[ SEA-GHOST MINI SHELL]

Path : /var/www/dinnerapp/PHP/
FILE UPLOADER :
Current File : /var/www/dinnerapp/PHP/main.php

<?php
error_reporting(E_ERROR);
Include "DatabaseInfo.php";
include_once "js.php";
//Include the multiWordArray, explodeArray, and injectionArray

Include "Arrays.php";



//connect to the MySQL server using variables stored in DatabaseInfo

$LinkID = mysqli_connect($hostName, $login, $pswd, $database);

// Die if no connect

if (!$LinkID) {

    die('Could not connect: ' . mysql_error());

}



//if the user has input search parameters

if (isset($_POST[inputSearch])) {

    //store the input in a string

    $inputSearch = $_POST[inputSearch];

    //clean the string to avoid malicious content

    $cleanInputSearch = strtolower(stripslashes(htmlspecialchars(strip_tags(trim($inputSearch)))));

}


if (!$cleanInputSearch == "") {


//explodes the user input into an array for searching against database

    $searchArray = array_filter(multiexplode($explodeArray, $cleanInputSearch));


//If the user input is not in the list of malicious SQL injection array move on to DB query

    if (!in_array(strtoupper($searchArray), $injectionArray)) {


        //Check to see if the user meant to input a multiple word string

        $searchArray = multiWordCheck($searchArray, $multiWordArray);


        //initialize the where clause to an empty string

        $whereClause = "";


        //create a new line for the where clause based upon each user input ingredient

        foreach ($searchArray as $key => $value) {

            $whereClause .= "AND (SELECT ingredient_id

						FROM ingredients

						WHERE ingredient_name like '" . $value . "')

						IN (SELECT ingredient_id

						FROM link link2

						WHERE link1.recipe_id = link2.recipe_id)";

        }

        //the total query used to search the database

        $query = "SELECT distinct recipe_image, recipe_link

				  FROM recipes, link link1

				  WHERE recipes.recipe_id = link1.recipe_id

				  " . $whereClause;

        //Store the results of the query
        $result = mysqli_query($LinkID, $query);


        $index = 0;

        $array = array();

        //An array of the output from the SQL query
        if ($result != null && mysqli_num_rows($result) != 0) {
            while ($row = mysqli_fetch_array($result, MYSQLI_NUM)) {

                $array[$index] = $row;

                $index++;

            }

            //frees up the result variable

            mysqli_free_result($result);


            //close connection to the database

            mysqli_close($LinkID);


            //Variable to store the amount of items in the array

            $max = count($array);


            //for loop to find output variables for displaying recipe card and link to recipe

            for ($i = 0; $i < $max; $i++) {

                $j = 0;

                $getImage = $array[$i][$j];

                $j = 1;

                $getLink = $array[$i][$j];


                //Send out the recipe card and link to the webpage

                echo "<a href=" . $getLink . " class='nyroModal'><img src=" . $getImage . "></a>";

            }

        } else {
            echo "<a href='http://www.dinnerapp.ca'><img src='images/noresults.png'></a>";
        }
    } //Echos an error message if the user input malicious SQL injection phrases

    else {
        echo "Malcious Input Detected!! We have alerted your local authorities";
    }
}
?>

SEA-GHOST - SHELL CODING BY SEA-GHOST