PHP WebShell

• .. (вверх)
• [DIR] ..
• [FILE] actions_post.php
• [FILE] index.php
• [FILE] update_note.php

Просмотр файла: actions_post.php

<?php
// backyard/models/transactions/actions_post.php
declare(strict_types=1);
header('Content-Type: application/json; charset=utf-8');
ob_start(); error_reporting(0);

function out($data, int $code=200){
  http_response_code($code);
  $buf = ob_get_clean(); if($buf){ $data['_diag']=substr($buf,0,400); }
  echo json_encode($data); exit;
}

try{
  $dbPath = __DIR__.'/../../config/db_config.php';
  if(!file_exists($dbPath)) out(['success'=>false,'message'=>'DB config missing'],500);
  include_once $dbPath;
  if(!isset($conn) || !($conn instanceof mysqli)) out(['success'=>false,'message'=>'No DB'],500);

  $raw = file_get_contents('php://input');
  $p = json_decode($raw,true) ?: [];

  $action = strtolower(trim((string)($p['action'] ?? '')));
  $id     = (int)($p['trans_id'] ?? 0);
  $note   = trim((string)($p['note'] ?? ''));

  if(!in_array($action,['mark_applied','update_note'],true)) out(['success'=>false,'message'=>'Bad action'],400);
  if($id<=0) out(['success'=>false,'message'=>'Invalid trans_id'],400);

  if($action==='mark_applied'){
    // Idempotent: set applied=1 and status='completed' if not already
    $q = "UPDATE transactions SET applied=1, status='completed', updated_at=NOW() WHERE trans_id={$id} LIMIT 1";
    if(!mysqli_query($conn,$q)) out(['success'=>false,'message'=>'Failed to mark applied'],500);
    out(['success'=>true]);
  }

  if($action==='update_note'){
    $qs = mysqli_real_escape_string($conn, $note);
    $q = "UPDATE transactions SET note='{$qs}', updated_at=NOW() WHERE trans_id={$id} LIMIT 1";
    if(!mysqli_query($conn,$q)) out(['success'=>false,'message'=>'Failed to save note'],500);
    out(['success'=>true]);
  }

}catch(Throwable $e){ out(['success'=>false,'message'=>'Server error: '.$e->getMessage()],500); }

Выполнить команду