shell bypass 403
UnknownSec Shell
:
/
home
/
delvin
/
dev.delv-in.com
/
models
/ [
drwxr-xr-x
]
upload
mass deface
mass delete
console
info server
name :
m_usr_timeBankPrefs.php
<?php class Time_Bank_Prefs { private $Database; private $db_table = 'users_timeBankPrefs'; function __construct(){ global $Database; $this->Database = $Database; } public function get_all($practiceID, $sortOrder){ if ($sortOrder == ''){ $sortOrder = "`updateTS` DESC"; } $data = array(); if ($stmt = $this->Database->prepare("SELECT * FROM `" . $this->db_table . "` WHERE `practiceID` = ? ORDER BY " . $sortOrder)){ $stmt->bind_param('i', $practiceID); $stmt->execute(); $stmt->store_result(); $stmt->bind_result($timeBkPrefID, $practiceID, $userID, $repeatOT, $repeatReg, $repeatStat, $updateTS); while ($stmt->fetch()){ $data[] = array('timeBkPrefID'=>$timeBkPrefID, 'practiceID'=>$practiceID, 'userID'=>$userID, 'repeatOT'=>$repeatOT, 'repeatReg'=>$repeatReg, 'repeatStat'=>$repeatStat, 'updateTS'=>$updateTS); } return $data; $stmt->close(); } } public function search($practiceID, $timeBkPrefID, $userID, $sortOrder){ $rows = $this->get_all($practiceID, $sortOrder); // echo __LINE__.": m_bt_request, timeBkPrefID=" . $timeBkPrefID . ", userID=" . $userID . ", <br>num_rows=" . count($rows) . "<br>";; foreach ($rows as $key => $row){ if ($timeBkPrefID > 0 && $row['timeBkPrefID'] != $timeBkPrefID){ unset($rows[$key]); } if ($userID > 0 && $row['userID'] != $userID){ unset($rows[$key]); } } return $rows; } public function get($timeBkPrefID, $userID){ $data = array(); if ($userID > 0){ // get all for 1 user if ($stmt = $this->Database->prepare("SELECT * FROM " . $this->db_table . " WHERE userID = ? and practiceID = ? ORDER BY updateTS DESC")){ $stmt->bind_param('ii', $userID, $_SESSION['PID']); $stmt->execute(); $stmt->store_result(); $stmt->bind_result($timeBkPrefID, $practiceID, $userID, $repeatOT, $repeatReg, $repeatStat, $updateTS); while ($stmt->fetch()){ $data[] = array('timeBkPrefID'=>$timeBkPrefID, 'practiceID'=>$practiceID, 'userID'=>$userID, 'repeatOT'=>$repeatOT, 'repeatReg'=>$repeatReg, 'repeatStat'=>$repeatStat, 'updateTS'=>$updateTS); } return $data; $stmt->close(); } } else { // most recent for all staff if ($stmt = $this->Database->prepare("SELECT * FROM " . $this->db_table . " WHERE practiceID = ? ORDER BY updateTS")){ $stmt->bind_param('i', $_SESSION['PID']); $stmt->execute(); $stmt->store_result(); $stmt->bind_result($timeBkPrefID, $practiceID, $userID, $repeatOT, $repeatReg, $repeatStat, $updateTS); while ($stmt->fetch()){ $data[$userID] = array('timeBkPrefID'=>$timeBkPrefID, 'practiceID'=>$practiceID, 'userID'=>$userID, 'repeatOT'=>$repeatOT, 'repeatReg'=>$repeatReg, 'repeatStat'=>$repeatStat, 'updateTS'=>$updateTS); } return $data; $stmt->close(); } } } public function add_mod($timeBkPrefID, $userID, $repeatOT, $repeatReg, $repeatStat){ date_default_timezone_set($_SESSION['timeZone']); $now = strtotime('now'); if ($timeBkPrefID <= 0){ // $query = "INSERT INTO ". $this->db_table . " (practiceID, userID, repeatOT, repeatReg, repeatStat, updateTS) VALUES ('" . $_SESSION['PID'] . "', '" . $userID . "', '" . $repeatOT . "', '" . $repeatReg . "', '" . $repeatStat . "', '" . $now . "')"; if ($stmt = $this->Database->prepare("INSERT into ". $this->db_table . " (practiceID, userID, repeatOT, repeatReg, repeatStat, updateTS) VALUES (?,?,?,?,?,?)")){ $stmt->bind_param('iisssi', $_SESSION['PID'], $userID, $repeatOT, $repeatReg, $repeatStat, $now); if ($stmt->execute()){ return true; } else { return false; } $stmt->close(); } } else { $query = "UPDATE " . $this->db_table . " SET repeatOT = '". $repeatOT ."', repeatReg = '" . $repeatReg . "', repeatStat = '" . $repeatStat ."' WHERE timeBkPrefID = '". $timeBkPrefID ."' and userID = '" . $userID ."')"; if ($stmt = $this->Database->prepare("UPDATE " . $this->db_table . " SET repeatOT=?, repeatReg = ?, repeatStat = ?, updateTS = ? WHERE timeBkPrefID = ? and userID = ?")){ $stmt->bind_param('sssiii', $repeatOT, $repeatReg, $repeatStat, $now, $timeBkPrefID, $userID); if ($stmt->execute()){ return true; } else { return false; } $stmt->close(); } } // echo __line__.": ". $query . "<br>"; } public function v7update($userID, $userID2, $practiceID){ $query = "UPDATE `" . $this->db_table . "` SET `userID` = '" . $userID . "' WHERE `userID` = '" . $userID2 . " and `practiceID` = '" . $practiceID . "'"; // echo __LINE__.": " . $query . "<br>"; if ($stmt = $this->Database->prepare("UPDATE `" . $this->db_table . "` SET `userID` = ? WHERE `userID` = ? and `practiceID` = ?")){ $stmt->bind_param('iii', $userID, $userID2, $practiceID); if ($stmt->execute()){ $stmt->close(); return 'success'; } else { return 'error'; } } } }
© 2026 UnknownSec