MOON
Server: Apache/2.2.23 (Unix) mod_ssl/2.2.23 OpenSSL/0.9.8e-fips-rhel5 mod_auth_passthrough/2.1 mod_bwlimited/1.4 PHP/5.4.10
System: Linux vps.presagepowered.net 2.6.18-398.el5 #1 SMP Tue Sep 16 20:51:48 EDT 2014 i686
User: mckernan (512)
PHP: 5.4.10
Disabled: NONE
$ pwd: /home/mckernan/public_html/iJournal/includes/client/
Upload Files
File: /home/mckernan/public_html/iJournal/includes/client/convert.php
<?php

// convert to new year
	// init database name
	$database = DB_PREFIX;	

	
	// process request
	if ($sid != '')
	{
		// sid check
		require "includes/session/sidck.php";
		
		
		// init return value
		$rv = '<root>' . PHP_EOL;
        $rv .= '<year>' . PHP_EOL;
	
	
		// fetch database name / open db
		$dbname = '';
		if ( isset($_POST['dbn']) ) $dbname = $_POST['dbn'];
		if ( isset($_GET['dbn']) ) $dbname = $_GET['dbn'];
		
		if ($dbname == '') die();
		
		$database .= $dbname;
 
		
		require "includes/db.php";
		
		// fetch / validate params
		$valid = true;
		
		$yr = getvar($db, 'yr', 'string');
        
        $mos = '';
		if ( isset($_POST['mos']) ) $mos = $_POST['mos'];
		if ( isset($_GET['mos']) ) $mos = $_GET['mos'];
        $mos = intval($mos);
		if ($mos < 1 || $mos > 12) $valid = false;
		
		$depr = 0;
		if ( isset($_POST['depr']) ) $depr = floatval($_POST['depr']);
		if ( isset($_GET['depr']) ) $depr = floatval($_GET['depr']);
		$depr = abs($depr);
		
		$fed = 0;
		if ( isset($_POST['fed']) ) $fed = floatval($_POST['fed']);
		if ( isset($_GET['fed']) ) $fed = floatval($_GET['fed']);
		$fed = abs($fed);
		
		$state = 0;
		if ( isset($_POST['state']) ) $state = floatval($_POST['state']);
		if ( isset($_GET['state']) ) $state = floatval($_GET['state']);
		$state = abs($state);
		
		$loc = 0;
		if ( isset($_POST['loc']) ) $loc = floatval($_POST['loc']);
		if ( isset($_GET['loc']) ) $loc = floatval($_GET['loc']);
		$loc = abs($loc);
		        
        if ($valid)
		{
			// verify year doesn't exist / create new year
			$query = "SELECT yr_id FROM accounting_year WHERE yr_year = '" . $yr . "'";
			
			
			if ($result = $db->query($query))
			{
				if ($db->affected_rows == 0)
				{
					$query = "INSERT INTO accounting_year (yr_year, yr_mos, yr_depr, yr_fed, yr_state, yr_local) VALUES ('" . 
							  $yr . "', " . $mos . ", " . $depr . ", " . $fed . ", " . $state . ", " . $loc . ")";
                              
                    if ($result = $db->query($query))
					{
						if ($db->affected_rows == 1)
						{
							$rv .= "<disposition>" . $yr . "</disposition>" . PHP_EOL;
						}
						else
						{
							$rv .= "<disposition>0</disposition>" . PHP_EOL;
						}
					}
                    else
                    {
                        $rv .= "<disposition>0</disposition>" . PHP_EOL;
                    }
				}
				else
				{
					$rv .= "<disposition>1</disposition>" . PHP_EOL;
				}
			}
			else
			{
				$rv .= "<disposition>2</disposition>" . PHP_EOL;
			}
		}
		else
		{
			$rv .= "<disposition>3</disposition>" . PHP_EOL;
		}
		
			
		// finish output
        $rv .= '</year>' . PHP_EOL;
		$rv .= '</root>' . PHP_EOL;
				
		
		// return data
		echo $rv;
		
		die;
	}
	else
	{
		header('Server: ');
		header('X-Powered-By: ');
		header("HTTP/1.0 404 Not Found");
	}

?>
@ Telegram