HEX
Server: Apache/2
System: Linux sv1.freethailand.com 2.6.18-410.el5 #1 SMP Wed May 11 06:00:14 EDT 2016 x86_64
User: apache (101)
PHP: 5.3.29
Disabled: symlink,shell_exec,exec,proc_close,proc_open,popen,system,dl,passthru,escapeshellarg,escapeshellcmd,pcntl_exec,proc_get_status,proc_nice,proc_terminate,pclose,ini_alter,virtual,openlog,ini_restore
$ pwd: /home/pengthai/domains/pengthaicurry.com/public_html/admin/setting/
Upload Files
File: /home/pengthai/domains/pengthaicurry.com/public_html/admin/setting/fn_setting.php
<?php @session_start();

	include("../include/chksession.php"); 
	include ("../include/connect.php");
	include ("../include/function.php");
	
	
	mysql_queryx("SET NAMES UTF8");
	mysql_select_dbx($dbname, $cn);

//	exit();
$arr = array(
	"CONFIX_TITLE" => $_REQUEST["title"],
	"CONFIX_KEYWORD" => $_REQUEST["keyword"],
	"CONFIX_DESCRIPTION" =>$_REQUEST["description"],
	"CONFIX_COPYRIGHT" =>$_REQUEST["copyright"],
	"CONFIX_COMPANY_TH" =>$_REQUEST["company_th"],
	"CONFIX_COMPANY_EN" =>$_REQUEST["company_en"],
	"CONFIX_WWW_NAME" =>$_REQUEST["www_name"],
	"CONFIX_WWW_URL" =>$_REQUEST["www_url"],
	"CONFIX_ADDRESS_TH" =>$_REQUEST["address_th"],
	"CONFIX_ADDRESS_EN" =>$_REQUEST["address_en"],
	"CONFIX_ADDRESS2_TH" =>$_REQUEST["CONFIX_ADDRESS2_TH"],
	"CONFIX_ADDRESS2_EN" =>$_REQUEST["CONFIX_ADDRESS2_EN"],	
	
	"CONFIX_TELEPHONE_1" =>$_REQUEST["telephone_1"],
	"CONFIX_TELEPHONE_2" =>$_REQUEST["telephone_2"],
	"CONFIX_MOBILE_1" =>$_REQUEST["mobile_1"],
	"CONFIX_MOBILE_2" =>$_REQUEST["mobile_2"],
	"CONFIX_FAX" =>$_REQUEST["fax"],
	"CONFIX_FAX_2" =>$_REQUEST["fax_en"],
	"CONFIX_EMAIL_1" =>$_REQUEST["email_1"],
	"CONFIX_EMAIL_2" =>$_REQUEST["email_2"],
	"CONFIX_LOCATION" =>addslashes($_REQUEST["location"]),	
	"CONFIX_FACEBOOK_NAME" =>$_REQUEST["facebook_name"],
	"CONFIX_FACEBOOK_URL" =>$_REQUEST["facebook_url"],
	"CONFIX_FACEBOOK2_NAME" =>$_REQUEST["facebook2_name"],
	"CONFIX_FACEBOOK2_URL" =>$_REQUEST["facebook2_url"],
	"CONFIX_PAYPAL_1" =>$_REQUEST["paypal_1"],
	"CONFIX_PAYPAL_2" =>$_REQUEST["paypal_2"],
	"CONFIX_YOUTUBE_NAME" =>$_REQUEST["youtube_name"],
	"CONFIX_YOUTUBE_URL" =>$_REQUEST["youtube_url"],
	"CONFIX_INSTAGRAM_NAME" =>$_REQUEST["ingstagram_name"],
	"CONFIX_INSTAGRAM_URL" =>$_REQUEST["ingstagram_url"],
	"CONFIX_TWITTER_NAME" =>$_REQUEST["twitter_name"],
	"CONFIX_TWITTER_URL" =>$_REQUEST["twitter_url"],
	"CONFIX_GOOGLE_NAME" =>$_REQUEST["google_name"],
	"CONFIX_GOOGLE_URL" =>$_REQUEST["google_url"],
	"CONFIX_PINTEREST_NAME" =>$_REQUEST["pinterest_name"],
	"CONFIX_PINTEREST_URL" =>$_REQUEST["pinterest_url"],
	"CONFIX_LINKEDIN_NAME" =>$_REQUEST["linkedin_name"],
	"CONFIX_LINKEDIN_URL" =>$_REQUEST["linkedin_url"],
	"CONFIX_LINEID_1" =>$_REQUEST["line_1"],
	"CONFIX_LINEID_2" =>$_REQUEST["line_2"],
	"CONFIX_DETAIL_1" =>$_REQUEST["detail_1"],
	"CONFIX_DETAIL_2" =>$_REQUEST["detail_2"],
	"CONFIX_WORKTIME_TH" =>$_REQUEST["worktime"],
	"CONFIX_WORKTIME_EN" =>$_REQUEST["worktime_en"],
	"CONFIX_DOMAINNAME" =>$_REQUEST["domain"],
	"CONFIX_TAXPAYER" =>$_REQUEST["taxpayer"],
	"CONFIX_SHOP_TH" =>$_REQUEST["shop_th"],
	"CONFIX_CHATBOX_CALL" =>$_REQUEST["chatbox_call"],
	"CONFIX_CHATBOX_EMAIL" =>$_REQUEST["chatbox_email"],
	"CONFIX_FACEBOOK_ID" =>$_REQUEST["facebook_id"],
	"CONFIX_CHATBOX_LINE_ID" =>$_REQUEST["chatbox_line_id"],
	"CONFIX_CHATBOX_COLOR" =>$_REQUEST["chatbox_color"],
	"CONFIX_HEADERSCRIPTS" =>addslashes($_REQUEST["header_script"]),
	"CONFIX_FOOTERSCRIPTS" =>addslashes($_REQUEST["footer_script"]),
	"CONFIX_LINK_BOOKNOW" =>$_REQUEST["link_booknow"],
	"CONFIX_CODE_1" =>$_REQUEST["code_1"],
	"CONFIX_CODE_2" =>$_REQUEST["code_2"],
	
	
	"CONFIX_NAME_CONTACT" =>$_REQUEST["CONFIX_NAME_CONTACT"],
	"CONFIX_NAME_CALL" =>$_REQUEST["CONFIX_NAME_CALL"],
	"CONFIX_NAME_MAIL" =>$_REQUEST["CONFIX_NAME_MAIL"],
	
	"CONFIX_NAME_CONTACT2" =>$_REQUEST["CONFIX_NAME_CONTACT2"],
	"CONFIX_NAME_CALL2" =>$_REQUEST["CONFIX_NAME_CALL2"],
	"CONFIX_NAME_MAIL2" =>$_REQUEST["CONFIX_NAME_MAIL2"],
	
	"CONFIX_NAME_CONTACT_EN" =>$_REQUEST["CONFIX_NAME_CONTACT_EN"],
	"CONFIX_NAME_CALL_EN" =>$_REQUEST["CONFIX_NAME_CALL_EN"],
	"CONFIX_NAME_MAIL_EN" =>$_REQUEST["CONFIX_NAME_MAIL_EN"],
	
	"CONFIX_NAME_CONTACT2_EN" =>$_REQUEST["CONFIX_NAME_CONTACT2_EN"],
	"CONFIX_NAME_CALL2_EN" =>$_REQUEST["CONFIX_NAME_CALL2_EN"],
	"CONFIX_NAME_MAIL2_EN" =>$_REQUEST["CONFIX_NAME_MAIL2_EN"]

	
);
	
//CONFIX_IMAGES_MAP
//CONFIX_IMAGES_LINE

	$err =1;
	switch ($_POST['action']) {

	case "del-map":

			$sqlfind = "SELECT * FROM tb_config WHERE conf_name ='CONFIX_IMAGES_MAP' ";
			$resfind = mysql_queryx($sqlfind);
			
			$rfind=mysql_fetch_arrayx($resfind);
			$id_conf= $rfind['conf_value']; 
			
			if(mysql_queryx($sqlfind) == true)
			{
				$delfile = "../../album/contact/$id_conf";
				if( file_exists($delfile)==true && $id_conf !="")
				unlink($delfile);
			}	
			
			$sql = "UPDATE tb_config SET conf_value='' WHERE conf_name='CONFIX_IMAGES_MAP' ";	
			mysql_queryx($sql);
			die(msg("1","ลบรูปภาพสำเร็จ"));
			
	  break;	
	case "del-qr":
			$sqlfind = "SELECT * FROM tb_config WHERE conf_name ='CONFIX_IMAGES_LINE' ";
			$resfind = mysql_queryx($sqlfind);
			$rfind=mysql_fetch_arrayx($resfind);
			$id_conf= $rfind['conf_value']; 
			if( mysql_queryx($sqlfind) == TRUE )
			{
				$delfile = "../../album/contact/$id_conf";
				if( file_exists($delfile)==TRUE && $id_conf !="")
				unlink($delfile);
			}		
			$sql = "UPDATE tb_config SET conf_value='' WHERE conf_name='CONFIX_IMAGES_LINE' ";	
			mysql_queryx($sql) ;
			die(msg("1","ลบรูปภาพสำเร็จ"));

	  break;	
	  
	  case "del-locate":
			$sqlfind = "SELECT * FROM tb_config WHERE conf_name ='CONFIX_IMAGES_LOCATE' ";
			$resfind = mysql_queryx($sqlfind);
			$rfind=mysql_fetch_arrayx($resfind);
			$id_conf= $rfind['conf_value']; 
			if( mysql_queryx($sqlfind) == TRUE )
			{
				$delfile = "../../album/contact/$id_conf";
				if( file_exists($delfile)==TRUE && $id_conf !="")
				unlink($delfile);
			}		
			$sql = "UPDATE tb_config SET conf_value='' WHERE conf_name='CONFIX_IMAGES_LOCATE' ";	
			mysql_queryx($sql) ;
			die(msg("1","ลบรูปภาพสำเร็จ"));

	  break;	
	default :
		echo"<meta http-equiv='Content-Type' content='text/html; charset=utf-8' />";
		foreach ($arr as $key => $value ) {
			$sql = "UPDATE  tb_config  SET conf_value = '$value'  WHERE  conf_name='$key' " ;
			if(mysql_queryx($sql) == false)
			$err = 2;

			foreach ($_FILES["add_map"]["error"] as $key => $error) {
	
				$newfile = 'add_map';
				$filename = $_FILES[$newfile]['name'][$key] ;
				$filecontent = $_FILES[$newfile]['tmp_name'][$key] ;
				
				if( $filename != '' )// ถ้ามีภาพคือ ถ้าไม่ใช่ค่าว่าง
				{			
					$ext = pathinfo($filename, PATHINFO_EXTENSION);
					$ext = strtolower($ext );
					$newFileName = md5($filecontent.date("d-m-Y H:i:s")).'.'.$ext;
					if( move_uploaded_file($filecontent, "../../album/contact/$newFileName") == TRUE )
					{
						$sqlfind = "SELECT * FROM tb_config WHERE conf_name ='CONFIX_IMAGES_MAP' ";
						$resfind = mysql_queryx($sqlfind);
						$rfind=mysql_fetch_arrayx($resfind);
						$id_conf= $rfind['conf_value']; 
						if( mysql_queryx($sqlfind) == true )
						{
							$delfile = "../../album/contact/$id_conf";
							if( file_exists($delfile)==true && $id_conf !="")
							unlink($delfile);
						}
								
						$new_img= "../../album/contact/$newFileName";
						if($new_img== true )
						{	
							$sql = "UPDATE tb_config SET conf_value='$newFileName' WHERE conf_name='CONFIX_IMAGES_MAP' ";	
							mysql_queryx($sql) ;
						}
					}		
				}
			}
			foreach ($_FILES["add_qrcode"]["error"] as $key => $error) {
	
				$newfile = 'add_qrcode';
				$filename = $_FILES[$newfile]['name'][$key] ;
				$filecontent = $_FILES[$newfile]['tmp_name'][$key] ;
				
				if( $filename != '' )// ถ้ามีภาพคือ ถ้าไม่ใช่ค่าว่าง
				{			
					$ext = pathinfo($filename, PATHINFO_EXTENSION);
					$ext = strtolower($ext );
					$newFileName = md5($filecontent.date("d-m-Y H:i:s")).'.'.$ext;
					if( move_uploaded_file($filecontent, "../../album/contact/$newFileName") == TRUE )
					{
						$sqlfind = "SELECT * FROM tb_config WHERE conf_name ='CONFIX_IMAGES_LINE' ";
						$resfind = mysql_queryx($sqlfind);
						$rfind=mysql_fetch_arrayx($resfind);
						$id_conf= $rfind['conf_value']; 
						if( mysql_queryx($sqlfind) == true )
						{
							$delfile = "../../album/contact/$id_conf";
							if( file_exists($delfile)==true && $id_conf !="")
							unlink($delfile);
						}
								
						$new_img= "../../album/contact/$newFileName";
						if($new_img== true )
						{	
							$sql = "UPDATE tb_config SET conf_value='$newFileName' WHERE conf_name='CONFIX_IMAGES_LINE' ";	
							mysql_queryx($sql) ;	
						}
					}		
				}
			}

			foreach ($_FILES["add_locate"]["error"] as $key => $error) {
	
				$newfile = 'add_locate';
				$filename = $_FILES[$newfile]['name'][$key] ;
				$filecontent = $_FILES[$newfile]['tmp_name'][$key] ;
				
				if( $filename != '' )// ถ้ามีภาพคือ ถ้าไม่ใช่ค่าว่าง
				{			
					$ext = pathinfo($filename, PATHINFO_EXTENSION);
					$ext = strtolower($ext );
					$newFileName = md5($filecontent.date("d-m-Y H:i:s")).'.'.$ext;
					if( move_uploaded_file($filecontent, "../../album/contact/$newFileName") == TRUE )
					{
						$sqlfind = "SELECT * FROM tb_config WHERE conf_name ='CONFIX_IMAGES_LOCATE' ";
						$resfind = mysql_queryx($sqlfind);
						$rfind=mysql_fetch_arrayx($resfind);
						$id_conf= $rfind['conf_value']; 
						if( mysql_queryx($sqlfind) == true )
						{
							$delfile = "../../album/contact/$id_conf";
							if( file_exists($delfile)==true && $id_conf !="")
							unlink($delfile);
						}
								
						$new_img= "../../album/contact/$newFileName";
						if($new_img== true )
						{	
							$sql = "UPDATE tb_config SET conf_value='$newFileName' WHERE conf_name='CONFIX_IMAGES_LOCATE' ";	
							mysql_queryx($sql) ;
						}
					}		
				}
			}
		
		}
		
		break;	
		
		
	}
	
	
	die(msg($err,"index.php",'notAjax'));
	mysql_closex($cn);


?>
@ Telegram