PHP WebShell

• .. (вверх)
• [DIR] ..
• [FILE] chat.php
• [FILE] fetch_messages.php
• [FILE] fetch_unread_users.php
• [FILE] send_message.php
• [FILE] support_panel.php
• [FILE] unread_chats.php

Просмотр файла: fetch_messages.php

<?php
include '../config.php';

$user_id = isset($_GET['user']) ? intval($_GET['user']) : 1;
$viewing_as = isset($_GET['viewing_as']) ? $_GET['viewing_as'] : 'user';

$result = $conn->query("SELECT * FROM messages WHERE user_id = $user_id ORDER BY timestamp ASC");

while ($row = $result->fetch_assoc()) {
    $msg_id = $row['id'];
    $who = $row['sent_by'] === 'user' ? 'You' : 'Support';

    // Show message
    echo "<p><strong>$who:</strong> {$row['message']} <small>({$row['timestamp']})</small></p>";

    // Show attachments
    $stmt2 = $conn->prepare("SELECT file_path, file_type FROM attachments WHERE message_id = ?");
    $stmt2->bind_param("i", $msg_id);
    $stmt2->execute();
    $res2 = $stmt2->get_result();

    while ($file = $res2->fetch_assoc()) {
        // Ensure leading slash for file path
        $path = '/uploads/' . ltrim($file['file_path'], '/');

        if ($file['file_type'] === 'image') {
            echo "<br><img src='" . htmlspecialchars($path) . "' style='max-width:200px'><br>";
        } elseif ($file['file_type'] === 'video') {
            echo "<br><video controls style='max-width:300px'><source src='" . htmlspecialchars($path) . "'></video><br>";
        }
    }

    // ✅ Mark incoming messages as read
    if (
        ($row['sent_by'] === 'support' && $viewing_as === 'user') ||
        ($row['sent_by'] === 'user' && $viewing_as === 'support')
    ) {
        if ($row['is_read'] == 0) {
            $stmt3 = $conn->prepare("UPDATE messages SET is_read = 1 WHERE id = ?");
            $stmt3->bind_param("i", $msg_id);
            $stmt3->execute();
        }
    }
}
?>

Выполнить команду