| Server IP : 79.136.114.73 / Your IP : 216.73.216.61 Web Server : Apache/2.4.7 (Ubuntu) PHP/5.5.9-1ubuntu4.29 OpenSSL/1.0.1f System : Linux b8009 3.13.0-170-generic #220-Ubuntu SMP Thu May 9 12:40:49 UTC 2019 x86_64 User : www-data ( 33) PHP Version : 5.5.9-1ubuntu4.29 Disable Function : pcntl_alarm,pcntl_fork,pcntl_waitpid,pcntl_wait,pcntl_wifexited,pcntl_wifstopped,pcntl_wifsignaled,pcntl_wexitstatus,pcntl_wtermsig,pcntl_wstopsig,pcntl_signal,pcntl_signal_dispatch,pcntl_get_last_error,pcntl_strerror,pcntl_sigprocmask,pcntl_sigwaitinfo,pcntl_sigtimedwait,pcntl_exec,pcntl_getpriority,pcntl_setpriority, MySQL : ON | cURL : ON | WGET : ON | Perl : ON | Python : ON | Sudo : ON | Pkexec : ON Directory : /var/www/digitaliseringstrappan.astacus.se/ |
Upload File : |
<?php
// BEGIN FILE: /admin_toolbox.php
session_start();
if ($_SESSION['DIGTRAPP_LOGIN'][0] == "") {
header("location: index.php");
exit;
}
$link = mysql_connect("localhost", "root", "root123");
mysql_select_db("fi2xml_tool");
$sql = "SELECT * FROM tblLicenses WHERE id = '".mysql_real_escape_string($_SESSION['DIGTRAPP_LOGIN'][0])."'";
$result = mysql_query($sql);
$SystemUserId = 0;
$Admin = "0";
while ($row = mysql_fetch_assoc($result)) {
$SystemUserId = $row['id'];
$Admin = $row['Admin'];
$CompanyId = $row['CompanyId'];
$Username = $row['Username'];
$Company = $row['Company'];
$GUID = $row['GUID'];
}
if ($Admin != "1") {
header("HTTP/1.1 403 Forbidden");
echo "Forbidden";
exit;
}
$errors = array();
$success = "";
/* =========================
Deactivate (soft delete)
========================= */
if ($_SERVER['REQUEST_METHOD'] === 'POST' && isset($_POST['action']) && $_POST['action'] === 'deactivate') {
$id = (int)$_POST['id'];
if ($id > 0) {
$sql = "UPDATE tblToolboxUploads SET is_active = 0 WHERE id = ".$id;
mysql_query($sql);
$success = "Upload deactivated.";
}
}
/* =========================
Upload new package
========================= */
if ($_SERVER['REQUEST_METHOD'] === 'POST' && isset($_POST['action']) && $_POST['action'] === 'upload') {
$product = trim($_POST['product']);
$version = trim($_POST['version']);
if ($product == "" || $version == "") {
$errors[] = "Product and version are required.";
}
// Only allow these products (expand as needed)
$allowedProducts = array("Revit", "AutoCAD");
if (!in_array($product, $allowedProducts)) {
$errors[] = "Invalid product.";
}
if (!isset($_FILES['package']) || $_FILES['package']['error'] != 0) {
$errors[] = "File upload failed.";
}
if (count($errors) == 0) {
$origName = $_FILES['package']['name'];
$tmpName = $_FILES['package']['tmp_name'];
$fileSize = (int)$_FILES['package']['size'];
$ext = strtolower(pathinfo($origName, PATHINFO_EXTENSION));
if ($ext != "zip") {
$errors[] = "Only .zip files are allowed.";
}
}
if (count($errors) == 0) {
// Sanitize for filesystem
$safeProduct = preg_replace('/[^A-Za-z0-9_\-]/', '', $product);
$safeVersion = preg_replace('/[^A-Za-z0-9_\.\-]/', '', $version);
$storedFilename = $safeProduct . "_" . $safeVersion . ".zip";
$relativeDir = "downloads/" . $safeProduct;
$relativePath = $relativeDir . "/" . $storedFilename;
$absDir = dirname(__FILE__) . "/" . $relativeDir;
$absPath = dirname(__FILE__) . "/" . $relativePath;
// Check existing active same product+version
$sql = "SELECT id FROM tblToolboxUploads
WHERE product = '".mysql_real_escape_string($product)."'
AND version = '".mysql_real_escape_string($version)."'
AND is_active = 1
LIMIT 1";
$res = mysql_query($sql);
if ($res && mysql_num_rows($res) > 0) {
$errors[] = "An active upload already exists for this product and version.";
}
if (count($errors) == 0) {
if (!is_dir($absDir)) {
// 0775 is usually fine; depends on your Apache user/group
if (!mkdir($absDir, 0775, true)) {
$errors[] = "Could not create directory: " . $absDir;
}
}
}
if (count($errors) == 0 && file_exists($absPath)) {
$errors[] = "Target file already exists: " . $relativePath;
}
if (count($errors) == 0) {
if (!move_uploaded_file($tmpName, $absPath)) {
$errors[] = "Could not move uploaded file.";
} else {
$sql = "INSERT INTO tblToolboxUploads
(product, version, original_filename, stored_filename, relative_path, file_size_bytes, uploaded_by_license_id, uploaded_at, is_active)
VALUES (
'".mysql_real_escape_string($product)."',
'".mysql_real_escape_string($version)."',
'".mysql_real_escape_string($origName)."',
'".mysql_real_escape_string($storedFilename)."',
'".mysql_real_escape_string($relativePath)."',
".$fileSize.",
".$SystemUserId.",
NOW(),
1
)";
mysql_query($sql);
$success = "Upload saved.";
}
}
}
}
// Load active uploads
$sql = "SELECT u.*, l.Username AS UploadedBy
FROM tblToolboxUploads u
LEFT JOIN tblLicenses l ON l.id = u.uploaded_by_license_id
WHERE u.is_active = 1
ORDER BY u.product ASC, u.uploaded_at DESC";
$uploadsRes = mysql_query($sql);
?>
<!DOCTYPE html>
<html lang="sv">
<head>
<meta charset="UTF-8">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<title>Administration - Toolbox</title>
<link rel="stylesheet" href="styles.css">
</head>
<body>
<aside id="sidebar"><br>
ASTACUS TOOLBOX<br>
<hr>
<nav>
<ul>
<li><a href="konto.php"><img src="images/konto.png" width="15" height="15" alt="" class="center"/> Konto / Licens</a></li>
<?php if($Admin == "1"){?>
<li><a href="admin.php"><img src="images/admin.png" width="15" height="15" alt="" class="center"/> Admin konto</a></li>
<li><a href="admin_toolbox.php"><img src="images/admin.png" width="15" height="15" alt="" class="center"/> Admin filer</a></li>
<?php }?> <li><a href="download.php"><img src="images/download.png" width="15" height="15" alt="" class="center"/> Nedladdning</a></li>
<li><a href="support.php"><img src="images/support.png" width="15" height="15" alt="" class="center"/> Support</a></li>
</ul>
<br>
<hr>
<ul>
<li><a href="index.php?logout=true">Logga ut</a></li>
</ul>
</nav>
</aside>
<main>
<section id="account-section">
<h2>Administration - Toolbox uploads</h2>
<?php if (count($errors) > 0) { ?>
<div style="padding:10px;border:1px solid #c00;margin:10px 0;">
<b>Errors:</b><br>
<?php foreach ($errors as $e) { echo htmlspecialchars($e)."<br>"; } ?>
</div>
<?php } ?>
<?php if ($success != "") { ?>
<div style="padding:10px;border:1px solid #090;margin:10px 0;">
<?php echo htmlspecialchars($success); ?>
</div>
<?php } ?>
<h3>Upload new version</h3>
<form method="post" enctype="multipart/form-data">
<input type="hidden" name="action" value="upload">
<label>Product</label><br>
<select name="product" required>
<option value="Revit">Revit</option>
<option value="AutoCAD">AutoCAD</option>
</select>
<br><br>
<label>Version</label><br>
<input type="text" name="version" placeholder="25.00.0508" required style="width:260px;">
<br><br>
<label>ZIP file</label><br>
<input type="file" name="package" accept=".zip" required>
<br><br>
<button type="submit">Upload</button>
</form>
<br><hr><br>
<h3>Active uploads</h3>
<?php if (!$uploadsRes || mysql_num_rows($uploadsRes) == 0) { ?>
<div>No uploads found.</div>
<?php } else { ?>
<table border="0" cellpadding="6" cellspacing="0" style="width:100%;max-width:900px;">
<tr>
<th align="left">Product</th>
<th align="left">Version</th>
<th align="left">File</th>
<th align="left">Uploaded</th>
<th align="left">By</th>
<th align="left">Action</th>
</tr>
<?php while ($u = mysql_fetch_assoc($uploadsRes)) { ?>
<tr>
<td><?php echo htmlspecialchars($u['product']); ?></td>
<td><?php echo htmlspecialchars($u['version']); ?></td>
<td>
<a href="<?php echo htmlspecialchars($u['relative_path']); ?>">
<?php echo htmlspecialchars($u['stored_filename']); ?>
</a>
</td>
<td><?php echo htmlspecialchars($u['uploaded_at']); ?></td>
<td><?php echo htmlspecialchars($u['UploadedBy']); ?></td>
<td>
<form method="post" style="margin:0;">
<input type="hidden" name="action" value="deactivate">
<input type="hidden" name="id" value="<?php echo (int)$u['id']; ?>">
<button type="submit" onclick="return confirm('Deactivate this upload?');">Deactivate</button>
</form>
</td>
</tr>
<?php } ?>
</table>
<?php } ?>
</section>
</main>
</body>
</html>
<?php
// END FILE
?>