KucukHacker0088 Shell
| Current Path : G:/PleskVhosts/mpcdp.in/cmamp.mpcdp.in/CP/ |
Windows NT SG2NWVPWEB022 10.0 build 17763 (Windows Server 2016) i586 |
| Current File : G:/PleskVhosts/mpcdp.in/cmamp.mpcdp.in/CP/CPMasterRecruitment-Exec.php |
<?php
if (isset($_POST['BtnAdd']))
{
$mStart = $_GET['start'];
$mRecruitmentID = $_GET['RecruitmentID'];
header("location: CPMasterRecruitment.php?start=$mStart&RecruitmentID=$mRecruitmentID&mMode=Add");
}
else if (isset($_POST['BtnModify']))
{
$mStart = $_GET['start'];
$mRecruitmentID = $_GET['RecruitmentID'];
header("location: CPMasterRecruitment.php?start=$mStart&RecruitmentID=$mRecruitmentID&mMode=Modify");
}
else if (isset($_POST['BtnSave']))
{
require_once('CPConfig.php');
if (isset($_GET['mMode']))
{
$mMode = $_GET['mMode'];
}
else
{
$mMode = '';
}
$mStart = $_GET['start'];
$mRecruitmentID = $_GET['RecruitmentID'];
$link = mysql_connect($hostname, $username, $password) ;
$db= mysql_select_db($dbname);
$RecruitmentName = addslashes(str_replace("'", "'", $_POST['TxtRecruitmentName']));
$RecruitmentDescription = addslashes(str_replace("'", "'", $_POST['TxtRecruitmentDescription']));
$PublishedDay = addslashes(str_replace("'", "'", $_POST['CmbPublishedDay']));
$PublishedMonth = addslashes(str_replace("'", "'", $_POST['CmbPublishedMonth']));
$PublishedYear = addslashes(str_replace("'", "'", $_POST['CmbPublishedYear']));
$SubmissionDay = addslashes(str_replace("'", "'", $_POST['CmbSubmissionDay']));
$SubmissionMonth = addslashes(str_replace("'", "'", $_POST['CmbSubmissionMonth']));
$SubmissionYear = addslashes(str_replace("'", "'", $_POST['CmbSubmissionYear']));
$RecruitmentRemarks = addslashes(str_replace("'", "'", $_POST['TxtRecruitmentRemarks']));
if ($RecruitmentName == '')
{
session_start();
$_SESSION['mRecruitmentName'] = str_replace("'", "'", $_POST['TxtRecruitmentName']);
$_SESSION['mRecruitmentDescription'] = str_replace("'", "'", $_POST['TxtRecruitmentDescription']);
$_SESSION['mPublishedDay'] = str_replace("'", "'", $_POST['CmbPublishedDay']);
$_SESSION['mPublishedMonth'] = str_replace("'", "'", $_POST['CmbPublishedMonth']);
$_SESSION['mPublishedYear'] = str_replace("'", "'", $_POST['CmbPublishedYear']);
$_SESSION['mSubmissionDay'] = str_replace("'", "'", $_POST['CmbSubmissionDay']);
$_SESSION['mSubmissionMonth'] = str_replace("'", "'", $_POST['CmbSubmissionMonth']);
$_SESSION['mSubmissionYear'] = str_replace("'", "'", $_POST['CmbSubmissionYear']);
$_SESSION['mRecruitmentRemarks'] = str_replace("'", "'", $_POST['TxtRecruitmentRemarks']);
header("location: CPMasterRecruitment.php?start=$mStart&RecruitmentID=$mRecruitmentID&mMode=$mMode&mError=Invalid Name...");
exit;
}
if ($mMode == 'Add')
{
$DocumentPath = 'Recruitment/';
$DocumentName = basename($_FILES['DocumentPath']['name']);
$DocumentFile = $DocumentPath . $DocumentName;
move_uploaded_file($_FILES['DocumentPath']['tmp_name'], $DocumentFile);
$mPMonth = date("m", strtotime($PublishedDay . "-" . $PublishedMonth . "-" . $PublishedYear));
$PublishedDate = date("Y-m-d", mktime(0, 0, 0, $mPMonth, $PublishedDay, $PublishedYear));
$mSMonth = date("m", strtotime($SubmissionDay . "-" . $SubmissionMonth . "-" . $SubmissionYear));
$SubmissionDate = date("Y-m-d", mktime(0, 0, 0, $mSMonth, $SubmissionDay, $SubmissionYear));
$qry = "INSERT INTO masterrecruitment(RecruitmentName, RecruitmentDescription, PublishedDay, PublishedMonth, PublishedYear, PublishedDate, SubmissionDay, SubmissionMonth, SubmissionYear, SubmissionDate, RecruitmentRemarks, DocumentPath, DocumentName) VALUES('$RecruitmentName', '$RecruitmentDescription', '$PublishedDay', '$PublishedMonth', '$PublishedYear', '$PublishedDate', '$SubmissionDay', '$SubmissionMonth', '$SubmissionYear', '$SubmissionDate', '$RecruitmentRemarks', '$DocumentPath', '$DocumentName')";
}
else if ($mMode == 'Modify')
{
$DocumentPath = 'Recruitment/';
$DocumentName = basename($_FILES['DocumentPath']['name']);
$DocumentFile = $DocumentPath . $DocumentName;
move_uploaded_file($_FILES['DocumentPath']['tmp_name'], $DocumentFile);
$mPMonth = date("m", strtotime($PublishedDay . "-" . $PublishedMonth . "-" . $PublishedYear));
$PublishedDate = date("Y-m-d", mktime(0, 0, 0, $mPMonth, $PublishedDay, $PublishedYear));
$mSMonth = date("m", strtotime($SubmissionDay . "-" . $SubmissionMonth . "-" . $SubmissionYear));
$SubmissionDate = date("Y-m-d", mktime(0, 0, 0, $mSMonth, $SubmissionDay, $SubmissionYear));
$qry = "UPDATE masterrecruitment SET RecruitmentName='$RecruitmentName', RecruitmentDescription='$RecruitmentDescription', PublishedDay='$PublishedDay', PublishedMonth='$PublishedMonth', PublishedYear='$PublishedYear', PublishedDate='$PublishedDate', SubmissionDay='$SubmissionDay', SubmissionMonth='$SubmissionMonth', SubmissionYear='$SubmissionYear', SubmissionDate='$SubmissionDate', RecruitmentRemarks='$RecruitmentRemarks'";
if ($DocumentName != '')
{
$qry = $qry . ", DocumentName='$DocumentName'";
}
$qry = $qry . " WHERE RecruitmentID=$mRecruitmentID";
}
$result = @mysql_query($qry);
if($result)
{
header("location: CPMasterRecruitment.php?start=$mStart&RecruitmentID=$mRecruitmentID&mMode=Save");
}
else
{
die("Query failed");
}
}
else if (isset($_POST['BtnCancel']))
{
$mStart = $_GET['start'];
$mRecruitmentID = $_GET['RecruitmentID'];
header("location: CPMasterRecruitment.php?start=$mStart&RecruitmentID=$mRecruitmentID&mMode=Cancel");
}
else if (isset($_POST['BtnDelete']))
{
require_once('CPConfig.php');
$mStart = $_GET['start'];
$mRecruitmentID = $_GET['RecruitmentID'];
$link = mysql_connect(DB_HOST, DB_USER, DB_PASSWORD);
$db = mysql_select_db(DB_DATABASE);
$qry = "DELETE FROM masterrecruitment WHERE RecruitmentID = '$mRecruitmentID'";
$result = @mysql_query($qry);
if($result)
{
header("location: CPMasterRecruitment.php?start=$mStart&mMode=Delete");
}
}
?>Discord hacker0088#9402
FSecurity.org