shell bypass 403
UnknownSec Shell
:
/
home
/
delvin
/
dev.delv-in.com
/
models
/ [
drwxr-xr-x
]
upload
mass deface
mass delete
console
info server
name :
m_usr_payRate.php
<?php /* User Pay Rate Class */ class User_Pay_Rate { private $Database; private $db_table = 'users_payRate'; function __construct(){ global $Database; $this->Database = $Database; } public function get_all($practiceID, $sortOrder){ if ($sortOrder == ''){ $sortOrder = 'effectiveTS DESC'; } $data = array(); if ($stmt = $this->Database->prepare("SELECT * FROM " . $this->db_table ." WHERE practiceID = ? ORDER BY ". $sortOrder)){ $stmt->bind_param('i', $practiceID, ); $stmt->execute(); $stmt->store_result(); $stmt->bind_result($payRateID, $userID, $practiceID, $baseRate, $topupRate, $note, $effectiveTS, $expireTS); while ($stmt->fetch()){ $data[] = array('payRateID'=>$payRateID, 'userID'=>$userID, 'practiceID'=>$practiceID, 'baseRate'=>$baseRate, 'topupRate'=>$topupRate, 'note'=>$note, 'effectiveTS'=>$effectiveTS, 'expireTS'=>$expireTS); } return $data; $stmt->close(); } } public function search($practiceID, $userID, $t1, $t2, $payRateID, $sortOrder){ // echo __LINE__.": m_usr_punch_p: userID=". $userID. ", t1=". $t1 . ", t2=". $t2 . ", payRateID=". $payRateID .", sortOrder=". $sortOrder."<br>"; $rows = $this->get_all($practiceID, $sortOrder); foreach ($rows as $key => $row){ if ($payRateID > 0 && $row['payRateID'] != $payRateID){ unset($rows[$key]); } if ($userID > 0 && $row['userID'] != $userID){ unset($rows[$key]); } // unset policies that expired before t1 if (($t1 > 0 && $t2 <= 0) && ($row['expireTS'] > 0 && $row['expireTS'] < $t1) ){ unset($rows[$key]); } else if (($t1 > 0 && $t2 > 0) && $row['effectiveTS'] >= $t2 || ($row['expireTS'] > 0 && $row['expireTS'] < $t1)){ //unset records not active at any time from t1 to t2 unset($rows[$key]); } } if ($payRateID > 0){ $rows = $rows[array_key_first($rows)]; } else { $rows = array_values($rows); } // echo __LINE__.": " . count($rows) . "<br>"; return $rows; } public function add_mod($payRateID, $baseRate, $topupRate, $note, $effectiveTS, $xEffectiveTS){ $Template = new Template; date_default_timezone_set($_SESSION['timeZone']); $note = htmlspecialchars($note); // echo __LINE__.": ".$payRateID." | ". $rate ." | ". $effectiveTS . " - " .$effective ." | ".$xEffectiveTS." - " . date('F j, Y', $xEffectiveTS) ."<br>"; if ($payRateID > 0){ // update if ($xEffectiveTS != $effectiveTS ){ // effective date was changed -> need to update expire date of previous policy // look for policy with expireTS that matches xEffectiveTS $previous_policy = $this->search($_SESSION['PID'], $_SESSION['edit_id'], '', '', '', 'effectiveTS DESC'); $previous_policy = $previous_policy[1]; if (isset($previous_policy['payRateID'])){ $this->update_expire($previous_policy['payRateID'], $_SESSION['PID'], $effectiveTS - 1); } } // $query = "UPDATE `" . $this->db_table . "` SET `rate`='".$baseRate."', `topupRate`='" . $topupRate . "', `note`='".$note."', `effectiveTS` ='".$effectiveTS."' WHERE `payRateID`='". $payRateID."' and practiceID='".$_SESSION."'"; // echo __line__.": ".$query."<br>"; if ($stmt = $this->Database->prepare("UPDATE `" . $this->db_table . "` SET `baseRate`=?, `topupRate`=?, `note`=?, `effectiveTS` = ? WHERE `payRateID` = ?")){ $stmt->bind_param('ddsii', $baseRate, $topupRate, $note, $effectiveTS, $payRateID); if ($stmt->execute()){ $Template->set_alert("Changes saved", 'success'); } else { $Template->set_alert("ERROR: Changes NOT saved", 'error'); } } else { $Template->set_alert("ERROR: Could not prepare mysqli statement. m_usr_groups ".__line__, 'error'); } } else { // insert $expireTS = 0; // set expire for previous policy - get previous policy // get most recent policy $previous_policy = $this->search($_SESSION['PID'], $_SESSION['edit_id'], '', '', '', 'effectiveTS DESC'); if (isset($previous_policy[0])){ $previous_policy = $previous_policy[0]; } if (isset($previous_policy['payRateID'])){ // set expire to the effective date of new policy $this->update_expire($previous_policy['payRateID'], $_SESSION['PID'], $effectiveTS - 1); } $query = "INSERT INTO `" . $this->db_table . "` (`practiceID`, `userID`, `baseRate`, `topupRate`, `note`, `effectiveTS`, `expireTS`) VALUES (".$_SESSION['PID'].", ".$_SESSION['edit_id'] . ", " . $rate . ", " . $note . "', '" .$effectiveTS . ", " . $expireTS . ")"; // echo __line__.": ".$query."<br>"; if ($stmt = $this->Database->prepare("INSERT INTO `" . $this->db_table . "` (`practiceID`, `userID`, `baseRate`, `topupRate`, `note`, `effectiveTS`, `expireTS`) VALUES (?,?,?,?,?,?,?)")){ $stmt->bind_param('iiddsii', $_SESSION['PID'], $_SESSION['edit_id'], $baseRate, $topupRate, $note, $effectiveTS, $expireTS); if ($stmt->execute()){ $Template->set_alert("Pay rate data added", 'success'); } else { $Template->set_alert("ERROR: Record NOT added", 'error'); } } else { $Template->set_alert("ERROR: Could not prepare mysqli statement. m_usr_groups ".__line__, 'error'); } } } public function update_expire($payRateID, $practiceID, $expireTS){ $Template = new Template; if ($payRateID > 0){ $query = "UPDATE ". $this->db_table." SET expireTS = '".$expireTS."' WHERE payRateID = '".$payRateID."'"; if ($stmt = $this->Database->prepare("UPDATE ". $this->db_table." SET expireTS = ? WHERE payRateID = ?")){ $stmt->bind_param('ii', $expireTS, $payRateID); $stmt->execute(); $stmt->close(); } else { $Template->set_alert("ERROR: could not prepare SQLi statement.".__LINE__."-m_usr_payRate", 'error'); } } else { $zero = 0; if ($stmt = $this->Database->prepare("UPDATE `". $this->db_table."` SET `expireTS` = ? WHERE `userID` = ? and `practiceID` = ? and `expireTS` = ?")){ $stmt->bind_param('iiii', $expireTS, $_SESSION['edit_id'], $practiceID, $zero); $stmt->execute(); $stmt->close(); } else { $Template->set_alert("ERROR: could not prepare SQLi statement.".__LINE__."-m_usr_payRate", 'error'); } } } public function delete($payRateID, $userID, $practiceID){ // echo __line__.": payRateID=" . $payRateID .", userID=" . $userID . "<br>"; if ($payRateID > 0){ $previous_policy = $this->search($practiceID, $_SESSION['edit_id'], '', '', '', 'effectiveTS DESC'); if (isset($previous_policy[1])){ $previous_policy = $previous_policy[1]; } if (isset($previous_policy['payRateID'])){ $this->update_expire($_SESSION['PID'], $previous_policy['payRateID'], '0'); } if ($stmt = $this->Database->prepare("DELETE FROM " . $this->db_table . " WHERE payRateID = ?")){ $stmt->bind_param('i', $payRateID); if ($stmt->execute()){ return true; } else { return false; } } } else if ($userID > 0 && $practiceID > 0){ if ($stmt = $this->Database->prepare("DELETE FROM " . $this->db_table . " WHERE userID=? AND practiceID = ?")){ $stmt->bind_param('ii', $userID, $practiceID); if ($stmt->execute()){ return true; } else { return false; } } } } public function v7update($userID, $userID2, $practiceID){ $query = "UPDATE `" . $this->db_table . "` SET `userID` = '" . $userID . "' WHERE `userID` = '" . $userID2 . " and `practiceID` = '" . $practiceID . "'"; // echo __LINE__.": " . $query . "<br>"; if ($stmt = $this->Database->prepare("UPDATE `" . $this->db_table . "` SET `userID` = ? WHERE `userID` = ? and `practiceID` = ?")){ $stmt->bind_param('iii', $userID, $userID2, $practiceID); if ($stmt->execute()){ $stmt->close(); return 'success'; } else { return 'error'; } } } } ?>
© 2026 UnknownSec