PHP WebShell

• .. (вверх)
• [DIR] ..
• [FILE] chat.php
• [FILE] fetch_messages.php
• [FILE] fetch_unread_users.php
• [FILE] send_message.php
• [FILE] support_panel.php
• [FILE] unread_chats.php

Просмотр файла: send_message.php

<?php
include '../config.php';

$user_id = 1;
$sent_by = $_POST['sent_by'] ?? 'user';
$message = trim($_POST['message'] ?? '');
$message_id = null;
$log_file = __DIR__ . '/../upload_debug.log';

// Insert text message if provided
if ($message !== '') {
    $stmt = $conn->prepare("INSERT INTO messages (user_id, message, sent_by, timestamp, is_read) VALUES (?, ?, ?, NOW(), 0)");
    $stmt->bind_param("iss", $user_id, $message, $sent_by);
    if ($stmt->execute()) {
        $message_id = $stmt->insert_id;
    }
}

// File upload logic
if (!empty($_FILES['files']['name'][0])) {
    $year = date('Y');
    $month = date('m');
    $relative_path = "/uploads/$year/$month/";
    $upload_dir = realpath(__DIR__ . '/../') . "/$relative_path";

    // Create directory if not exists
    if (!is_dir($upload_dir)) {
        if (!mkdir($upload_dir, 0777, true)) {
            error_log("❌ mkdir failed: $upload_dir\n", 3, $log_file);
            echo json_encode(['status' => 'error', 'message' => 'Folder creation failed']);
            exit;
        }
    }

    foreach ($_FILES['files']['tmp_name'] as $index => $tmp_name) {
        if (!is_uploaded_file($tmp_name)) {
            error_log("⛔ Not a valid upload: $tmp_name\n", 3, $log_file);
            continue;
        }

        $original = basename($_FILES['files']['name'][$index]);
        $ext = pathinfo($original, PATHINFO_EXTENSION);
        $file_type = mime_content_type($tmp_name);
        $kind = (str_starts_with($file_type, 'image')) ? 'image' :
                ((str_starts_with($file_type, 'video')) ? 'video' : 'other');

        $new_name = uniqid("chat_") . '.' . $ext;
        $full_path = $upload_dir . $new_name;

        error_log("Attempting upload: $tmp_name → $full_path\n", 3, $log_file);

        if (!move_uploaded_file($tmp_name, $full_path)) {
            error_log("❌ move_uploaded_file FAILED\n", 3, $log_file);
            error_log("TMP Exists: " . (file_exists($tmp_name) ? "yes" : "no") . "\n", 3, $log_file);
            error_log("DIR Writable: " . (is_writable($upload_dir) ? "yes" : "no") . "\n", 3, $log_file);
            error_log("File Type: $file_type | Kind: $kind | New Name: $new_name\n", 3, $log_file);
        } else {
            // Insert message if not already done
            if (!$message_id) {
                $stmt = $conn->prepare("INSERT INTO messages (user_id, message, sent_by, timestamp, is_read) VALUES (?, '', ?, NOW(), 0)");
                $stmt->bind_param("is", $user_id, $sent_by);
                if ($stmt->execute()) {
                    $message_id = $stmt->insert_id;
                }
            }

            // Save relative path for DB
            $db_path = "$year/$month/$new_name";
            $stmt2 = $conn->prepare("INSERT INTO attachments (message_id, file_path, file_type) VALUES (?, ?, ?)");
            $stmt2->bind_param("iss", $message_id, $db_path, $kind);
            $stmt2->execute();

            error_log("✅ File uploaded successfully: $db_path\n", 3, $log_file);
        }
    }
}

echo json_encode(['status' => 'success']);

Выполнить команду