shell bypass 403
UnknownSec Shell
:
/
home
/
delvin
/
dev.delv-in.com
/
models
/ [
drwxr-xr-x
]
upload
mass deface
mass delete
console
info server
name :
m_usr_vacAccrBal.php
<?php /* Tracks Opening Balances and Balance forward of vacation accrued*/ class Accrued_Vacation_Balance { private $Database; private $db_table = 'users_vacAccruedBal'; function __construct(){ global $Database; $this->Database = $Database; } /* Getters / Setters */ /** * Retrieve policies from database * * @access public * @param int (optional) * @return array */ public function get($userID, $dateTS, $vacBalID){ $data = array(); $zero = 0; // echo __LINE__.": m: ". $dateTS ." " . date('g:i a, M j, Y', $dateTS) . "<br>"; if ($dateTS > 0 && $userID > 0){ $query = "SELECT * FROM ".$this->db_table." WHERE userID = '". $userID ."' and practiceID = '" . $_SESSION['PID'] . "' and dateTS = '". $dateTS . "'"; // echo __LINE__."-m_usr_vacAccrBal: ".$query; if ($stmt = $this->Database->prepare("SELECT * FROM ".$this->db_table." WHERE userID = ? and practiceID = ? and dateTS = ?")){ $stmt->bind_param('iii', $userID, $_SESSION['PID'], $dateTS); $stmt->execute(); $stmt->store_result(); $stmt->bind_result($vacBalID, $userID, $practiceID, $dateTS, $balType, $hours); $stmt->fetch(); if ($stmt->num_rows > 0){ $data = array('vacBalID'=>$vacBalID, 'userID'=>$userID, 'practiceID'=>$practiceID, 'dateTS'=>$dateTS, 'balType'=>$balType, 'hours'=>$hours); } $stmt->close(); } else { die ("ERROR: Could not prepare MySQLi statement. [m_usr_vacAccrBal :".__LINE__." ".$query."]"); } } else if ($vacBalID > 0){ // get specific punch policy as specified by vacBalID $query = "SELECT * FROM ".$this->db_table." WHERE practiceID = '".$_SESSION['PID']."' and vacBalID = '".$vacBalID."'"; if ($stmt = $this->Database->prepare("SELECT * FROM ".$this->db_table." WHERE practiceID = ? and vacBalID = ?")){ $stmt->bind_param('ii', $_SESSION['PID'], $vacBalID); $stmt->execute(); $stmt->store_result(); $stmt->bind_result($vacBalID, $userID, $practiceID, $dateTS, $balType, $hours); $stmt->fetch(); if ($stmt->num_rows > 0){ $data = array('vacBalID'=>$vacBalID, 'userID'=>$userID, 'practiceID'=>$practiceID, 'dateTS'=>$dateTS, 'balType'=>$balType, 'hours'=>$hours); } $stmt->close(); } else { return "ERROR: Could not prepare MySQLi statement. [m_usr_vacAccrBal :".__LINE__."] ".$query; } } else { // all for 1 person $query = "SELECT * FROM " . $this->db_table . " WHERE practiceID = ? and userID = ? ORDER BY dateTS DESC"; if ($stmt = $this->Database->prepare($query)){ // $stmt->bind_param('iiii', $_SESSION['PID'], $todayTS, $todayTS, $zero); $stmt->bind_param('ii', $_SESSION['PID'], $userID); $stmt->execute(); $stmt->store_result(); $stmt->bind_result($vacBalID, $userID, $practiceID, $dateTS, $balType, $hours); while ($stmt->fetch()){ $data[] = array('vacBalID'=>$vacBalID, 'userID'=>$userID, 'practiceID'=>$practiceID, 'dateTS'=>$dateTS, 'balType'=>$balType, 'hours'=>$hours); } $stmt->close(); } } return $data; $stmt->close(); } public function get_opening_bal($userID){ $data = array('vacBalID'=>'', 'userID'=>$userID, 'practiceID'=>$_SESSION['PID'], 'dateTS'=>'', 'balType'=>'Opening balance', 'hours'=>0); $rows = $this->get($userID, '', ''); foreach ($rows as $row){ if ($row['balType'] == 'Opening balance'){ $data = $row; } } return $data; } public function calc_balance($userID, $t1, $t2){ // === gets data from first day of work to day before start of search timeframe // === to calculate vacation accrual balance $Master_Data = new Master_Data(); $opening_balance = $this->get_opening_bal($userID); $opening_balance = $opening_balance['hours']; // dateTS1 is the first day of work // dateTS2 is the date for which we want the balance of vacation accrual $hours_arr = array(); if ($t2 > strtotime("now")){ $t2 = strtotime("now"); } // echo __LINE__.": t1=" . date('His M j, Y', $firstDayOfWork) ." - " . date('His M j y', $t2) . "<br>"; $hours_arr = $Master_Data->get_staff_hours($userID, array(), '', '', $t1, $t2, 'lName'); // echo __LINE__ . "<pre>"; print_r($hours_arr); echo "</pre>"; $hrs_vacation = 0; $hrs_accrued = $opening_balance; $hrs_worked = 0; $balance = array(); foreach ($hours_arr as $key => $row){ if ($row['awayType'] == 'Vacation' && $row['awayPaid'] > 0){ $hrs_vacation += $row['awayPaid']; } else if ($_SESSION['prov'] == 'BC'){ $hrs_accrued += (($row['regPayable'] + ($row['otPayable'] * 1.5)) * $row['vacRate']) / 100; $hrs_worked += $row['regPayable'] + ($row['otPayable'] * 1.5); } else { $hrs_accrued += (($row['regPayable'] + $row['otPayable']) * $row['vacRate']) / 100; $hrs_worked += $row['regPayable'] + $row['otPayable']; } // echo __LINE__.": " . $key . ": awayPaid = " . $row['awayPaid'] . " | ". $hrs_vacation." || hrs_accrued=" . $hrs_accrued ." | hrs_worked=" . $hrs_worked . "<br>"; } $balance = $hrs_accrued - $hrs_vacation; $balance = array('hrs_worked'=>$hrs_worked, 'hrs_accrued'=>$hrs_accrued, 'hrs_vacation'=>$hrs_vacation, 'balance'=>$balance, 't1'=>date('His M j/y', $t1), 't2'=>date('His M j/y', $t2)); // echo __LINE__.": hours worked = " . $hrs_worked . ", accrued hours=" . $hrs_accrued . ", vacation taken = " . $hrs_vacation . ", balance = " . $balance . "<br>"; return $balance; } public function add_mod($vacBalID, $userID, $dateTS, $balType, $hours){ $Template = new Template; if ($vacBalID > 0){ $query = "UPDATE ".$this->db_table." SET dateTS = '".$dateTS."', balType = '".$_POST['balType']."', hours = '".$hours."' WHERE vacBalID = '".$vacBalID."' and practiceID = '".$_SESSION['PID']."'"; // echo __line__."-m_usr_vacAccrBal: ".$query."<br>"; if ($stmt = $this->Database->prepare("UPDATE ".$this->db_table." SET dateTS = ?, balType = ?, hours = ? WHERE vacBalID = ? and practiceID = ?")){ $stmt->bind_param("isdii", $dateTS, $balType, $hours, $vacBalID, $_SESSION['PID']); if ($stmt->execute()){ return true; } else { return false; } $stmt->close(); } else { $Template->set_alert("ERROR: could not prepare SQLi statement.".__LINE__."-m_usr_vacAccrBal", 'error'); } } else { $query = "INSERT INTO ".$this->db_table." (userID, practiceID, dateTS, balType, hours) VALUES ('".$userID."','".$_SESSION['PID']."', '".$dateTS."', '".$balType."', '". $hours."')"; // echo __LINE__.": ".$query."<br>"; if ($stmt = $this->Database->prepare("INSERT ".$this->db_table." (userID, practiceID, dateTS, balType, hours) VALUES (?,?,?,?,?)")){ $stmt->bind_param('iiisd', $userID, $_SESSION['PID'], $dateTS, $balType, $hours); if ($stmt->execute()){ return true; } else { return false; } $stmt->close(); } else { $Template->set_alert("ERROR: could not prepare SQLi statement.".__LINE__."-m_usr_vacAccrBal", 'error') ; } } } /** * Delete meal/punch policy for current practice * * @access public * @param int * @return NULL */ public function delete($vacBalID, $dateTS){ $Template = new Template; if ($vacBalID > 0){ if ($stmt = $this->Database->prepare("DELETE FROM ".$this->db_table." WHERE vacBalID = ? AND practiceID = ?")){ $stmt->bind_param('ii', $vacBalID, $_SESSION['PID']); if ($stmt->execute()){ return true; } else { return false; } $stmt->close(); } else { $Template->set_alert('Could not parse mysqli statement', 'error'); } } } public function v7update($userID, $userID2, $practiceID){ $query = "UPDATE `" . $this->db_table . "` SET `userID` = '" . $userID . "' WHERE `userID` = '" . $userID2 . " and `practiceID` = '" . $practiceID . "'"; // echo __LINE__.": " . $query . "<br>"; if ($stmt = $this->Database->prepare("UPDATE `" . $this->db_table . "` SET `userID` = ? WHERE `userID` = ? and `practiceID` = ?")){ $stmt->bind_param('iii', $userID, $userID2, $practiceID); if ($stmt->execute()){ $stmt->close(); return 'success'; } else { return 'error'; } } } }
© 2026 UnknownSec