sibtracker/system/images.php

<?PHP
@session_start ();
@error_reporting ( E_ALL ^ E_NOTICE );
@ini_set ( 'display_errors', true );
@ini_set ( 'html_errors', false );
@ini_set ( 'error_reporting', E_ALL ^ E_NOTICE );

define ( 'DATALIFEENGINE', true );
define( 'ROOT_DIR', substr( dirname(  __FILE__ ), 0, -7 ) );
define( 'SYSTEM_DIR', ROOT_DIR . '/system' );

extract ( $_REQUEST, EXTR_SKIP );
require SYSTEM_DIR . "/data/config.php";
require_once SYSTEM_DIR . '/classes/mysql.php';
require_once SYSTEM_DIR . "/data/dbconfig.php";
require_once SYSTEM_DIR . "/inc/include/functions.inc.php";

check_xss ();

if ($_COOKIE['dle_skin']) {
	if (@is_dir ( ROOT_DIR . '/templates/' . $_COOKIE['dle_skin'] )) {
		$config['skin'] = $_COOKIE['dle_skin'];
	}
}

include_once ROOT_DIR . '/language/' . $config['langs'] . '/adminpanel.lng';

$config['charset'] = ($lang['charset'] != '') ? $lang['charset'] : $config['charset'];

$user_group = $cache->get( "usergroup" );
if( ! $user_group ) {$user_group = array ();
	$db->query( "SELECT * FROM " . USERPREFIX . "_usergroups ORDER BY id ASC" );
	while ( $row = $db->get_row() ) {$user_group[$row['id']] = array ();
		foreach ( $row as $key => $value ) {$user_group[$row['id']][$key] = stripslashes($value);}
	}
    $cache->set( "usergroup", $user_group );
	$db->free();
}

include_once SYSTEM_DIR . '/modules/sitelogin.php';

if (! $is_logged) {die ( "<br><br><br><br><center>$lang[err_notlogged]</center>" );}
if (! $user_group[$member_id['user_group']]['allow_image_upload'] and $member_id['user_group'] != 1) {die ( "<br><br><br><br><center>$lang[err_noupload]</center>" );}

$_REQUEST['news_id'] = (intval ( $_REQUEST['add_id'] )) ? intval ( $_REQUEST['add_id'] ) : '0';
$_REQUEST['action'] = "quick";
$_REQUEST['author'] = $member_id['name'];

if ( $_REQUEST['news_id'] ) {
	$row = $db->super_query( "SELECT id, autor, approve FROM " . PREFIX . "_post WHERE id = '".intval($_REQUEST['news_id'])."'" );
	if ( !$row['id'] OR $row['approve'] OR $row['autor'] != $member_id['name'] ) die( "Hacking attempt!" );
}

$action = "quick";
$author = $member_id['name'];
define( 'LOGGED_IN', true );

require_once SYSTEM_DIR . '/inc/files.php';
?>
message 2019-05-18 13:46:03 +08:00			`<?PHP`
			`@session_start ();`
			`@error_reporting ( E_ALL ^ E_NOTICE );`
			`@ini_set ( 'display_errors', true );`
			`@ini_set ( 'html_errors', false );`
			`@ini_set ( 'error_reporting', E_ALL ^ E_NOTICE );`

			`define ( 'DATALIFEENGINE', true );`
			`define( 'ROOT_DIR', substr( dirname( __FILE__ ), 0, -7 ) );`
			`define( 'SYSTEM_DIR', ROOT_DIR . '/system' );`

			`extract ( $_REQUEST, EXTR_SKIP );`
			`require SYSTEM_DIR . "/data/config.php";`
			`require_once SYSTEM_DIR . '/classes/mysql.php';`
			`require_once SYSTEM_DIR . "/data/dbconfig.php";`
			`require_once SYSTEM_DIR . "/inc/include/functions.inc.php";`

			`check_xss ();`

			`if ($_COOKIE['dle_skin']) {`
			`if (@is_dir ( ROOT_DIR . '/templates/' . $_COOKIE['dle_skin'] )) {`
			`$config['skin'] = $_COOKIE['dle_skin'];`
			`}`
			`}`

			`include_once ROOT_DIR . '/language/' . $config['langs'] . '/adminpanel.lng';`

			`$config['charset'] = ($lang['charset'] != '') ? $lang['charset'] : $config['charset'];`

			`$user_group = $cache->get( "usergroup" );`
			`if( ! $user_group ) {$user_group = array ();`
			`$db->query( "SELECT * FROM " . USERPREFIX . "_usergroups ORDER BY id ASC" );`
			`while ( $row = $db->get_row() ) {$user_group[$row['id']] = array ();`
			`foreach ( $row as $key => $value ) {$user_group[$row['id']][$key] = stripslashes($value);}`
			`}`
			`$cache->set( "usergroup", $user_group );`
			`$db->free();`
			`}`

			`include_once SYSTEM_DIR . '/modules/sitelogin.php';`

			`if (! $is_logged) {die ( "<br><br><br><br><center>$lang[err_notlogged]</center>" );}`
			`if (! $user_group[$member_id['user_group']]['allow_image_upload'] and $member_id['user_group'] != 1) {die ( "<br><br><br><br><center>$lang[err_noupload]</center>" );}`

			`$_REQUEST['news_id'] = (intval ( $_REQUEST['add_id'] )) ? intval ( $_REQUEST['add_id'] ) : '0';`
			`$_REQUEST['action'] = "quick";`
			`$_REQUEST['author'] = $member_id['name'];`

			`if ( $_REQUEST['news_id'] ) {`
			`$row = $db->super_query( "SELECT id, autor, approve FROM " . PREFIX . "_post WHERE id = '".intval($_REQUEST['news_id'])."'" );`
			`if ( !$row['id'] OR $row['approve'] OR $row['autor'] != $member_id['name'] ) die( "Hacking attempt!" );`
			`}`

			`$action = "quick";`
			`$author = $member_id['name'];`
			`define( 'LOGGED_IN', true );`

			`require_once SYSTEM_DIR . '/inc/files.php';`
			`?>`