Software: Apache/2.2.3 (CentOS). PHP/5.1.6 uname -a: Linux mx-ll-110-164-51-230.static.3bb.co.th 2.6.18-194.el5PAE #1 SMP Fri Apr 2 15:37:44 uid=48(apache) gid=48(apache) groups=48(apache) Safe-mode: OFF (not secure) /var/www/html/ws_standard_on_mis/ drwxr-xr-x |
Viewing file: mis_standard.php.bak (19.82 KB) -rw-r--r-- Select action/file-type: (+) | (+) | (+) | Code (+) | Session (+) | (+) | SDB (+) | (+) | (+) | (+) | (+) | (+) | <?php require_once('nusoap.php'); //-----------------------------------------------------Teachers_now function teachers_now($search_teachers_now) { $information = '<?xml version="1.0" encoding="windows-874"?>'; $information .= "\n<Teachers_now>"; //teacher $information .= "\n<teachers>"; $dsn_name = "staff"; $username =""; $password =""; $connect= odbc_connect($dsn_name, $username, $password) or die("µÔ´µèÍ DSN äÁèä´é"); //$sql = "SELECT *,TEmployee.id as tempid,TPrefix.name as prefixname FROM TEmployee,TWorkStatus,TPosScale,TPrefix WHERE (TEmployee.work_status=TWorkStatus.id) and (TEmployee.Id=TPosScale.TEmp_id) and (TEmployee.Prefix_id=TPrefix.id) and (TWorkStatus.id = '0') and (TEmployee.id like '01%') and (TPosScale.TDep_id = '0702')"; $sql = "select count(*) as countP from( SELECT *,TEmployee.id as tempid,TPrefix.name as prefixname,TPosition.name as positionname FROM TEmployee,TWorkStatus,TPosScale,TPrefix,TPosition WHERE (TEmployee.work_status=TWorkStatus.id) and (TEmployee.Id=TPosScale.TEmp_id) and (TEmployee.Prefix_id=TPrefix.id) and (TWorkStatus.id = '0') and (TPosScale.TPos_id=TPosition.id) and (TPosScale.TPos_id = '0014' or TPosScale.TPos_id = '0017') and (TPosScale.Duty_id='8') order by TEmployee.id)"; $execute = odbc_exec($connect, $sql) or die ("àÍç¡«Ô¤ÔÇÊì¤ÓÊÑè§äÁèä´é"); $count_people_8=0; while($row1 = odbc_fetch_array($execute)) { $count_people_8=$row1["countP"]; } $count_people_8 = ($count_people_8/2); $sql = "SELECT *,TEmployee.id as tempid,TPrefix.name as prefixname,TPosition.name as positionname FROM TEmployee,TWorkStatus,TPosScale,TPrefix,TPosition WHERE (TEmployee.work_status=TWorkStatus.id) and (TEmployee.Id=TPosScale.TEmp_id) and (TEmployee.Prefix_id=TPrefix.id) and (TWorkStatus.id = '0') and (TPosScale.TPos_id=TPosition.id) and (TPosScale.TPos_id = '0014' or TPosScale.TPos_id = '0017') order by TEmployee.id"; $execute = odbc_exec($connect, $sql) or die ("àÍç¡«Ô¤ÔÇÊì¤ÓÊÑè§äÁèä´é"); $i=1; $num1=0; while($row = odbc_fetch_array($execute)) { $num1++; $id=$row["tempid"]; $idx=$row["idx"]; $prefixname=$row["prefixname"]; $name=$row["fname"]; $surname=$row["lname"]; $position=$row["positionname"]; $cnow=$row["c_now"]; $information .= "\n<teacher>"; $information .= "\n<teacher_id>"; $information .= "$id"; $information .= "\n</teacher_id>"; $information .= "\n<person_id>"; $information .= "$idx"; $information .= "\n</person_id>"; $information .= "\n<teacher_prefixname>"; $information .= "$prefixname"; $information .= "\n</teacher_prefixname>"; $information .= "\n<teacher_fname>"; $information .= "$name"; $information .= "\n</teacher_fname>"; $information .= "\n<teacher_lname>"; $information .= "$surname"; $information .= "\n</teacher_lname>"; $information .= "\n<teacher_position>"; $information .= "$position"; $information .= "\n</teacher_position>"; $information .= "\n<teacher_cnow>"; $information .= "$cnow"; $information .= "\n</teacher_cnow>"; $information .= "\n</teacher>"; } // ¨º loop //$num1 = $num1-$count_people_8; $num1 = $num1-$count_people_8; $information .= "\n</teachers>"; $information .= "\n<num_teachers>"; $information .= "$num1"; $information .= "\n</num_teachers>"; $information .= "\n</Teachers_now>"; return $information; } //--------------------------------------------------------Projects_of_outservice function projects_of_outservice($search_projects_of_outservice,$search_term_date_start,$search_term_date_end) { $information = '<?xml version="1.0" encoding="windows-874"?>'; $information .= "\n<Projects_of_outservice>"; //project $information .= "\n<projects>"; $dsn_name = "project"; $username =""; $password =""; $connect= odbc_connect($dsn_name, $username, $password) or die("µÔ´µèÍ DSN äÁèä´é"); //selece_database_project $sql = "SELECT TProject.id, TProject.NameT ,TProject.NameE ,TProject.Type_id, TProject.TypeSub_id ,TProject.sdate , TProject.edate FROM TProject, TTypeProject, TTypeProjectSub WHERE (TProject.Type_id=TTypeProject.id) and (TProject.TypeSub_id=TTypeProjectSub.id)and (TProject.Type_id='1') and (TProject.TypeSub_id='01')"; //$sql = "SELECT TProject.id, TProject.NameT ,TProject.NameE ,TProject.Type_id, TProject.TypeSub_id ,TProject.sdate , TProject.edate FROM TProject, TTypeProject, TTypeProjectSub WHERE (TProject.Type_id=TTypeProject.id) and (TProject.TypeSub_id=TTypeProjectSub.id)and (TProject.Type_id='1') and (TProject.TypeSub_id='01') and (TProject.sdate > '1%')"; $execute = odbc_exec($connect, $sql) or die ("àÍç¡«Ô¤ÔÇÊì¤ÓÊÑè§äÁèä´é"); $i=1; $num1=0; while($row = odbc_fetch_array($execute)) { $TProject_id=$row['id']; $TProject_NameT=$row["NameT"]; $TProject_NameE=$row["NameE"]; $TProject_Type_id=$row["Type_id"]; $TProject_TypeSub_id=$row["TypeSub_id"]; $TProject_sdate=$row["sdate"]; $TProject_edate=$row["edate"]; //selece_database_TTypeProject $sql2 = "SELECT * FROM TTypeProject WHERE (id='$TProject_Type_id')"; $execute2 = odbc_exec($connect, $sql2) or die ("àÍç¡«Ô¤ÔÇÊì¤ÓÊÑè§äÁèä´é"); while($row2 = odbc_fetch_array($execute2)) { $TTypeProject_id=$row2["id"]; $TTypeProject_name=$row2["name"]; } //selece_database_TTypeProjectSub $sql3 = "SELECT * FROM TTypeProjectSub WHERE (id='$TProject_TypeSub_id')"; //$sql = "SELECT * FROM TProject"; $execute3 = odbc_exec($connect, $sql3) or die ("àÍç¡«Ô¤ÔÇÊì¤ÓÊÑè§äÁèä´é"); while($row3 = odbc_fetch_array($execute3)) { $TTypeProjectSub_id=$row3["id"]; $TTypeProjectSub_name=$row3["name"]; } $TProject_sdate_c = substr($TProject_sdate, 0, 10); //$TProject_sdate_c = sprintf("%01d", $TProject_sdate_c); if ($TProject_sdate_c >= $search_term_date_start and $TProject_sdate_c <= $search_term_date_end) { $num1++; $information .= "\n<project>"; $information .= "\n<project_id>"; $information .= "$TProject_id"; $information .= "\n</project_id>"; $information .= "\n<project_tname>"; $information .= "$TProject_NameT"; $information .= "\n</project_tname>"; $information .= "\n<project_ename>"; $information .= "$TProject_NameE"; $information .= "\n</project_ename>"; $information .= "\n<project_type_id>"; $information .= "$TProject_Type_id"; $information .= "\n</project_type_id>"; $information .= "\n<project_type_name>"; $information .= "$TTypeProject_name"; $information .= "\n</project_type_name>"; $information .= "\n<project_typesub_id>"; $information .= "$TProject_TypeSub_id"; $information .= "\n</project_typesub_id>"; $information .= "\n<project_typesub_name>"; $information .= "$TTypeProjectSub_name"; $information .= "\n</project_typesub_name>"; $information .= "\n<project_sdate>"; $information .= "$TProject_sdate"; $information .= "\n</project_sdate>"; $information .= "\n<project_edate>"; $information .= "$TProject_edate"; $information .= "\n</project_edate>"; $information .= "\n<project_date>"; $information .= "$search_term_date_start,$search_term_date_end"; $information .= "\n</project_date>"; $information .= "\n</project>"; } } //end_selece_database_project $information .= "\n</projects>"; //project $information .= "\n<num_projects>"; $information .= "$num1"; $information .= "\n</num_projects>"; $information .= "\n</Projects_of_outservice>"; return $information; } //-----------------------------------------------------Committees_of_teacher function committees_of_teacher($search_Committees_of_teacher) { $information = '<?xml version="1.0" encoding="windows-874"?>'; //Committees_of_teacher $information .= "\n<Committees_of_teacher>"; //committees $information .= "\n<committees>"; $dsn_name = "staff"; $username =""; $password =""; $connect= odbc_connect($dsn_name, $username, $password) or die("µÔ´µèÍ DSN äÁèä´é"); //selece_database_project //$sql = "SELECT * FROM TFileCommittee, TEmployee WHERE TFileCommittee.TEmp_id=TEmployee.Id"; //$sql = "SELECT * FROM TProject"; $sql = "SELECT *,TEmployee.id as tempid FROM TFileCommittee, TEmployee,TWorkStatus,TPosScale WHERE TFileCommittee.TEmp_id=TEmployee.Id and (TEmployee.work_status=TWorkStatus.id) and (TEmployee.Id=TPosScale.TEmp_id) and (TWorkStatus.id = '0') and (TEmployee.id like '01%') and (TPosScale.TDep_id = '0702')"; $execute = odbc_exec($connect, $sql) or die ("àÍç¡«Ô¤ÔÇÊì¤ÓÊÑè§äÁèä´é"); $i=1; $num1=0; $num2=0; $TEmployee_id_check=""; while($row = odbc_fetch_array($execute)) { $num2++; $TEmployee_id=$row['tempid']; $TEmployee_fname=$row["fname"]; $TEmployee_lname=$row["lname"]; $TFileCommittee_order_no=$row["order_no"]; $TFileCommittee_ttile=$row["TTitle"]; if($TEmployee_id!=$TEmployee_id_check) { $num1++; } $TEmployee_id_check=$TEmployee_id; $information .= "\n<committee>"; $information .= "\n<temp_id>"; $information .= "$TEmployee_id"; $information .= "\n</temp_id>"; $information .= "\n<temp_fname>"; $information .= "$TEmployee_fname"; $information .= "\n</temp_fname>"; $information .= "\n<temp_lname>"; $information .= "$TEmployee_lname"; $information .= "\n</temp_lname>"; $information .= "\n<order_no>"; $information .= "$TFileCommittee_order_no"; $information .= "\n</order_no>"; $information .= "\n<t_title>"; $information .= "$TFileCommittee_ttile"; $information .= "\n</t_title>"; $information .= "\n</committee>"; } //end_selece_database_project $information .= "\n</committees>"; //end_committee $information .= "\n<num_teacher_committees>"; $information .= "$num1"; $information .= "\n</num_teacher_committees>"; $information .= "\n<num_committees_of_teacher>"; $information .= "$num2"; $information .= "\n</num_committees_of_teacher>"; $information .= "\n</Committees_of_teacher>"; return $information; } //-----------------------------------------------------Project_budget //function project_budget($search_project_budget,$search_term_date_start,$search_term_date_end) { function project_budget($search_project_budget) { $information = '<?xml version="1.0" encoding="windows-874"?>'; //Project_budget $information .= "\n<Project_budget>"; //project $information .= "\n<projects>"; $dsn_name = "project"; $username =""; $password =""; $connect= odbc_connect($dsn_name, $username, $password) or die("µÔ´µèÍ DSN äÁèä´é"); //selece_database_project //$sql = "SELECT TProject.id as a, TProject.NameT ,TProject.NameE ,TProject.Type_id, TProject.TypeSub_id ,TProject.sdate , TProject.edate , TProject.budget3 , TProject.budget4, TProject.budget2 FROM TProject, TTypeProject, TTypeProjectSub WHERE (TProject.Type_id=TTypeProject.id) and (TProject.TypeSub_id=TTypeProjectSub.id)and (TProject.Type_id='1') and (TProject.TypeSub_id='01')"; $sql = "SELECT TProject.id as a, TProject.NameT ,TProject.NameE ,TProject.Type_id, TProject.TypeSub_id, TProject.sdate , TProject.edate ,TProject.budget3 , TProject.budget4, TProject.budget2 FROM TProject, TTypeProject, TTypeProjectSub WHERE (TProject.Type_id=TTypeProject.id) and (TProject.TypeSub_id=TTypeProjectSub.id)and (TProject.Type_id='1') and (TProject.TypeSub_id='01') "; $execute = odbc_exec($connect, $sql) or die ("àÍç¡«Ô¤ÔÇÊì¤ÓÊÑè§äÁèä´é"); $i=1; $num1=0; while($row = odbc_fetch_array($execute)) { $TProject_id=$row['a']; $TProject_NameT=$row["NameT"]; $TProject_NameE=$row["NameE"]; $TProject_Type_id=$row["Type_id"]; $TProject_TypeSub_id=$row["TypeSub_id"]; //$TProject_sdate1=$row["sdate"]; //$TProject_edate1=$row["edate"]; $TProject_budget2=$row["budget2"]; $TProject_budget3=$row["budget3"]; $TProject_budget4=$row["budget4"]; //selece_database_TTypeProject $sql2 = "SELECT * FROM TTypeProject WHERE (id='$TProject_Type_id')"; $execute2 = odbc_exec($connect, $sql2) or die ("àÍç¡«Ô¤ÔÇÊì¤ÓÊÑè§äÁèä´é"); while($row2 = odbc_fetch_array($execute2)) { $TTypeProject_id=$row2["id"]; $TTypeProject_name=$row2["name"]; } //selece_database_TTypeProjectSub $sql3 = "SELECT * FROM TTypeProjectSub WHERE (id='$TProject_TypeSub_id')"; //$sql = "SELECT * FROM TProject"; $execute3 = odbc_exec($connect, $sql3) or die ("àÍç¡«Ô¤ÔÇÊì¤ÓÊÑè§äÁèä´é"); while($row3 = odbc_fetch_array($execute3)) { $TTypeProjectSub_id=$row3["id"]; $TTypeProjectSub_name=$row3["name"]; } $TProject_sdate_d = substr($TProject_sdate, 0, 10); //$TProject_sdate_c = sprintf("%01d", $TProject_sdate_c); if ($TProject_sdate_d >= $search_term_date_start and $TProject_sdate_d <= $search_term_date_end) { $num1++; $information .= "\n<project>"; $information .= "\n<project_id>"; $information .= "$TProject_id"; $information .= "\n</project_id>"; $information .= "\n<project_tname>"; $information .= "$TProject_NameT"; $information .= "\n</project_tname>"; $information .= "\n<project_ename>"; $information .= "$TProject_NameE"; $information .= "\n</project_ename>"; $information .= "\n<project_type_id>"; $information .= "$TProject_Type_id"; $information .= "\n</project_type_id>"; $information .= "\n<project_type_name>"; $information .= "$TTypeProject_name"; $information .= "\n</project_type_name>"; /* $information .= "\n<project_sdate>"; $information .= "$TProject_sdate1"; $information .= "\n</project_sdate>"; $information .= "\n<project_edate>"; $information .= "$TProject_edate1"; $information .= "\n</project_edate>"; $information .= "\n<project_date>"; $information .= "$search_term_date_start,$search_term_date_end"; $information .= "\n</project_date>"; */ $information .= "\n<budget2>"; $information .= "$TProject_budget2"; $information .= "\n</budget2>"; $information .= "\n<budget3>"; $information .= "$TProject_budget3"; $information .= "\n</budget3>"; $information .= "\n<budget4>"; $information .= "$TProject_budget4"; $information .= "\n</budget4>"; $information .= "\n</project>"; $TProject_budget2_sum=$TProject_budget2_sum+$TProject_budget2; $TProject_budget3_sum=$TProject_budget3_sum+$TProject_budget3; $TProject_budget4_sum=$TProject_budget4_sum+$TProject_budget4; } //end_selece_database_project $information .= "\n</projects>"; //sum_Project_budget $information .= "\n<budget2_sum>"; $information .= "$TProject_budget2_sum"; $information .= "\n</budget2_sum>"; $information .= "\n<budget3_sum>"; $information .= "$TProject_budget3_sum"; $information .= "\n</budget3_sum>"; $information .= "\n<budget4_sum>"; $information .= "$TProject_budget4_sum"; $information .= "\n</budget4_sum>"; $information .= "\n</Project_budget>"; return $information; } //-----------------------------------------------------asset_permanent---------------------------------- //function projects_of_outservice($search_projects_of_outservice,$search_term_date_start,$search_term_date_end) { function asset_permanent($search_asset_permanent) { $information = '<?xml version="1.0" encoding="windows-874"?>'; //asset_permanent $information .= "\n<asset_permanent>"; //asset_permanent $information .= "\n<assets>"; $dsn_name = "asset"; $username =""; $password =""; $connect= odbc_connect($dsn_name, $username, $password) or die("µÔ´µèÍ DSN äÁèä´é"); //selece_database_asset $sql = "SELECT TBase_budget.id as a, TBase.name, TBase.bye_year, TBase.pirce, TBase_budget.budgetyear ,TBase_budget.amount , TBase.TTypecate_id , TTypeCatagory.id FROM TBase, TBase_budget, TTypeCatagory WHERE (TBase.id = TBase_budget.id) and (TBase.TTypecate_id = TTypeCatagory.id) and ( (TBase.TTypecate_id = '100') or (TBase.TTypecate_id = '101') )and (TBase_budget.budgetyear = 2550)"; $num1=0; $sum =""; $sum100 = ""; $sum101 = ""; $sum102 = ""; $execute = odbc_exec($connect, $sql) or die ("àÍç¡«Ô¤ÔÇÊì¤ÓÊÑè§äÁèä´é $sql"); while($row = odbc_fetch_array($execute)) { $TBase_id=$row['a']; $TBase_name=$row["name"]; $TBase_bye_year=$row["bye_year"]; $TBase_pirce=$row["pirce"]; $TBase_amount=$row["amount"]; $TTypecate_id=$row["TTypecate_id"]; $num1++; $information .= "\n<asset>"; $information .= "\n<asset_id>"; $information .= "$TBase_id"; $information .= "\n</asset_id>"; $information .= "\n<asset_name>"; $information .= "$TBase_name"; $information .= "\n</asset_name>"; $information .= "\n<asset_bye_year>"; $information .= "$TBase_bye_year"; $information .= "\n</asset_bye_year>"; $information .= "\n<asset_pirce>"; $information .= "$TBase_pirce"; $information .= "\n</asset_pirce>"; $information .= "\n<amount>"; $information .= "$TBase_amount"; $information .= "\n</amount>"; $information .= "\n<Typecate>"; $information .= "$TTypecate_id"; $information .= "\n</Typecate>"; $information .= "\n</asset>"; if ($TTypecate_id == '100') { $sum100 = $sum100 + $TBase_amount; } if ($TTypecate_id == '101') { $sum101 = $sum101 + $TBase_amount; } if ($TTypecate_id == '102') { $sum102 = $sum102 + $TBase_amount; } $sum=$sum100+$sum101+$sum102; } $information .= "\n</assets>"; //sum_asset_permanent $information .= "\n<base_sum>"; $information .= "$sum100"; $information .= "\n</base_sum>"; $information .= "\n<build_sum>"; $information .= "$sum101"; $information .= "\n</build_sum>"; $information .= "\n<asset_sum>"; $information .= "$sum102"; $information .= "\n</asset_sum>"; $information .= "\n<sum>"; $information .= "$sum"; $information .= "\n</sum>"; $information .= "\n</asset_permanent>"; return $information; } //------------------------------------------- $server = new soap_server; $server->configureWSDL('standard_3_wsdl', 'urn:standard_3_wsdl'); $server->register('teachers_now', array('search_teachers_now' => 'xsd:string'), array('information' => 'xsd:string'), 'http://localhost/ws_standard_on_mis/', 'http://localhost/ws_standard_on_mis/', 'rpc', 'encoded', 'Search_For_teachers_now'); //$search_term_date_start,$search_term_date_end $server->register('projects_of_outservice', array('search_projects_of_outservice' => 'xsd:string','search_term_date_start' => 'xsd:string','search_term_date_end' => 'xsd:string'), array('information' => 'xsd:string'), 'http://localhost/ws_standard_on_mis/', 'http://localhost/ws_standard_on_mis/', 'rpc', 'encoded', 'Search_For_projects_of_outservice'); $server->register('committees_of_teacher', array('search_committees_of_teacher' => 'xsd:string'), array('information' => 'xsd:string'), 'http://localhost/ws_standard_on_mis/', 'http://localhost/ws_standard_on_mis/', 'rpc', 'encoded', 'Search_For_committees_of_teacher'); $server->register('project_budget', array('search_project_budget' => 'xsd:string'), // array('search_project_budget' => 'xsd:string','search_term_date_start' => 'xsd:string','search_term_date_end' => 'xsd:string'), array('information' => 'xsd:string'), 'http://localhost/ws_standard_on_mis/', 'http://localhost/ws_standard_on_mis/', 'rpc', 'encoded', 'Search_For_project_budget'); $server->register('asset_permanent', array('search_asset_permanent' => 'xsd:string'), array('information' => 'xsd:string'), 'http://localhost/ws_standard_on_mis/', 'http://localhost/ws_standard_on_mis/', 'rpc', 'encoded', 'Search_For_asset_permanent'); $HTTP_RAW_POST_DATA = isset($HTTP_RAW_POST_DATA) ? $HTTP_RAW_POST_DATA : ''; $server->service($HTTP_RAW_POST_DATA); ?> |
:: Command execute :: | |
:: Shadow's tricks :D :: | |
Useful Commands
|
:: Preddy's tricks :D :: | |
Php Safe-Mode Bypass (Read Files)
|
--[ c999shell v. 1.0 pre-release build #16 Modded by Shadow & Preddy | RootShell Security Group | r57 c99 shell | Generation time: 0.0137 ]-- |