PHP WebShell

Текущая директория: /var/www/bitcardoApp/backyard/models/transactions

Просмотр файла: update_note.php

<?php
// backyard/models/transactions/update_note.php
declare(strict_types=1);
header('Content-Type: application/json; charset=utf-8');
ob_start(); ini_set('display_errors','0'); error_reporting(E_ALL);

function out($data, int $code=200){
  http_response_code($code);
  $buf = ob_get_clean();
  if ($buf) $data['_diag'] = substr($buf, 0, 500);
  echo json_encode($data);
  exit;
}

try {
  if ($_SERVER['REQUEST_METHOD'] !== 'POST') {
    out(['success'=>false,'message'=>'Method not allowed'], 405);
  }

  // DB
  $dbPath = __DIR__ . '/../../config/db_config.php';
  if (!file_exists($dbPath)) out(['success'=>false,'message'=>'DB config missing'], 500);
  include_once $dbPath;
  if (!isset($conn) || !($conn instanceof mysqli)) out(['success'=>false,'message'=>'DB connection unavailable'], 500);

  // Accept JSON or form
  $raw = file_get_contents('php://input');
  $data = json_decode($raw, true);
  if (!is_array($data)) $data = $_POST;

  $trans_id = isset($data['trans_id']) ? (int)$data['trans_id'] : 0;
  $note     = isset($data['note']) ? trim((string)$data['note']) : '';

  if ($trans_id <= 0) out(['success'=>false,'message'=>'Invalid transaction id'], 400);

  $note_sql = mysqli_real_escape_string($conn, $note);
  $q = "UPDATE transactions SET note='{$note_sql}', updated_at=NOW() WHERE trans_id={$trans_id} LIMIT 1";
  if (!mysqli_query($conn, $q)) {
    out(['success'=>false,'message'=>'Failed to update note'], 500);
  }

  out(['success'=>true, 'trans_id'=>$trans_id, 'note'=>$note]);
} catch (Throwable $e) {
  out(['success'=>false,'message'=>'Server error','_err'=>substr($e->getMessage(),0,200)], 500);
}

Выполнить команду

Для локальной разработки. Не используйте в интернете!