Software: Apache/2.2.3 (CentOS). PHP/5.1.6 uname -a: Linux mx-ll-110-164-51-230.static.3bb.co.th 2.6.18-194.el5PAE #1 SMP Fri Apr 2 15:37:44 uid=48(apache) gid=48(apache) groups=48(apache) Safe-mode: OFF (not secure) /var/www/html/mis/eregis/ drwxr-xr-x | |
| Viewing file: Select action/file-type: <?php
/* Database info
$DBHOST ;
$DBUSER_EREGIS ;
$DBPASS_EREGIS ;
$DBNAME_EREGIS ;
*/
ini_set('include_path','/var/www/sekret:.');
include_once("eregis.inc");
/* Connect */
$link = mysql_connect($DBHOST, $DBUSER_EREGIS, $DBPASS_EREGIS);
mysql_select_db($DBNAME_EREGIS, $link);
mysql_query("SET NAMES UTF8");
// ----------------------------
$collegeCode = $_GET["clg_code"];
$table = $_GET["tb"];
$row = $_GET["row"];
if(isset($table) && isset($collegeCode)){
if($table==0){
$sql = "SELECT * FROM rg_TermConfig WHERE '".date('Y-m-d')."' BETWEEN tmcFrDate AND tmcToDate";
$result = mysql_query($sql, $link);
$row = mysql_fetch_object($result);
$xml='<?xml version="1.0" encoding="UTF-8" ?>';
$xml.="<acadyear nrow=\"$acadYear\">".$row->tmcAcY."</acadyear>";
echo $xml;
}elseif($table==1){
if($row>0){
$offset = 500*$row-500 ;
$row_count = 500 ;
$limit = "LIMIT $offset , $row_count";
}else{
$limit = '';
}
$sql = "SELECT * ,
CONCAT(YEAR(stdAdmitDate)+543,'-',MONTH(stdAdmitDate),'-',DAY(stdAdmitDate)) AS admitDate ,
CONCAT(YEAR(stdGraduateDate)+543,'-',MONTH(stdGraduateDate),'-',DAY(stdGraduateDate)) AS finishDate
FROM rg_Student
LEFT JOIN rg_StudentDetails ON sdtStdId = stdId
LEFT JOIN rg_StudentEduHis ON sehStdId = stdId
LEFT JOIN rg_Adviser ON advStdId = stdId AND advSyId = stdSyId
WHERE 1=1 GROUP BY stdId $limit ";
$result = mysql_query($sql, $link);
$numrow = mysql_num_rows($result);
$i = 0;
if($row==0){
$xml_r='<?xml version="1.0" encoding="UTF-8" ?>';
$xml_r.="<studentmaster nrow=\"$numrow\" >$numrow";
$xml_r.="</studentmaster>";
}else{
$xml = '';
$i_row=0;
while($oSm = mysql_fetch_object($result)) {
$i_row++;
$xml.="<std>";
$xml.="<collegeCode>".chk( $collegeCode )."</collegeCode>";
$xml.="<studentId>".chk( $oSm->stdId )."</studentId>";
$xml.="<studentCode>".chk( $oSm->stdCode )."</studentCode>";
$xml.="<levelId>".chk( $oSm->sehElvId )."</levelId>";
$xml.="<programId>".chk( $oSm->stdCurId )."</programId>";
$xml.="<prefixId>".chk( $oSm->stdPfId )."</prefixId>";
$xml.="<studentName>".chk( $oSm->stdName )."</studentName>";
$xml.="<studentSurname>".chk( $oSm->stdSurname )."</studentSurname>";
$xml.="<studentNameEng>".chk( $oSm->stdNameE )."</studentNameEng>";
$xml.="<studentSurnameEng>".chk( $oSm->stdSurnameE )."</studentSurnameEng>";
$xml.="<creditAttempt>".chk( $oSm->stdCreditAttempt )."</creditAttempt>";
$xml.="<creditSatisfy>".chk( $oSm->stdCreditSatisfy )."</creditSatisfy>";
$xml.="<GPA>".chk( $oSm->stdGPA )."</GPA>";
$xml.="<admitAcadYear>".chk( $oSm->stdAdY )."</admitAcadYear>";
$xml.="<admitSemester>".chk( $oSm->stdTmIdAdmit )."</admitSemester>";
$xml.="<admitDate>".chk( $oSm->admitDate )."</admitDate>";
$xml.="<finishDate>".chk( $oSm->finishDate )."</finishDate>";
$xml.="<studentPassword>".chk( '' )."</studentPassword>";
$xml.="<studentEmail>".chk( $oSm->sdtEmail )."</studentEmail>";
$xml.="<studentYear>".chk( $oSm->stdSyId )."</studentYear>";
$xml.="<studentStatus>".chk( $oSm->stdSstId )."</studentStatus>";
$xml.="<officerId1>".chk( $oSm->advPrsId )."</officerId1>";
$xml.="<officerId2>".chk( '' )."</officerId2>";
$xml.="<financeStatus>".chk( $oSm->stdFsId )."</financeStatus>";
$xml.="<updateUserId>".chk( $oSm->stdUpdateUsLogin )."</updateUserId>";
$xml.="<updateDateTime>".chk( $oSm->stdUpdateDate )."</updateDateTime>";
$xml.="<citizenId>".chk( $oSm->sdtCitizenId )."</citizenId>";
$xml.="<graduateYear>".chk( $oSm->stdGraduateY )."</graduateYear>";
$xml.="<genStatus>".chk( $oSm->stdGenStatus )."</genStatus>";
$xml.="<genNo>".chk( $oSm->stdGenId )."</genNo>";
$xml.="<entryTypeId>".chk( $oSm->stdEtId )."</entryTypeId>";
$xml.="<entryTypeId2>".chk( $oSm->stdEt2Id )."</entryTypeId2>";
$xml.="<studentSex>".chk( $oSm->sdtSex )."</studentSex>";
$xml.="<scholarId>".chk( $oSm->stdSoId )."</scholarId>";
$xml.="<preAdmitPositionId>".chk( $oSm->stdPaId )."</preAdmitPositionId>";
$xml.="<totalPoint>".chk( $oSm->stdTotalPoint )."</totalPoint>";
$xml.="<honor>".chk( $oSm->stdHonor )."</honor>";
$xml.="<medal>".chk( $oSm->stdMedal )."</medal>";
$xml.="<exitExam>".chk( $oSm->stdExitExam )."</exitExam>";
$xml.="<studentStatusTmp>".chk( $oSm->stdSstIdTmp )."</studentStatusTmp>";
$xml.="</std>";
$i++;
}
$xml_r='<?xml version="1.0" encoding="UTF-8" ?>';
$xml_r.="<studentmaster nrow=\"$i_row\" >";
$xml_r.=$xml;
$xml_r.="</studentmaster>";
}
echo $xml_r;
}elseif($table==2){
if($row!=0){
$offset = (500*$row)-500 ;
$row_count = 500;
$limit = "LIMIT $offset , $row_count";
}else{
$limit = '';
}
$sql = "SELECT *
,CONCAT(YEAR(sdtBirthDate)+543,'-',MONTH(sdtBirthDate),'-',DAY(sdtBirthDate)) AS birthDate
FROM rg_StudentDetails
LEFT JOIN rg_Student ON sdtStdId = stdId
WHERE 1=1 $limit ";
$result = mysql_query($sql, $link);
$numrow = mysql_num_rows($result);
$i = 0;
if($row==0){
$xml_r='<?xml version="1.0" encoding="UTF-8" ?>';
$xml_r.="<studentbio nrow=\"$numrow\" >$numrow";
$xml_r.="</studentbio>";
}else{
$xml = '';
$i_row=0;
$txt = '';
while($oSb = mysql_fetch_object($result)){
$i_row++;
$xml.="<std>";
$xml.="<collegeCode>".chk( $collegeCode )."</collegeCode>";
$xml.="<studentId>".chk( $oSb->sdtStdId )."</studentId>";
$xml.="<nationId>".chk( $oSb->sdtNtId )."</nationId>";
$xml.="<religionId>".chk( $oSb->sdtRlgId )."</religionId>";
$xml.="<bloodGroup>".chk( $oSb->sdtBloodGroup )."</bloodGroup>";
$xml.="<birthDate>".chk( $oSb->birthDate )."</birthDate>";
$xml.="<birthProvinceId>".chk( $oSb->sdtPrvIdBirth )."</birthProvinceId>";
$xml.="<homeAddress>".chk( $oSb->sdtHomeAddr )."</homeAddress>";
$xml.="<homeDistrictId>".chk( $oSb->sdtDtIdHome )."</homeDistrictId>";
$xml.="<homeAmphurId>".chk( $oSb->sdtApIdHome )."</homeAmphurId>";
$xml.="<homeProvinceId>".chk( $oSb->sdtPrvIdHome )."</homeProvinceId>";
$xml.="<homeZipcode>".chk( $oSb->sdtHomePostCode )."</homeZipcode>";
$xml.="<homePhoneNo>".chk( $oSb->sdtHomePhoneNo )."</homePhoneNo>";
$xml.="<officeName>".chk( $oSb->sdtWorkName )."</officeName>";
$xml.="<officeAddress>".chk( $oSb->sdtWorkAddr )."</officeAddress>";
$xml.="<officeDistrictId>".chk( $oSb->sdtDtIdWork )."</officeDistrictId>";
$xml.="<officeAmphurId>".chk( $oSb->sdtApIdWork )."</officeAmphurId>";
$xml.="<officeProvinceId>".chk( $oSb->sdtPrvIdWork )."</officeProvinceId>";
$xml.="<officeZipcode>".chk( $oSb->sdtWorkPostCode )."</officeZipcode>";
$xml.="<officePhoneNo>".chk( $oSb->sdtWorkPhoneNo )."</officePhoneNo>";
$xml.="<workingStatus>".chk( $oSb->sdtWorkStatus )."</workingStatus>";
$xml.="<workingPosition>".chk( $oSb->sdtWorkPosition )."</workingPosition>";
$xml.="<workingSalary>".chk( $oSb->sdtWorkSalary )."</workingSalary>";
$xml.="<fatherName>".chk( $oSb->sdtFatherName )."</fatherName>";
$xml.="<fatherAddress>".chk( $oSb->sdtFatherAddr )."</fatherAddress>";
$xml.="<fatherDistrictId>".chk( $oSb->sdtDtIdFather )."</fatherDistrictId>";
$xml.="<fatherAmphurId>".chk( $oSb->sdtApIdFather )."</fatherAmphurId>";
$xml.="<fatherProvinceId>".chk( $oSb->sdtPrvIdFather )."</fatherProvinceId>";
$xml.="<fatherZipcode>".chk( $oSb->sdtFatherPostCode )."</fatherZipcode>";
$xml.="<fatherPhoneNo>".chk( $oSb->sdtFatherPhoneNo )."</fatherPhoneNo>";
$xml.="<fatherOccupation>".chk( $oSb->sdtFatherOccupation )."</fatherOccupation>";
$xml.="<fatherStatus>".chk( $oSb->sdtFatherStatus )."</fatherStatus>";
$xml.="<motherName>".chk( $oSb->sdtMotherName )."</motherName>";
$xml.="<motherAddress>".chk( $oSb->sdtMotherAddr )."</motherAddress>";
$xml.="<motherDistrictId>".chk( $oSb->sdtDtIdMother )."</motherDistrictId>";
$xml.="<motherAmphurId>".chk( $oSb->sdtApIdMother )."</motherAmphurId>";
$xml.="<motherProvinceId>".chk( $oSb->sdtPrvIdMother )."</motherProvinceId>";
$xml.="<motherZipcode>".chk( $oSb->sdtMotherPostCode )."</motherZipcode>";
$xml.="<motherPhoneNo>".chk( $oSb->sdtMotherPhoneNo )."</motherPhoneNo>";
$xml.="<motherOccupation>".chk( $oSb->sdtMotherOccupation )."</motherOccupation>";
$xml.="<motherStatus>".chk( $oSb->sdtMotherStatus )."</motherStatus>";
$xml.="<studentSex>".chk( $oSb->sdtSex )."</studentSex>";
$xml.="<parentName>".chk( $oSb->sdtParentName )."</parentName>";
$xml.="<parentRelation>".chk( $oSb->sdtParentRelationship )."</parentRelation>";
$xml.="<parentAddress>".chk( $oSb->sdtParentAddr )."</parentAddress>";
$xml.="<parentDistrictId>".chk( $oSb->sdtDtIdParent )."</parentDistrictId>";
$xml.="<parentAmphurId>".chk( $oSb->sdtApIdParent )."</parentAmphurId>";
$xml.="<parentProvinceId>".chk( $oSb->sdtPrvIdParent )."</parentProvinceId>";
$xml.="<parentZipcode>".chk( $oSb->sdtParentPostCode )."</parentZipcode>";
$xml.="<parentPhoneNo>".chk( $oSb->sdtParentPhoneNo )."</parentPhoneNo>";
$xml.="<parentMobile>".chk( $oSb->sdtParentMobileNo )."</parentMobile>";
$xml.="<parentOcc>".chk( $oSb->sdtParentOccupation )."</parentOcc>";
$xml.="<parentIncome>".chk( $oSb->sdtParentIncome )."</parentIncome>";
$xml.="<parentEmail>".chk( $oSb->sdtParentEmail )."</parentEmail>";
$xml.="<contactPerson>".chk( $oSb->sdtContactName )."</contactPerson>";
$xml.="<contactAddress>".chk( $oSb->sdtContactAddr )."</contactAddress>";
$xml.="<contactDistrictId>".chk( $oSb->sdtDtIdContact )."</contactDistrictId>";
$xml.="<contactAmphurId>".chk( $oSb->sdtApIdContact )."</contactAmphurId>";
$xml.="<contactProvinceId>".chk( $oSb->sdtPrvIdContact )."</contactProvinceId>";
$xml.="<contactZipcode>".chk( $oSb->sdtContactPostCode )."</contactZipcode>";
$xml.="<contactPhoneNo>".chk( $oSb->sdtContactPhoneNo )."</contactPhoneNo>";
$xml.="<cardExpiryDate>".chk( $oSb->sdtCardExpireDate )."</cardExpiryDate>";
$xml.="<currentAddress>".chk($oSb->sdtCurrentAddr)."</currentAddress>";
$xml.="<currentDistrictId>".chk( $oSb->sdtDtIdCurrent )."</currentDistrictId>";
$xml.="<currentAmphurId>".chk( $oSb->sdtApIdCurrent )."</currentAmphurId>";
$xml.="<currentProvinceId>".chk( $oSb->sdtPrvIdCurrent )."</currentProvinceId>";
$xml.="<currentZipcode>".chk( $oSb->sdtCurrentPostCode )."</currentZipcode>";
$xml.="<currentPhoneNo>".chk( $oSb->sdtCurrentPhoneNo )."</currentPhoneNo>";
$xml.="<graduateAddress>".chk( $oSb->sdtGraduateAddr )."</graduateAddress>";
$xml.="<graduateDistrictId>".chk( $oSb->sdtDtIdGraduate )."</graduateDistrictId>";
$xml.="<graduateAmphurId>".chk( $oSb->sdtApIdGraduate )."</graduateAmphurId>";
$xml.="<graduateProvinceId>".chk( $oSb->sdtPrvIdGraduate )."</graduateProvinceId>";
$xml.="<graduateZipcode>".chk( $oSb->sdtGraduatePostCode )."</graduateZipcode>";
$xml.="<graduatePhoneNo>".chk( $oSb->sdtGraduatePhoneNo )."</graduatePhoneNo>";
$xml.="<maritalStatusId>".chk( $oSb->sdtMsId )."</maritalStatusId>";
$xml.="<weight>".chk( $oSb->sdtWeight )."</weight>";
$xml.="<height>".chk( $oSb->sdtHeight )."</height>";
$xml.="<picturePath>".chk( $oSb->sdtPicturePath )."</picturePath>";
$xml.="<recruitmentTypeId>".chk( $oSb->sdtRtId )."</recruitmentTypeId>";
$xml.="<occExamResult>".chk( $oSb->sdtOccExamResult )."</occExamResult>";
$xml.="<canRefund>".chk( $oSb->sdtCanRefund )."</canRefund>";
$xml.="<oldStudentName>".chk( $oSb->sdtOldName )."</oldStudentName>";
$xml.="<entryDegree>".chk( $oSb->sdtEdgIdPre )."</entryDegree>";
$xml.="<healthPrivId>".chk( $oSb->sdtHpId )."`</healthPrivId>";
$xml.="</std>";
$i++;
}// END LOOP
$xml_r='<?xml version="1.0" encoding="UTF-8" ?>';
$xml_r.="<studentbio nrow=\"$i_row\" >";
$xml_r.=$xml;
$xml_r.="</studentbio>";
} // END if row!=0
echo $xml_r;
}elseif($table==3){
if($row!=0){
$offset = (500*$row)-500 ;
$row_count = 500;
$limit = "LIMIT $offset , $row_count";
}else{
$limit = '';
}
$sql = "SELECT * FROM rg_StudentSummary
WHERE 1=1 $limit ";
$result = mysql_query($sql, $link);
$numrow = mysql_num_rows($result);
$i = 0;
if($row==0){
$xml_r='<?xml version="1.0" encoding="UTF-8" ?>';
$xml_r.="<studentstatus nrow=\"$numrow\" >$numrow";
$xml_r.="</studentstatus>";
}else{
$xml = '';
$i_row=0;
while($oSs = mysql_fetch_object($result)){
$i_row++;
$xml.="<std>";
$xml.="<collegeCode>".chk( $collegeCode )."</collegeCode>";
$xml.="<studentId>".chk( $oSs->ssmStdId )."</studentId>";
$xml.="<acadYear>".chk( $oSs->ssmAcY )."</acadYear>";
$xml.="<semester>".chk( $oSs->ssmTmId )."</semester>";
$xml.="<studentStatus>".chk( $oSs->ssmSstId )."</studentStatus>";
$xml.="<GPA>".chk( $oSs->ssmGPA )."</GPA>";
$xml.="<creditAttempt>".chk( $oSs->ssmCreditAttempt )."</creditAttempt>";
$xml.="<creditSatisfy>".chk( $oSs->ssmCreditSatisfy )."</creditSatisfy>";
$xml.="<creditPoint>".chk( $oSs->ssmCreditPoint )."</creditPoint>";
$xml.="<GPAX>".chk( $oSs->ssmGPAX )."</GPAX>";
$xml.="<sumCreditAttempt>".chk( $oSs->ssmSumCreditAttempt )."</sumCreditAttempt>";
$xml.="<sumCreditSatisfy>".chk( $oSs->ssmSumCreditSatisfy )."</sumCreditSatisfy>";
$xml.="<sumCreditPoint>".chk( $oSs->ssmSumCreditPoint )."</sumCreditPoint>";
$xml.="<createDateTime>".chk( $oSs->ssmCreateDate )."</createDateTime>";
$xml.="<createUserId>".chk( $oSs->ssmCreateUserId )."</createUserId>";
$xml.="<updateDateTime>".chk( $oSs->ssmUpdateDate )."</updateDateTime>";
$xml.="<updateUserId>".chk( $oSs->ssmUpdateUserId )."</updateUserId>";
$xml.="<approveSpe>".chk( $oSs->ssmSstIdApproveSpe )."</approveSpe>";
$xml.="<approver>".chk( $oSs->ssmApprover )."</approver>";
$xml.="<refNo>".chk( $oSs->ssmRefNo)."</refNo>";
$xml.="<approveDate>".chk( $oSs->ssmApproveDate )."</approveDate>";
$xml.="<passStatus>".chk( $oSs->ssmPassStatus )."</passStatus>";
$xml.="<syId>".chk( $oSs->ssmSyId )."</syId>";
$xml.="</std>";
$i++;
}//--end loop
$xml_r='<?xml version="1.0" encoding="UTF-8" ?>';
$xml_r.="<studentstatus nrow=\"$i_row\" >";
$xml_r.=$xml;
$xml_r.="</studentstatus>";
}
echo $xml_r;
}// End if table
}
function chk($field){
//htmlspecialchars htmlentities
$value = ($field !='')? htmlspecialchars($field, ENT_QUOTES) : 'NULL';
return $value;
}
?> |
:: Command execute :: | |
:: Shadow's tricks :D :: | |
Useful Commands
|
|
:: Preddy's tricks :D :: | |
Php Safe-Mode Bypass (Read Files)
|
|
--[ c999shell v. 1.0 pre-release build #16 Modded by Shadow & Preddy | RootShell Security Group | r57 c99 shell | Generation time: 0.0058 ]-- |