403Webshell
Server IP : 104.21.80.248  /  Your IP : 172.71.28.155
Web Server : Apache/2.4.25 (Win32) OpenSSL/1.0.2j PHP/5.6.30
System : Windows NT WIN-ECQAAA40806 6.2 build 9200 (Windows Server 2012 Standard Edition) i586
User : SYSTEM ( 0)
PHP Version : 5.6.30
Disable Function : NONE
MySQL : ON  |  cURL : ON  |  WGET : OFF  |  Perl : OFF  |  Python : OFF  |  Sudo : OFF  |  Pkexec : OFF
Directory :  /Inetpub/www/news/elearning/admin/

Upload File :
current_dir [ Writeable ] document_root [ Writeable ]

 

Command :

[ Back ]     

Current File : /Inetpub/www/news/elearning/admin//apply_auth.php
<?php

require '../configs/app_top.php';
if (!is_admin_logged_in()) {
  redirect(generate_admin_link("login"));
  exit;
}
if (isset($_POST['mode']) && $_POST['mode'] == 'add_new') {
  $redirectTo = "apply";

  $course = safe_input($_POST['course']);
  $sub_com = (safe_input($_POST['sub_com']) == "" ) ? NULL : safe_input($_POST['sub_com']) ;

  $fname = safe_input($_POST['fname']);
  $mname = safe_input($_POST['mname']);
  $lname = safe_input($_POST['lname']);
  $gender = safe_input($_POST['gender']);
  $gaurdian_name = safe_input($_POST['gaurdian_name']);
  $gaurdian_relation = safe_input($_POST['gaurdian_relation']);
  $is_relation_others = safe_input($_POST['is_relation_others']);
  $relation_others = safe_input($_POST['relation_others']);
  $gaurdian_mobile_no = safe_input($_POST['gaurdian_mobile_no']);
  $family_income = safe_input($_POST['family_income']);
  $dob = date("Y-m-d", safe_input($_POST['dob']) );
  $category = safe_input($_POST['category']);
  $physically_challenged = safe_input($_POST['physically_challenged']);
  $religion = safe_input($_POST['religion']);
  $nationality = safe_input($_POST['nationality']);
  $is_other_nationality = safe_input($_POST['is_other_nationality']);
  $nationality_others = safe_input($_POST['nationality_others']);
  $mobile = safe_input($_POST['mobile']);
  $phone = safe_input($_POST['phone']);
  $email_add = safe_input($_POST['email_add']);

  $cur_street_address = safe_input($_POST['cur_street_address']);
  $cur_pincode = safe_input($_POST['cur_pincode']);
  $cur_country = safe_input($_POST['cur_country']);
  $cur_state = safe_input($_POST['cur_state']);
  $cur_dist = safe_input($_POST['cur_dist']);
  $is_same_address = safe_input($_POST['is_same_address']);
  $per_street_address = safe_input($_POST['per_street_address']);
  $per_pincode = safe_input($_POST['per_pincode']);
  $per_country = safe_input($_POST['per_country']);
  $per_state = safe_input($_POST['per_state']);
  $per_dist = safe_input($_POST['per_dist']);

  $board = safe_input($_POST['board']);
  $is_board_others = safe_input($_POST['is_board_others']);
  $board_others = safe_input($_POST['board_others']);
  $roll_no1 = safe_input($_POST['roll_no1']);
  $roll_no2 = safe_input($_POST['roll_no2']);
  $passing_year = safe_input($_POST['passing_year']);

  if ($course == '' || $fname == '' || $gender == '' || $gaurdian_name == '' || $gaurdian_mobile_no == '' || $family_income == '' || $dob == '' || $category == '' || $physically_challenged == '' || $religion == '' || $mobile == '' || $cur_street_address == '' || $cur_pincode == '' || $cur_state == '' || $cur_dist == '' || $roll_no1 == '' || $passing_year == ''
    ) {
  
    $_SESSION["errorMsg"] = "Please provide the required fields";
    $_SESSION["errorType"] = "danger";
  } else {

    /*
      $sql = "INSERT INTO `students` (`s_id`, `s_course_code`, `sc_sub_com`, `s_fname`, `s_mname`, `s_lname`, `s_gender`, `s_dob`, `s_gaurdian_name`,
      `s_gaurdian_mobile_no`, `s_gaurdian_relation`, `s_gaurdian_is_relation_others`, `s_gaurdian_relation_others`,
      `s_family_income`, `s_category`, `s_physically_challenged`, `s_religion`, `s_nationality`, `s_is_other_nationality`,
      `s_nationality_others`, `s_mobile`, `s_phone`, `s_email_address`, `s_cur_street_address`, `s_cur_country`, `s_cur_state`, `
      s_cur_dist`, `s_cur_pincode`, `s_is_same_address`, `s_per_street_address`, `s_per_country`, `s_per_state`, `s_per_dist`,
      `s_per_pincode`, `s_board`, `s_is_board_others`, `s_board_others`, `s_roll_no1`, `s_roll_no2`, `s_passing_year`, `s_date_submitted`)


      VALUES (1, 'bag', 1, 'Shahrukh', NULL, NULL, '', '0000-00-00', '', '', '', NULL, NULL, '', '', '', '', '', '', '', '', NULL, NULL, '', 0, 0, 0, 0, '', NULL, NULL, NULL, NULL, NULL, '', NULL, NULL, '', NULL, '', '0000-00-00 00:00:00')";
     * 
     */

    $data = array("s_course_code" => $course, "sc_sub_com" => $sub_com, "s_fname" => $fname, "s_mname" => $mname, "s_lname" => $lname,
        "s_gender" => $gender, "s_dob" => $dob, "s_gaurdian_name" => $gaurdian_name, "s_gaurdian_mobile_no" => $gaurdian_mobile_no,
        "s_gaurdian_relation" => $gaurdian_relation, "s_gaurdian_is_relation_others" => $is_relation_others,
        "s_gaurdian_relation_others" => $relation_others, "s_family_income" => $family_income, "s_category" => $category,
        "s_physically_challenged" => $physically_challenged, "s_religion" => $religion, "s_nationality" => $nationality,
        "s_is_other_nationality" => $is_other_nationality, "s_nationality_others" => $nationality_others, "s_mobile" => $mobile,
        "s_phone" => $phone, "s_email_address" => $email_add, "s_cur_street_address" => $cur_street_address, "s_cur_country" => $cur_country,
        "s_cur_state" => $cur_state, "s_cur_dist" => $cur_dist, "s_cur_pincode" => $cur_pincode, "s_is_same_address" => $is_same_address,
        "s_per_street_address" => $per_street_address, "s_per_country" => $per_country, "s_per_state" => $per_state, "s_per_dist" => $per_dist,
        "s_per_pincode" => $per_pincode, "s_board" => $board, "s_is_board_others" => $is_board_others, "s_board_others" => $board_others,
        "s_roll_no1" => $roll_no1, "s_roll_no2" => $s_roll_no2, "s_passing_year" => $passing_year, "s_date_submitted" => date("Y-m-d H:i:s")
    );
    /*
      echo '<pre>';
      print_r($data);
      echo '</pre>';
      exit;
     * 
     */

    try {

      $sql = "INSERT INTO `" . TBL_STUDENT . "` (" . implode(array_keys($data), ", ") . ")"
              . " VALUES (:" . implode(array_keys($data), ", :") . ")";

      $DB->setAttribute(PDO::ATTR_AUTOCOMMIT, 0);
      $DB->beginTransaction();

      $stmt = $DB->prepare($sql);

      foreach ($data as $key => $val) {
        $stmt->bindValue(":$key", $val);
      }

      $stmt->execute();
      $retval = $stmt->rowCount();
      $sid = $DB->lastInsertId();

      for ($i = 0; $i < count($_POST["subj"]); $i++) {
        $subj = safe_input($_POST["subj"][$i]);
        $mo = safe_input($_POST["mo"][$i]);
        $fm = safe_input($_POST["fm"][$i]);
        $rem = safe_input($_POST["rem"][$i]);

        if ($subj <> "" && intval($mo) <> 0 && intval($fm) <> 0 && $rem <> "") {
          $sql = "INSERT INTO `" . TBL_STUDENT_MARKS . "` "
                  . "( sm_student_id, sm_subject_name, sm_marks_obtained, sm_full_marks, sm_remarks )"
                  . " VALUES (:sid, :sname, :mo, :fm, :rem)";

          $stmt = $DB->prepare($sql);
          $stmt->bindValue(":sid", $sid);
          $stmt->bindValue(":sname", $subj);
          $stmt->bindValue(":mo", $mo);
          $stmt->bindValue(":fm", $fm);
          $stmt->bindValue(":rem", $rem);
          $stmt->execute();
          $retval = $stmt->rowCount();
        }
      }

      $DB->commit();
      $retval = $sid;
    } catch (Exception $ex) {
      $DB->rollBack();
      $_SESSION["errorMsg"] = $ex->getMessage();
      $_SESSION["errorType"] = "danger";
      echo  $ex->getMessage();die;
    }

    if ($retval > 0) {

      $_SESSION["errorMsg"] = "Student application has been added successfully.";
      $_SESSION["errorType"] = "success";

      redirect(generate_admin_link($redirectTo));
      exit;
    } else {
      $_SESSION["errorMsg"] = "Failed to add student application. Try Again";
      $_SESSION["errorType"] = "danger";
    }
  }

  redirect(generate_admin_link($redirectTo, "mode=add"));
  exit;
}
redirect(generate_admin_link("home"));
?>

Youez - 2016 - github.com/yon3zu
LinuXploit