X3ND1 GANTENG
Server IP : 108.163.255.210  /  Your IP : 18.225.117.89
Web Server : Apache
System : Linux blossom.urlnameserver.com 3.10.0-1160.80.1.el7.x86_64 #1 SMP Tue Nov 8 15:48:59 UTC 2022 x86_64
User :  ( 1172)
PHP Version : 7.2.34
Disable Function : eval,escapeshellarg,proc_close,proc_get_status,proc_nice,proc_open,symlink,system,pcntl_exec,getrusage,chown,chgp,closelog,openlog,syslog,define_syslog_variables,php_ini_loaded_file,getservbyname,getservbyport,posix_getgid,posix_getgrgid,proc_terminate,pfsockopen,apache_child_terminate,posix_mkfifo,posix_setpgid,posix_setuid,hypot,pg_host,pos,posix_access,posix_getcwd,posix_getservbyname,myshellexec,getpid,posix_getsid,posix_isatty,posix_kill,posix_mknod,posix_setgid,posix_setsid,posix_setuid,posix_times,posix_uname,ps_fill,posix_getpwuid,global,ini_restore,zip_open,zip_read,rar_open,bzopen,bzread,bzwrite,apache_get_modules,apache_get_version,phpversionphpinfo,php_ini_scanned_files,get_current_user,disk_total_space,diskfreespace,leak,imap_list,hypo,filedump,safe_mode,getmygid,apache_getenv,apache_setenv,bzread,bzwrite,bzopen,phpini,higlight_file,dos_conv,get_cwd,er_log,cmd,e_name,vdir,get_dir,only_read,ftok,ftpexec,posix_getpwnam,mysql_list_dbs,disk_free_space,session_save_path,confirm_phpdoc_compiled,zip_entry_rea,php_u,psockopen,crack_opendict,crack_getlastmessage,crack_closedict,crack_check,fpassthru,posix_get_last_error,posix_getlogin,posix_getgroups,posix_strerror,posix_getrlimit,posix_getpgrp,posix_getgrnam,pos,dl
MySQL : OFF  |  cURL : ON  |  WGET : ON  |  Perl : ON  |  Python : ON  |  Sudo : ON  |  Pkexec : ON
Directory :  /home/unilinki/public_html/payroll/admin/

Upload File :
current_dir [ Writeable ] document_root [ Writeable ]

 

Command :


[ BERANDA ]     

Current File : /home/unilinki/public_html/payroll/admin/querys.php
<?php
session_start();
	if($_SESSION['branch']!='')
	{
	 $comp=$_SESSION['branch'];
	}else{
$comp=$_POST['comp'];
	}

require_once("../include/db.php");
$obj=new query_execution();
date_default_timezone_set('UTC');
 $sysdate=date("Y/m/d h:i:s");
 $stdate1=date("l, d F Y");
 $stdate2=date("d/m/Y h:i:s");
 $uid=md5(uniqid(rand()));
if(isset($_POST['admin_login']))
{
$res=$obj->execute("select * from admin where admin_name='$_POST[txt_username]' and admin_password='$_POST[txt_password]' limit 0,1");
	if($obj->number_rows($res)>0)
	{   
	   $row=$obj->fetch($res);
	   $_SESSION['admin_id']=$row['admin_id'];
	   $_SESSION['admin_name']=$row['admin_name'];
	   $obj->redirect("home.php");
	}
	else
	{
	   $obj->redirect("index.php?action=invalid");
	}
}
else if(isset($_POST['btn_forget_password']))
{
    if($_POST['action']="password")
	{
	$res_user=$obj->execute("select admin_password ,admin_email ,admin_name from admin where admin_name='$_POST[name]'");
	$sub="Password";
	}
	
	$num_user=$obj->number_rows($res_user);
	if($num_user>0)
	{
		    $row_user=$obj->featch($res_user);
	        $password=$row_user[0];
			$from="info@zuzuboutique.com";
			$subject="Forgot ".$sub;
			$message="Dear $row_user[admin_name] ,
			<br><br>
			Your $sub : $password";
			send_mail($row_user['admin_email'],$from,$subject,$message); 
			$tag="Your $sub sent to your e-mail address.";
	}
	else
	{
	 $tag="Invalid Details.";
	}
	 $obj->redirect("forget-password.php?tag=$tag");
	 
}

	
else if($_GET['action']=="add")
{ 
// Add Branches
	if(isset($_POST['branch_submit']))
	{ 
		$sql_branch=mysql_query("select * from companies where name='".$_POST['name']."'") or die(mysql_error());
		$tot_branch=mysql_num_rows($sql_branch);
	    if($tot_branch=='0'){
			if($obj->execute("insert into companies(name,address,city,state,country,mno1,mno2,email,added_date,over_time,status) 
		 				 values('".$_POST['name']."','".$_POST['add']."','".$_POST['city']."','".$_POST['state']."','".$_POST['country']."',
						 		'".$_POST['mno1']."','".$_POST['mno2']."','".$_POST['email']."',NOW(),'".$_POST['over_time']."','".$_POST['status']."')"))
		  {
		  	$obj->redirect("manage_branches.php?action=add");
		  }else{
		  	$obj->redirect("manage_branches.php?action=notadd");
		  }
		}else{
			$obj->redirect("manage_branches.php?action=duplicate");
		}
	}
/////////////////////////////////////////////////////////////////////////
//Add Allowances
    elseif(isset($_POST['allowances_submit']))
	{ 
		$sql_allowances=mysql_query("select * from allowance where name='".$_POST['name']."' && branch='$comp'") or die(mysql_error());
		$tot_allowances=mysql_num_rows($sql_allowances);
	    if($tot_allowances=='0'){
		  if($obj->execute("insert into allowance(branch,name,type,value) 
				values('$comp','".$_POST['name']."','".$_POST['type']."','".$_POST['value']."')"))
		  {
			$obj->redirect("manage_allowance.php?action=add");
		  }else{
			$obj->redirect("manage_allowance.php?action=notadd");
		  }
		}else{
			$obj->redirect("manage_allowance.php?action=duplicate");
		}
	}
///////////////////////////////////////////////////////////////////////////////
//Add Deduction
    elseif(isset($_POST['deductions_submit']))
	{ 
		$sql_deduction=mysql_query("select * from deduction where name='".$_POST['name']."' && branch='$comp'") or die(mysql_error());
		$tot_deduction=mysql_num_rows($sql_deduction);
	    if($tot_deduction=='0'){
		  if($obj->execute("insert into deduction(branch,name,type,value) 
				values('$comp','".$_POST['name']."','".$_POST['type']."','".$_POST['value']."')"))
		  {
			$obj->redirect("manage_deduction.php?action=add");
		  }else{
			$obj->redirect("manage_deduction.php?action=notadd");
		  }
		}else{
			$obj->redirect("manage_deduction.php?action=duplicate");
		}
	}
///////////////////////////////////////////////////////////////////////////////
///Add Employee
	elseif(isset($_POST['employee_submit'])){
	    $doj=explode(".",$_POST['d_o_j']);
        
        $doj1=$doj[2].".".$doj[1].".".$doj[0] ;
	   	$sql_employee=mysql_query("select * from employee where id='".$_POST['id']."'") or die(mysql_error());
		$tot_employee=mysql_num_rows($sql_employee);
	    if($tot_employee=='0'){
	        
			foreach ($_POST['allowance'] as $selected) {
				$f= mysql_query("insert into e_allowance (id,name)value('$id','$selected')");
			}
			foreach ($_POST['deduction'] as $selected1) {
				$f= mysql_query("insert into e_deduction (id,name)value('$id','$selected1')");
			}

        if($obj->execute("insert into employee(name,company,designation,d_o_J,d_o_J1,qualification,b_salary,emailid,phone_number,allowance,deduction,id,password,fname,dob,pf,pca,esi,status,area,hra,da,conv,sallow,wash,bank,bank_no,ifsc,added_date,d_o_l,r_name,aadhar_card_num,pancard_num)
				values('".$_POST['name']."','$comp','".$_POST['designation']."','".$_POST['d_o_j']."','".$doj1."','".$_POST['qual']."','".$_POST['basic']."',
				'".$_POST['useremail']."','".$_POST['phone_number']."','','','".$_POST['id']."','".$_POST['password']."','".$_POST['fname']."','".$_POST['dob']."','".$_POST['pf']."',
				'".$_POST['pca']."','".$_POST['esi']."','".$_POST['status']."','".$_POST['area']."','".$_POST['hra']."' ,'".$_POST['da']."','".$_POST['conv']."','".$_POST['sallow']."',
                '".$_POST['wash']."','".$_POST['bank']."','".$_POST['acnt']."','".$_POST['ifsc']."',NOW(),'".$_POST['d_o_l']."','".$_POST['r_name']."','".$_POST['aadhar_card_num']."',
                '".$_POST['pancard_num']."')")
			)
		  {
			$obj->redirect("manage_employee.php?action=add");
		  }else{
			$obj->redirect("manage_employee.php?action=notadd");
		  }
		}else{
			$obj->redirect("manage_employee.php?action=duplicate");
		}
	}	
///////////////////////////////////////////////////////////////////////////////	
	elseif(isset($_POST['role_resources_submit'])){
		 $sql_api=mysql_query("select * from role_resources where  role_resources_name='".$_POST['role_resources_name']."'") or die(mysql_error());
		$tot_api=mysql_num_rows($sql_api);
	    if($tot_api=='0'){
			if($obj->execute("insert into role_resources(role_resources_name,role_resources_status) values('".$_POST['role_resources_name']."','".$_POST['status']."')"))
			{
			$obj->redirect("manage_role_resources.php?action=add");
			}else{
			$obj->redirect("manage_role_resources.php?action=notadd");
			}
		}else{
			$obj->redirect("manage_role_resources.php?action=duplicate");
		}
	}elseif(isset($_POST['user_submit'])){
		 $sql_api=mysql_query("select * from admin where  username='".$_POST['username']."'") or die(mysql_error());
		$tot_api=mysql_num_rows($sql_api);
	    if($tot_api=='0'){
			if($obj->execute("insert into admin(username,first_name,last_name,useremail,password,roleid,status,classid)
						values
							('".$_POST['username']."','".$_POST['first_name']."','".$_POST['last_name']."','".$_POST['useremail']."','".$_POST['password']."','".$_POST['rolename']."','".$_POST['status']."','".$_POST['class']."')"))
			{
			$obj->redirect("manage_user.php?action=add");
			}else{
			$obj->redirect("manage_user.php?action=notadd");
			}
		}else{
			$obj->redirect("manage_user.php?action=duplicate");
		}
	}
	elseif(isset($_POST['role_submit'])){
		if($_POST['resources_access']=='All'){
			$sql_role=mysql_query("select * from roles where  role_name='".$_POST['role_name']."' and resources_access='".$_POST['resources_access']."'") or die(mysql_error());
			$tot_role=mysql_num_rows($sql_role);
			if($tot_role=='0'){
				$obj->execute("insert into roles(role_name,role_resources_id,resources_access)
						values
							('".$_POST['role_name']."','','".$_POST['resources_access']."')");
			}
		}else{
			$role_res=$_POST['role_res'];
			for($i=0;$i<count($role_res);$i++){
			$sql_role=mysql_query("select * from roles where  role_name='".$_POST['role_name']."' and role_resources_id='".$role_res[$i]."'") or die(mysql_error());
			$tot_role=mysql_num_rows($sql_role);
				if($tot_role=='0'){
					$obj->execute("insert into roles(role_name,role_resources_id,resources_access)
								values
								('".$_POST['role_name']."','".$role_res[$i]."','".$_POST['resources_access']."')");
				}
			}
		}

	    if($tot_role=='0'){
			$obj->redirect("manage_role.php?action=add");
		}else{
			$obj->redirect("manage_role.php?action=duplicate");
		}
	}
	
	else if(isset($_REQUEST['aboutus_submit']))
	{
	      $res2=$obj->execute("SELECT * FROM site_content where page_name ='manage_aboutus.php'");
		  $tot_rec=$obj->number_rows($res2);
		  
		  if($tot_rec=='0'){
				
				$obj->execute("insert into site_content(page_name,page_description,date_added,update_added) 
						values
							('".$_REQUEST['page_name']."','".addslashes($_POST['pr_description'])."','".$sysdate."','".$sysdate."')");
			$obj->redirect("manage_aboutus.php?action=add");
			      
		 }
		 
	}

}
///Functions for UPDATE
else if($_GET['action']=="update")
{  
//Update Branches
	if(isset($_POST['branch_submit_update']))
	{
	  $sql_cat=mysql_query("select * from companies where sno<>'".$_POST['sno']."' and name='".$_POST['name']."' ")	or die(mysql_error());
	  $tot_cat=mysql_num_rows($sql_cat);
	    if($tot_cat=='0'){
		   		 $query="update companies set name='".$_POST['name']."',address='".$_POST['add']."',city='".$_POST['city']."',state='".$_POST['state']."',
				country='".$_POST['country']."',mno1='".$_POST['mno1']."',mno2='".$_POST['mno2']."',email='".$_POST['email']."',
				over_time='".$_POST['over_time']."',status='".$_POST['status']."' where sno='".$_POST['sno']."'"; 
		  
		  if($obj->execute($query))
		  {
		  	$obj->redirect("manage_branches.php?page=".$_REQUEST['page']."&action=update");
		  }else{
		  	$obj->redirect("manage_branches.php?page=".$_REQUEST['page']."&action=notupdate");
		  }
		}else{
			$obj->redirect("manage_branches.php?page=".$_REQUEST['page']."&action=duplicate");
		}
	}
/////////////////////////////////////////////////////////////////////////////////////////////////////////////////
//Update Allowances
	else if(isset($_POST['allowances_submit_update']))
	{
	  $sql_cat=mysql_query("select * from allowance where sno<>'".$_POST['sno']."' and name='".$_POST['name']."'") or die(mysql_error());
		$tot_cat=mysql_num_rows($sql_cat);
	    if($tot_cat=='0'){
	   		$query="update allowance set branch='$comp', name='".$_POST['name']."' ,type='".$_POST['type']."',
					value='".$_POST['value']."' where sno='".$_POST['sno']."'";
			if($obj->execute($query))
			{	
				$obj->redirect("manage_allowance.php?page=".$_REQUEST['page']."&action=update");
			}else{
				$obj->redirect("manage_allowance.php?page=".$_REQUEST['page']."&action=notupdate");
			}
		}else{
			$obj->redirect("manage_allowance.php?page=".$_REQUEST['page']."&action=duplicate");
		}
	}
////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////	
//Update Deduction
	else if(isset($_POST['deductions_submit_update']))
	{
	  $sql_cat=mysql_query("select * from deduction where sno<>'".$_POST['sno']."' and name='".$_POST['name']."'") or die(mysql_error());
		$tot_cat=mysql_num_rows($sql_cat);
	    if($tot_cat=='0'){
	   		$query="update deduction set branch='$comp',name='".$_POST['name']."' ,type='".$_POST['type']."',
					value='".$_POST['value']."' where sno='".$_POST['sno']."'";
			if($obj->execute($query))
			{	
				$obj->redirect("manage_deduction.php?page=".$_REQUEST['page']."&action=update");
			}else{
				$obj->redirect("manage_deduction.php?page=".$_REQUEST['page']."&action=notupdate");
			}
		}else{
			$obj->redirect("manage_deduction.php?page=".$_REQUEST['page']."&action=duplicate");
		}
	}
////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
//Update Employee
	else if(isset($_POST['employee_submit_update']))
	{
	
	  $doj=$_POST['d_o_j'];
      $doj1=explode(".",$doj);
	  
	  
	  $doj1=$doj1[2].".".$doj1[1].".".$doj1[0] ;
	  $sql_cat=mysql_query("select * from employee where sno='".$_POST['sno']."'") or die(mysql_error());
	  $u=mysql_fetch_array($sql_cat);
	  $uuid=$u['id'];
	  $tot_cat=mysql_num_rows($sql_cat);
	    if($tot_cat=='1'){
			$d_allow=mysql_query("delete from e_allowance where id='".$_POST['id']."'");
			$d_deduction=mysql_query("delete from e_deduction where id='".$_POST['id']."'");
			foreach ($_POST['allowancee'] as $selected) {
				$f= mysql_query("insert into e_allowance (id,name)value('$id1','$selected')");
			}

			foreach ($_POST['deductionn'] as $selected1) {
				$f= mysql_query("insert into e_deduction (id,name)value('$id1','$selected1')");
			}
		
	   		    $query="update employee set
                            company='$comp',
                            password='".$_POST['password']."',
                            name='".$_POST['name']."',
                            fname='".$_POST['fname']."',
                            designation='".$_POST['designation']."',
                            d_o_J='".$doj."',
                            d_o_J1='".$doj1."',
			                qualification='".$_POST['qual']."',
                            b_salary='".$_POST['basic']."',
                            emailid='".$_POST['useremail']."',
                            phone_number='".$_POST['phone_number']."',
			                dob='".$_POST['dob']."',
                            status='".$_POST['status']."',
                            id='".$_POST['id']."',
                            hra='".$_POST['hra']."' ,
                            da='".$_POST['da']."',
                            conv='".$_POST['conv']."',
			                sallow='".$_POST['sallow']."',
                            wash='".$_POST['wash']."',
                            bank='".$_POST['bank']."',
                            bank_no='".$_POST['acnt']."',
                            ifsc='".$_POST['ifsc']."',
			                area='".$_POST['area']."',
                            pf='".$_POST['id']."',
                            pca='".$_POST['pca']."',
                            esi='".$_POST['esi']."',
                            r_name='".$_POST['r_name']."',
                            aadhar_card_num='".$_POST['aadhar_card_num']."',
                            pancard_num='".$_POST['pancard_num']."',
			                d_o_l='".$_POST['d_o_l']."' where sno='".$_POST['sno']."'";
			if($obj->execute($query))
			{
				  if($uuid!==$_POST['id'])
					{
						$msg="Your latest user id is:".$_POST['id'];
						mail($_POST['useremail'], "Concord Logistics User id changed", $msg);
					}
				$obj->redirect("manage_employee.php?page=".$_REQUEST['page']."&action=update&search_branch=".$_POST['search_branch']."&search_name=".$_POST['search_name']."&uid=".$uid);
			}else{
				$obj->redirect("manage_employee.php?page=".$_REQUEST['page']."&action=notupdate&search_branch=".$_POST['search_branch']."&search_name=".$_POST['search_name']."&uid=".$uid);
			}
		}else{
			$obj->redirect("manage_employee.php?page=".$_REQUEST['page']."&action=duplicate&search_branch=".$_POST['search_branch']."&search_name=".$_POST['search_name']."&uid=".$uid);
		}
	}
////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
	
	elseif(isset($_POST['role_resources_submit_update'])){
		$sql_api=mysql_query("select * from role_resources where role_resources_id<>'".$_POST['rrid']."' and role_resources_name='".$_POST['role_resources_name']."'") or die(mysql_error());
		$tot_api=mysql_num_rows($sql_api);
	  if($tot_api=='0'){    
		   $query="update role_resources set role_resources_name='".$_POST['role_resources_name']."',role_resources_status ='".$_REQUEST['status']."' where role_resources_id='".$_POST['rrid']."'";
		  if($obj->execute($query))
		  {
		  $obj->redirect("manage_role_resources.php?page=".$_REQUEST['page']."&action=update");
		  }else{
		  $obj->redirect("manage_role_resources.php?page=".$_REQUEST['page']."&action=notupdate");
		  }
	   }else{
			$obj->redirect("manage_role_resources.php?page=".$_REQUEST['page']."&action=duplicate");
	   }
	}
	elseif(isset($_POST['role_submit_update'])){
		if($_POST['resources_access']=='All'){
			$sql_role=mysql_query("select * from roles where roleid<>'".$_POST['roleid']."' and  role_name='".$_POST['role_name']."' and resources_access='".$_POST['resources_access']."'") or die(mysql_error());
			$tot_role=mysql_num_rows($sql_role);
			if($tot_role=='0'){
				$obj->execute("update roles set role_name='".$_POST['role_name']."',role_resources_id='',resources_access='".$_POST['resources_access']."'
							where roleid='".$_POST['roleid']."'");
			}
		}else{
			$role_res=$_POST['role_res'];
			for($i=0;$i<count($role_res);$i++){
			$sql_role=mysql_query("select * from roles where  role_name='".$_POST['role_name']."' and role_resources_id='".$role_res[$i]."'") or die(mysql_error());
			$tot_role=mysql_num_rows($sql_role);
				if($tot_role=='0'){
					$obj->execute("update roles set role_name='".$_POST['role_name']."',role_resources_id='".$role_res[$i]."',
									resources_access='".$_POST['resources_access']."' where roleid='".$_POST['roleid']."'");
					
				}
			}
		}
	    if($tot_role=='0'){
			$obj->redirect("manage_role.php?action=add");
		}else{
			$obj->redirect("manage_role.php?action=duplicate");
		}
	}
	else if(isset($_POST['user_submit_update'])){
		if($_POST['password']!=''){
			$sql_api=mysql_query("select * from admin where admin_id<>'".$_POST['aid']."' and username='".$_POST['username']."'") or die(mysql_error());
			$tot_api=mysql_num_rows($sql_api);
			if($tot_api=='0'){    
				$query="update admin set username='".$_POST['username']."',first_name ='".$_REQUEST['first_name']."',last_name='".$_POST['last_name']."',
					useremail='".$_POST['useremail']."',password='".$_POST['password']."',status='".$_POST['status']."'
					where admin_id='".$_POST['aid']."'";
			}else{
				$obj->redirect("manage_user.php?page=".$_REQUEST['page']."&action=duplicate");
			}
		}else{
			$sql_api=mysql_query("select * from admin where admin_id<>'".$_POST['aid']."' and username='".$_POST['username']."'") or die(mysql_error());
			$tot_api=mysql_num_rows($sql_api);
			if($tot_api=='0'){    
				$query="update admin set first_name ='".$_REQUEST['first_name']."',last_name='".$_POST['last_name']."',
					password='".$_POST['password']."',useremail='".$_POST['useremail']."',status='".$_POST['status']."'
					where admin_id='".$_POST['aid']."'";
			}else{
				$obj->redirect("manage_user.php?page=".$_REQUEST['page']."&action=duplicate");
			}
			
		}
		  if($obj->execute($query))
		  {
		  $obj->redirect("manage_user.php?page=".$_REQUEST['page']."&action=update");
		  }else{
		  $obj->redirect("manage_user.php?page=".$_REQUEST['page']."&action=notupdate");
		  }
	}
	
	else if(isset($_POST['btn_editusers']))
	{
	  $res=$obj->execute("update admin set admin_name='$_POST[admin_name]',admin_email='$_POST[admin_email]',admin_password='$_POST[admin_password]' where admin_id='$_SESSION[admin_id]'");
	  
	  if($res){
	  $obj->redirect("profile.php?page=".$_REQUEST['page']."&action=update");
	  }else{
	  $obj->redirect("profile.php?page=".$_REQUEST['page']."&action=notupdate");
	  }
	}
	else if(isset($_POST['aboutus_submit_update']))
	{
	
	  $obj->execute ("UPDATE site_content SET page_description = '".trim(addslashes($_POST['pr_description']))."', update_added = '".$sysdate."' WHERE page_name = 'manage_aboutus.php'");
			 
	  $obj->redirect("manage_aboutus.php?action=update"); 
	}
	
}
elseif($_GET['action']=="mail")
{
	$admin = $obj->featch($obj->execute("SELECT * FROM admin"));
	$to = $admin['admin_email'];
	$from = $_POST['email'];
	$_POST['email'] = (empty($_POST['email']) ? '--' : $_POST['email']);
	$_POST['firstname'] = (empty($_POST['firstname']) ? '--' : $_POST['firstname']);
	
	$_POST['Order'] = (empty($_POST['Order']) ? '--' : $_POST['Order']);
	$_POST['reason'] = (empty($_POST['reason']) ? '--' : $_POST['reason']);
	$_POST['message'] = (empty($_POST['message']) ? '--' : $_POST['message']);
	$message = <<<STR
E-mail: {$_POST['email']}."<br>"
First Name: {$_POST['firstname']}."<br>"
Order: {$_POST['Order']}."<br>"
Reason: {$_POST['reason']}."<br>"
Message:
{$_POST['message']}
STR;
	$subject = 'Message from ' . $_POST['firstname'];

	if(send_mail($to,$from,$subject,$message))
	{
	  
	$_SESSION['message']="Mail Sent Successfully...";
	$obj->redirect("index.php");
	}
	$_SESSION['message']="Mail not sent. Please try again...";
	$obj->redirect("index.php");
}

?>

Anon7 - 2022
SCDN GOK