110.164.51.230 - phpshell

!c99Shell v. 1.0 pre-release build #16!
Software: Apache/2.2.3 (CentOS). PHP/5.1.6 uname -a: Linux mx-ll-110-164-51-230.static.3bb.co.th 2.6.18-194.el5PAE #1 SMP Fri Apr 2 15:37:44 EDT 2010 i686 uid=48(apache) gid=48(apache) groups=48(apache) Safe-mode: OFF (not secure) /var/www/html/stdalumni/application/models/stdalumni/ drwxr-xr-x Free 50.91 GB of 127.8 GB (39.83%) Encoder Tools Proc. FTP brute Sec. SQL PHP-code Update Feedback Self remove Logout

<?php



include_once("da_HisAward.php");



class M_hisaward extends Da_hisaward {



    /*

     * aOrderBy = array('fieldname' => 'ASC|DESC', ... )

     */

    function get_all($aOrderBy=""){

        $orderBy = "";

        if ( is_array($aOrderBy) ) {

            $orderBy.= "ORDER BY "; 

            foreach ($aOrderBy as $key => $value) {

                $orderBy.= "$key $value, ";

            }

            $orderBy = substr($orderBy, 0, strlen($orderBy)-2);

        }

        $sql = "SELECT * 

                FROM HisAward 

                $orderBy";

        $query = $this->db->query($sql);

        return $query;

    }

    

    /*

     * create array of pk field and value for generate select list in view, must edit PK_FIELD and FIELD_NAME manually

     * the first line of select list is '-----เลือก-----' by default.

     * if you do not need the first list of select list is '-----เลือก-----', please pass $optional parameter to other values. 

     * you can delete this function if it not necessary.

     */

    function get_options($optional='y') {

        $qry = $this->get_all();

        if ($optional=='y') $opt[''] = '-----เลือก-----';

        foreach ($qry->result() as $row) {

            $opt[$row->PK_FIELD] = $row->FIELD_NAME;

        }

        return $opt;

    }



    public function getNextSeq($condition="") {

        $where = $this->checkCondition($condition);



        $c1 = substr($where, 0, -3);



        $sql = "SELECT IFNULL(MAX(seqId), 0) + 1 AS seqId

                    FROM $this->ea_dbname.HisAward

                    $c1";

        $query = $this->db->query($sql);

        return $query->row()->seqId;

    }

    

    function qryHa($condition="",$order="",$group="") {

        $where = $this->checkCondition($condition);

        $order = $this->checkOrderBy($order);

        $group = $this->checkGroupBy($group);



        $c1 = substr($where, 0, -3);

        $c2 = substr($order, 0, -1);

        $c3 = substr($group, 0, -1);



        $sql = "SELECT *

                FROM $this->ea_dbname.HisAward

                $c1

                $c3

                $c2";

        $query = $this->db->query($sql);

        return $query;

    }



    function qryHaJoinTaLaAmPf($condition="",$order="",$group="") {

        $where = $this->checkCondition($condition);

        $order = $this->checkOrderBy($order);

        $group = $this->checkGroupBy($group);



        $c1 = substr($where, 0, -3);

        $c2 = substr($order, 0, -1);

        $c3 = substr($group, 0, -1);



        $sql = "SELECT *

                FROM $this->ea_dbname.HisAward ha

                LEFT JOIN $this->ea_dbname.TypeAward ta ON ha.typeAwardId=ta.typeAwardId

                LEFT JOIN $this->ea_dbname.LevelAward la ON ha.levelAwardId=la.levelAwardId

                LEFT JOIN $this->ea_dbname.AlumniMain am ON ha.alumniId=am.alumniId

                LEFT JOIN $this->ppc_dbname.Prefix pf ON am.prefixId=pf.prefixId

                $c1

                $c3

                $c2";

        $query = $this->db->query($sql);

        return $query;

    }



    function qryHaNotSeqIdAndAmId($awardNameT,$awardCompany,$typeAwardId,$levelAwardId,$receiveDate,$seqId,$alumniId) {

        $sql = "SELECT *

                FROM $this->ea_dbname.HisAward

                WHERE awardNameT=?

                AND awardCompany=?

                AND typeAwardId=?

                AND levelAwardId=?

                AND receiveDate=?

                AND seqId <> ?

                AND alumniId=?";

        $query = $this->db->query($sql, array($awardNameT,$awardCompany,$typeAwardId,$levelAwardId,$receiveDate,$seqId,$alumniId));

        return $query;

    }



    public function qryHwByCurStdLevAndType($levelAwardId, $levelAwardName, $programAlumniId, $graduateY, $year1, $year2) {

        $y1 = ($year1!="") ? $year1-543 : "0000";

        $y2 = ($year2!="") ? $year2-543 : "9999";

        $cond = "";

        $cond.="AND YEAR(receiveDate) BETWEEN $y1 AND $y2";

        $i = 0;

        $arr = array();

        $sql = "SELECT *

                FROM $this->ea_dbname.TypeAward";

        $query = $this->db->query($sql);

        if($query->num_rows()) {

            foreach($query->result() as $row_query) {

                $sql_countAm = "SELECT *

                                FROM $this->ea_dbname.HisAward ha

                                INNER JOIN $this->ea_dbname.AlumniMain am ON ha.alumniId=am.alumniId

                                INNER JOIN $this->ea_dbname.TypeAward ta ON ha.typeAwardId=ta.typeAwardId

                                WHERE ta.typeAwardId=$row_query->typeAwardId

                                AND ha.levelAwardId=?

                                AND am.amProgramAlumni=?

                                AND am.graduateYear=?

                                $cond

                                GROUP BY ha.alumniId";

                $query_countAm = $this->db->query($sql_countAm,array($levelAwardId, $programAlumniId, $graduateY));



                $arr[$i]['level'] = ($i==0) ? $levelAwardName : "";

                $arr[$i]['typeaward'] = $row_query->typeAwardNameT;

                $arr[$i]['count'] = $query_countAm->num_rows();

                $arr[$i]['url'] = "{'levelAward':".$levelAwardId.", 'typeAward':".$row_query->typeAwardId.", 'programAlumniId':".$programAlumniId.", 'graduateY':".$graduateY."}";



                $i++;

            }

        }



        return $arr;

    }



    public function qryHwByStdLevAndType($levelAwardId, $levelAwardName, $year1, $year2, $studentCode) {

        $y1 = ($year1!="") ? $year1-543 : "0000";

        $y2 = ($year2!="") ? $year2-543 : "9999";

        $cond = "";

        $cond.="AND YEAR(receiveDate) BETWEEN $y1 AND $y2";

        $i = 0;

        $arr = array();

        $sql = "SELECT *

                FROM $this->ea_dbname.TypeAward";

        $query = $this->db->query($sql);

        if($query->num_rows()) {

            foreach($query->result() as $row_query) {

                $sql_countAm = "SELECT *

                                FROM $this->ea_dbname.HisAward ha

                                INNER JOIN $this->ea_dbname.AlumniMain am ON ha.alumniId=am.alumniId

                                INNER JOIN $this->ea_dbname.TypeAward ta ON ha.typeAwardId=ta.typeAwardId

                                WHERE ta.typeAwardId=$row_query->typeAwardId

                                AND ha.levelAwardId=?

                                AND am.studentCode=?

                                $cond

                                GROUP BY ha.alumniId";

                $query_countAm = $this->db->query($sql_countAm,array($levelAwardId, $studentCode));



                $arr[$i]['level'] = ($i==0) ? $levelAwardName : "";

                $arr[$i]['typeaward'] = $row_query->typeAwardNameT;

                $arr[$i]['count'] = $query_countAm->num_rows();

                $arr[$i]['url'] = "{'levelAward':".$levelAwardId.", 'typeAward':".$row_query->typeAwardId.", 'stdCode':".$studentCode."}";



                $i++;

            }

        }



        return $arr;

    }    // add your functions here



} // end class M_hisaward

?>
:: Shadow's tricks :D ::
Useful Commands Warning. Kernel may be alerted using higher levels	Kernel Info:
:: Preddy's tricks :D ::
Php Safe-Mode Bypass (Read Files) File: eg: /etc/passwd	Php Safe-Mode Bypass (List Directories): Dir: eg: /etc/
:: Command execute ::
Enter:	Select: