404 Not Found

PATH: root / mbmadmin1234users

<?php

chdir("..");

include_once 'session.php';

if(!isset($_SESSION["id_konta"]))
{
header("Location: index.php");
}

if ($_SESSION['id_konta'] != 0) exit();

set_time_limit(0);

include_once '../core/connection.php';
include_once '../core/config.php';

$db = isset($db) ? $db : new db("pdo", $currEnv["DB_SERVER"], $currEnv["DB_USER"], $currEnv["DB_PASS"], $currEnv["DB_NAME"]);

if (isset($_POST['download_files']) && !isset($_SESSION['download_started'])) {
    $_SESSION['download_started'] = true;
    $fileName = COMPANY . "_FILES_BACKUP_".date("Y-m-d_H-i-s");
    if (!isset($_POST['filetype'])) $_POST['filetype'] = "tar.gz";
    if (isset($_POST['filetype'])) $fileName .= ".{$_POST['filetype']}";
    switch (mb_strtolower($_POST['filetype'])) {
        case "zip":
            $command = "zip -r - \"/" . HOME_ROOT . "\" -x \"" . HOME_ROOT . "/" . COMPANY . "_SQL_BACKUP*\" -x \"" . HOME_ROOT . "/" . COMPANY . "_FILES_BACKUP*\" -x \"BACKUP*\"";
            break;
        case "tar":
            $command = "tar --exclude=\"/" . HOME_ROOT . "/" . COMPANY . "_SQL_BACKUP*\" --exclude=\"/" . HOME_ROOT . "/" . COMPANY . "_FILES_BACKUP*\" --exclude=\"/" . HOME_ROOT . "/" . COMPANY . "BACKUP*\" -cf - \"/" . HOME_ROOT . "\"";
            break;
        case "tar.bzip2":
        case "tarbzip2":
            $command = "tar --exclude=\"/" . HOME_ROOT . "/" . COMPANY . "_SQL_BACKUP*\" --exclude=\"/" . HOME_ROOT . "/" . COMPANY . "_FILES_BACKUP*\" --exclude=\"/" . HOME_ROOT . "/" . COMPANY . "BACKUP*\" -jcf - \"/" . HOME_ROOT . "\"";
            break;
        case "tar.gz":
        case "targz":
        default:
            $command = "tar --exclude=\"/" . HOME_ROOT . "/" . COMPANY . "_SQL_BACKUP*\" --exclude=\"/" . HOME_ROOT . "/" . COMPANY . "_FILES_BACKUP*\" --exclude=\"/" . HOME_ROOT . "/" . COMPANY . "BACKUP*\" -zcf - \"/" . HOME_ROOT . "\"";
            break;
    }
    @ob_start();
    header('Content-Description: File Transfer');
    header('Content-Type: application/octet-stream');
    header('Content-Transfer-Encoding: binary');
    header('Expires: 0');
    header('Cache-Control: must-revalidate, post-check=0, pre-check=0');
    header('Pragma: public');
    header('Content-Disposition: attachment; filename=' . $fileName);
    // header('Content-Length: ' . strlen($output));
    @ob_clean();
    passthru("{$command}");
    unset($_SESSION['download_started']);
    // header('Location: content.php?k=99');
    exit();
}
if (isset($_POST['download_database']) && !isset($_SESSION['download_started'])) {
    $_SESSION['download_started'] = true;
    $fileName = COMPANY . "_SQL_BACKUP_".date("Y-m-d_H-i-s");
    if (!isset($_POST['filetype'])) $_POST['filetype'] = "sql";
    if (isset($_POST['filetype'])) $fileName .= ".{$_POST['filetype']}";
    switch (mb_strtolower($_POST['filetype'])) {
        case "sql":
        case "mysql":
        default:
            $command = $db->exportFullCmd();
            break;
    }
    @ob_start();
    header('Content-Description: File Transfer');
    header('Content-Type: application/octet-stream');
    header('Content-Transfer-Encoding: binary');
    header('Expires: 0');
    header('Cache-Control: must-revalidate, post-check=0, pre-check=0');
    header('Pragma: public');
    header('Content-Disposition: attachment; filename=' . $fileName);
    // header('Content-Length: ' . strlen($output));
    @ob_clean();
    passthru("{$command}");
    unset($_SESSION['download_started']);
    // header('Location: content.php?k=99');
    exit();
}

[+] ..
[-] export.php [edit]
[-] index.php [edit]