST['id'] && check_level() >= 2) { $total = count($_POST['id']); for ($i = 0; $i < $total; $i++) { @mysql_query("DELETE FROM cnt_comments WHERE id = " . $_POST['id'][$i]); } header('Location: index.php?m=2'); } else { echo "Hacking attempt"; }
<h3>Please wait</h3> <?php require_once '../../lib/functions.php'; require_once '../../lib/config.php'; require_once '../../lib/db_conn.php'; check_log(); check_log_admin(); $motor = $_POST['motor']; $godiste = $_POST['godiste']; $serijski_broj = $_POST['serijski_broj']; $dimenzija_guma = $_POST['dimenzija_guma']; $motor_id = $_POST['motor_id']; $query = "UPDATE motori SET \r\n\tMOTOR = '{$motor}', \r\n\tGODISTE = '{$godiste}', \r\n\tSERIJSKI_BROJ = '{$serijski_broj}', \r\n\tDIMENZIJA_GUMA = '{$dimenzija_guma}' \r\n\tWHERE id ='{$motor_id}'"; if (mysqli_query($con, $query)) { ?> <script type="text/javascript"> var motor_id = <?php echo $motor_id; ?> ; window.location = "../?action=motor_read&motor_id="+motor_id; </script> <?php }
<?php /*-----------------------------------*\ | Copyright © CNT | | Phone: 0986.901.797 | | Y!m: banmai_xanhmai | | Website: CongNgheTre.Vn | | Email: PeakOfMusic@Gmail.Com | \*-----------------------------------*/ define('CNT', true); include '../cnt-includes/config.php'; if (check_log() & check_level() >= 3) { $total = @mysql_num_rows(@mysql_query("SELECT id FROM cnt_products")); $data = '<?xml version="1.0"?> <?mso-application progid="Excel.Sheet"?> <Workbook xmlns="urn:schemas-microsoft-com:office:spreadsheet" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:x="urn:schemas-microsoft-com:office:excel" xmlns:ss="urn:schemas-microsoft-com:office:spreadsheet" xmlns:html="http://www.w3.org/TR/REC-html40"> <DocumentProperties xmlns="urn:schemas-microsoft-com:office:office"> <Author>Admin</Author> <LastAuthor>Admin</LastAuthor> <Created>2010-08-12T12:09:16Z</Created> <Company>- ETH0 -</Company> <Version>11.9999</Version> </DocumentProperties> <ExcelWorkbook xmlns="urn:schemas-microsoft-com:office:excel"> <WindowHeight>9720</WindowHeight> <WindowWidth>15195</WindowWidth> <WindowTopX>480</WindowTopX>
<?php /*-----------------------------------*\ | Copyright © CNT | | Phone: 0986.901.797 | | Y!m: banmai_xanhmai | | Website: CongNgheTre.Vn | | Email: PeakOfMusic@Gmail.Com | \*-----------------------------------*/ define('CNT', true); include '../cnt-includes/config.php'; if (check_log() == true && check_level() >= 4) { if ($_GET['type'] == 'add' && strlen($_POST['name']) >= 3 && strlen($_POST['img']) > 1) { @mysql_query("INSERT INTO cnt_ads (ad_name, ad_image, ad_link, ad_type) VALUES ('" . $_POST['name'] . "', '" . $_POST['img'] . "', '" . $_POST['url'] . "', " . $_POST['type'] . ")"); header('Location: index.php?m=6'); } elseif ($_GET['type'] == 'edit') { @mysql_query("UPDATE cnt_ads SET ad_name = '" . $_POST['name'] . "', ad_image = '" . $_POST['img'] . "', ad_link = '" . $_POST['url'] . "', ad_type = " . $_POST['type'] . " WHERE id = " . $_POST['id']); header('Location: index.php?m=6'); } elseif ($_GET['type'] == 'del' && $_POST['action'] == 1 && $_POST['id']) { $total = count($_POST['id']); for ($i = 0; $i < $total; $i++) { @mysql_query("DELETE FROM cnt_ads WHERE id = " . $_POST['id'][$i]); } header('Location: index.php?m=6'); } else { header('Location: index.php?m=6'); } } else { echo "Hacking attempt"; }
<?php /*-----------------------------------*\ | Copyright © CNT | | Phone: 0986.901.797 | | Y!m: banmai_xanhmai | | Website: CongNgheTre.Vn | | Email: PeakOfMusic@Gmail.Com | \*-----------------------------------*/ define('CNT', true); include '../cnt-includes/config.php'; if (check_log() == true & check_level() >= 3) { function number($str) { $str = preg_replace('|[^0-9]?|U', '', $str); return $str; } $data = @file_get_contents($_FILES['file']['tmp_name']); if ($data != null) { $total = 0; $start = 0; preg_match_all('/<Row>(.*?)<\\/Row>/is', $data, $rows); foreach ($rows[1] as $row) { if ($start >= $_POST['start']) { preg_match_all('/<Data ss:Type="[A-Za-z]+?">(.*?)<\\/Data>/is', $row, $cell); if ($_POST['total']) { @mysql_query("UPDATE cnt_products SET product_total = " . number($cell[1][$_POST['total']]) . " WHERE product_code = '" . $cell[1][$_POST['code']] . "'"); } if ($_POST['price']) { @mysql_query("UPDATE cnt_products SET product_price = " . number($cell[1][$_POST['price']]) . " WHERE product_code = '" . $cell[1][$_POST['code']] . "'"); }
/*-----------------------------------*\ | Copyright © CNT | | Phone: 0986.901.797 | | Y!m: banmai_xanhmai | | Website: CongNgheTre.Vn | | Email: PeakOfMusic@Gmail.Com | \*-----------------------------------*/ define('CNT', true); include '../cnt-includes/config.php'; include '../cnt-includes/functions.php'; include '../cnt-includes/cp.class.php'; include 'version.php'; if (strpos($_SERVER['HTTP_USER_AGENT'], 'MSIE 6') != 0) { echo 'Dung trinh duyet khac'; } elseif (check_log()) { $tpl = new Template('main.html'); $menu = isset($_GET['m']) ? $_GET['m'] : '0'; $sub_menu = isset($_GET['sm']) ? $_GET['sm'] : '0'; switch ($menu) { // Bảng tiền khởi case '0': list($totalvisit) = @mysql_fetch_array(@mysql_query("SELECT MAX(id) FROM cnt_onlines")); list($temp) = @mysql_fetch_array(@mysql_query("SELECT tpl_name FROM cnt_templates WHERE tpl_active = 1")); list($lang) = @mysql_fetch_array(@mysql_query("SELECT language_name FROM cnt_languages WHERE language_active = 1")); $comment = @mysql_fetch_array(@mysql_query("SELECT * FROM cnt_comments WHERE comment_sid = 0 ORDER id DESC LIMIT 0,1")); $comment_from = @mysql_fetch_array(@mysql_query("SELECT post_name, post_name_ascii FROM cnt_posts WHERE id = " . $comment['comment_pid'])); list($comment_by) = @mysql_fetch_array(@mysql_query("SELECT user_nick FROM cnt_users WHERE id = " . $comment['comment_user'])); $tpl->assign(array('start_comment' => $_COOKIE['comment'] ? $_COOKIE['comment'] : 'show', 'start_quick' => $_COOKIE['quick'] ? $_COOKIE['quick'] : 'show', 'start_info' => $_COOKIE['info'] ? $_COOKIE['info'] : 'show', 'total_post' => @mysql_num_rows(@mysql_query("SELECT id FROM cnt_posts WHERE post_type = 1")), 'total_comment' => @mysql_num_rows(@mysql_query("SELECT id FROM cnt_comments")), 'total_admin' => @mysql_num_rows(@mysql_query("SELECT id FROM cnt_users WHERE user_level = 9")), 'total_online' => @mysql_num_rows(@mysql_query("SELECT id FROM cnt_onlines")), 'total_visit' => $totalvisit, 'curent_tpl' => $temp, 'curent_language' => $lang, 'comment_new_from' => $comment_from['post_name'], 'comment_new_link' => get_option('url') . '/news/' . $comment_from['post_name_ascii'] . '.html', 'comment_new_content' => $comment['comment_content'], 'comment_new_id' => $comment['id'], 'comment_new_by' => $comment_by)); $cats = @mysql_query("SELECT id, cat_name FROM cnt_cats WHERE cat_sub = 0 and cat_type = 1 ORDER BY cat_order ASC"); while ($listcat = @mysql_fetch_array($cats)) {
if ($_GET['type'] == 'add' && strlen($_POST['name']) >= 3 && $_POST['order']) { @mysql_query("INSERT INTO cnt_cats (cat_name, cat_name_ascii, cat_info, cat_type, cat_order, cat_sub) VALUES ('" . $_POST['name'] . "', '" . ascii($_POST['name']) . "', '" . $_POST['desc'] . "', " . $_POST['type'] . ", " . $_POST['order'] . ", " . $_POST['sub'] . ")"); header('Location: index.php?m=1&sm=2'); } elseif ($_GET['type'] == 'edit') { @mysql_query("UPDATE cnt_cats SET cat_name = '" . $_POST['name'] . "', cat_info = '" . $_POST['desc'] . "', cat_order = " . $_POST['order'] . ", cat_sub = " . $_POST['sub'] . " WHERE id = " . $_POST['id']); header('Location: index.php?m=1&sm=2'); } elseif ($_GET['type'] == 'del' && $_POST['action'] == 1 && $_POST['id']) { $total = count($_POST['id']); for ($i = 0; $i < $total; $i++) { @mysql_query("DELETE FROM cnt_cats WHERE id = " . $_POST['id'][$i]); } header('Location: index.php?m=1&sm=2'); } else { header('Location: index.php?m=1&sm=2'); } } elseif (check_log() == true && check_level() >= 3 && $_POST['type'] == 2) { if ($_GET['type'] == 'add' && strlen($_POST['name']) >= 3 && $_POST['order']) { @mysql_query("INSERT INTO cnt_cats (cat_name, cat_name_ascii, cat_info, cat_type, cat_order, cat_sub) VALUES ('" . $_POST['name'] . "', '" . ascii($_POST['name']) . "', '" . $_POST['desc'] . "', " . $_POST['type'] . ", " . $_POST['order'] . ", " . $_POST['sub'] . ")"); header('Location: index.php?m=3&sm=2'); } elseif ($_GET['type'] == 'edit') { @mysql_query("UPDATE cnt_cats SET cat_name = '" . $_POST['name'] . "', cat_info = '" . $_POST['desc'] . "', cat_order = " . $_POST['order'] . ", cat_sub = " . $_POST['sub'] . " WHERE id = " . $_POST['id']); header('Location: index.php?m=3&sm=2'); } elseif ($_GET['type'] == 'del' && $_POST['action'] == 1 && $_POST['id']) { $total = count($_POST['id']); for ($i = 0; $i < $total; $i++) { @mysql_query("DELETE FROM cnt_cats WHERE id = " . $_POST['id'][$i]); } header('Location: index.php?m=3&sm=2'); } else { header('Location: index.php?m=3&sm=2'); }
//$row_inform_user = mysql_fetch_array; $user_now = $_SESSION['user_id']; $query_pass = mysql_query("SELEcT * FROM users WHERE id = '{$user_now}'"); $row_pass = mysql_fetch_array($query_pass); include 'Blocks/functions.php'; if ($_POST['submit']) { $charrus = mysql_query("set names 'cp1251'"); $name = $_POST['user_name']; $surname = $_POST['surname']; $mail = $_POST['mail']; $login = $_POST['login']; $c_password = $_POST['c_password']; $l_password = $_POST['l_password']; $r_password = $_POST['r_password']; $checking_pass = pass($l_password, $r_password); $checking_nsm = check_log($login); $checking_mail = my_mail($mail); $user_id = $_SESSION['user_id']; if ($name) { $query = mysql_query("UPDATE users SET name = '{$name}' WHERE id='{$user_id}'"); } if ($surname) { $query = mysql_query("UPDATE users SET surname = '{$surname}' WHERE id='{$user_id}'"); } if ($mail) { //if($cheking_mail == true) $query = mysql_query("UPDATE users SET mail = '{$mail}' WHERE id='{$user_id}'"); //else echo"Такий mail невірний"; } if ($login) { if ($checking_nsm == true) {
$list_com = @mysql_query("SELECT id, comment_content, comment_user, comment_time FROM cnt_comments WHERE comment_sid = 0 and comment_pid = " . $cnt->rewrite_id); while ($com = @mysql_fetch_array($list_com)) { list($com_user) = @mysql_fetch_array(@mysql_query("SELECT user_nick FROM cnt_users WHERE id = " . $com['comment_user'])); $cnt->assign(array('com_user' => $com_user, 'com_time' => formatTime($com['comment_time'], 1), 'com_content' => $com['comment_content'], 'com_id' => $com['id'])); $list_reply = @mysql_query("SELECT comment_content, comment_user, comment_time FROM cnt_comments WHERE comment_sid = " . $com['id']); while ($reply = @mysql_fetch_array($list_reply)) { list($reply_user) = @mysql_fetch_array(@mysql_query("SELECT user_nick FROM cnt_users WHERE id = " . $reply['comment_user'])); $cnt->assign(array('reply_user' => $reply_user, 'reply_time' => formatTime($reply['comment_time'], 1), 'reply_content' => $reply['comment_content'])); $cnt->parse('reply_com'); } if (check_level() >= 3) { $cnt->parse('reply_bt'); } $cnt->parse('list_com'); } if (check_log()) { $cnt->assign('com_post', $cnt->rewrite_id); $cnt->parse('reply_form'); } $cnt->assign('total_com', @mysql_num_rows(@mysql_query("SELECT id FROM cnt_comments WHERE comment_pid = " . $cnt->rewrite_id))); $cnt->parse('comment'); } $this_title = $cat['cat_name'] . ' | ' . $this_post['post_name']; break; case 'shopcart': $this_title = 'Giỏ hàng'; if (!$_SESSION['shopcart']) { $cnt->assign(array('cart_total' => 'không có sản phẩm nào', 'monney' => '0')); } else { foreach ($_SESSION['shopcart'] as $id => $total) { $tt++;
<?php /*-----------------------------------*\ | Copyright © CNT | | Phone: 0986.901.797 | | Y!m: banmai_xanhmai | | Website: CongNgheTre.Vn | | Email: PeakOfMusic@Gmail.Com | \*-----------------------------------*/ define('CNT', true); include '../cnt-includes/config.php'; if (check_log() == true && check_level() == 9) { if ($_GET['type'] == 'add' && strlen($_POST['name']) >= 3) { @mysql_query("INSERT INTO cnt_class (class_name) VALUES ('" . $_POST['name'] . "')"); header('Location: index.php?m=11&sm=2'); } elseif ($_GET['type'] == 'edit') { @mysql_query("UPDATE cnt_class SET class_name = '" . $_POST['name'] . "' WHERE id = " . $_POST['id']); header('Location: index.php?m=11&sm=2'); } elseif ($_GET['type'] == 'del' && $_POST['action'] == 1 && $_POST['id']) { $total = count($_POST['id']); for ($i = 0; $i < $total; $i++) { @mysql_query("DELETE FROM cnt_class WHERE id = " . $_POST['id'][$i]); } header('Location: index.php?m=11&sm=2'); } else { header('Location: index.php?m=11&sm=2'); } } else { echo "Hacking attempt"; }
function firewall() { return; //!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! do_log("Restart ufw now", 'v', 'info', __FILE__, __LINE__); //$output = shell_exec("ufw reset"); $output[] = shell_exec("ufw delete allow 5060"); $output[] = shell_exec("ufw delete allow 4569"); if ($mypbx['ip4'] && is_numeric($mypbx['wsport'])) { $output[] = shell_exec("ufw allow " . $mypbx['wsport']); $output[] = shell_exec("ufw allow " . ($mypbx['wsport'] + 1)); } if ($mypbx['ip4'] && $mypbx['sipport'] != '5060') { $output[] = shell_exec("iptables -t nat -D PREROUTING -p udp -d " . $mypbx['ip4'] . " --dport 5060 -j DNAT --to " . $mypbx['ip4'] . ":" . $mypbx['sipport']); $output[] = shell_exec("iptables -t nat -A PREROUTING -p udp -d " . $mypbx['ip4'] . " --dport 5060 -j DNAT --to " . $mypbx['ip4'] . ":" . $mypbx['sipport']); $output[] = shell_exec("ufw allow 5060"); } if ($mypbx['ip4'] && $mypbx['iaxport'] != '4569') { $output[] = shell_exec("iptables -t nat -D PREROUTING -p udp -d " . $mypbx['ip4'] . " --dport 4569 -j DNAT --to " . $mypbx['ip4'] . ":" . $mypbx['iaxport']); $output[] = shell_exec("iptables -t nat -A PREROUTING -p udp -d " . $mypbx['ip4'] . " --dport 4569 -j DNAT --to " . $mypbx['ip4'] . ":" . $mypbx['iaxport']); $output[] = shell_exec("ufw allow 4569"); } if ($mypbx['sipport']) { $output[] = shell_exec("ufw allow " . $mypbx['sipport']); } if ($mypbx['iaxport']) { $output[] = shell_exec("ufw allow " . $mypbx['iaxport']); } $output[] = shell_exec("ufw allow 22:23/tcp"); if ($site_settings['Node_Centers']) { $centers = siteopt_array('Node_Centers', '|'); foreach ($centers as $k => $center) { if ($center['0'] && $mypbx['ip4'] && $mypbx['astmanport']) { $output[] = shell_exec("ufw allow from " . $center['0'] . " to " . $mypbx['ip4'] . " port " . $mypbx['astmanport']); } else { do_log("firewall:myip=" . $mypbx['ip4'] . ",myiaxport=" . $mypbx['iaxport'], 'd', 'info', __FILE__, __LINE__); } if ($center['0'] && $mypbx['ip4']) { $output[] = shell_exec("ufw allow from " . $center['0'] . " to " . $mypbx['ip4'] . " port 3306"); } else { do_log("firewall:myip=" . $mypbx['ip4'] . ",myiaxport=" . $mypbx['iaxport'], 'd', 'info', __FILE__, __LINE__); } } } if (isset($output)) { check_log($output, 'firewall', false, 'problem', __FILE__, __LINE__); } }
<?php session_start(); function string_prepare($string) { global $mysql_conn; return trim(mysqli_real_escape_string($mysql_conn, $string)); } function check_log() { $username = "******" . $_SESSION['username']; if (strcmp($username, " ") == 0) { ?> <script>window.location.href="action_post.php"</script><?php } return $username; } $username = check_log();
<?php /*-----------------------------------*\ | Copyright © CNT | | Phone: 0986.901.797 | | Y!m: banmai_xanhmai | | Website: CongNgheTre.Vn | | Email: PeakOfMusic@Gmail.Com | \*-----------------------------------*/ define('CNT', true); include '../cnt-includes/config.php'; if (check_log() & check_level() >= 9) { $match = @mysql_fetch_array(@mysql_query("SELECT VERSION()")); $match = explode('.', $match[0]); define('MYSQL_VERSION', (int) sprintf('%d%02d%02d', $match[0], $match[1], intval($match[2]))); unset($match); define('NOW', gmmktime()); if (MYSQL_VERSION >= 40102) { define('ENGINE_KEYWORD', 'ENGINE'); } else { define('ENGINE_KEYWORD', 'TYPE'); } $q_tb = @mysql_query("SHOW TABLES LIKE 'cnt_%'"); $sql = "-- --------------------------------------------------------\n" . "-- CNT DATABASE BACKUP\n" . "-- DATE : " . date('d m Y', NOW) . "\n" . "-- --------------------------------------------------------\n\n"; while ($r_tb = @mysql_fetch_array($q_tb)) { $table_name = $r_tb[0]; $q_cl = @mysql_query("SHOW COLUMNS FROM `{$table_name}`"); $str = "-- --------------------------------------------------------\n" . "-- TABLE {$table_name}\n" . "-- --------------------------------------------------------\n\n"; $str .= "DROP TABLE IF EXISTS `{$table_name}`;\n"; $str .= "CREATE TABLE `{$table_name}` (\n"; $pri_arr = array();