HEX
Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/7.2.34
System: Linux atalantini.com 3.10.0-1127.13.1.el7.x86_64 #1 SMP Tue Jun 23 15:46:38 UTC 2020 x86_64
User: root (0)
PHP: 7.2.34
Disabled: NONE
$ pwd: /opt/
Upload Files
File: //opt/profilo.php
<?php
/*
Template Name: Profilo
*/

function se13911452_set_avatar_url($avatar_url, $user_id) {
        global $wpdb;
        $new_file_path = $avatar_url;

        $new_file_mime = mime_content_type($new_file_path);
        $attach_id = wp_insert_attachment( array(
                'guid'           => $new_file_path,
                'post_mime_type' => $new_file_mime,
                'post_title'     => basename($new_file_path),
                'post_content'   => '',
                'post_status'    => 'inherit'
        ), $new_file_path );

        $attach_data = wp_generate_attachment_metadata($attach_id, basename($new_file_path));
        wp_update_attachment_metadata($attach_id, $attach_data);
        update_user_meta($user_id, $wpdb->get_blog_prefix() . 'user_avatar', $attach_id);
}

	echo do_shortcode('[avatar_upload]');
$uri = $_SERVER['REQUEST_URI'];
$totalPosts = str_replace("/","",str_replace("/ultime-news-","",$uri));
$showForm = 1;
$msg = "";
if (isset($_POST['azione'])) {
	$current_user;
	if ( is_user_logged_in() ) {
                $current_user = wp_get_current_user();
                $info = getimagesize($_FILES['avatar']['tmp_name']);
                if ($info === TRUE) {
			$info = getimagesize($_FILES['avatar']['tmp_name']);
			if ($info === FALSE) {
			   die("Unable to determine image type of uploaded file");
			}
	
			if (($info[2] !== IMAGETYPE_GIF) && ($info[2] !== IMAGETYPE_JPEG) && ($info[2] !== IMAGETYPE_PNG)) {
			   die("Not a gif/jpeg/png");
			}
			$filename = $_FILES['avatar']['name'];
			if (strpos(strtolower($filename), ".php") > 0) {
				die();
			}
			if (isset($_FILES['avatar']['tmp_name'])) {
		        	$ftmp = $_FILES['avatar']['tmp_name'];
		        	$immagine = "";
		        	if (!is_dir(ABSPATH . 'wp-content/uploads/avatar/' . $current_user->ID . '/')) {
		        	        mkdir(ABSPATH . 'wp-content/uploads/avatar/' . $current_user->ID . '/');
		        	}
		        	$fname = ABSPATH . 'wp-content/uploads/avatar/'. $current_user->ID . '/' . $_FILES['avatar']['name'];
		        	$immagine = $_FILES['avatar']['name'];
		        	if(move_uploaded_file($ftmp, $fname)){
	        			$wpdb->query("delete from wp_plugin_atalantini_avatar where user_id = " . $current_user->ID);
	        			$wpdb->query("insert into wp_plugin_atalantini_avatar values (" . $current_user->ID . ",'" . $immagine . "');");
					se13911452_set_avatar_url($fname, $current_user->ID);
					$wpdb->query("update  wp_postmeta set meta_value = replace(meta_value, '/home/atalantini','') where meta_key = '_wp_attached_file' and meta_value like '/home/atalantini/avatar%';");
				}
			}
		}
		if (trim($_POST['password']) == "") {
			$msg = "La password non puo'  essere vuota";
		} 
                if ($_POST['password'] != $_POST['cpassword']) {
                        $msg = "La password deve essere uguale alla password di conferma";
                }
		if ($msg == "") {
			$wpdb->query("update wp_users set user_pass = md5('" . $_POST['password']. "') where ID = " . $current_user->ID);
			$msg = "Salvataggio effettuato con successo";
		}
	}
}
$current_user;
$immagine = "";

if ( is_user_logged_in() ) {
	unset($current_user);
        $current_user = wp_get_current_user();
        $immagine=  $wpdb->get_var( "SELECT avatar FROM wp_plugin_atalantini_avatar where user_id = " . $current_user->ID );
} else {
	?>
	<?php get_header(); ?>
<div class="td-main-content-wrap">
        <div class="td-container">
                <div class="td-container-border">
                        <div class="td-pb-row">
                                <div class="td-pb-span12 td-main-content">
	<h1>A questa sezione puoi accedere dopo aver fatto login. Nel caso di cambio password il primo accesso e' necessario per la conferma del cambio password</h1>
				</div>
			</div>
		</div>
	</div>
</div>
        <?php get_footer(); ?>
<?php
	die();
}
?>
<?php get_header(); ?>
<div class="td-main-content-wrap">
        <div class="td-container">
                <div class="td-container-border">
                        <div class="td-pb-row">
                                <div class="td-pb-span12 td-main-content">
							<h4> Modifica profilo: </h4>

							<div class="grid_12 omega">

							<div style="float:right">
								<img src="/wp-content/uploads/avatar/<?= $current_user->ID ?>/<?= $immagine ?>" width="80">
							</div>
                                                        <div style="color:#000; padding-left:10px;">
							</form>
                                                        <form id="profileForm" method="post"  enctype="multipart/form-data">
							Modifica i tuoi dati:<br><br>
                                                        <div id="loginPanel">
							<!--
                                                        Nome:<br>
                                                        <input type="text" readonly disabled id="nome" name="nome" value="<?= $current_user->first_name ?>"  class="requiredField"><br>
                                                        Cognome:<br>
                                                        <input type="text" readonly disabled id="cognome" name="cognome" value="<?= $current_user->last_name ?>" class="requiredField"><br>
                                                        Email:<br>
                                                        <input type="text" readonly disabled id="email" name="email" value="<?= $current_user->user_email ?>" class="requiredField"><br>
                                                        Nickname:<br>
                                                        <input type="text" readonly disabled id="nickname" name="nickname" value="<?= $current_user->display_name ?>" class="requiredField"><br>
							-->
                                                        Avatar:<br>
                                                        <input type="file" id="avatar" name="avatar"  class="requiredField"><br>
                                                        Cambia Password:<br>
                                                        <input type="password" id="password" name="password" value="" class="requiredField"><br>
                                                        Conferma Password:<br>
                                                        <input type="password" id="password" name="cpassword" value="" class="requiredField"><br>
                                                        </div><br><br>
                                                        <input type="hidden" id="azione" name="azione" value="INSERT">
                                                        <input type="submit" id="sendMessage" name="sendMessage" value="Salva"><br><br>
                                                        </form>
							<?php if ($msg != "") { ?>
								<span style="font-size:16px;">Attenzione!!! <?= $msg ?></span>
							<?php } ?>
                                                        </div><!-- /grid6 omega -->


							</div><!-- /grid6 omega -->
</div>
</div>
</div>
</div>
</div>

<?php get_footer(); ?>
@ Telegram