!C99Shell v. 1.0 pre-release build #13!

Software: Apache. PHP/5.5.15 

uname -a: Windows NT SVR-DMZ 6.1 build 7600 (Windows Server 2008 R2 Enterprise Edition) i586 

SYSTEM 

Safe-mode: OFF (not secure)

C:\Intranet\C\xampp\htdocs\php\AjaxPhpCode\Chapter06\ajax\suggest\   drwxrwxrwx
Free 4.09 GB of 39.52 GB (10.35%)
Detected drives: [ a ] [ c ] [ d ] [ e ] [ f ]
Home    Back    Forward    UPDIR    Refresh    Search    Buffer    Encoder    Tools    Proc.    FTP brute    Sec.    SQL    PHP-code    Update    Feedback    Self remove    Logout    


Viewing file:     suggest.class.php (1.94 KB)      -rw-rw-rw-
Select action/file-type:
(+) | (+) | (+) | Code (+) | Session (+) | (+) | SDB (+) | (+) | (+) | (+) | (+) | (+) |
<?php
// load error handling module
require_once('error_handler.php');
// load configuration file
require_once('config.php');

// class supports server-side suggest & autocomplete functionality
class Suggest
{
  
// database handler
  
private $mMysqli;
  
  
// constructor opens database connection
  
function __construct() 
  {   
    
// connect to the database
    
$this->mMysqli = new mysqli(DB_HOSTDB_USERDB_PASSWORD
                                                          
DB_DATABASE);    
  }
  
  
// destructor, closes database connection  
  
function __destruct() 
  {
    
$this->mMysqli->close();
  }
  
  
// returns all PHP functions that start with $keyword
  
public function getSuggestions($keyword)
  {
    
// escape the keyword string      
    
$patterns = array('/\s+/''/"+/''/%+/');
    
$replace = array('');
    
$keyword preg_replace($patterns$replace$keyword);
    
// build the SQL query that gets the matching functions from the database
    
if($keyword != '')
      
$query 'SELECT name ' .
               
'FROM suggest ' 
               
'WHERE name LIKE "' $keyword '%"';
    
// if the keyword is empty build a SQL query that will return no results
    
else
      
$query 'SELECT name ' .
 
               
'FROM suggest ' .
               
'WHERE name=""'
    
// execute the SQL query
    
$result $this->mMysqli->query($query);
    
// build the XML response
    
$output '<?xml version="1.0" encoding="UTF-8" standalone="yes"?>';
    
$output .= '<response>';    
    
// if we have results, loop through them and add them to the output
    
if($result->num_rows)
      while (
$row $result->fetch_array(MYSQLI_ASSOC)) 
        
$output .= '<name>' $row['name'] . '</name>';
    
// close the result stream 
    
$result->close();
    
// add the final closing tag
    
$output .= '</response>';   
    
// return the results
    
return $output;  
  }
//end class Suggest
}
?>

:: Command execute ::

Enter:
 
Select:
 

:: Search ::
  - regexp 

:: Upload ::
 
[ ok ]

:: Make Dir ::
 
[ ok ]
:: Make File ::
 
[ ok ]

:: Go Dir ::
 
:: Go File ::
 

--[ c99shell v. 1.0 pre-release build #13 powered by Captain Crunch Security Team | http://ccteam.ru | Generation time: 0.0312 ]--