One Hat Cyber Team
Your IP :
172.16.0.254
Server IP :
58.26.163.33
Server :
Windows NT DGPENSV2LPKMN 10.0 build 14393 (Windows Server 2016) AMD64
Server Software :
Apache/2.4.46 (Win64) OpenSSL/1.1.1h PHP/7.3.25
PHP Version :
7.3.25
Buat File
|
Buat Folder
Eksekusi
Dir :
C:
/
xampp7
/
htdocs
/
edgpens
/
patch
/
View File Name :
odbc.php
<?php error_reporting(1); date_default_timezone_set('Asia/Kuala_Lumpur'); $GLOBALS['mysqli'] = new mysqli("172.16.0.67", "edgpens", "c6IRnSzhF87XFGtE", "edgpens"); if ($mysqli->connect_errno) { echo "Failed to connect to MySQL: (" . $mysqli_link->connect_errno . ") " . $mysqli_link->connect_error; exit(); } $mysqli_link = new mysqli("172.16.0.67", "edgpens", "c6IRnSzhF87XFGtE", "edgpens"); if ($mysqli_link->connect_errno) { echo "Failed to connect to MySQL: (" . $mysqli_link->connect_errno . ") " . $mysqli_link->connect_error; } $svr_http = isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] == 'on'? "https://" : "http://"; $svr_port = isset($_SERVER['SERVER_PORT']) && $_SERVER['SERVER_PORT'] == '80'? "" : ":".$_SERVER['SERVER_PORT']; $stmt = $mysqli->stmt_init(); $stmt->prepare("SELECT a.*, b.username sms_username, b.password sms_password, b.sendid sms_sendid FROM utiliti_web_config a CROSS JOIN utiliti_sms b"); $stmt->execute(); $result = $stmt->get_result(); $stmt->close(); $aa = $result->fetch_assoc(); $GLOBALS['conf_fullname'] = $aa['fullname']; $GLOBALS['conf_shortname'] = $aa['shortname']; $GLOBALS['conf_maxuploadsize'] = $aa['maxuploadsize']; $GLOBALS['conf_weblink'] = $aa['weblink']; $GLOBALS['conf_fullweblink'] = (substr($conf_weblink,0,4)=="http") ? $conf_weblink : $svr_http.$_SERVER["SERVER_NAME"].$svr_port.$aa['weblink']; $GLOBALS['conf_log_attempt'] = $aa['log_attempt']; $GLOBALS['conf_sess_timeout'] = $aa['sess_timeout']; $GLOBALS['conf_pass_min'] = $aa['pass_min']; $GLOBALS['conf_pass_max'] = $aa['pass_max']; $GLOBALS['conf_pass_digit'] = ($aa['pass_digit']==1) ? 'true' : 'false'; $GLOBALS['conf_pass_symbol'] = ($aa['pass_symbol']==1) ? 'true' : 'false'; $GLOBALS['conf_pass_upcase'] = ($aa['pass_upcase']==1) ? 'true' : 'false'; $GLOBALS['conf_pass_locase'] = ($aa['pass_locase']==1) ? 'true' : 'false'; $GLOBALS['conf_pass_expired'] = $aa['pass_expired']; $GLOBALS['conf_pass_text'] = $aa['pass_text']; $GLOBALS['conf_sms_username'] = $aa['sms_username']; $GLOBALS['conf_sms_password'] = $aa['sms_password']; $GLOBALS['conf_sms_sendid'] = $aa['sms_sendid']; unset($result); unset($aa); $stmt = $mysqli->stmt_init(); $stmt->prepare("SELECT * FROM kod_doctype WHERE flagAktif='Y'"); $stmt->execute(); $result = $stmt->get_result(); $stmt->close(); $conf_doctype1 = array(); $conf_doctype2 = ""; $conf_doctype3 = ""; $conf_doctype4 = array(); $GLOBALS['conf_doctype5'] = array(); while($aa = $result->fetch_assoc()){ array_push($conf_doctype1, $aa['doctype']); $conf_doctype2.=' .'.$aa['doctype'].','; $conf_doctype3.=' *.'.$aa['doctype'].','; array_push($conf_doctype4, '.'.$aa['doctype']); $conf_doctype5[$aa['doctype']]=$aa['mime']; } $conf_doctype2 = substr($conf_doctype2,1,-1); $conf_doctype3 = substr($conf_doctype3,1,-1); unset($result); unset($aa); //---------------------------------------------------------------------------------- // Delete a session and return. //---------------------------------------------------------------------------------- function deleteSession($session){ global $mysqli; // $query="DELETE FROM utiliti_session WHERE iduser!=1 AND session = '$session'"; $query="DELETE FROM utiliti_session WHERE session = '$session'"; $mysqli->query($query); return; } //---------------------------------------------------------------------------------- // Update session time if it exists. //---------------------------------------------------------------------------------- function updateSession($session){ global $mysqli; checkSession(); $query="SELECT * FROM utiliti_session WHERE session='$session'"; $result=$mysqli->query($query); $row=$result->fetch_assoc(); if($row){ $time=getdate(time()); $s="update utiliti_session set masa='".$time['year']."-".$time['mon']."-".$time['mday']." ".$time['hours'].":".$time['minutes'].":".$time['seconds']."' where session='$session'"; if(!$r=$mysqli->query($s)) echo $s."<br>Fail to updating the session ".$r; }else{ $session=false; } return $session; } //---------------------------------------------------------------------------------- // Log user in. If user already has a session then security risk. Throw them out. //---------------------------------------------------------------------------------- function login($passedusername,$passedpassword){ global $mysqli, $conf_log_attempt; checkSession(); $passedpassword= md5($passedpassword); // $query="SELECT * FROM utiliti_user WHERE up_id='$passedusername'"; // $result=$mysqli->query($query) or die(mysqli_error($mysqli)); $stmt = $mysqli->stmt_init(); $stmt->prepare("SELECT * FROM user_list WHERE emailUser=?"); // $stmt->prepare("SELECT * FROM user_list"); $emailUser = $passedusername; $stmt->bind_param("s",$emailUser); $stmt->execute(); $result = $stmt->get_result(); $stmt->close(); $session = array(); $row = $result->fetch_assoc(); $usertype = 1; if(!$row){ // utk user yang belum ada dalam user_list $stmt = $mysqli->stmt_init(); $stmt->prepare("SELECT * FROM user_register WHERE emailUser=? AND flagUser=2 AND status=1"); $emailUser = $passedusername; $stmt->bind_param("s",$emailUser); $stmt->execute(); $result = $stmt->get_result(); $stmt->close(); $session = array(); $row = $result->fetch_assoc(); $usertype = 2; } unset($result); $stmt = $mysqli->stmt_init(); $stmt->prepare("SELECT * FROM utiliti_login WHERE idUser=? AND user_type=? AND attempt_date=CURDATE()"); $idUser = $row['idUser']; $user_type = $usertype; $stmt->bind_param("ss",$idUser,$user_type); $stmt->execute(); $result = $stmt->get_result(); $stmt->close(); $ulogin = $result->fetch_assoc(); $uid = $ulogin['id']; $ucnt = ($ulogin) ? $ulogin['attempt_count'] : 0; if($ucnt < $conf_log_attempt){ if($row){ $userid = $row['idUser']; $nama = strtoupper($row['nameUser']); $password = $row['passwordUser']; $trkMula = $row['date_start']; $trkTamat = $row['date_end']; $flagUser = ($usertype==2) ? 1 : $row['flagUser'] ; if($password==$passedpassword){ if($flagUser == 3){ $session[0] = "Ops! Something Wrong.<br>Please Contact System Administrators."; $session[1] = false; $session[3] = 1; }else if($flagUser == 2){ $session[0] = "Ops! Your Login Have Been Blocked.<br>Please Contact System Administrators."; $session[1] = false; $session[3] = 1; // }if(empty($trkMula)){ // $session[0] = "Ops! Something Wrong.<br>Please Contact System Administrators."; // $session[1] = false; // $session[3] = 1; // }else if ($trkTamat!='' And $trkTamat<>'0000-00-00' And $trkTamat<date("Y-m-d")){ // $t=strtotime ($trkTamat); // $session[0] = "You Cannot Enter This System Anymore. Started From ".date("d-M-Y",$t); // $session[1] = false; // $session[3] = 1; // }else if ( $trkMula>date("Y-m-d")){ // $t=strtotime ($trkMula); // $session[0] = "You Can Access This System Start From ".date("d-M-Y",$t); // $session[1] = false; // $session[3] = 1; }else {//ok to proceed. log_attempts($idUser,$user_type,2,$uid); // clear count for today $session[0] = "Welcome Back. {$nama}"; $session[1] = checkUser($userid,$usertype); //check to see if user is already logged in $session[3] = 0; if ($session[1]){ deleteSession($session[1]);//Force the user out if already logged in $session[1]=setSession($userid,$usertype); }else{ $session[1]=setSession($userid,$usertype); } } }else{ log_attempts($idUser,$user_type,1,$uid); $ucntreal = $conf_log_attempt-($ucnt+1); if($ucntreal==0){ if($usertype==2) $session[0] = "Too Many Attempts. Account Locked For Today! <hr>You Can Try Unlock It With <br>Forgot Password"; else $session[0] = "Too Many Attempts. Account Locked For Today! <hr>You Can Try Unlock It With <br>Forgot Password / Contact The Admins"; }else{ $session[0] = "Please Try Again! <hr>You Got <b>{$ucntreal}</b> More Attempt/s Left Before The Account Get Locked."; } $session[1] = false; $session[3] = 1; } }else{ $session[0] = "Please Try Again!"; $session[1] = false; $session[3] = 1; } }else{ if($usertype==2) $session[0] = "Too Many Attempts. Account Locked For Today! <hr>You Can Try Unlock It With <br>Forgot Password"; else $session[0] = "Too Many Attempts. Account Locked For Today! <hr>You Can Try Unlock It With <br>Forgot Password / Contact The Admins"; $session[1] = false; $session[3] = 1; } return $session; } function log_attempts($iduser,$usertype,$log_type,$uid = 0,$unlock_iduser = 0){ global $mysqli; $stmt = $mysqli->stmt_init(); if($log_type==1){ // locked if(!empty($uid)){ // update $stmt->prepare("UPDATE utiliti_login SET attempt_count=attempt_count+1 WHERE id='{$uid}'"); $stmt->execute(); }else{ // insert $stmt->prepare("INSERT INTO utiliti_login (idUser,user_type,attempt_date,attempt_count) VALUES ('{$iduser}','{$usertype}',NOW(),1) "); $stmt->execute(); } }else{ // unlocked if(!empty($uid)){ $stmt->prepare("UPDATE utiliti_login SET attempt_count=0 WHERE id='{$uid}'"); $stmt->execute(); }else{ if($unlock_iduser==0){ $stmt->prepare("UPDATE utiliti_login SET attempt_count=0 WHERE idUser='{$iduser}' AND user_type='{$usertype}' AND attempt_date=CURDATE() "); }else{ $stmt->prepare("UPDATE utiliti_login SET attempt_count=0, unlock_idUser='{$unlock_iduser}', unlock_date=CURDATE() WHERE idUser='{$iduser}' AND user_type='{$usertype}' AND attempt_date=CURDATE() "); } $stmt->execute(); } } } //---------------------------------------------------------------------------------- // Set a session and insert session into session table. //---------------------------------------------------------------------------------- function setSession($userid,$usertype){ global $mysqli; $time=getdate(time()); $length=80;// set this to the length of session variable desired $session=""; mt_srand(time()); $sessionstring="ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789"; $achar=strlen($sessionstring)-1; for ($i=0;$i<$length;$i++){ $session.=$sessionstring[mt_rand(0,$achar)]; } $session=$userid.$session; $query = "INSERT INTO utiliti_session (session,idUser,masa,usertype) VALUES ('$session','$userid','".$time['year']."-".$time['mon']."-".$time['mday']." ".$time['hours'].":".$time['minutes'].":".$time['seconds']."',$usertype)"; $mysqli->query($query) or die(mysqli_error($mysqli)); return $session; } //-------------------------------------------------------------------------------- // Check the user to see if they are already logged in. //-------------------------------------------------------------------------------- function checkUser($userid,$usertype){ global $mysqli; $query="SELECT * FROM utiliti_session WHERE idUser = '$userid' AND usertype = '$usertype'"; $result=$mysqli->query($query); $row=$result->fetch_assoc(); if ($row){ $session=$row['session']; }else{ $session = false; } return $session; } //---------------------------------------------------------------------------------- // Log the user out when they click on the log-out button //---------------------------------------------------------------------------------- function logout($session){ global $mysqli; $query="SELECT * FROM utiliti_session WHERE session = '$session'"; $result=$mysqli->query($query); $row=$result->fetch_assoc(); if ($row){ $userid=$row['idUser']; deleteSession($session); return true; }else{ return false; } } //---------------------------------------------------------------------------------- // Check session and return. //---------------------------------------------------------------------------------- function checkSession(){ global $mysqli, $conf_sess_timeout; $expirationtime=time()-($conf_sess_timeout*60); // set this to seconds of inactivity before forced logout (30mins) // $expirationtime=time()-6000; // set this to seconds of inactivity before forced logout (100mins) // $usr = get_user($sess); // $usertype = $usr['usertype']; // $cond = " AND usertype='{$usertype}' "; $time=getdate($expirationtime); $query = "SELECT idUser,session,masa From utiliti_session WHERE masa < '".$time['year']."-".$time['mon']."-".$time['mday']." ".$time['hours'].":".$time['minutes'].":".$time['seconds']."' "; $result=$mysqli->query($query) or die(mysqli_error($mysqli)); while($row=$result->fetch_assoc()){ deleteSession($row['session']); } return; } function growl_me($sess = null,$g_scc){ $type = $g_scc; $msg = (!empty($sess)) ? $sess['success_msg'] : ""; if($g_scc == 1 && !empty($sess['success_msg'])){ echo "<script>$(document).ready(function(){ $.testme({$type},\"{$msg}\"); });</script>"; } if($g_scc == 2 && !empty($sess['success_msg'])){ echo "<script>$(document).ready(function(){ $.testme({$type},\"{$msg}\"); });</script>"; } if($g_scc == 3 && !empty($sess['success_msg'])){ echo "<script>$(document).ready(function(){ $.testme({$type},\"{$msg}\"); });</script>"; } } function get_user($sess){ global $mysqli; $query="SELECT * FROM utiliti_session WHERE session='$sess'"; $result=$mysqli->query($query); $row=$result->fetch_assoc(); // $stmt->prepare("SELECT * FROM utiliti_session WHERE session=?"); // $running_sql = $sess; // $stmt->bind_param("s",$iduser,$running_sql,$descr); // $stmt->execute(); // $result = $stmt->get_result(); // $row = $result->fetch_assoc(MYSQLI_ASSOC); // $stmt->close(); return $row; } function get_user_full($sess){ global $mysqli; $query="SELECT * FROM utiliti_session WHERE session='$sess'"; $result=$mysqli->query($query); $row=$result->fetch_assoc(); if($row['usertype']==1){ $table = "user_list"; $query="SELECT a.*, if(DATE_FORMAT(NOW(),'%Y-%m-%d') >= DATE_FORMAT(date_add(a.datePassword, INTERVAL b.pass_expired day),'%Y-%m-%d'),'Y','N') pass_exp, 'Y' registered FROM {$table} a cross join utiliti_web_config b WHERE a.idUser='{$row['idUser']}'"; } else{ $table = "user_register"; $query="SELECT a.*, 'N' pass_exp, 'N' registered FROM {$table} a cross join utiliti_web_config b WHERE a.idUser='{$row['idUser']}'"; } $result=$mysqli->query($query); $row=$result->fetch_assoc(); return $row; } function mysqli_prepare_audit($sql,$param_type,$param_data,$param_do = null,$query_type = null){ /* Hamdi : 2020-03-20 This Function Only for Insert/Update/Delete use. */ global $mysqli; $user = get_user($_SESSION['session']); $conn = $mysqli; $stmt = $conn->stmt_init(); $stmt->prepare($sql); $comb_param = ""; $length_type = strlen($param_type); $length_data = count($param_data); $type_auto = ""; foreach ($param_data as $a => $b) { $comb_param1 .= "\${$a}=\"{$b}\","; $comb_param2 .= "\${$a}=\"{$b}\",\n"; $type_auto .= "s"; } if($length_type != $length_data || $param_type == 'auto') $param_type = $type_auto; $data = array(); $comb_param1 = substr($comb_param1, 0, -1); $comb_param2 = $sql.";\n".substr($comb_param2, 0, -2); "\$stmt->bind_param(\"".$param_type."\",".$comb_param1.");"; eval("\$stmt->bind_param(\"".$param_type."\",".$comb_param1.");"); if (!$stmt->execute()) { echo 'error executing statement: ' . $stmt->error; $stmt->close(); }else{ $data[0] = $mysqli->insert_id; $stmt->close(); audit_insert($comb_param2,$param_do); } return $data; } function mysqli_prepare_all($sql,$param_type,$param_data){ /* Hamdi : 2020-12-07 This Function for All Query. */ global $mysqli; // $user = get_user($_SESSION['session']); $conn = $mysqli; $stmt = $conn->stmt_init(); $stmt->prepare($sql); $comb_param = ""; $length_type = strlen($param_type); $length_data = count($param_data); $type_auto = ""; foreach ($param_data as $a => $b) { $comb_param1 .= "\${$a}=\"{$b}\","; $comb_param2 .= "\${$a}=\"{$b}\",\n"; $type_auto .= "s"; } if($length_type != $length_data || $param_type == 'auto') $param_type = $type_auto; $data = array(); $comb_param1 = substr($comb_param1, 0, -1); $comb_param2 = $sql.";\n".substr($comb_param2, 0, -2); "\$stmt->bind_param(\"".$param_type."\",".$comb_param1.");"; eval("\$stmt->bind_param(\"".$param_type."\",".$comb_param1.");"); $stmt->execute() or trigger_error($stmt->error, E_USER_ERROR); ($result = $stmt->get_result()) or trigger_error($stmt->error, E_USER_ERROR); $stmt->close(); return $result; } function audit_insert($running_sql,$descr = null){ global $mysqli; if(!empty($_SESSION['session'])) $user = get_user_full($_SESSION['session']); else $user = ""; $stmt = $mysqli->stmt_init(); $stmt->prepare("insert into audit_trail (idUser,running_sql,descr,ipaddress,idRoles,idSubRoles,register_user) values (?,?,?,?,?,?,?)"); $iduser = $user['idUser']; $idRoles = $user['idRoles']; $registered = $user['registered']; $idSubRoles = ($registered == 'Y') ? $user['idSubRoles'] : 0 ; $ipaddress = get_ipclient(); // $running_sql = $comb_param2; $descr = (empty($descr)) ? '' : $descr ; $stmt->bind_param("sssssss",$iduser,$running_sql,$descr,$ipaddress,$idRoles,$idSubRoles,$registered); $stmt->execute(); $stmt->close(); } function mysql_date($date){ explode('-', $date); return $date[3]."-".$date[2]."-".$date[1]; } function get_ipclient(){ $ip = ''; if(!empty($_SERVER['HTTP_CLIENT_IP'])) { $ip = $_SERVER['HTTP_CLIENT_IP']; } elseif (!empty($_SERVER['HTTP_X_FORWARDED_FOR'])) { $ip = $_SERVER['HTTP_X_FORWARDED_FOR']; } else{ $ip = $_SERVER['REMOTE_ADDR']; } return $ip; } // function mysqli_prepare_audit2(){ // global $mysqli; // $stmt = $mysqli->stmt_init(); // $stmt->prepare($sql); // $comb_param = ""; // $length_type = strlen($param_type); // $length_data = count($param_data); // $type_auto = ""; // foreach ($param_data as $a => $b) { // $comb_param1 .= "\${$a}=\"{$b}\","; // $comb_param2 .= "\${$a}=\"{$b}\",\n"; // $type_auto .= "s"; // } // if($length_type != $length_data || $param_type == 'auto') // $param_type = $type_auto; // $data = array(); // $comb_param1 = substr($comb_param1, 0, -1); // $comb_param2 = $sql.";\n".substr($comb_param2, 0, -2); // "\$stmt->bind_param(\"".$param_type."\",".$comb_param1.");"; // eval("\$stmt->bind_param(\"".$param_type."\",".$comb_param1.");"); // $stmt->execute(); // // execute the stored Procedure // $result = $connect->query('call IsUserPresent(@uid, @userCount)'); // // getting the value of the OUT parameter // $r = $connect->query('SELECT @userCount as userCount'); // $row = $r->fetch_assoc(); // } function test_loop($id){ // $s2="SELECT * from user_list"; // $stmt = $mysqli->prepare($s2); // $stmt->bind_param("s",$id); // $stmt->execute(); // $result = $stmt->get_result(); // $stmt->close(); // echo $jum = $stmt->num_rows; // echo $id; // echo "<br>"; // global $mysqli; // $s2="SELECT * from user_list where idUser = 1"; // $stmt = $mysqli->prepare($s2); // $stmt->bind_param("s",$id); // $stmt->execute(); // $result = $stmt->get_result(); // echo $jum = $result->num_rows; // $stmt->close(); // print_r($result); // $sql = "SELECT lokasi,tujuan,flaglulus,catatan FROM tugasluar WHERE (idPekerja=? AND (? BETWEEN tarikhMula AND tarikhTamat))"; // $param_data = array( // "idPekerja" => $idPekerja, // "tarikhUrusan" => $tarikhUrusan, // ); // $result = mysqli_prepare_all($sql,"auto",$param_data); // echo $result->num_rows; // $sql = "SELECT * FROM user_list WHERE (idUser=? AND (? BETWEEN dateCreated AND dateModified))"; $sql = "SELECT * FROM user_list WHERE idUser=? "; $param_data = array( "idUser" => $id ); $result = mysqli_prepare_all($sql,"auto",$param_data); echo $result->num_rows; // $zsd = ; print_r($result->fetch_assoc()); // echo $zsd['emailUser']; // print_r(); } function ismscURL($link,$again = null){//hamdi /* HARD CODE NO IJAN */ // $search = "/(&dstno=)(.*)(&msg)/"; // $replace = "&dstno=0199160201&msg"; // $link = preg_replace($search,$replace,$link); /* END HARD CODE */ /* [2019-05-23] TUKAR USERNAME DAN PASSWORD ISMS Perubahan API iSMS */ global $conf_sms_username, $conf_sms_password, $conf_sms_sendid; // $username = urlencode("fifwaysms"); // $password = urlencode("f1fw4y123"); $username = urlencode($conf_sms_username); $password = urlencode($conf_sms_password); $link_old = $link; $search = "/(http:)(.*)(&dstno)/"; if(!empty($again)) $replace = "http://www.isms.com.my/isms_send.php?un=$username&pwd=$password&dstno"; else $replace = "https://www.isms.com.my/isms_send.php?un=$username&pwd=$password&dstno"; $link = preg_replace($search,$replace,$link); $link .= "&type=1&sendid={$conf_sms_sendid}&agreedterm=YES"; /* END TUKAR */ $http = curl_init($link); curl_setopt($http, CURLOPT_RETURNTRANSFER, TRUE); $http_result = curl_exec($http); $http_status = curl_getinfo($http, CURLINFO_HTTP_CODE); curl_close($http); if($http_result == "2000 = SUCCESS"){ $http_result = "SMS Telah Berjaya Dihantar"; } else{ if(empty($again)) ismscURL($link_old,"http"); } return $http_result; } function checkupload($files){ $conf_maxuploadsize = $GLOBALS['conf_maxuploadsize']; try { // Undefined | Multiple Files | $_FILES Corruption Attack // If this request falls under any of them, treat it invalid. if( !isset($files['error']) || is_array($files['error']) ){ throw new RuntimeException('Invalid parameters.'); } // Check $_FILES['upfile']['error'] value. switch ($files['error']) { case UPLOAD_ERR_OK: break; case UPLOAD_ERR_NO_FILE: throw new RuntimeException('No file sent.'); case UPLOAD_ERR_INI_SIZE: case UPLOAD_ERR_FORM_SIZE: throw new RuntimeException('Exceeded filesize limit.'); default: throw new RuntimeException('Unknown errors.'); } // You should also check filesize here. // $filesize = $files['size'] / 1024 / 1024; $filesize = round($files['size'] / 1024 / 1024, 1); if ($filesize > $conf_maxuploadsize) { throw new RuntimeException('Exceeded filesize limit.'); } // DO NOT TRUST $_FILES['upfile']['mime'] VALUE !! // Check MIME Type by yourself. $finfo = new finfo(FILEINFO_MIME_TYPE); if (false === $ext = array_search( $finfo->file($files['tmp_name']), $conf_doctype5, true )) { throw new RuntimeException('Invalid file format.'); } return ""; }catch (RuntimeException $e) { return $e->getMessage(); } } ?>