403WebShell

403Webshell
Server IP : 172.67.187.206 / Your IP : 172.71.28.155
Web Server : Apache/2.4.25 (Win32) OpenSSL/1.0.2j PHP/5.6.30
System : Windows NT WIN-ECQAAA40806 6.2 build 9200 (Windows Server 2012 Standard Edition) i586
User : SYSTEM ( 0)
PHP Version : 5.6.30
Disable Function : NONE
MySQL : ON | cURL : ON | WGET : OFF | Perl : OFF | Python : OFF | Sudo : OFF | Pkexec : OFF
Directory : /Inetpub/www/myoffice/2565/modules_22222/supper/
Upload File :
[ Back ]
Current File : /Inetpub/www/myoffice/2565/modules_22222/supper/addfile.php.bak
<?
CheckUser($_SESSION['user_user'], $_SESSION['user_pwd']);
?>
<link href="style_web.css" rel="stylesheet" type="text/css" />
	<TABLE align="center" cellSpacing=0 cellPadding=0 width=1000 height=500 border=0>
      <TBODY>
        <TR>
          <TD vAlign=top>

<?
 if($_GET[op] == "supper_add" AND $_GET[action] == "add"){
	//////////////////////////////////////////// กรณีเพิ่ม Database
	if(CheckLevelUser($_SESSION['user_user'],$_GET[op])){
		//	CheckUser($_SESSION['user_user']);
		$db->connectdb(DB_NAME,DB_USERNAME,DB_PASSWORD);
		$res[user] = $db->select_query("SELECT * FROM ".TB_user." WHERE username='".$_SESSION['user_user']."' ");
		$arr[user] = $db->fetch($res[user]);
		require("includes/class.resizepic.php");
			$FILE = $_FILES['files1'];
		if (!$_POST[SUPPER_ID]){
			echo "<script language='javascript'>" ;
			echo "alert('กรุณากรอกข้อมูลต่างๆให้ครบถ้วน หรือไฟล์มีขนาดใหญ่กว่า 2 MB')" ;
			echo "</script>" ;
			echo "<script language='javascript'>javascript:history.back()</script>";
			exit();
		}
// นำฟังก์ชั่น Ramdom password มาใช้เพื่อกำหนดชื่อไฟล์ป้องกันการซ้ำกัน
 if($_FILES["files1"]["tmp_name"] != "")
{
			$upload = $_FILES["files1"]["tmp_name"];
			$upload_file = $_FILES["files1"]["type"];
			require 'includes/gen_file_name.php';
			$upload_time=$gen_file_name;
			$file_size=10024;
//ตรวจสอบชนิดของไฟล์
	if ($file_size>"10024f"){
			echo "<script language='javascript'>" ;
			echo "alert('กรุณาใช้ไฟล์ .pdf .doc .xls .zip ')" ;
			echo "</script>" ;
			echo "<script language='javascript'>javascript:history.back()</script>";
			exit();
		}
//ตรวจสอบชนิดของไฟล์
	if (($upload_file!="image/gif")  AND ($upload_file!="image/jpg") AND  ($upload_file!="image/jpeg")AND ($upload_file!="image/png")){
			echo "<script language='javascript'>" ;
			echo "alert('กรุณาใช้ไฟล์ jpg , gif ,png ')" ;
			echo "</script>" ;
			echo "<script language='javascript'>javascript:history.back()</script>";
			exit();
		}

#แปลงนามสกุล และทำการ upload
if( $upload_file == "image/gif" )
				{
						$filename = $upload_name.".gif";
				}
		if( $upload_file == "image/jpg" )
				{
						$filename = $upload_name.".jpg";
				}

				if( $upload_file == "image/png" )
				{
						$filename = $upload_name.".png";
				}

							if( $upload_file == "image/jpeg" )
				{
						$filename = $upload_name.".jpg";
				}
				$new1_upload = $upload_time.$filename;
copy($_FILES["files1"]["tmp_name"], "data/supper/$new1_upload");		
			$original_image = "data/supper/$new1_upload" ;
			$desired_width = _ISUPER_W ;
			$desired_height = _ISUPER_H ;
			$image = new hft_image($original_image);
			$image->resize($desired_width, $desired_height, '0');
			$image->output_resized("data/supper/$new1_upload");
//======================================================== END ======= UPLOAD 4 ============

//ทำการเพิ่มข้อมูลลงดาต้าเบส
		$db->connectdb(DB_NAME,DB_USERNAME,DB_PASSWORD);
		$db->add_db(TB_SUPPERFILE,array(
			"supper_id"=>"$_POST[SUPPER_ID]",
			"name"=>"$_POST[NAME]",
			"post_date"=>"".TIMESTAMP."",
			"full_text"=>"$new1_upload"));
		$db->closedb ();
} else {
			//ทำการเพิ่มข้อมูลลงดาต้าเบส
		$db->connectdb(DB_NAME,DB_USERNAME,DB_PASSWORD);
		$db->add_db(TB_SUPPERFILE,array(
			"supper_id"=>"$_POST[SUPPER_ID]",
			"name"=>"$_POST[NAME]",
			"post_date"=>"".TIMESTAMP.""));
		$db->closedb ();
}

		$ProcessOutput .= "<BR><BR>";
		$ProcessOutput .= "<CENTER><IMG SRC=\"images/icon/login-welcome.gif\" BORDER=\"0\"></A><BR><BR>";
		$ProcessOutput .= "<FONT COLOR=\"#336600\"><B>ได้ทำการเพิ่ม  เข้าสู่ระบบเรียบร้อยแล้ว</B></FONT><BR><BR>";
		$ProcessOutput .= "<meta http-equiv=\"refresh\" content=\"1 ;url=?name=supper&file=bookperson&category=".$arr[user][id]."&id='".$_GET[id]."' \">";
		$ProcessOutput .= "</CENTER>";
		$ProcessOutput .= "<BR><BR>";
	}else{
		//กรณีไม่ผ่าน
		$ProcessOutput = $PermissionFalse ;
	}
	echo $ProcessOutput ;
}
else if($_GET[op] == "supper_add"){
	//////////////////////////////////////////// กรณีเพิ่ม Form
	if(CheckLevelUser($_SESSION['user_user'],$_GET[op])){
	//	CheckUser($_SESSION['user_user']);
		$db->connectdb(DB_NAME,DB_USERNAME,DB_PASSWORD);
		$res[user] = $db->select_query("SELECT * FROM ".TB_user." WHERE username='".$_SESSION['user_user']."' ");
		$arr[user] = $db->fetch($res[user]);
//ดึงค่า
		$db->connectdb(DB_NAME,DB_USERNAME,DB_PASSWORD);
		$res[supper] = $db->select_query("SELECT * FROM ".TB_SUPPER." WHERE id='".$_GET[id]."' ");
		$arr[supper] = $db->fetch($res[supper]);
		$db->closedb ();
		?>
<FORM NAME="myform" METHOD=POST ACTION="?name=supper&file=addfile&op=supper_add&action=add" enctype="multipart/form-data" id="myform">
<BR>
<TABLE width=930 height="80" align="center" background="images/124.jpg" border=0 cellPadding=0 cellSpacing=0>
     <TR>
          <TD align="center" vAlign=top><B>บันทึกข้อความ</B>
		  </TD>
		  </TR>
     <TR>
          <TD vAlign=top>
<TABLE width=800 height="80" align="center" border=0 cellPadding=0 cellSpacing=0>
     <TR>
          <TD vAlign=top>
<BR>
<input type="hidden" name="SUPPER_ID" value="<?=$arr[supper][id];?>" >
เรื่อง <?=$arr[supper][topic];?><br>
		  </TD>
				</TR>      
</table>
<table width="800" align="center"  border="0" cellspacing="0" cellpadding="0">
<tr>

<td  align="center"valign="top">
 ชื่อเอกสาร : <INPUT TYPE="text" NAME="NAME" size="30" ></B>&nbsp;&nbsp;<b>ไฟล์แนบ  : <input type="file" name="files1" size="30"><br>
<br>
<center><INPUT TYPE="submit" value=" บันทึกการส่ง" name="submit"style="background-color:#FFFF99"></center>
</td>
    </tr>
    </tr>
  </table>
<br>
</FORM>

<BR><BR>
<?
	}else{
		//กรณีไม่ผ่าน
		echo  $PermissionFalse ;
	}
}else if($_GET[op] == "supper_del" AND $_GET[action] == "multidel"){
	//////////////////////////////////////////// กรณีลบ Multi
	if(CheckLevelUser($_SESSION['user_user'],$_GET[op])){
		while(list($key, $value) = each ($_POST['list'])){
			$db->connectdb(DB_NAME,DB_USERNAME,DB_PASSWORD);
			$res[supperfile] = $db->select_query("SELECT * FROM ".SUPPERFILE." WHERE id='".$value."' ");
			$arr[supperfile] = $db->fetch($res[supperfile]);
			$db->del(TB_SUPPERFILE," id='".$value."' "); 

			@unlink("data/supper/".$arr[supperfile][full_text]);
			$db->closedb ();
		}

	}else{
	}
}
else if($_GET[op] == "supper_del"){
	//////////////////////////////////////////// กรณีลบ Form
	if(CheckLevelUser($_SESSION['user_user'],$_GET[op])){
		$db->connectdb(DB_NAME,DB_USERNAME,DB_PASSWORD);
//		$db->del(TB_supper," id='".$_GET[id]."' ");
			$res[supperfile] = $db->select_query("SELECT * FROM ".TB_SUPPERFILE." WHERE id='".$_GET[id]."' ");
			$arr[supperfile] = $db->fetch($res[supperfile]);
			$db->del(TB_SUPPERFILE," id='".$_GET[id]."' "); 

			@unlink("data/supper/".$arr[supperfile][full_text]);
		$db->closedb ();
		$ProcessOutput .= "<BR><BR>";
		$ProcessOutput .= "<CENTER><A HREF=\"?name=user&file=main\"><IMG SRC=\"images/icon/login-welcome.gif\" BORDER=\"0\"></A><BR><BR>";
		$ProcessOutput .= "<FONT COLOR=\"#336600\"><B>ได้ทำการลบเรียบร้อยแล้ว</B></FONT><BR><BR>";
		$ProcessOutput .= "<meta http-equiv=\"refresh\" content=\"1 ;url=?name=supper&file=bookperson&op=supper_read&category=".$arr[user][id]."\">";
		$ProcessOutput .= "</CENTER>";
		$ProcessOutput .= "<BR><BR>";
	}else{
		//กรณีไม่ผ่าน
		$ProcessOutput = $PermissionFalse ;
	}
	echo $ProcessOutput ;
}
?>

			<!-- user -->
		  </TD>
        </TR>
      </TBODY>
    </TABLE>
Youez - 2016 - github.com/yon3zu
LinuXploit