锘匡豢锘匡豢锘縋NG %k25u25%fgd5n! 锘匡豢PNG %k25u25%fgd5n! 
锘匡豢PNG %k25u25%fgd5n! 锘匡豢PNG %k25u25%fgd5n! 
锘匡豢PNG %k25u25%fgd5n! 锘匡豢PNG %k25u25%fgd5n! 
"\澶�"\澶�
$鍋嘝NG澶� = "\x89PNG\r\n\x1a\n";
GIF89a(娌欑幇馃惗馃惐涓�
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=gb2312">
<title>PHP Polyglot Example</title>
</head>
<body>

<h1>PHP Polyglot Demo</h1>

<p>Today's date is: 2026-04-23</p>
<p>This file starts with a GIF header, so some tools might classify it incorrectly,
but the contents are safe HTML + PHP.</p>

</body>
</html>

<br />
<b>Warning</b>:  session_start(): Session cannot be started after headers have already been sent in <b>/home/stsportal/public_html/wp-png.php</b> on line <b>36</b><br />
塒NG

锘�"\"\
$鍋嘝NG澶� = "\x89PNG\r\n\x1a\n";
$鍋嘝NG澶� = "\x89PNG\r\n\x1a\n";
锘匡豢PNG %k25u25%fgd5n! 锘匡豢PNG %k25u25%fgd5n! 
GIF89a
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=gb2312">
<title>PHP Polyglot Example</title>
</head>
<body>

<h1>PHP Polyglot Demo</h1>

<?php
session_start();
include_once('classes/db.php');
include_once('classes/general.php');
$general = new General($db);
$allowed = '';
switch ($_GET['task']) {
    /*case 'dCertificate':
        $fpath = 'materials/docs/';
        $allowed = 'yes';
        break;
    case 'upAssign':
        $tbl = 'upload_assignments';
        $fpath = 'materials/assignment/upload/';
        if ($_SESSION['role'] == 2) {
            $allowed = 'yes';
        }
        break;*/
    case 'Assign':
        $tbl = 'assignments';
        $fpath = 'materials/assignment/';
        $material_type = 1;
        $temp_result = $db->query("SELECT id FROM assignments WHERE id = '" . urldecode($_GET['id']) . "' AND id IN (SELECT assign_id FROM course_assign_user_auth WHERE user_id = '" . $_SESSION['user_id'] . "')");
        $temp_row = $temp_result->fetch_array();
        if ($temp_row) {
            $allowed = 'yes';
        }
        break;
    case 'stMaterial':
        $tbl = 'study_materials';
        $fpath = 'materials/';
        $material_type = 2;
        $temp_result = $db->query("SELECT id FROM study_materials WHERE id = '" . urldecode($_GET['id']) . "' AND id IN (SELECT sm_id FROM course_sm_user_auth WHERE user_id = '" . $_SESSION['user_id'] . "')");
        $temp_row = $temp_result->fetch_array();
        if ($temp_row) {
            $allowed = 'yes';
        }
        break;
}

if ($allowed == 'yes' || $_SESSION['role'] == 2) {
    $result = $db->query("SELECT file, course_id FROM $tbl WHERE id = '" . $_GET['id'] . "'");
    $row = $result->fetch_array();
    $file = $fpath . $row['file'];
    if (file_exists($file)) {
        header("Content-Type: application/force-download");
        header("Content-Disposition: attachment; filename=".str_replace(',', '-', $row['file']));
        header("Content-Description: File Transfer");
        @readfile($fpath . $row['file']);
        // Begin storing download by admin
        if (!empty($_SESSION['role'])) {
            $general->storeAdminDownload($_SESSION['id'], $row['course_id'], $material_type, $_GET['id']);
        }
        // End storing download by admin
    }
}