shell bypass 403
UnknownSec Shell
:
/
home
/
delvin
/
public_html
/
dev2.delv-in.com
/
models
/ [
drwxr-xr-x
]
upload
mass deface
mass delete
console
info server
name :
m_consult_schedule.php
<?php class Consult_Schedule { private $Database; private $db_table = 'consult_schedule'; function __construct(){ global $Database; $this->Database = $Database; } public function get($conSchedID, $startTS, $endTS){ $data = array(); $Template = new Template; if ($conSchedID > 0){ // get 1 if ($stmt = $this->Database->prepare("SELECT * FROM " . $this->db_table . " WHERE conSchedID = ?")){ $stmt->bind_param('i', $conSchedID); $stmt->execute(); $stmt->store_result(); $stmt->bind_result($conSchedID, $startTS, $endTS); if ($stmt->num_rows() > 0){ $stmt->fetch(); $data = array('conSchedID'=>$conSchedID, 'startTS'=>$startTS, 'endTS'=>$endTS); return $data; $stmt->close(); } } else { $Template->set_alert("Query error: ".__line__." m_consult_schedule"); } } else if ($startTS > 0 && $endTS > 0){ // get all between specified dates (display by week) $Consult_Bookings = new Consult_Bookings; if ($stmt = $this->Database->prepare("SELECT * FROM " . $this->db_table . " WHERE startTS >= ? and endTS <=? and conSchedID != ? ORDER BY startTS")){ $stmt->bind_param('iii', $startTS, $endTS, $conSchedID); $stmt->execute(); $stmt->store_result(); $stmt->bind_result($conSchedID, $startTS, $endTS); while ($stmt->fetch()){ $data[$conSchedID] = array('conSchedID'=>$conSchedID, 'startTS'=>$startTS, 'endTS'=>$endTS); $row = $Consult_Bookings->get('', $conSchedID); if (isset($row['conSchedID'])){ $data[$conSchedID] = array_replace($data[$conSchedID], $row); } } return $data; $stmt->close(); } else { $Template->set_alert("Query error: ".__line__." m_consult_schedule"); } } else { // get all if ($stmt = $this->Database->prepare("SELECT * FROM " . $this->db_table . " ORDER BY startTS")){ $stmt->execute(); $stmt->store_result(); $stmt->bind_result($conSchedID, $startTS, $endTS); while ($stmt->fetch()){ $data[] = array('conSchedID'=>$conSchedID, 'startTS'=>$startTS, 'endTS'=>$endTS); } return $data; $stmt->close(); } else { $Template->set_alert("Query error: ".__line__." m_consult_schedule"); } } } // end get method public function add_mod($conSchedID, $startTS, $endTS){ $Template = new Template; date_default_timezone_set('Canada/Pacific'); if ($conSchedID > 0){ // update record if ($stmt = $this->Database->prepare("UPDATE ". $this->db_table . " SET startTS=?, endTS=? WHERE conSchedID = ?")){ $stmt->bind_param('iii', $startTS, $endTS, $conSchedID); if ($stmt->execute()){ $Template->set_alert("Changes Saved", 'success'); } else { $Template->set_alert('ERROR: Changes did not save', 'error'); } } } else { // insert record $query = "INSERT INTO ". $this->db_table . " (startTS, endTS) VALUES (". $startTS. ",". $endTS .")"; // echo __line__.": ". $query . " " . $_POST['duration']. "<br>"; if ($stmt = $this->Database->prepare("INSERT INTO ". $this->db_table . " (startTS, endTS) VALUES (?,?)")){ $stmt->bind_param('ii', $startTS, $endTS); if ($stmt->execute()){ $Template->set_alert("Consult time slot added", 'success'); } else { $Template->set_alert('ERROR: Consult time slot was not added', 'error'); } } } } // end add_mod method public function delete($conSchedID){ $Template = new Template; if ($stmt = $this->Database->prepare("DELETE FROM " . $this->db_table . " WHERE conSchedID=?")){ $stmt->bind_param('i', $conSchedID); if ($stmt->execute()){ $Template->set_alert('Consult time slot deleted', 'success'); } else { $Template->set_alert('ERROR: Consult time slot was not deleted', 'error'); } } } // end delete method } ?>
© 2026 UnknownSec