HEX
Server: LiteSpeed
System: Linux php-prod-3.spaceapp.ru 5.15.0-151-generic #161-Ubuntu SMP Tue Jul 22 14:25:40 UTC 2025 x86_64
User: xnsbl7462 (1008)
PHP: 7.4.33
Disabled: pcntl_alarm,pcntl_fork,pcntl_waitpid,pcntl_wait,pcntl_wifexited,pcntl_wifstopped,pcntl_wifsignaled,pcntl_wifcontinued,pcntl_wexitstatus,pcntl_wtermsig,pcntl_wstopsig,pcntl_signal,pcntl_signal_get_handler,pcntl_signal_dispatch,pcntl_get_last_error,pcntl_strerror,pcntl_sigprocmask,pcntl_sigwaitinfo,pcntl_sigtimedwait,pcntl_exec,pcntl_getpriority,pcntl_setpriority,pcntl_async_signals,pcntl_unshare,
$ pwd: /home/retile.ru/public_html/
Upload Files
File: /home/retile.ru/public_html/post_two.php
<?php

require $_SERVER['DOCUMENT_ROOT'].'/config.php';
require_once(DIR_SYSTEM . 'library/db/mysqli.php');
require_once(DIR_SYSTEM . 'library/db.php');

// Upload
$allowed = array('png', 'jpg', 'gif', 'svg', 'zip', 'txt', 'doc', 'docx', 'cdr', 'ai','eps');
if(isset($_FILES['upl']) && $_FILES['upl']['error'] == 0){
	$extension = pathinfo($_FILES['upl']['name'], PATHINFO_EXTENSION);
	if(!in_array(strtolower($extension), $allowed)){
		echo '{"status":"error"}';
		exit;
	}
	if(move_uploaded_file($_FILES['upl']['tmp_name'], 'uploads/'.$_FILES['upl']['name'])){
		echo '{"status":"success"}';
		exit;
	}
}
/*
$db = new DB(DB_DRIVER, DB_HOSTNAME, DB_USERNAME, DB_PASSWORD, DB_DATABASE);

$obTbPhn = $db->query("SELECT COUNT(*) AS `count` FROM `feedback_list` WHERE `date`='" . date("Y-m-d") . "' AND `phone`='".trim($_POST['Телефон'])."'");

if ($obTbPhn->row['count'] == '0') {
    $nosend = false;
    $db->query("INSERT INTO `feedback_list` (`phone`, `date`) VALUES ('".trim($_POST['Телефон'])."', '" . date("Y-m-d") . "')");
} else {
    $nosend = true;
}

if($nosend) {
    echo 'Не пройдена валидация запроса!';
    exit;
}
*/


$string = file_get_contents('php://input');

$arPost = explode('&', $string);
foreach($arPost as $k => $aPost) {
    $arPost[$k] = urldecode($aPost);
    [$key, $value] = explode('=', $arPost[$k]);

    if(empty($_POST[$key])) {
        $_POST[$key] = $value;
    }
}

// Registry
$registry = new Registry();

$event = new Event($registry);
$registry->set('event', $event);

$config = new Config();
$config->load('default');
$registry->set('config', $config);

$load = new Loader($registry);
$registry->set('load', $load);

// Database
if ($config->get('db_autostart')) {
    $registry->set('db', new DB($config->get('db_engine'), $config->get('db_hostname'), $config->get('db_username'), $config->get('db_password'), $config->get('db_database'), $config->get('db_port')));
}

// Session
$session = new Session($config->get('session_engine'), $registry);
$registry->set('session', $session);

// Language
$language = new Language($config->get('language_directory'));
$registry->set('language', $language);

if ($config->get('session_autostart')) {

    if (isset($_COOKIE[$config->get('session_name')])) {
        $session_id = $_COOKIE[$config->get('session_name')];
    } else {
        $session_id = '';
    }

    $session->start($session_id);

    setcookie($config->get('session_name'), $session->getId(), ini_get('session.cookie_lifetime'), ini_get('session.cookie_path'), ini_get('session.cookie_domain'));
}

$captcha = $load->controller('extension/captcha/basic/validate');

if ($captcha) {
    $json['error']['captcha'] = $captcha;
    exit;
}

// Mail
// Если скрытое поле заполнено
if ($_POST['phone']!=''){
  die('BOTS!');
}
else{
    unset($_POST['name'], $_POST['captcha'], $_POST['Политика принята']);
  // Обработка формы
function send_mime_mail($name_from, // имя отправителя
$email_from, // email отправителя
$name_to, // имя получателя
$email_to, // email получателя
$data_charset, // кодировка переданных данных
$send_charset, // кодировка письма
$subject, // тема письма
$body // текст письма
) 
{
$to = mime_header_encode($name_to, $data_charset, $send_charset)
. ' <' . $email_to . '>';
$subject = mime_header_encode($subject, $data_charset, $send_charset);
$from = mime_header_encode($name_from, $data_charset, $send_charset)
.' <' . $email_from . '>';
if($data_charset != $send_charset) {
$body = iconv($data_charset, $send_charset, $body);
}
$headers = "From: $from\r\n";
$headers .= "Content-type:text/html; charset=$send_charset\r\n";
return mail($to, $subject, $body, $headers);
}
////////////////////////////////////////////
function mime_header_encode($str, $data_charset, $send_charset) {
if($data_charset != $send_charset) {
$str = iconv($data_charset, $send_charset, $str);
}
return '=?' . $send_charset . '?B?' . base64_encode($str) . '?=';
}
//////////////////////////////////////
$i=0;
while (list($cle, $val)=each($_POST)){
    $key[$i]=$cle;
    $value[$i]=$val;
    $i++;
 }
$message = "";
for ($i=0;$i<count($key);$i++)  
$message .= "<strong>". $key[$i].": </strong>".$value[$i]."<p />";

if(send_mime_mail('Коммерческое предложение',
'admin@retile.ru',
"ADMIN",
"info@retile.ru",
'UTF-8',
'KOI8-R',
'Коммерческое предложение с сайта retile.ru',
$message)==true)

{
echo '';
}
else
echo '';
exit;
}
?>
@ Telegram