KucukHacker0088 Shell
| Current Path : G:/PleskVhosts/mpcdp.in/cmamp.mpcdp.in/CP/ |
Windows NT SG2NWVPWEB022 10.0 build 17763 (Windows Server 2016) i586 |
| Current File : G:/PleskVhosts/mpcdp.in/cmamp.mpcdp.in/CP/CPMasterTender-Exec.php |
<?php
if (isset($_POST['BtnAdd']))
{
$mStart = $_GET['start'];
$mTenderID = $_GET['TenderID'];
header("location: CPMasterTender.php?start=$mStart&TenderID=$mTenderID&mMode=Add");
}
else if (isset($_POST['BtnModify']))
{
$mStart = $_GET['start'];
$mTenderID = $_GET['TenderID'];
header("location: CPMasterTender.php?start=$mStart&TenderID=$mTenderID&mMode=Modify");
}
else if (isset($_POST['BtnSave']))
{
require_once('CPConfig.php');
if (isset($_GET['mMode']))
{
$mMode = $_GET['mMode'];
}
else
{
$mMode = '';
}
$mStart = $_GET['start'];
$mTenderID = $_GET['TenderID'];
$link = mysql_connect($hostname, $username, $password) ;
$db= mysql_select_db($dbname);
$TenderName = addslashes(str_replace("'", "'", $_POST['TxtTenderName']));
$TenderDescription = addslashes(str_replace("'", "'", $_POST['TxtTenderDescription']));
$PublishedDay = addslashes(str_replace("'", "'", $_POST['CmbPublishedDay']));
$PublishedMonth = addslashes(str_replace("'", "'", $_POST['CmbPublishedMonth']));
$PublishedYear = addslashes(str_replace("'", "'", $_POST['CmbPublishedYear']));
$SubmissionDay = addslashes(str_replace("'", "'", $_POST['CmbSubmissionDay']));
$SubmissionMonth = addslashes(str_replace("'", "'", $_POST['CmbSubmissionMonth']));
$SubmissionYear = addslashes(str_replace("'", "'", $_POST['CmbSubmissionYear']));
$TenderRemarks = addslashes(str_replace("'", "'", $_POST['TxtTenderRemarks']));
if ($TenderName == '')
{
session_start();
$_SESSION['mTenderName'] = str_replace("'", "'", $_POST['TxtTenderName']);
$_SESSION['mTenderDescription'] = str_replace("'", "'", $_POST['TxtTenderDescription']);
$_SESSION['mPublishedDay'] = str_replace("'", "'", $_POST['CmbPublishedDay']);
$_SESSION['mPublishedMonth'] = str_replace("'", "'", $_POST['CmbPublishedMonth']);
$_SESSION['mPublishedYear'] = str_replace("'", "'", $_POST['CmbPublishedYear']);
$_SESSION['mSubmissionDay'] = str_replace("'", "'", $_POST['CmbSubmissionDay']);
$_SESSION['mSubmissionMonth'] = str_replace("'", "'", $_POST['CmbSubmissionMonth']);
$_SESSION['mSubmissionYear'] = str_replace("'", "'", $_POST['CmbSubmissionYear']);
$_SESSION['mTenderRemarks'] = str_replace("'", "'", $_POST['TxtTenderRemarks']);
header("location: CPMasterTender.php?start=$mStart&TenderID=$mTenderID&mMode=$mMode&mError=Invalid Name...");
exit;
}
if ($mMode == 'Add')
{
$DocumentPath = 'Tender/';
$DocumentName = basename($_FILES['DocumentPath']['name']);
$DocumentFile = $DocumentPath . $DocumentName;
move_uploaded_file($_FILES['DocumentPath']['tmp_name'], $DocumentFile);
$mPMonth = date("m", strtotime($PublishedDay . "-" . $PublishedMonth . "-" . $PublishedYear));
$PublishedDate = date("Y-m-d", mktime(0, 0, 0, $mPMonth, $PublishedDay, $PublishedYear));
$mSMonth = date("m", strtotime($SubmissionDay . "-" . $SubmissionMonth . "-" . $SubmissionYear));
$SubmissionDate = date("Y-m-d", mktime(0, 0, 0, $mSMonth, $SubmissionDay, $SubmissionYear));
$qry = "INSERT INTO mastertender(TenderName, TenderDescription, PublishedDay, PublishedMonth, PublishedYear, PublishedDate, SubmissionDay, SubmissionMonth, SubmissionYear, SubmissionDate, TenderRemarks, DocumentPath, DocumentName) VALUES('$TenderName', '$TenderDescription', '$PublishedDay', '$PublishedMonth', '$PublishedYear', '$PublishedDate', '$SubmissionDay', '$SubmissionMonth', '$SubmissionYear', '$SubmissionDate', '$TenderRemarks', '$DocumentPath', '$DocumentName')";
}
else if ($mMode == 'Modify')
{
$DocumentPath = 'Tender/';
$DocumentName = basename($_FILES['DocumentPath']['name']);
$DocumentFile = $DocumentPath . $DocumentName;
move_uploaded_file($_FILES['DocumentPath']['tmp_name'], $DocumentFile);
$mPMonth = date("m", strtotime($PublishedDay . "-" . $PublishedMonth . "-" . $PublishedYear));
$PublishedDate = date("Y-m-d", mktime(0, 0, 0, $mPMonth, $PublishedDay, $PublishedYear));
$mSMonth = date("m", strtotime($SubmissionDay . "-" . $SubmissionMonth . "-" . $SubmissionYear));
$SubmissionDate = date("Y-m-d", mktime(0, 0, 0, $mSMonth, $SubmissionDay, $SubmissionYear));
$qry = "UPDATE mastertender SET TenderName='$TenderName', TenderDescription='$TenderDescription', PublishedDay='$PublishedDay', PublishedMonth='$PublishedMonth', PublishedYear='$PublishedYear', PublishedDate='$PublishedDate', SubmissionDay='$SubmissionDay', SubmissionMonth='$SubmissionMonth', SubmissionYear='$SubmissionYear', SubmissionDate='$SubmissionDate', TenderRemarks='$TenderRemarks'";
if ($DocumentName != '')
{
$qry = $qry . ", DocumentName='$DocumentName'";
}
$qry = $qry . " WHERE TenderID=$mTenderID";
}
$result = @mysql_query($qry);
if($result)
{
header("location: CPMasterTender.php?start=$mStart&TenderID=$mTenderID&mMode=Save");
}
else
{
die("Query failed");
}
}
else if (isset($_POST['BtnCancel']))
{
$mStart = $_GET['start'];
$mTenderID = $_GET['TenderID'];
header("location: CPMasterTender.php?start=$mStart&TenderID=$mTenderID&mMode=Cancel");
}
else if (isset($_POST['BtnDelete']))
{
require_once('CPConfig.php');
$mStart = $_GET['start'];
$mTenderID = $_GET['TenderID'];
$link = mysql_connect(DB_HOST, DB_USER, DB_PASSWORD);
$db = mysql_select_db(DB_DATABASE);
$qry = "DELETE FROM mastertender WHERE TenderID = '$mTenderID'";
$result = @mysql_query($qry);
if($result)
{
header("location: CPMasterTender.php?start=$mStart&mMode=Delete");
}
}
?>Discord hacker0088#9402
FSecurity.org