HARVARD Faculty of Arts & Sciences Site Has been pwn3d

1. sess_16h0eecd9m08pemn5l2gmhe1o1
2. sess_1j78r226n3ihenu3tumjl8hjl5
3. sess_1ncsv1po652sd9g3u2u3e39kf7
4. sess_41pqj95jt8qlcu0ebugitd8162
5. sess_7651oo0i16pojb1eo57sagmbg4
6. sess_7pl3agcshljupr4gap2gts22u0
7. sess_8655k1p6g8tma498prc16ui7e5
8. sess_aci9i4d3tuiv89394r9l4qmed5
9. sess_b1r30834gcoqnv9h3v3b699ms0
10. sess_c0iup7o8klf1es9niqsusgb0s5
11. sess_ectlos1l83vpm2ma9nceepbb26
12. sess_mmc76t617a6965o0ge0km8jd17
13. sess_n94tkrvb6b0ie5vv2v9c7ge672
14. sess_p2ivp2t4k686kak0dnfss91l81
15. sess_s81is08tkf8l34ovq77ebm0ur0
16.  
17. #
18. ----------------------------------------------------------------------------------------------------------
19. #
20.  
21. <?php
22. require_once('includes/reset_session.php');
23. require_once('includes/common.php');
24. if (!isset($_SESSION['user_id']) || $_SESSION['user_type'] != 'admin') {
25. header('http://www.appsuccess.org');
26. }
27.  
28. if (isset($_POST['url']) && isset($_POST['applicant']) && isset($_POST['mentor']) && isset($_POST['name'])) {
29. $url = mysql_real_escape_string($_POST['url']);
30. $applicant = mysql_real_escape_string($_POST['applicant']);
31. $mentor = mysql_real_escape_string($_POST['mentor']);
32. $name = mysql_real_escape_string($_POST['name']);
33.  
34. $query = sprintf("SELECT * FROM `applicants` WHERE `email`='%s'", $applicant);
35. $result = mysql_query($query) or die(mysql_error());
36. if (mysql_num_rows($result) == 1) {
37. $applicant = mysql_fetch_assoc($result);
38. $query = sprintf("SELECT * FROM `mentors` WHERE `email`='%s'", $mentor);
39. $result = mysql_query($query) or die(mysql_error());
40. if (mysql_num_rows($result) == 1) {
41. $mentor = mysql_fetch_assoc($result);
42. $query = sprintf("INSERT INTO `documents` (`name`,`url`,`applicant_id`,`mentor_id`) VALUES ('%s', '%s', '%s', '%s')", $name, $url, $applicant['id'], $mentor['id']);
43. $result = mysql_query($query) or die(mysql_error());
44. if ($result) {
45. $error = false;
46. $message = "Document added";
47. }
48. else {
49. $error = true;
50. $message = "Document could not be added";
51. }
52. }
53. else {
54. $error = true;
55. $message = "Mentor not found";
56. }
57. }
58. else {
59. $error = true;
60. $message = "Applicant not found";
61. }
62. }
63. print_header('Documents');
64. ?>
65. <script type="text/javascript">
66. $(document).ready(function() {
67. $('#documents-table').dataTable({
68. "oLanguage": {
69. "sLengthMenu": "Display <select><option value=\"10\">10</option><option value=\"25\">25</option><option value=\"50\">50</option><option value=\"100\">100</option><option value=\"500\">500</option><option value=\"1000\">1000</option></select> records per page"
70. }
71. });
72.  
73. var mentors = [
74. <?php
75. $query = sprintf("SELECT * FROM `mentors`");
76. $result = mysql_query($query) or die(mysql_error());
77.  
78. while ($row = mysql_fetch_assoc($result)) {
79. echo "\"".htmlentities($row['email'])."\", ";
80. }
81. ?>
82. ];
83.  
84. $( "#mentor" ).autocomplete({
85. source: mentors
86. });
87.  
88. var applicants = [
89. <?php
90. $query = sprintf("SELECT * FROM `applicants`");
91. $result = mysql_query($query) or die(mysql_error());
92.  
93. while ($row = mysql_fetch_assoc($result)) {
94. echo "\"".htmlentities($row['email'])."\", ";
95. }
96. ?>
97. ];
98.  
99. $( "#applicant" ).autocomplete({
100. source: applicants
101. });
102. });
103. </script>
104. <?php if (isset($error)) { echo '<div style="padding: 5px; border: 1px solid black; float: right; color: '; if ($error) { echo 'red'; } else { echo 'green'; } echo ';">'.htmlentities($message).'</div>'; } ?>
105. <h1>Documents</h1>
106.  
107. <?php
108. $query = sprintf("SELECT * FROM `documents`");
109. $result = mysql_query($query) or die(mysql_error());
110. if (mysql_num_rows($result) > 0) {
111. echo '<table id="documents-table" style="width: 100%; display: inline-table;">';
112. echo '<thead><th>ID</th><th>Document Name</th><th>Applicant</th><th>Mentor</th></thead><tbody>';
113. while ($document = mysql_fetch_assoc($result)) {
114. unset($mentor);
115. unset($applicant);
116.  
117. $query2 = sprintf("SELECT * FROM `mentors` WHERE `id`='%s'", $document['mentor_id']);
118. $result2 = mysql_query($query2) or die(mysql_error());
119. if (mysql_num_rows($result2) == 1) {
120. $mentor = mysql_fetch_assoc($result2);
121. }
122.  
123. $query2 = sprintf("SELECT * FROM `applicants` WHERE `id`='%s'", $document['applicant_id']);
124. $result2 = mysql_query($query2) or die(mysql_error());
125. if (mysql_num_rows($result2) == 1) {
126. $applicant = mysql_fetch_assoc($result2);
127. }
128.  
129. echo '<td><a href="document-profile.php?id='.htmlentities($document['id']).'">'.htmlentities($document['id']).'</a></td>';
130. echo '<td><a href="'.htmlentities($document['url']).'">'.htmlentities(str_replace("\\", "", $document['name'])).'</a></td>';
131. echo '<td>';
132. if (isset($applicant)) {
133. echo '<a href="applicant-profile.php?id='.htmlentities($applicant['id']).'">'.htmlentities($applicant['first_name']).' '.htmlentities($applicant['last_name']).'</a>';
134. }
135. else {
136. echo 'No applicant';
137. }
138. echo '</td>';
139. echo '<td>';
140. if (isset($mentor)) {
141. echo '<a href="mentor-profile.php?id='.htmlentities($mentor['id']).'">'.htmlentities($mentor['first_name']).' '.htmlentities($mentor['last_name']).'</a>';
142. }
143. else {
144. echo 'No mentor';
145. }
146. echo '</td>';
147. echo '</tr>';
148.  
149. }
150. echo '</tbody>';
151. echo '</table>';
152.  
153. }
154. else {
155. echo "No documents found.";
156. }
157. ?>
158. <h2>Add a Document</h2>
159. <form method="post">
160. <label for="url">Document URL</label>
161. <input type="text" name="url" id="url" />
162. <label for="name">Name</label>
163. <input type="text" name="name" id="name" />
164. <label for="applicant">Applicant</label>
165. <input type="text" name="applicant" id="applicant" />
166. <label for="mentor">Mentor</label>
167. <input type="text" name="mentor" id="mentor" />
168. <button style="margin: 0px auto 0px; float: none;" type="submit">Add Document</button>
169. </form>
170. <?php print_footer(); ?>