shell bypass 403
<?
class PDOConnection {
public $db;
public function __construct() {
// $db_type = 'mysql'; //ex) mysql, postgresql, oracle
// $db_name = 'atwork';
// $user = 'atwork';
// $password = 'idea123';
// $host = 'localhost';
// try {
// $dsn = "$db_type:host=$host;dbname=$db_name";
// $this->db = new PDO($dsn, $user, $password);
// $this->db->setAttribute(PDO::ATTR_PERSISTENT, true);
// $this->db->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
// //return $this->db;
// } catch (PDOException $e) {
// print "Error!: " . $e->getMessage() . "\n";
// die ();
// }
}
public function connect($db_type,$host,$db_name,$user,$password) {
try {
$dsn = "$db_type:host=$host;dbname=$db_name";
$this->db = new PDO($dsn, $user, $password);
$this->db->setAttribute(PDO::ATTR_PERSISTENT, true);
$this->db->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
//return $this->db;
} catch (PDOException $e) {
print "Error!: " . $e->getMessage() . "\n";
die ();
}
}
public function __deconstruct() {
$this->db = null;
}
public function nativeQuerySelect($sql, $parameter) {
try {
$utf8sql = "SET NAMES UTF8";
$this->db->query($utf8sql);
$stmt = $this->db->prepare($sql);
if (count($parameter) > 0) {
for ($i = 0; $i < count($parameter); $i++) {
$stmt->bindParam($i + 1, $parameter[$i]);
}
}
$res = $stmt->execute();
return $stmt->fetchAll(PDO::FETCH_BOTH);
} catch (PDOException $e) {
throw new PDOException('Query error :' . $e->getMessage());
}
}
/* return number of affected rows */
public function nativeQueryInsert($sql, $parameter) {
try {
$utf8sql = "SET NAMES UTF8";
$this->db->query($utf8sql);
$stmt = $this->db->prepare($sql);
if (count($parameter) > 0) {
for ($i = 0; $i < count($parameter); $i++) {
$stmt->bindParam($i + 1, $parameter[$i]);
}
}
$res = $stmt->execute();
return $res;
} catch (PDOException $e) {
throw new PDOException('Query error :' . $e->getMessage());
}
}
/* return number of affected rows */
public function nativeQueryUpdate($sql, $parameter) {
try {
$utf8sql = "SET NAMES UTF8";
$this->db->query($utf8sql);
$stmt = $this->db->prepare($sql);
if (count($parameter) > 0) {
for ($i = 0; $i < count($parameter); $i++) {
$stmt->bindParam($i + 1, $parameter[$i]);
}
}
$res = $stmt->execute();
return $res == null ? false : true;
} catch (PDOException $e) {
throw new PDOException('Query error :' . $e->getMessage());
}
}
public function nativeQueryDelete($sql, $parameter) {
try {
$stmt = $this->db->prepare($sql);
if (count($parameter) > 0) {
for ($i = 0; $i < count($parameter); $i++) {
$stmt->bindParam($i + 1, $parameter[$i]);
}
}
$stmt->execute();
return true;
} catch (PDOException $e) {
return false;
}
}
public function isUniqueNative($sql, $parameter) {
try {
$stmt = $this->db->prepare($sql);
if (count($parameter) > 0) {
for ($i = 0; $i < count($parameter); $i++) {
$stmt->bindParam($i + 1, $parameter[$i]);
}
}
$stmt->execute();
$found = 0;
foreach ($stmt->fetchAll(PDO::FETCH_ASSOC) as $row) {
$found++;
}
return $found == 0 ? true : false;
} catch (PDOException $e) {
throw new PDOException('Query error :' . $e->getMessage());
}
}
public function countRow($tableName, $condition) {
try {
echo $this->qCountRow . $condition;
$stmt = $this->db->prepare($this->qCountRow . $condition);
$stmt->bindParam(':table', $tableName);
$stmt->execute();
$row = $stmt->fetch(PDO::FETCH_BOTH);
return $row['total'];
} catch (PDOException $e) {
throw new PDOException('Database error details: ' . $e->getMessage());
return -1;
}
}
public function insertAdminLog($arrValue) {//table(id int11,date datetime,log text)
try {
$sql = "INSERT INTO admin_log VALUES('',:val1,:val2)";
$stmt = $this->db->prepare($sql);
$logDetail = $_SERVER['REMOTE_ADDR'] . "|";
if (count($arrValue) > 0) {
for ($i = 0; $i < count($arrValue); $i++) {
$logDetail .= $arrValue[$i] . "|";
}
}
$stmt->bindParam(':val1', date('Y-m-d h:i:s'));
$stmt->bindParam(':val2', $logDetail);
$stmt->execute();
} catch (PDOException $e) {
throw new PDOException('Database error ' . $e->getMessage());
}
}
}
?>