ACC SHELL

Path : /srv/www/vhosts/vaszahradnik/old/
File Upload :
Current File : /srv/www/vhosts/vaszahradnik/old/edit.php

<?



$user=$_COOKIE["jwv_user_login"];
$pass=$_COOKIE["jwv_user_password"];


#$user=$HTTP_COOKIE_VARS['JWV_user'][login];
#$pass=$HTTP_COOKIE_VARS['JWV_user'][password];
define ("USER", $user);
define ("PASSWORD", $pass);
  #echo $user.':'.$pass.'<br>';

define ("SERVER", "localhost");
define ("DBNAME", "vaszahradnikcom");

$ttl=130;
setcookie ("jwv_user_login",$user,time()+$ttl*60);
setcookie ("jwv_user_password",$pass,time()+$ttl*60);






$link=mysql_connect(SERVER,USER,PASSWORD ,DBNAME);
if (!$link) {
	echo "<script>window.location='admin.html'</script>"; die;
	}
echo mysql_error();
MySQL_Select_DB("JWV");
mysql_query("SET NAMES 'cp1250'");


$n=$_GET['page']?$_GET['page']:1;

$str=mysql_query("SELECT * FROM vaszahradnikcom.structure WHERE N=".$n );
if (!$str) {
 echo "<script>window.location='admin.html'</script>"; die;
	}
	echo mysql_error();
$stranka = mysql_fetch_row($str);


$maxfinder=mysql_query("SELECT * FROM vaszahradnikcom.structure");
$maxN=0;

 while ($max = mysql_fetch_row($maxfinder)){
 	if ($max[0]>$maxN) $maxN=$max[0];
                                      }

$maxN++;


?>




<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="cs" lang="cs">

<head>

<title>
Vánoční dekorace @ Váš zahradník
</title>

<meta http-equiv="Content-Type" content="text/html; charset=windows-1250" />
<meta http-equiv="pragma" content="no-cache" />
<meta http-equiv="content-language" content="cs" />

<meta name="description" content="Váš zahradník nabízí služby v oboru zahradnictví, údržba a realizace zahrad, trávníků, golfových hřišť, péče o stromy, sady, podniková zeleň, stavební pozemky, zahradní jezírka, skalky a další zahradní služby" />

<meta name="keywords" content="Váš zahradník, zahrada, sad, strom, golfové hřiště, podniková zeleň, trávník, skalka, péče o zahradu, zahradní služby, realizace zahrad, stavební pozemky, sekání trávy, záhony, květiny, živé ploty, Greeny, vypracování, plánů, stříhání, stromů, keřů, hnojení, postřiky, vertikutace, mulčovací, kůra, obrývání, kácení, dosazování, osazování, jezírko, pergola, skalničky, zimní zahrada" />

<meta name="author" content="Filip Opěla" />
<meta name="copyright" content="" />
<meta name="MSSmartTagsPreventParsing" content="TRUE" />
<meta name="robots" content="index,follow" />

<link rel="Start" title="Home" href="http://www.vaszahradik.com/index.html" />
<link rel="Author" title="Autor" href="mailto:filip@cdman.cz" />

<link href="css/styl.css" rel="stylesheet" type="text/css" title="vzhled" media="screen" />
<link href="css/print.css" rel="stylesheet" type="text/css" media="print"  />

<!-- tinyMCE -->
<script language="javascript" type="text/javascript" src="tinymce/jscripts/tiny_mce/tiny_mce.js">
</script>
<!-- form POST send -->
<script type="text/javascript">



var xmlHttp

/*@cc_on @*/
/*@if (@_jscript_version >= 5)
  try {
  xmlHttp=new ActiveXObject("Msxml2.XMLHTTP")
} catch (e) {
  try {
    xmlHttp=new ActiveXObject("Microsoft.XMLHTTP")
  } catch (E) {
   xmlHttp=false
  }
}
@else
xmlHttp=false
@end @*/
if (!xmlHttp) {
try {
  xmlHttp = new XMLHttpRequest();
}
catch (e) {
  xmlHttp=false
}
}


var URLto = 'editpage.php';

// function to build POST requests

function buildPOST(theFormName) {
    theForm = document.forms[theFormName];
    var qs = ''
    for (e=0;e<theForm.elements.length;e++) {
        if (theForm.elements[e].name!='') {
            var name = theForm.elements[e].name;
            qs+=(qs=='')?'':'(_|_)'
            qs+= name+'='+escape(theForm.elements[e].value);
        }
    }
    qs+="\n";
    return qs
}

// function to communicate with remote script

function send_post(theFormName) {
    var xmlMessage = buildPOST(theFormName);
    xmlHttp.open("POST", URLto, false)

    // for ie compatability
    xmlHttp.setRequestHeader('Content-Type','text/html')

    xmlHttp.send(xmlMessage)
}


function display_response() {
    var optionDiv = document.getElementById("responseContainer");
    optionDiv.innerHTML = xmlHttp.responseText;
}

// form POST send end
</script>



</head>

<body>
<div id="obsah">
<h1 onclick="location='index.html'" title="přejít na úvodní stránku"><span>Váš zahradník</span></h1>

<div  id="text">
         <form name="page" action="" method="POST">
<input id='header' name='header' type='text' class='h2' value='<? echo $stranka[3] ?>' />
<input name="hide" <? echo ($stranka[5]=="N")?'checked="checked"':'' ?> type="checkbox" onclick="document.page.hid.value=document.page.hid.value=='true'?'false':'true'"><b>Hidden</b>


<br><div id="txt_content" name="txt_content" style="width:405px; height:450px"><?
# content
echo $stranka[4];
?></div>
 <input align="right" type="submit" value="save" /><div align="right"><a href="javascript:if(confirm('really??')) {window.location='delpage.php?page=<? echo $stranka[0] ?>'}" style="color:#c00">Delete Page</a></div>
   <input name="content" type="hidden" value="blank page">
  <input name="hid" type="hidden" value="<? echo ($stranka[5]=="N")?"true":"false" ?>">
  <input name="n" type="hidden" value="<? echo $stranka[0] ?>">
</form>
</div><ul id="menu"><?

 $menu=mysql_query ("SELECT * FROM vaszahradnikcom.structure  ORDER BY Shows DESC,Order_value");
#echo mysql_error();

 $pred=0;
  $predorder=0;

 while ($men = mysql_fetch_row($menu))
{

echo "<li><a class='menuitem'  href='edit.php?page=".$men[0]."'".(($men[5]=='N')?"style='color:#888'":'').">".$men[3]."</a>".($pred&&($men[5]=='Y')?"<img border='0' height='17' width='17' src='images/up_maxi.gif' onClick='window.location=".'"chg.php?page='.$page.'&a='.$pred.'&b='.$men[0].'"'."'>":"")."</li>";

$pred=$men[0];
$predorder=$men[1];
}

echo "<li><img border='0' height='17' width='17' src='images/plus_maxi.gif' onClick='window.location=".'"addpage.php?n='.$maxN.'"'."'></li>"
?>

</ul>

<div id="volejte">volejte</div>
<div id="telefon">724&nbsp;321&nbsp;075</div>
<div id="telefon">517&nbsp;369&nbsp;653</div>

<div id="volejte">osobně</div>
<div id="telefon">Padělky 278 Brankovice</div>


<div id="piste">pište</div>
<div id="email"><a href="mailto:info@vaszahradnik.com" title="odešle e-mail na info@vaszahradnik.com">info@vaszahradnik.com</a></div>


<p id="citat"><cite>&bdquo;Své zahrady si&nbsp;užívejte, <br />
<strong>práci přenechte odborníkům&rdquo;</strong></cite></p><p id="podpis">Jaroslav Zbranek<br />
Váš zahradník</p>
<p class="clear">&nbsp;</p>

</div>
<script type="text/javascript">

        tinyMCE.init({
		theme : "advanced",
		mode : "exact",
		elements : "txt_content",
		save_callback : "customSave",
		//content_css : "engine/wysiwygcss.php?cssfile=../css/maincss2.prs&k="+k_fnt,
		extended_valid_elements : "a[href|target|name]",
		plugins : "table",
		theme_advanced_buttons3_add_before : "tablecontrols,separator",
		//invalid_elements : "a",
		theme_advanced_styles : "Header 1=header1;Header 2=header2;Header 3=header3;Table Row=tableRow1", // Theme specific setting CSS classes
		//execcommand_callback : "myCustomExecCommandHandler",
		debug : false
	});

	// Custom event handler
	function myCustomExecCommandHandler(editor_id, elm, command, user_interface, value) {
		var linkElm, imageElm, inst;

		switch (command) {
			case "mceLink":
				inst = tinyMCE.getInstanceById(editor_id);
				linkElm = tinyMCE.getParentElement(inst.selection.getFocusElement(), "a");

				if (linkElm)
					alert("Link dialog has been overriden. Found link href: " + tinyMCE.getAttrib(linkElm, "href"));
				else
					alert("Link dialog has been overriden.");

				return true;

			case "mceImage":
				inst = tinyMCE.getInstanceById(editor_id);
				imageElm = tinyMCE.getParentElement(inst.selection.getFocusElement(), "img");

				if (imageElm)
					alert("Image dialog has been overriden. Found image src: " + tinyMCE.getAttrib(imageElm, "src"));
				else
					alert("Image dialog has been overriden.");

				return true;
		}

		return false; // Pass to next handler in chain
	}

	// Custom save callback, gets called when the contents is to be submitted
	function customSave(id, content) {

	//alert (content);
		document.page.content.value=content;
		URLto = 'editpage.php';
        send_post('page');


       //display_response();alert (document.getElementById("responseContainer").innerHTML);

    <?   if (count($_POST)) {
 echo "window.location='".$_SERVER['HTTP_HOST'].$_SERVER['SCRIPT_NAME'].'?page='.$n."'";
//    die;
    }
    ?>



         }

//<!-- /tinyMCE -->
</script>

</body>
</html>

ACC SHELL 2018