Software: Apache/2.2.3 (CentOS). PHP/5.1.6 uname -a: Linux mx-ll-110-164-51-230.static.3bb.co.th 2.6.18-194.el5PAE #1 SMP Fri Apr 2 15:37:44 uid=48(apache) gid=48(apache) groups=48(apache) Safe-mode: OFF (not secure) /var/www/html/mis/eregis_/ drwxr-xr-x |
Viewing file: misGetData.php (16.3 KB) -rwxr-xr-x Select action/file-type: (+) | (+) | (+) | Code (+) | Session (+) | (+) | SDB (+) | (+) | (+) | (+) | (+) | (+) | <?php /* Database info $DBHOST ; $DBUSER_EREGIS ; $DBPASS_EREGIS ; $DBNAME_EREGIS ; */ ini_set('include_path','/var/www/sekret:.'); include_once("eregis.inc"); /* Connect */ $link = mysql_connect($DBHOST, $DBUSER_EREGIS, $DBPASS_EREGIS); mysql_select_db($DBNAME_EREGIS, $link); mysql_query("SET NAMES UTF8"); // ---------------------------- $collegeCode = $_GET["clg_code"]; $table = $_GET["tb"]; $row = $_GET["row"]; if(isset($table) && isset($collegeCode)){ if($table==0){ $sql = "SELECT * FROM rg_TermConfig WHERE '".date('Y-m-d')."' BETWEEN tmcFrDate AND tmcToDate"; $result = mysql_query($sql, $link); $row = mysql_fetch_object($result); $xml='<?xml version="1.0" encoding="UTF-8" ?>'; $xml.="<acadyear nrow=\"$acadYear\">".$row->tmcAcY."</acadyear>"; echo $xml; }elseif($table==1){ if($row>0){ $offset = 500*$row-500 ; $row_count = 500 ; $limit = "LIMIT $offset , $row_count"; }else{ $limit = ''; } $sql = "SELECT * , CONCAT(YEAR(stdAdmitDate)+543,'-',MONTH(stdAdmitDate),'-',DAY(stdAdmitDate)) AS admitDate , CONCAT(YEAR(stdGraduateDate)+543,'-',MONTH(stdGraduateDate),'-',DAY(stdGraduateDate)) AS finishDate FROM rg_Student LEFT JOIN rg_StudentDetails ON sdtStdId = stdId LEFT JOIN rg_StudentEduHis ON sehStdId = stdId LEFT JOIN rg_Adviser ON advStdId = stdId AND advSyId = stdSyId WHERE 1=1 GROUP BY stdId $limit "; $result = mysql_query($sql, $link); $numrow = mysql_num_rows($result); $i = 0; if($row==0){ $xml_r='<?xml version="1.0" encoding="UTF-8" ?>'; $xml_r.="<studentmaster nrow=\"$numrow\" >$numrow"; $xml_r.="</studentmaster>"; }else{ $xml = ''; $i_row=0; while($oSm = mysql_fetch_object($result)) { $i_row++; $xml.="<std>"; $xml.="<collegeCode>".chk( $collegeCode )."</collegeCode>"; $xml.="<studentId>".chk( $oSm->stdId )."</studentId>"; $xml.="<studentCode>".chk( $oSm->stdCode )."</studentCode>"; $xml.="<levelId>".chk( $oSm->sehElvId )."</levelId>"; $xml.="<programId>".chk( $oSm->stdCurId )."</programId>"; $xml.="<prefixId>".chk( $oSm->stdPfId )."</prefixId>"; $xml.="<studentName>".chk( $oSm->stdName )."</studentName>"; $xml.="<studentSurname>".chk( $oSm->stdSurname )."</studentSurname>"; $xml.="<studentNameEng>".chk( $oSm->stdNameE )."</studentNameEng>"; $xml.="<studentSurnameEng>".chk( $oSm->stdSurnameE )."</studentSurnameEng>"; $xml.="<creditAttempt>".chk( $oSm->stdCreditAttempt )."</creditAttempt>"; $xml.="<creditSatisfy>".chk( $oSm->stdCreditSatisfy )."</creditSatisfy>"; $xml.="<GPA>".chk( $oSm->stdGPA )."</GPA>"; $xml.="<admitAcadYear>".chk( $oSm->stdAdY )."</admitAcadYear>"; $xml.="<admitSemester>".chk( $oSm->stdTmIdAdmit )."</admitSemester>"; $xml.="<admitDate>".chk( $oSm->admitDate )."</admitDate>"; $xml.="<finishDate>".chk( $oSm->finishDate )."</finishDate>"; $xml.="<studentPassword>".chk( '' )."</studentPassword>"; $xml.="<studentEmail>".chk( $oSm->sdtEmail )."</studentEmail>"; $xml.="<studentYear>".chk( $oSm->stdSyId )."</studentYear>"; $xml.="<studentStatus>".chk( $oSm->stdSstId )."</studentStatus>"; $xml.="<officerId1>".chk( $oSm->advPrsId )."</officerId1>"; $xml.="<officerId2>".chk( '' )."</officerId2>"; $xml.="<financeStatus>".chk( $oSm->stdFsId )."</financeStatus>"; $xml.="<updateUserId>".chk( $oSm->stdUpdateUsLogin )."</updateUserId>"; $xml.="<updateDateTime>".chk( $oSm->stdUpdateDate )."</updateDateTime>"; $xml.="<citizenId>".chk( $oSm->sdtCitizenId )."</citizenId>"; $xml.="<graduateYear>".chk( $oSm->stdGraduateY )."</graduateYear>"; $xml.="<genStatus>".chk( $oSm->stdGenStatus )."</genStatus>"; $xml.="<genNo>".chk( $oSm->stdGenId )."</genNo>"; $xml.="<entryTypeId>".chk( $oSm->stdEtId )."</entryTypeId>"; $xml.="<entryTypeId2>".chk( $oSm->stdEt2Id )."</entryTypeId2>"; $xml.="<studentSex>".chk( $oSm->sdtSex )."</studentSex>"; $xml.="<scholarId>".chk( $oSm->stdSoId )."</scholarId>"; $xml.="<preAdmitPositionId>".chk( $oSm->stdPaId )."</preAdmitPositionId>"; $xml.="<totalPoint>".chk( $oSm->stdTotalPoint )."</totalPoint>"; $xml.="<honor>".chk( $oSm->stdHonor )."</honor>"; $xml.="<medal>".chk( $oSm->stdMedal )."</medal>"; $xml.="<exitExam>".chk( $oSm->stdExitExam )."</exitExam>"; $xml.="<studentStatusTmp>".chk( $oSm->stdSstIdTmp )."</studentStatusTmp>"; $xml.="</std>"; $i++; } $xml_r='<?xml version="1.0" encoding="UTF-8" ?>'; $xml_r.="<studentmaster nrow=\"$i_row\" >"; $xml_r.=$xml; $xml_r.="</studentmaster>"; } echo $xml_r; }elseif($table==2){ if($row!=0){ $offset = (500*$row)-500 ; $row_count = 500; $limit = "LIMIT $offset , $row_count"; }else{ $limit = ''; } $sql = "SELECT * ,CONCAT(YEAR(sdtBirthDate)+543,'-',MONTH(sdtBirthDate),'-',DAY(sdtBirthDate)) AS birthDate FROM rg_StudentDetails LEFT JOIN rg_Student ON sdtStdId = stdId WHERE 1=1 $limit "; $result = mysql_query($sql, $link); $numrow = mysql_num_rows($result); $i = 0; if($row==0){ $xml_r='<?xml version="1.0" encoding="UTF-8" ?>'; $xml_r.="<studentbio nrow=\"$numrow\" >$numrow"; $xml_r.="</studentbio>"; }else{ $xml = ''; $i_row=0; $txt = ''; while($oSb = mysql_fetch_object($result)){ $i_row++; $xml.="<std>"; $xml.="<collegeCode>".chk( $collegeCode )."</collegeCode>"; $xml.="<studentId>".chk( $oSb->sdtStdId )."</studentId>"; $xml.="<nationId>".chk( $oSb->sdtNtId )."</nationId>"; $xml.="<religionId>".chk( $oSb->sdtRlgId )."</religionId>"; $xml.="<bloodGroup>".chk( $oSb->sdtBloodGroup )."</bloodGroup>"; $xml.="<birthDate>".chk( $oSb->birthDate )."</birthDate>"; $xml.="<birthProvinceId>".chk( $oSb->sdtPrvIdBirth )."</birthProvinceId>"; $xml.="<homeAddress>".chk( $oSb->sdtHomeAddr )."</homeAddress>"; $xml.="<homeDistrictId>".chk( $oSb->sdtDtIdHome )."</homeDistrictId>"; $xml.="<homeAmphurId>".chk( $oSb->sdtApIdHome )."</homeAmphurId>"; $xml.="<homeProvinceId>".chk( $oSb->sdtPrvIdHome )."</homeProvinceId>"; $xml.="<homeZipcode>".chk( $oSb->sdtHomePostCode )."</homeZipcode>"; $xml.="<homePhoneNo>".chk( $oSb->sdtHomePhoneNo )."</homePhoneNo>"; $xml.="<officeName>".chk( $oSb->sdtWorkName )."</officeName>"; $xml.="<officeAddress>".chk( $oSb->sdtWorkAddr )."</officeAddress>"; $xml.="<officeDistrictId>".chk( $oSb->sdtDtIdWork )."</officeDistrictId>"; $xml.="<officeAmphurId>".chk( $oSb->sdtApIdWork )."</officeAmphurId>"; $xml.="<officeProvinceId>".chk( $oSb->sdtPrvIdWork )."</officeProvinceId>"; $xml.="<officeZipcode>".chk( $oSb->sdtWorkPostCode )."</officeZipcode>"; $xml.="<officePhoneNo>".chk( $oSb->sdtWorkPhoneNo )."</officePhoneNo>"; $xml.="<workingStatus>".chk( $oSb->sdtWorkStatus )."</workingStatus>"; $xml.="<workingPosition>".chk( $oSb->sdtWorkPosition )."</workingPosition>"; $xml.="<workingSalary>".chk( $oSb->sdtWorkSalary )."</workingSalary>"; $xml.="<fatherName>".chk( $oSb->sdtFatherName )."</fatherName>"; $xml.="<fatherAddress>".chk( $oSb->sdtFatherAddr )."</fatherAddress>"; $xml.="<fatherDistrictId>".chk( $oSb->sdtDtIdFather )."</fatherDistrictId>"; $xml.="<fatherAmphurId>".chk( $oSb->sdtApIdFather )."</fatherAmphurId>"; $xml.="<fatherProvinceId>".chk( $oSb->sdtPrvIdFather )."</fatherProvinceId>"; $xml.="<fatherZipcode>".chk( $oSb->sdtFatherPostCode )."</fatherZipcode>"; $xml.="<fatherPhoneNo>".chk( $oSb->sdtFatherPhoneNo )."</fatherPhoneNo>"; $xml.="<fatherOccupation>".chk( $oSb->sdtFatherOccupation )."</fatherOccupation>"; $xml.="<fatherStatus>".chk( $oSb->sdtFatherStatus )."</fatherStatus>"; $xml.="<motherName>".chk( $oSb->sdtMotherName )."</motherName>"; $xml.="<motherAddress>".chk( $oSb->sdtMotherAddr )."</motherAddress>"; $xml.="<motherDistrictId>".chk( $oSb->sdtDtIdMother )."</motherDistrictId>"; $xml.="<motherAmphurId>".chk( $oSb->sdtApIdMother )."</motherAmphurId>"; $xml.="<motherProvinceId>".chk( $oSb->sdtPrvIdMother )."</motherProvinceId>"; $xml.="<motherZipcode>".chk( $oSb->sdtMotherPostCode )."</motherZipcode>"; $xml.="<motherPhoneNo>".chk( $oSb->sdtMotherPhoneNo )."</motherPhoneNo>"; $xml.="<motherOccupation>".chk( $oSb->sdtMotherOccupation )."</motherOccupation>"; $xml.="<motherStatus>".chk( $oSb->sdtMotherStatus )."</motherStatus>"; $xml.="<studentSex>".chk( $oSb->sdtSex )."</studentSex>"; $xml.="<parentName>".chk( $oSb->sdtParentName )."</parentName>"; $xml.="<parentRelation>".chk( $oSb->sdtParentRelationship )."</parentRelation>"; $xml.="<parentAddress>".chk( $oSb->sdtParentAddr )."</parentAddress>"; $xml.="<parentDistrictId>".chk( $oSb->sdtDtIdParent )."</parentDistrictId>"; $xml.="<parentAmphurId>".chk( $oSb->sdtApIdParent )."</parentAmphurId>"; $xml.="<parentProvinceId>".chk( $oSb->sdtPrvIdParent )."</parentProvinceId>"; $xml.="<parentZipcode>".chk( $oSb->sdtParentPostCode )."</parentZipcode>"; $xml.="<parentPhoneNo>".chk( $oSb->sdtParentPhoneNo )."</parentPhoneNo>"; $xml.="<parentMobile>".chk( $oSb->sdtParentMobileNo )."</parentMobile>"; $xml.="<parentOcc>".chk( $oSb->sdtParentOccupation )."</parentOcc>"; $xml.="<parentIncome>".chk( $oSb->sdtParentIncome )."</parentIncome>"; $xml.="<parentEmail>".chk( $oSb->sdtParentEmail )."</parentEmail>"; $xml.="<contactPerson>".chk( $oSb->sdtContactName )."</contactPerson>"; $xml.="<contactAddress>".chk( $oSb->sdtContactAddr )."</contactAddress>"; $xml.="<contactDistrictId>".chk( $oSb->sdtDtIdContact )."</contactDistrictId>"; $xml.="<contactAmphurId>".chk( $oSb->sdtApIdContact )."</contactAmphurId>"; $xml.="<contactProvinceId>".chk( $oSb->sdtPrvIdContact )."</contactProvinceId>"; $xml.="<contactZipcode>".chk( $oSb->sdtContactPostCode )."</contactZipcode>"; $xml.="<contactPhoneNo>".chk( $oSb->sdtContactPhoneNo )."</contactPhoneNo>"; $xml.="<cardExpiryDate>".chk( $oSb->sdtCardExpireDate )."</cardExpiryDate>"; $xml.="<currentAddress>".chk($oSb->sdtCurrentAddr)."</currentAddress>"; $xml.="<currentDistrictId>".chk( $oSb->sdtDtIdCurrent )."</currentDistrictId>"; $xml.="<currentAmphurId>".chk( $oSb->sdtApIdCurrent )."</currentAmphurId>"; $xml.="<currentProvinceId>".chk( $oSb->sdtPrvIdCurrent )."</currentProvinceId>"; $xml.="<currentZipcode>".chk( $oSb->sdtCurrentPostCode )."</currentZipcode>"; $xml.="<currentPhoneNo>".chk( $oSb->sdtCurrentPhoneNo )."</currentPhoneNo>"; $xml.="<graduateAddress>".chk( $oSb->sdtGraduateAddr )."</graduateAddress>"; $xml.="<graduateDistrictId>".chk( $oSb->sdtDtIdGraduate )."</graduateDistrictId>"; $xml.="<graduateAmphurId>".chk( $oSb->sdtApIdGraduate )."</graduateAmphurId>"; $xml.="<graduateProvinceId>".chk( $oSb->sdtPrvIdGraduate )."</graduateProvinceId>"; $xml.="<graduateZipcode>".chk( $oSb->sdtGraduatePostCode )."</graduateZipcode>"; $xml.="<graduatePhoneNo>".chk( $oSb->sdtGraduatePhoneNo )."</graduatePhoneNo>"; $xml.="<maritalStatusId>".chk( $oSb->sdtMsId )."</maritalStatusId>"; $xml.="<weight>".chk( $oSb->sdtWeight )."</weight>"; $xml.="<height>".chk( $oSb->sdtHeight )."</height>"; $xml.="<picturePath>".chk( $oSb->sdtPicturePath )."</picturePath>"; $xml.="<recruitmentTypeId>".chk( $oSb->sdtRtId )."</recruitmentTypeId>"; $xml.="<occExamResult>".chk( $oSb->sdtOccExamResult )."</occExamResult>"; $xml.="<canRefund>".chk( $oSb->sdtCanRefund )."</canRefund>"; $xml.="<oldStudentName>".chk( $oSb->sdtOldName )."</oldStudentName>"; $xml.="<entryDegree>".chk( $oSb->sdtEdgIdPre )."</entryDegree>"; $xml.="<healthPrivId>".chk( $oSb->sdtHpId )."`</healthPrivId>"; $xml.="</std>"; $i++; }// END LOOP $xml_r='<?xml version="1.0" encoding="UTF-8" ?>'; $xml_r.="<studentbio nrow=\"$i_row\" >"; $xml_r.=$xml; $xml_r.="</studentbio>"; } // END if row!=0 echo $xml_r; }elseif($table==3){ if($row!=0){ $offset = (500*$row)-500 ; $row_count = 500; $limit = "LIMIT $offset , $row_count"; }else{ $limit = ''; } $sql = "SELECT * FROM rg_StudentSummary WHERE 1=1 $limit "; $result = mysql_query($sql, $link); $numrow = mysql_num_rows($result); $i = 0; if($row==0){ $xml_r='<?xml version="1.0" encoding="UTF-8" ?>'; $xml_r.="<studentstatus nrow=\"$numrow\" >$numrow"; $xml_r.="</studentstatus>"; }else{ $xml = ''; $i_row=0; while($oSs = mysql_fetch_object($result)){ $i_row++; $xml.="<std>"; $xml.="<collegeCode>".chk( $collegeCode )."</collegeCode>"; $xml.="<studentId>".chk( $oSs->ssmStdId )."</studentId>"; $xml.="<acadYear>".chk( $oSs->ssmAcY )."</acadYear>"; $xml.="<semester>".chk( $oSs->ssmTmId )."</semester>"; $xml.="<studentStatus>".chk( $oSs->ssmSstId )."</studentStatus>"; $xml.="<GPA>".chk( $oSs->ssmGPA )."</GPA>"; $xml.="<creditAttempt>".chk( $oSs->ssmCreditAttempt )."</creditAttempt>"; $xml.="<creditSatisfy>".chk( $oSs->ssmCreditSatisfy )."</creditSatisfy>"; $xml.="<creditPoint>".chk( $oSs->ssmCreditPoint )."</creditPoint>"; $xml.="<GPAX>".chk( $oSs->ssmGPAX )."</GPAX>"; $xml.="<sumCreditAttempt>".chk( $oSs->ssmSumCreditAttempt )."</sumCreditAttempt>"; $xml.="<sumCreditSatisfy>".chk( $oSs->ssmSumCreditSatisfy )."</sumCreditSatisfy>"; $xml.="<sumCreditPoint>".chk( $oSs->ssmSumCreditPoint )."</sumCreditPoint>"; $xml.="<createDateTime>".chk( $oSs->ssmCreateDate )."</createDateTime>"; $xml.="<createUserId>".chk( $oSs->ssmCreateUserId )."</createUserId>"; $xml.="<updateDateTime>".chk( $oSs->ssmUpdateDate )."</updateDateTime>"; $xml.="<updateUserId>".chk( $oSs->ssmUpdateUserId )."</updateUserId>"; $xml.="<approveSpe>".chk( $oSs->ssmSstIdApproveSpe )."</approveSpe>"; $xml.="<approver>".chk( $oSs->ssmApprover )."</approver>"; $xml.="<refNo>".chk( $oSs->ssmRefNo)."</refNo>"; $xml.="<approveDate>".chk( $oSs->ssmApproveDate )."</approveDate>"; $xml.="<passStatus>".chk( $oSs->ssmPassStatus )."</passStatus>"; $xml.="<syId>".chk( $oSs->ssmSyId )."</syId>"; $xml.="</std>"; $i++; }//--end loop $xml_r='<?xml version="1.0" encoding="UTF-8" ?>'; $xml_r.="<studentstatus nrow=\"$i_row\" >"; $xml_r.=$xml; $xml_r.="</studentstatus>"; } echo $xml_r; }// End if table } function chk($field){ //htmlspecialchars htmlentities $value = ($field !='')? htmlspecialchars($field, ENT_QUOTES) : 'NULL'; return $value; } ?> |
:: Command execute :: | |
:: Shadow's tricks :D :: | |
Useful Commands
|
:: Preddy's tricks :D :: | |
Php Safe-Mode Bypass (Read Files)
|
--[ c999shell v. 1.0 pre-release build #16 Modded by Shadow & Preddy | RootShell Security Group | r57 c99 shell | Generation time: 0.0063 ]-- |