Software: Apache. PHP/5.5.15 uname -a: Windows NT SVR-DMZ 6.1 build 7600 (Windows Server 2008 R2 Enterprise Edition) i586 SYSTEM Safe-mode: OFF (not secure) C:\AmbienteBogota\comments\admin\ drwxrwxrwx | |
| Viewing file: Select action/file-type: <?php
/**
* Copyright 2008 Grestul Group
* Powered by Grestul
**/
?>
<?php session_start();
require "inc/config.php";
if(!isset($_SESSION['loggedin'])) {
header('Location: index.php?error=1');
exit();
}
$did = SafeAddSlashes($_GET['did']);
if(isset($_GET['did'])) {
$req = "DELETE FROM comments WHERE ID=$did";
$result = mysql_query ($req,$db);
header('Location: '.$domain.'/admin/manage.php');
exit();
}
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="content-type" content="text/html; charset=iso-8859-1" />
<title><?php echo "$webad"; ?></title>
<link href="inc/admin.css" rel="stylesheet" type="text/css" />
<link href="inc/manage.css" rel="stylesheet" type="text/css" />
</head>
<body>
<img src="inc/images/logo.png" class="logo" />
<div class="logout"><a href="close.php">Logout</a></div>
<div class="navi">
<a href="home.php"><img src="inc/images/homeoff.png" class="navihoff" /></a>
<a href="management.php"><img src="inc/images/manageon.png" class="navion" /></a>
<a href="stylehome.php"><img src="inc/images/styleoff.png" class="navioff" /></a>
</div>
<div class="contentrep">
<div class="infobar">
<div class="infotext">
<br />
<div align="center">
<form method="post" action="results.php">
<input type="text" name="search" size="50">
<select name="menu">
<option value="ID">CID (comment ID)</option>
<option value="name">Name</option>
<option value="comment">Comment</option>
</select>
<input type="submit" value="Search">
</form>
</div>
</div>
</div>
<div class="btite">
Grestul Management - Remove Comments
</div>
<div class="bodycontent">
<div id="wrapper">
<?php
// Get total Number of Comments
$count_sql = 'SELECT * FROM comments';
$count_result = mysql_query($count_sql);
$count = mysql_num_rows($count_result);
echo "[Total posted comments: <b>$count</b>]";
echo ' <br />';
echo ' <br />';
$req = "SELECT ID, name, comment, ip, datetime FROM comments ORDER BY ID desc";
$result = mysql_query ($req,$db);
while($row = mysql_fetch_assoc($result)) {
mysql_real_escape_string($ID = stripslashes($row['ID']));
mysql_real_escape_string($name = stripslashes(htmlentities($row['name'])));
mysql_real_escape_string($comment = stripslashes(htmlentities($row['comment'])));
mysql_real_escape_string($ip = stripslashes($row['ip']));
echo '<div class="comment">'."\n";
echo ' <div class="postertime">'."\n";
echo ' <span class="poster">';
echo "$name";
echo '</span> - <span><a href="?did='.$ID.'" class="remove">[Remove]</a>
<a href="#wrapper" class="remove">[Top]</a>';
echo ' - [IP: '."$ip] [CID: $ID]</span>";
echo ' </div>'."\n\n";
echo ' <div class="usercomment">'."\n";
echo ' <p>'.(nl2br($comment)).'</p>'."\n";
echo ' </div>'."\n\n";
echo '</div>'."\n\n";
}
mysql_free_result($result);
?>
<p><a href="#wrapper" title="top" class="top">Back to top</a></p>
</div>
</div>
</div>
<div class="footer">
<!-- DO NOT CHANGE, REMOVE, OR HINDER WITH THE COPYRIGHT OR POWERED BY LINES BELOW -->
<!-- YOU AGREED TO THE AGREEMENT WHEN YOU DOWNLOADED AND INSTALLED OUR SOFTWARE -->
<!-- REMOVING THE LINES BELOW WILL FORCE US TO TAKE LEGAL ACTION -->
<!-- BE FAIR AND KEEP THE POWERED BY AND COPYRIGHT LINES. -->
Powered By: <a href="http://grestul.com" target="_blank">Grestul,</a> Copyright © 2008 <a href="http://grestul.com" target="_blank">Grestul Group.</a>
</div>
</body>
</html>
<?php exit; ?> |
:: Command execute :: | |
--[ c99shell v. 1.0 pre-release build #13 powered by Captain Crunch Security Team | http://ccteam.ru | Generation time: 0.0156 ]-- |