110.164.51.230 - phpshell

!c99Shell v. 1.0 pre-release build #16!
Software: Apache/2.2.3 (CentOS). PHP/5.1.6 uname -a: Linux mx-ll-110-164-51-230.static.3bb.co.th 2.6.18-194.el5PAE #1 SMP Fri Apr 2 15:37:44 EDT 2010 i686 uid=48(apache) gid=48(apache) groups=48(apache) Safe-mode: OFF (not secure) /var/www/html/mis2222/application/controllers/eregis/ drwxrwxrwx Free 50.65 GB of 127.8 GB (39.63%) Encoder Tools Proc. FTP brute Sec. SQL PHP-code Update Feedback Self remove Logout

<?php
include('rg_controller.php');
class dom extends Rg_controller {
//    function __construct() {
//        parent::__construct();
//    }

    // ##### start การพักหอพัก
    function showStdDom() {
        $this->load->model($this->config->item("rg_folder").'mo_rg_term','tm');

        $this->contents['rs_tm'] = $this->tm->get_options('','','','n');
        
        $this->contents['acY'] = $this->session->userdata('acY');
        $this->contents['tmId'] = $this->session->userdata('tmId');

        $this->output($this->config->item("rg_folder")."v_showStudentDomitory");
    }

    function addDom() {
        $this->load->library('form_validation');
        $this->form_validation->set_error_delimiters('<div class="error">','</div>');
        $this->form_validation->set_rules('curName',' ','trim|xss_clean');
        $this->form_validation->set_rules('curId',' ','trim|required|xss_clean');
        $this->form_validation->set_rules('stdTmIdAdmit',' ','trim|xss_clean');
        $this->form_validation->set_rules('adY',' ','trim|required|xss_clean');
        $this->form_validation->set_rules('acY',' ','callback_checkAcY');
        $this->form_validation->set_rules('tmId',' ','trim|required|xss_clean');

        if($this->form_validation->run() == true) {
            $this->sdm_input();
        } else {
            $this->showStdDom();
        }
    }

    function sdm_input() {
        $this->load->model($this->config->item("rg_folder").'mo_rg_curriculum','cur');
        $this->load->model($this->config->item("rg_folder").'mo_rg_term','tm');
        $this->load->model($this->config->item("rg_folder").'mo_rg_student','std');
        $this->load->model($this->config->item("rg_folder").'mo_rg_studentdomitory','sdm');
        $this->load->model($this->config->item("ppc_folder").'mo_spc_place','sp');
        $this->load->model($this->config->item("rg_folder").'mo_rg_studentdetails','sdt');

        $curId = $this->input->post('curId');
        $adY = $this->input->post('adY');
        $acY = $this->input->post('acY');
        $tmId = $this->input->post('tmId');
        $stdTmIdAdmit = $this->input->post('stdTmIdAdmit');

        $this->contents['acY'] = $acY;
        $this->contents['adY'] = $adY;

        $this->cur->curId = $curId;
        $this->contents['qu_cur'] = $this->cur->get_by_key();

        $this->tm->tmId = $tmId;
        $this->contents['qu_tm'] = $this->tm->get_by_key();

        $this->std->stdCurId = $curId;
        $this->std->stdAdY = $adY;
        $rs_std = $this->std->qryStdJoinPfSdm($acY, $tmId);
        $this->contents['rs_std'] = $rs_std;

        $opt[''] = "ไม่พักหอ";
        $rs_dm = $this->sp->getdomitory();
        if($rs_dm->num_rows()) {
            foreach($rs_dm->result() as $row_dm) {
                $opt[$row_dm->plHwId] = $row_dm->hwName;

                $this->sp->plBuilding = $row_dm->plHwId;
                $rs_sp = $this->sp->getDmRm();
                foreach ($rs_sp->result() as $row_sp) {
                    $opt[$row_sp->plHwId] = "&nbsp;&nbsp;".$row_sp->plRmNo;
                }
            }
        }

        $this->contents['rs_dm'] = $opt;

        if ( file_exists(dirname(dirname(dirname(__FILE__))).'/models/'.$this->config->item("sa_folder").'sa_dm_book_model.php') ) {
            $this->load->model($this->config->item("sa_folder").'sa_dm_book_model','dmb');

            $arr = array();
            foreach ($rs_std->result() as $row_std) {
                $this->sdt->sdtStdId = $row_std->stdId;
                $qu_sdt = $this->sdt->get_by_key();

                $this->dmb->dmb_citizen_id = $qu_sdt->row()->sdtCitizenId;
                $this->dmb->dmb_year = $acY;
                $this->dmb->dmb_tm_id = $tmId;
                $qu_dmb = $this->dmb->get_book();
                if ($qu_dmb->num_rows()) {
                    $arr[$row_std->stdId] = $qu_dmb;
                }
            }

            $this->contents['rs_dmb'] = $arr;
        }

        $this->output($this->config->item("rg_folder")."v_addStudentDomitory");
    }

    function sdm_insert_update() {
        $this->load->model($this->config->item("rg_folder").'mo_rg_studentdomitory','sdm');

        $this->load->library('form_validation');
        $this->form_validation->set_error_delimiters('<div class="error">','</div>');
        
        $cnt = $this->input->post('cnt');
        for($i=0; $i<$cnt; $i++) {
            $this->form_validation->set_rules('stdId'.$i,'รหัสนักศึกษา','trim|xss_clean');
            $this->form_validation->set_rules('sdmDmId'.$i,'หอพัก','trim|xss_clean|callback_checkDm');
            $this->form_validation->set_rules('sdmNumMonth'.$i,' ','trim|xss_clean');// integer

            if($this->input->post('sdmDmId'.$i)!="") {
                $this->form_validation->set_rules('sdmNumMonth'.$i,' ','trim|required|xss_clean');//integer|is_natural_no_zero|
            }
        }

        $tmId = $this->input->post('tmId');
        $acY = $this->input->post('acY');
        if($this->form_validation->run() == true) {
            $this->db->trans_begin();

            for($i=0; $i<$cnt; $i++) {
                $stdId = $this->input->post('stdId'.$i);
                $dmId = $this->input->post('sdmDmId'.$i);
                $month = $this->input->post('sdmNumMonth'.$i);

                $full = 0;
                $this->sdm->sdmDmId = $dmId;
                $this->sdm->sdmAcY = $acY;
                $this->sdm->sdmTmId = $tmId;
                $rs_sdm = $this->sdm->getFull();
                if ($rs_sdm->num_rows()) {
                    $full = 1;
                }

                if (!$full) {
                    $this->sdm->sdmStdId = $stdId;
                    $this->sdm->sdmTmId = $tmId;
                    $this->sdm->sdmAcY = $acY;

                    $qu_sdm = $this->sdm->get_by_key();
                    if($qu_sdm->num_rows()) {
                        if($dmId=='') {
                            $this->sdm->delete();
                        } else {
                            $this->sdm->sdmDmId = $dmId;
                            $this->sdm->sdmNumMonth = $month;
                            $this->sdm->update();
                        }
                    } else {
                        if($dmId!='') {
                            $this->sdm->sdmStdId = $stdId;
                            $this->sdm->sdmAcY = $acY;
                            $this->sdm->sdmTmId = $tmId;
                            $this->sdm->sdmDmId = $dmId;
                            $this->sdm->sdmNumMonth = $month;
                            $this->sdm->insert();
                        }
                    }
                }
            }
            if($this->db->trans_status() === false) {
                $this->db->trans_rollback();
            } else {
                $this->db->trans_commit();
            }

            $this->sdm_input();
        } else {
            $this->sdm_input();
        }
    }
    // ##### end การพักหอพัก

    // ##### start callback function
    function checkAdY($str) {
        if($str=='') {
            $this->form_validation->set_message('checkAdY','กรุณาป้อน%s');
            return false;
        } else if(strlen($str)!=4) {
            $this->form_validation->set_message('checkAdY','%sจะต้องเท่ากับ 4 หลัก');
            return false;
        } else if($str==0) {
            $this->form_validation->set_message('checkAdY','%sจะต้องมากกว่า 0');
            return false;
        } else {
            return true;
        }
    }
    function checkAcY($str) {
        if($str=='') {
            $this->form_validation->set_message('checkAcY','กรุณาป้อน%s');
            return false;
        } else if(strlen($str)!=4) {
            $this->form_validation->set_message('checkAcY','%sจะต้องเท่ากับ 4 หลัก');
            return false;
        } else if($str==0) {
            $this->form_validation->set_message('checkAcY','%sจะต้องมากกว่า 0');
            return false;
        }

        if($str >= $this->input->post('adY')) {
            return true;
        } else {
            $this->form_validation->set_message('checkAcY','%sจะต้องมากกว่าหรือเท่ากับปีการศึกษาที่เข้า');
            return false;
        }
    }
    function checkDm() {
        $this->load->model($this->config->item("rg_folder").'mo_rg_studentdomitory','sdm');
        return true;
    }
    // ##### end callback function
}
?>
:: Shadow's tricks :D ::
Useful Commands Warning. Kernel may be alerted using higher levels	Kernel Info:
:: Preddy's tricks :D ::
Php Safe-Mode Bypass (Read Files) File: eg: /etc/passwd	Php Safe-Mode Bypass (List Directories): Dir: eg: /etc/
:: Command execute ::
Enter:	Select: