| Server IP : 172.67.187.206 / Your IP : 172.71.28.156 Web Server : Apache/2.4.25 (Win32) OpenSSL/1.0.2j PHP/5.6.30 System : Windows NT WIN-ECQAAA40806 6.2 build 9200 (Windows Server 2012 Standard Edition) i586 User : SYSTEM ( 0) PHP Version : 5.6.30 Disable Function : NONE MySQL : ON | cURL : ON | WGET : OFF | Perl : OFF | Python : OFF | Sudo : OFF | Pkexec : OFF Directory : /Inetpub/www/news/ |
Upload File : |
<?php
// แสดง error สำหรับ debug
error_reporting(E_ALL);
ini_set('display_errors', 1);
session_start();
// อนุญาตให้แสดงใน iframe
// ลบ X-Frame-Options หรือตั้งค่าให้อนุญาต
header_remove('X-Frame-Options');
// ถ้ายังไม่ได้ลองเพิ่ม CSP
header("Content-Security-Policy: frame-ancestors 'self' *");
include("db.php");
if(!isset($_SESSION['username'])){
}else{
$username1 = $_SESSION['username'];
$user1 = $mysqli->query("SELECT * FROM users WHERE username='$username1' LIMIT 1");
$userrow1 = mysqli_fetch_array($user1);
}
$sitesettings = $mysqli->query("SELECT * FROM settings WHERE id='1'");
$settingsrow = mysqli_fetch_array($sitesettings);
?>
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<link href="https://program.sesaorb.go.th/news/csr/admin/assets/css/style.css" rel="stylesheet" type="text/css" />
<meta name="author" content="">
<!-- Bootstrap core CSS -->
<link href="https://program.sesaorb.go.th/news/csr/main/assets/css/bootstrap.min.css" rel="stylesheet">
<!-- Font Awesome CSS -->
<link href="https://program.sesaorb.go.th/news/csr/main/assets/font-awesome/css/font-awesome.min.css" rel="stylesheet" type="text/css" />
<!-- Custom styles for this template -->
<link href="https://program.sesaorb.go.th/news/csr/main/assets/css/custom.css" rel="stylesheet">
<!-- Core Scripts -->
<script src="https://program.sesaorb.go.th/news/csr/main/assets/js/jquery.min.js"></script>
<script src="https://program.sesaorb.go.th/news/csr/main/assets/js/bootstrap.bundle.min.js"></script>
<link href="https://fonts.googleapis.com/css?family=Prompt" rel="stylesheet">
<style>
body {
margin-top: -50px;
margin-left: 30px;
font-family: 'Prompt', sans-serif;
}
h1, h2, h3, h4, h5, h6, .h1, .h2, .h3, .h4, .h5, .h6 {
font-family: 'Prompt', sans-serif;
}
bx {
color: #ffffff;
text-shadow: -2px 0 #330033, 0 2px #330033, 3px 0 #330033, 0 -2px #330033;
}
.cardx1 {
position: absolute;
margin-top: 52% !important;
margin-left: -3% !important;
margin-right: 0% !important;
padding: 0;
}
.cardx2 {
position: absolute;
margin-top: 3% !important;
margin-left: 7% !important;
margin-right: 0% !important;
padding: 0;
color: #ffffff;
}
.ex1{
background-color: #669900;
width : 100px;
}
.cardx3 {
position: absolute;
margin-top: 48% !important;
margin-left: -5% !important;
margin-right: 0% !important;
padding: 0;
}
</style>
</head>
<body>
<div class="row">
<?php
// ตรวจสอบและกำหนดค่า default สำหรับพารามิเตอร์
$school = isset($_GET['school']) ? $mysqli->escape_string($_GET['school']) : '';
$limit = isset($_GET['limit']) ? intval($_GET['limit']) : 10;
$col = isset($_GET['col']) ? $mysqli->escape_string($_GET['col']) : '';
$thum_width = isset($_GET['thum_width']) ? intval($_GET['thum_width']) : 300;
$thum_hight = isset($_GET['thum_hight']) ? intval($_GET['thum_hight']) : 200;
// ตรวจสอบว่ามี school หรือไม่
if(empty($school)) {
echo "<div class='alert alert-warning'>กรุณาระบุพารามิเตอร์ school</div>";
exit;
}
// Query ข้อมูล
$strSQL = $mysqli->query("SELECT * FROM posts WHERE cat_id='$school' ORDER BY id DESC LIMIT $limit");
// ตรวจสอบว่า query สำเร็จหรือไม่
if(!$strSQL) {
echo "<div class='alert alert-danger'>เกิดข้อผิดพลาด: " . $mysqli->error . "</div>";
exit;
}
$intRows = 0;
while($objResult = mysqli_fetch_array($strSQL)) {
$intRows++;
?>
<div class="card " style="width:<?php echo $thum_width;?>px">
<?php if ($objResult['id'] > 4430){ ?>
<img class="card-img-top" src="https://program.sesaorb.go.th/news/uploads/<?php echo $objResult["image"];?>" alt="<?php echo htmlspecialchars($objResult["title"]);?>" style="width:<?php echo $thum_width;?>px" height="<?php echo $thum_hight;?>">
<?php } else { ?>
<img src="<?php echo $objResult["image"];?>" style="width:<?php echo $thum_width;?>px" height="<?php echo $thum_hight;?>" alt="<?php echo htmlspecialchars($objResult["title"]);?>">
<?php } ?>
<div class="card-body">
<a href="https://program.sesaorb.go.th/news/story.php?id=<?php echo $objResult["id"];?>" target="_blank">
<div class="card-img-overlay cardx2">
<font size="1">
<div class="row">
<?php
$today = date("d-m-Y");
$date_news = $objResult['date'];
$rest2 = substr("$date_news", 0, -9);
$news_day = (strtotime($today) - strtotime($rest2)) / (60*60*24);
if($news_day <= 2) { echo "  <img src='images/update_news.gif'>";} else { echo "";}
?>  <p class="ex1">
<?=$objResult['date'];?></font>
</div>
<div class="card-img-overlay cardx1">
<?php
$sc = $objResult['cat_id'];
$sql2 = $mysqli->query("SELECT * FROM users WHERE id = $sc");
if($sql2 && $record = mysqli_fetch_array($sql2)) {
$schoolname = $record['school'];
$sc_school = iconv_substr("$schoolname", 0, 26, "UTF-8")."";
echo "<div><bx><font size='3'><span class='badge badge-dark'>$sc_school</span></font></bx></div>";
}
?>
</div>
<div class="card-img-overlay cardx3">
<div class="spinner-grow text-warning"></div>
</div>
</div>
</a>
<?php $ti_news = iconv_substr("$objResult[title]", 0, 60, "UTF-8").".."; echo "<font size='2'><span class='{vertical-align:top;}'>$ti_news</span></font>"; ?>
</div>
</div>
<?php } ?>
<?php
if($intRows == 0) {
echo "<div class='alert alert-info'>ไม่พบข้อมูลข่าวสาร</div>";
}
echo "
<table width='98%' border='0'>
<tr>
<td align='right'></td>
</tr>
</table>
";
?>
</div>
</body>
</html>