!c99Shell v. 1.0 pre-release build #16!

Software: Apache/2.2.3 (CentOS). PHP/5.1.6 

uname -a: Linux mx-ll-110-164-51-230.static.3bb.co.th 2.6.18-194.el5PAE #1 SMP Fri Apr 2 15:37:44
EDT 2010 i686
 

uid=48(apache) gid=48(apache) groups=48(apache) 

Safe-mode: OFF (not secure)

/var/www/html/mis/application/controllers/eregis/   drwxr-xr-x
Free 50.99 GB of 127.8 GB (39.9%)
Home    Back    Forward    UPDIR    Refresh    Search    Buffer    Encoder    Tools    Proc.    FTP brute    Sec.    SQL    PHP-code    Update    Feedback    Self remove    Logout    


Viewing file:     reportmis.php (11.26 KB)      -rw-r--r--
Select action/file-type:
(+) | (+) | (+) | Code (+) | Session (+) | (+) | SDB (+) | (+) | (+) | (+) | (+) | (+) |
<?php
include("rg_controller.php");
class 
Reportmis extends Rg_controller {
    function 
sm_search () {
        
$acY $this->session->userdata('acY_R');

        
$this->contents['acY'] = $acY;

        
$this->output($this->config->item("rg_folder")."v_searchSummary");
    }

    function 
sm_insert () {
        
$this->load->model($this->config->item("rg_folder").'mo_rg_summarystudent','sm');
        
$this->load->model($this->config->item("rg_folder").'mo_rg_summarystudentstdy','smy');
        
$this->load->model($this->config->item("rg_folder").'mo_rg_student','std');

        
$summaryType1 $this->input->post('summaryType1');
        
$summaryType2 $this->input->post('summaryType2');
        
$summaryType3 $this->input->post('summaryType3');
        
$summaryType4 $this->input->post('summaryType4');
        
$summaryType5 $this->input->post('summaryType5');
        
$summaryType6 $this->input->post('summaryType6');
        
$acY $this->input->post('acY');

        if (
$summaryType2 && $summaryType5 && $summaryType6) {
            
$con_rs_smy = array('smyAcY'     => $acY);
            
$rs_smy $this->smy->qrySmy($con_rs_smy);
            foreach (
$rs_smy->result() as $row_smy) {
                
$this->smy->smyAcY $row_smy->smyAcY;
                
$this->smy->smyCurId $row_smy->smyCurId;
                
$this->smy->smyAdY $row_smy->smyAdY;
                
$this->smy->smySyId $row_smy->smySyId;
                
$this->smy->smyEtId $row_smy->smyEtId;
                
$this->smy->smyStdSex $row_smy->smyStdSex;
                
$this->smy->delete();
            }
        }

        if (
$summaryType1 && $summaryType3 && $summaryType4) {
            
$con_rs_sm = array('smAcY'    => $acY);
            
$rs_sm $this->sm->qrySm($con_rs_sm);
            foreach (
$rs_sm->result() as $row_sm) {
                
$this->sm->smAcY $row_sm->smAcY;
                
$this->sm->smCurId $row_sm->smCurId;
                
$this->sm->smAdY $row_sm->smAdY;
                
$this->sm->smEtId $row_sm->smEtId;
                
$this->sm->smStdSex $row_sm->smStdSex;
                
$this->sm->delete();
            }
        }

        if (
$summaryType1) {
            
$stStatus '6';

            
$rs_std $this->std->qryStdByAdYNotInStStatusGroupCurIdAdYEtIdSex($acY$stStatus);
            foreach (
$rs_std->result() as $row_std) {
                
$this->sm->smAcY $acY;
                
$this->sm->smCurId $row_std->stdCurId;
                
$this->sm->smAdY $row_std->stdAdY;
                
$this->sm->smEtId $row_std->stdEtId;
                
$this->sm->smStdSex $row_std->sdtSex;
                
$qu_sm $this->sm->get_by_key();

                if (
$qu_sm->num_rows()) {
                    
$this->sm->get_by_key(TRUE);

                    
$this->sm->smNumAdmitSt $row_std->stdId;
                    
$this->sm->smUpdateDate date('Y-m-d H:i:s');
                    
$this->sm->update();
                } else {
                    
$this->sm->smNumAdmitSt $row_std->stdId;
                    
$this->sm->smNumGraduateSt 0;
                    
$this->sm->smNumScholarSt 0;
                    
$this->sm->smUpdateDate date('Y-m-d H:i:s');
                    
$this->sm->insert();
                }
            }    
// end foreach
        
}    // end if

        
if ($summaryType2) {
            
$stStatus '4, 5, 6, 7, 8, 9, 10, 11';

            
$rs_std $this->std->qryStdByNotInStStatusGroupCurIdAdYSyIdEtIdSex($stStatus);
            foreach (
$rs_std->result() as $row_std) {
                
$this->smy->smyAcY $acY;
                
$this->smy->smyCurId $row_std->stdCurId;
                
$this->smy->smyAdY $row_std->stdAdY;
                
$this->smy->smySyId $row_std->stdSyId;
                
$this->smy->smyEtId $row_std->stdEtId;
                
$this->smy->smyStdSex $row_std->sdtSex;
                
$qu_smy $this->smy->get_by_key();

                if (
$qu_smy->num_rows()) {
                    
$this->smy->get_by_key(TRUE);

                    
$this->smy->smyNumSt $row_std->stdId;
                    
$this->smy->smyUpdateDate date('Y-m-d H:i:s');
                    
$this->smy->update();
                } else {
                    
$this->smy->smyNumSt $row_std->stdId;
                    
$this->smy->smyNumRepeatClassSt 0;
                    
$this->smy->smyNumOutSt 0;
                    
$this->smy->smyUpdateDate date('Y-m-d H:i:s');
                    
$this->smy->insert();
                }
            }    
// end foreach
        
}    // end if

        
if ($summaryType3) {
            
$rs_std $this->std->qryStdByGraduateYGDGroupCurIdAdYEtIdSex($acY);
            foreach (
$rs_std->result() as $row_std) {
                
$this->sm->smAcY $acY;
                
$this->sm->smCurId $row_std->stdCurId;
                
$this->sm->smAdY $row_std->stdAdY;
                
$this->sm->smEtId $row_std->stdEtId;
                
$this->sm->smStdSex $row_std->sdtSex;
                
$qu_sm $this->sm->get_by_key();

                if (
$qu_sm->num_rows()) {
                    
$this->sm->get_by_key(TRUE);

                    
$this->sm->smNumGraduateSt $row_std->stdId;
                    
$this->sm->smUpdateDate date('Y-m-d H:i:s');
                    
$this->sm->update();
                } else {
                    
$this->sm->smNumAdmitSt 0;
                    
$this->sm->smNumGraduateSt $row_std->stdId;
                    
$this->sm->smNumScholarSt 0;
                    
$this->sm->smUpdateDate date('Y-m-d H:i:s');
                    
$this->sm->insert();
                }
            }    
// end foreach
        
}    // end if

        
if ($summaryType4) {
            
$stStatus '4, 6';

            
$rs_std $this->std->qryStdByNotInStStatusGroupCurIdAdYEtIdSex($stStatus);
            foreach (
$rs_std->result() as $row_std) {
                
$this->sm->smAcY $acY;
                
$this->sm->smCurId $row_std->stdCurId;
                
$this->sm->smAdY $row_std->stdAdY;
                
$this->sm->smEtId $row_std->stdEtId;
                
$this->sm->smStdSex $row_std->sdtSex;
                
$qu_sm $this->sm->get_by_key();

                if (
$qu_sm->num_rows()) {
                    
$this->sm->get_by_key(TRUE);

                    
$this->sm->smNumScholarSt $row_std->stdId;
                    
$this->sm->smUpdateDate date('Y-m-d H:i:s');
                    
$this->sm->update();
                } else {
                    
$this->sm->smNumAdmitSt 0;
                    
$this->sm->smNumGraduateSt 0;
                    
$this->sm->smNumScholarSt $row_std->stdId;
                    
$this->sm->smUpdateDate date('Y-m-d H:i:s');
                    
$this->sm->insert();
                }
            }    
// end foreach
        
}    // end if

        
if ($summaryType5) {
            
$stStatus '4, 6';

            
$rs_std $this->std->qryStdByNotInStStatusAcYRepeatClassGroupCurIdAdYSyIdEtIdSex($stStatus$acY 1);
            foreach (
$rs_std->result() as $row_std) {
                
$this->smy->smyAcY $acY;
                
$this->smy->smyCurId $row_std->stdCurId;
                
$this->smy->smyAdY $row_std->stdAdY;
                
$this->smy->smySyId $row_std->stdSyId;
                
$this->smy->smyEtId $row_std->stdEtId;
                
$this->smy->smyStdSex $row_std->sdtSex;
                
$qu_smy $this->smy->get_by_key();

                if (
$qu_smy->num_rows()) {
                    
$this->smy->get_by_key(TRUE);

                    
$this->smy->smyNumRepeatClassSt $row_std->stdId;
                    
$this->smy->smyUpdateDate date('Y-m-d H:i:s');
                    
$this->smy->update();
                } else {
                    
$this->smy->smyNumSt 0;
                    
$this->smy->smyNumRepeatClassSt $row_std->stdId;
                    
$this->smy->smyNumOutSt 0;
                    
$this->smy->smyUpdateDate date('Y-m-d H:i:s');
                    
$this->smy->insert();
                }
            }    
// end foreach
        
}    // end if

        
if ($summaryType6) {
            
$stStatus '5, 10, 11';

            
$rs_std $this->std->qryStdByStStatusAcYGroupCurIdAdYSyIdEtIdSex($stStatus$acY);
            foreach (
$rs_std->result() as $row_std) {
                
$this->smy->smyAcY $acY;
                
$this->smy->smyCurId $row_std->stdCurId;
                
$this->smy->smyAdY $row_std->stdAdY;
                
$this->smy->smySyId $row_std->stdSyId;
                
$this->smy->smyEtId $row_std->stdEtId;
                
$this->smy->smyStdSex $row_std->sdtSex;
                
$qu_smy $this->smy->get_by_key();

                if (
$qu_smy->num_rows()) {
                    
$this->smy->get_by_key(TRUE);

                    
$this->smy->smyNumOutSt $row_std->stdId;
                    
$this->smy->smyUpdateDate date('Y-m-d H:i:s');
                    
$this->smy->update();
                } else {
                    
$this->smy->smyNumSt 0;
                    
$this->smy->smyNumRepeatClassSt 0;
                    
$this->smy->smyNumOutSt $row_std->stdId;
                    
$this->smy->smyUpdateDate date('Y-m-d H:i:s');
                    
$this->smy->insert();
                }
            }    
// end foreach
        
}    // end if

        
$this->contents['summaryType1'] = $summaryType1;
        
$this->contents['summaryType2'] = $summaryType2;
        
$this->contents['summaryType3'] = $summaryType3;
        
$this->contents['summaryType4'] = $summaryType4;
        
$this->contents['summaryType5'] = $summaryType5;
        
$this->contents['summaryType6'] = $summaryType6;
        
$this->contents['acY'] = $acY;

        
$this->contents['rs_sm1'] = $this->sm->qrySmByAcYNumAdmitSt($acY);

        
$con_qu_sm = array('smAcY'     => $acY);
        
$this->contents['sumNumAdmitSt'] = $this->sm->getSumNumAdmitSt($con_qu_sm);

        
$this->contents['rs_smy1'] = $this->smy->qrySmyByAcYNumSt($acY);

        
$con_qu_smy = array('smyAcY'     => $acY);
        
$this->contents['sumNumSt'] = $this->smy->getSumNumSt($con_qu_smy);

        
$this->contents['rs_sm2'] = $this->sm->qrySmByAcYNumGraduateSt($acY);
        
$this->contents['sumNumGraduateSt'] = $this->sm->getSumNumGraduateSt($con_qu_sm);

        
$this->contents['rs_sm3'] = $this->sm->qrySmByAcYNumScholarSt($acY);
        
$this->contents['sumNumScholarSt'] = $this->sm->getSumNumScholarSt($con_qu_sm);

        
$this->contents['rs_smy2'] = $this->smy->qrySmyByAcYNumRepeatClassSt($acY);
        
$this->contents['sumNumRepeatClassSt'] = $this->smy->getSumNumRepeatClassSt($con_qu_smy);

        
$this->contents['rs_smy3'] = $this->smy->qrySmyByAcYNumOutSt($acY);
        
$this->contents['sumNumOutSt'] = $this->smy->getSumNumOutSt($con_qu_smy);

        
$this->output($this->config->item("rg_folder")."v_showSummary");
    }

    function 
sm_show () {
        
$this->load->model($this->config->item("rg_folder").'mo_rg_termconfig','tmc');
        
$this->load->model($this->config->item("rg_folder").'mo_rg_summarystudent','sm');
        
$this->load->model($this->config->item("rg_folder").'mo_rg_summarystudentstdy','smy');

        
$acY $this->input->post('acY') ? $this->input->post('acY') : $this->session->userdata('acY');

        
$this->contents['acY'] = $acY;

        
$this->contents['rs_tmc'] = $this->tmc->get_optionsGroupAcY();

        
$this->contents['rs_sm1'] = $this->sm->qrySmByAcYNumAdmitSt($acY);

        
$con_qu_sm = array('smAcY'     => $acY);
        
$this->contents['sumNumAdmitSt'] = $this->sm->getSumNumAdmitSt($con_qu_sm);

        
$this->contents['rs_smy1'] = $this->smy->qrySmyByAcYNumSt($acY);

        
$con_qu_smy = array('smyAcY'     => $acY);
        
$this->contents['sumNumSt'] = $this->smy->getSumNumSt($con_qu_smy);

        
$this->contents['rs_sm2'] = $this->sm->qrySmByAcYNumGraduateSt($acY);
        
$this->contents['sumNumGraduateSt'] = $this->sm->getSumNumGraduateSt($con_qu_sm);

        
$this->contents['rs_sm3'] = $this->sm->qrySmByAcYNumScholarSt($acY);
        
$this->contents['sumNumScholarSt'] = $this->sm->getSumNumScholarSt($con_qu_sm);

        
$this->contents['rs_smy2'] = $this->smy->qrySmyByAcYNumRepeatClassSt($acY);
        
$this->contents['sumNumRepeatClassSt'] = $this->smy->getSumNumRepeatClassSt($con_qu_smy);

        
$this->contents['rs_smy3'] = $this->smy->qrySmyByAcYNumOutSt($acY);
        
$this->contents['sumNumOutSt'] = $this->smy->getSumNumOutSt($con_qu_smy);

        
$this->output($this->config->item("rg_folder")."v_repSummary");
    }

    function 
sm_export () {
        
$this->load->model($this->config->item("rg_folder").'mo_rg_summarystudentstdy','smy');
        
$this->load->model($this->config->item("rg_folder").'mo_rg_summarystudent','sm');

        
$acY $this->input->get('acadYear');

        
$i 0;
        
$con_rs_smy = array('smyAcY'    => $acY);
        
$rs_smy $this->smy->qrySmy($con_rs_smy);
        foreach (
$rs_smy->result() as $row_smy) {
            if (
$i 0) {
                echo 
';';
            }

            echo 
$row_smy->smyCurId.','.$row_smy->smyAdY.','.$row_smy->smySyId.','.$row_smy->smyEtId.','.$row_smy->smyStdSex.','.$row_smy->smyNumSt.','.$row_smy->smyNumRepeatClassSt.','.$row_smy->smyNumOutSt;
            
            
$i++;
        }
        echo 
'SummaryStudentStY';

        
$i 0;
        
$con_rs_sm = array('smAcY'    => $acY);
        
$rs_sm $this->sm->qrySm($con_rs_sm);
        foreach (
$rs_sm->result() as $row_sm) {
            if (
$i 0) {
                echo 
';';
            }

            echo 
$row_sm->smCurId.','.$row_sm->smAdY.','.$row_sm->smEtId.','.$row_sm->smStdSex.','.$row_sm->smNumAdmitSt.','.$row_sm->smNumGraduateSt.','.$row_sm->smNumScholarSt;
            
            
$i++;
        }
        echo 
'SummaryStudent';
    }
}
?>

:: Command execute ::

Enter:
 
Select:
 

:: Shadow's tricks :D ::

Useful Commands
 
Warning. Kernel may be alerted using higher levels
Kernel Info:

:: Preddy's tricks :D ::

Php Safe-Mode Bypass (Read Files)

File:

eg: /etc/passwd

Php Safe-Mode Bypass (List Directories):

Dir:

eg: /etc/

:: Search ::
  - regexp 

:: Upload ::
 
[ Read-Only ]

:: Make Dir ::
 
[ Read-Only ]
:: Make File ::
 
[ Read-Only ]

:: Go Dir ::
 
:: Go File ::
 

--[ c999shell v. 1.0 pre-release build #16 Modded by Shadow & Preddy | RootShell Security Group | r57 c99 shell | Generation time: 0.0156 ]--