Software: Apache. PHP/5.5.15 uname -a: Windows NT SVR-DMZ 6.1 build 7600 (Windows Server 2008 R2 Enterprise Edition) i586 SYSTEM Safe-mode: OFF (not secure) C:\AmbienteBogota\comments\admin\ drwxrwxrwx |
Viewing file: manage.php (3.56 KB) -rw-rw-rw- Select action/file-type: (+) | (+) | (+) | Code (+) | Session (+) | (+) | SDB (+) | (+) | (+) | (+) | (+) | (+) | <?php /** * Copyright 2008 Grestul Group * Powered by Grestul **/ ?> <?php session_start(); require "inc/config.php"; if(!isset($_SESSION['loggedin'])) { header('Location: index.php?error=1'); exit(); } $did = SafeAddSlashes($_GET['did']); if(isset($_GET['did'])) { $req = "DELETE FROM comments WHERE ID=$did"; $result = mysql_query ($req,$db); header('Location: '.$domain.'/admin/manage.php'); exit(); } ?> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="content-type" content="text/html; charset=iso-8859-1" /> <title><?php echo "$webad"; ?></title> <link href="inc/admin.css" rel="stylesheet" type="text/css" /> <link href="inc/manage.css" rel="stylesheet" type="text/css" /> </head> <body> <img src="inc/images/logo.png" class="logo" /> <div class="logout"><a href="close.php">Logout</a></div> <div class="navi"> <a href="home.php"><img src="inc/images/homeoff.png" class="navihoff" /></a> <a href="management.php"><img src="inc/images/manageon.png" class="navion" /></a> <a href="stylehome.php"><img src="inc/images/styleoff.png" class="navioff" /></a> </div> <div class="contentrep"> <div class="infobar"> <div class="infotext"> <br /> <div align="center"> <form method="post" action="results.php"> <input type="text" name="search" size="50"> <select name="menu"> <option value="ID">CID (comment ID)</option> <option value="name">Name</option> <option value="comment">Comment</option> </select> <input type="submit" value="Search"> </form> </div> </div> </div> <div class="btite"> Grestul Management - Remove Comments </div> <div class="bodycontent"> <div id="wrapper"> <?php // Get total Number of Comments $count_sql = 'SELECT * FROM comments'; $count_result = mysql_query($count_sql); $count = mysql_num_rows($count_result); echo "[Total posted comments: <b>$count</b>]"; echo ' <br />'; echo ' <br />'; $req = "SELECT ID, name, comment, ip, datetime FROM comments ORDER BY ID desc"; $result = mysql_query ($req,$db); while($row = mysql_fetch_assoc($result)) { mysql_real_escape_string($ID = stripslashes($row['ID'])); mysql_real_escape_string($name = stripslashes(htmlentities($row['name']))); mysql_real_escape_string($comment = stripslashes(htmlentities($row['comment']))); mysql_real_escape_string($ip = stripslashes($row['ip'])); echo '<div class="comment">'."\n"; echo ' <div class="postertime">'."\n"; echo ' <span class="poster">'; echo "$name"; echo '</span> - <span><a href="?did='.$ID.'" class="remove">[Remove]</a> <a href="#wrapper" class="remove">[Top]</a>'; echo ' - [IP: '."$ip] [CID: $ID]</span>"; echo ' </div>'."\n\n"; echo ' <div class="usercomment">'."\n"; echo ' <p>'.(nl2br($comment)).'</p>'."\n"; echo ' </div>'."\n\n"; echo '</div>'."\n\n"; } mysql_free_result($result); ?> <p><a href="#wrapper" title="top" class="top">Back to top</a></p> </div> </div> </div> <div class="footer"> <!-- DO NOT CHANGE, REMOVE, OR HINDER WITH THE COPYRIGHT OR POWERED BY LINES BELOW --> <!-- YOU AGREED TO THE AGREEMENT WHEN YOU DOWNLOADED AND INSTALLED OUR SOFTWARE --> <!-- REMOVING THE LINES BELOW WILL FORCE US TO TAKE LEGAL ACTION --> <!-- BE FAIR AND KEEP THE POWERED BY AND COPYRIGHT LINES. --> Powered By: <a href="http://grestul.com" target="_blank">Grestul,</a> Copyright © 2008 <a href="http://grestul.com" target="_blank">Grestul Group.</a> </div> </body> </html> <?php exit; ?> |
:: Command execute :: | |
--[ c99shell v. 1.0 pre-release build #13 powered by Captain Crunch Security Team | http://ccteam.ru | Generation time: 0.0156 ]-- |