0){ while($row = mysqli_fetch_array($result)){ if ($row["ban"] == 1){ die(header("location:oops.php")); } } } } if (!empty($_SERVER['HTTP_CLIENT_IP'])) { $ip = $_SERVER['HTTP_CLIENT_IP']; } elseif (!empty($_SERVER['HTTP_X_FORWARDED_FOR'])) { $ip = $_SERVER['HTTP_X_FORWARDED_FOR']; } else { $ip = $_SERVER['REMOTE_ADDR']; } $ifip = "SELECT ipvalidate FROM users WHERE username = '".$_SESSION["username"]."'"; if($result = mysqli_query($db, $ifip)){ if(mysqli_num_rows($result) > 0){ while($row = mysqli_fetch_array($result)){ if ($row["ipvalidate"] != $ip){ die(header("location:oh!.php")); } } } } if(!isset($_GET["payload"])){ die(header("location:dashboard.php")); } $idpay = $_GET["payload"]; if(isset($_POST["editpayload"])){ if (!empty($_POST["nompay"] and $_POST["cate"] and $_POST["contenup"])){ $sqld = "SELECT * FROM payloadscate WHERE name = '".$_POST["cate"]."'"; if($resultd = mysqli_query($db, $sqld)){ if(mysqli_num_rows($resultd) > 0){ $stmt = $db->prepare("UPDATE payloads SET name = ?, category = ?, content = ? WHERE id = '". $idpay ."'"); $stmt->bind_param("sss", $name, $category, $content); $name = htmlspecialchars($_POST["nompay"]); $category = htmlspecialchars($_POST["cate"]); $content = $_POST["contenup"]; if(mysqli_stmt_execute($stmt)){ setlocale (LC_TIME, 'fr_FR.utf8','fra'); $stmtl = $db->prepare("INSERT INTO logs (comment, heure, rank, status) VALUES (?, ?, ?, ?)"); $stmtl->bind_param("ssss", $comment, $heure, $rank, $status); $comment = "Payload édité : ".$_POST["cate"]." par : ".$_SESSION["username"]."."; $heure = strftime('%d %B %Y à %H:%M',strtotime("+6 hours")); $rank = "1"; $status = "warning"; $stmtl->execute(); $stmtl->close(); $_POST['success'] = 'Payload édité avec succès.'; $stmt->close(); }else{ $_POST['error'] = 'Une erreur est survenue. Contactez un administrateur.'; } }else{ $_POST['error'] = 'Catégorie inéxistante.'; } }else{ $_POST['error'] = 'Une erreur est survenue. Contactez un administrateur.'; } }else{ $_POST['error'] = 'Un des champs est manquant.'; } } if(isset($_POST["deletepayload"])){ $stmt = $db->prepare("DELETE FROM payloads WHERE id = ?"); $stmt->bind_param("s", $id); $id = $idpay; if(mysqli_stmt_execute($stmt)){ $stmt->close(); header("Location: payloads.php"); }else{ $_POST['error'] = 'Une erreur est survenue. Contactez un administrateur.'; } } $getaccess = "SELECT * FROM users WHERE username = '".$_SESSION["username"]."'"; if($result = mysqli_query($db, $getaccess)){ if(mysqli_num_rows($result) > 0){ while($row = mysqli_fetch_array($result)){ if ($row["rank"] == 2){ }else{ $ifaccess = "SELECT token FROM payloads WHERE token = '".$row["token"]."' AND id = $idpay"; if($resultd = mysqli_query($db, $ifaccess)){ if(mysqli_num_rows($resultd) > 0){ }else{ setlocale (LC_TIME, 'fr_FR.utf8','fra'); $stmt = $db->prepare("INSERT INTO logs (comment, heure, rank, status) VALUES (?, ?, ?, ?)"); $stmt->bind_param("ssss", $comment, $heure, $rank, $status); $comment = $_SESSION["username"]." a tenté d'accéder à un payload dont il ne disposait pas l'accès."; $heure = strftime('%d %B %Y à %H:%M',strtotime("+6 hours")); $rank = "2"; $status = "error"; $stmt->execute(); $stmt->close(); die("Bien essayé, les administrateurs ont été prévenu de votre présence sur une page dont vous ne disposez pas l'accès."); } } } } } } $idp = $db->real_escape_string($idpay); $check = "SELECT * FROM users WHERE username = '".$_SESSION["username"]."'"; if($resultc = mysqli_query($db, $check)){ if(mysqli_num_rows($resultc) > 0){ while($rowa = mysqli_fetch_array($resultc)){ if($rowa["rank"] == 1){ $sql = "SELECT * FROM payloads WHERE id = $idp AND token = '".$rowa["token"]."'"; }else{ $sql = "SELECT * FROM payloads WHERE id = $idp"; } if($result = mysqli_query($db, $sql)){ if(mysqli_num_rows($result) > 0){ while($row = mysqli_fetch_array($result)){ ?> Modification payload

Payload

Editer le payload

">
">