Software: Apache/2.2.3 (CentOS). PHP/5.1.6 uname -a: Linux mx-ll-110-164-51-230.static.3bb.co.th 2.6.18-194.el5PAE #1 SMP Fri Apr 2 15:37:44 uid=48(apache) gid=48(apache) groups=48(apache) Safe-mode: OFF (not secure) /var/www/html/intranet/ drwxrwxrwx | |
| Viewing file: Select action/file-type: <?
session_start();
include_once('config.php');
// Check From Logout Page
if ($status == "logout") {
header("Location: login.php");
session_destroy();
$status = "logout";
}
else {
// Trim input box
$txtUser = trim($txtUser);
$txtPwd = trim($txtPwd);
connDB();
$sql = "select * from person where uid = '$txtUser'";
$rs = mysql_query($sql);
if (mysql_num_rows($rs) > 0) {
$row = mysql_fetch_array($rs);
$password = $row[password];
$gid = $row[gid];
$pwdCrypt = crypt($txtPwd, $password);
mysql_free_result($rs); // free user result
if ($password == $pwdCrypt) {
/******************************************************************************************************
*** Session Regist and Redirect to user page
******************************************************************************************************/
$_SESSION['gid'] = $gid;
$_SESSION['login'] = "True";
print "Redirect to ...";
switch ($gid) {
case 1:
header("Location: main.php?user=$row[uid]");
break;
case 2:
header("Location: home.php?user=$row[uid]");
break;
case 3:
header("Location: guest.php");
break;
default:
msgbox_loc("ไม่พบกลุ่มผู้ใช้นี้ในระบบ","login.php");
session_destroy();
}
}
else {
msgbox_loc("รหัสผ่านไม่ถูกเข้าระบบได้","login.php");
session_destroy();
}
}
else {
msgbox_loc("ไม่สามารถเข้าระบบได้","login.php");
session_destroy();
}
} // end if check logout page
?>
|
:: Command execute :: | |
:: Shadow's tricks :D :: | |
Useful Commands
|
|
:: Preddy's tricks :D :: | |
Php Safe-Mode Bypass (Read Files)
|
|
--[ c999shell v. 1.0 pre-release build #16 Modded by Shadow & Preddy | RootShell Security Group | r57 c99 shell | Generation time: 0.005 ]-- |