403Webshell
Server IP : 172.67.187.206  /  Your IP : 172.71.28.156
Web Server : Apache/2.4.25 (Win32) OpenSSL/1.0.2j PHP/5.6.30
System : Windows NT WIN-ECQAAA40806 6.2 build 9200 (Windows Server 2012 Standard Edition) i586
User : SYSTEM ( 0)
PHP Version : 5.6.30
Disable Function : NONE
MySQL : ON  |  cURL : ON  |  WGET : OFF  |  Perl : OFF  |  Python : OFF  |  Sudo : OFF  |  Pkexec : OFF
Directory :  /Inetpub/www/myoffice/2565/modules_22222/tkk6/

Upload File :
current_dir [ Writeable ] document_root [ Writeable ]

 

Command :

[ Back ]     

Current File : /Inetpub/www/myoffice/2565/modules_22222/tkk6/addrest2.php
<?
CheckUser($_SESSION['user_user'], $_SESSION['user_pwd']);
?>
<script language="JavaScript">

//******************************************
function checkregis() {
 
if(document.myform.ADDRESS.value=="") {
alert("กรุณากรอกสถานที่") ;
document.myform.ADDRESS.select() ;
return false ;
}

if(document.myform.DATE.value=="") {
alert("กรุณาเลือกวันเดือนปีที่เขียน") ;
document.myform.DATE.select() ;
return false ;
}

if(document.myform.DATE1.value=="") {
alert("กรุณาเลือกวันเดือนปีที่ลา") ;
document.myform.DATE1.select() ;
return false ;
}

if(document.myform.DATE2.value=="") {
alert("กรุณาเลือกวันเดือนปีที่ลา") ;
document.myform.DATE2.select() ;
return false ;
}

if(document.myform.NUMPOI.value=="") {
alert("กรุณากรอกจำนวนวัน") ;
document.myform.NUMPOI.select() ;
return false ;
}

if(document.myform.SATANTI.value=="") {
alert("กรุณากรอกที่อยู่") ;
document.myform.SATANTI.select() ;
return false ;
}

if(document.myform.TEL.value=="") {
alert("กรุณากรอกหมายเลขโทรศัพท์") ;
document.myform.TEL.select() ;
return false ;
}
//********************************************
}
</script>
<script language="JavaScript">
	function chkNumber(ele)
	{
	var vchar = String.fromCharCode(event.keyCode);
	if ((vchar<'0' || vchar>'9') && (vchar != '.') && (vchar != '-')) return false;
	ele.onKeyPress=vchar;
	}
</script>

	<TABLE cellSpacing=0 cellPadding=0 width=100% height=500 border=0 >
      <TBODY>
        <TR>
          <TD vAlign=top>
		  <!-- user -->
				<TABLE width="100%" align=center cellSpacing=0 cellPadding=0 border=0 >
				<TR>
					<TD height="1" class="dotline"></TD>
				</TR>
				<TR>
					<TD>
					<BR>
<?
 if($_GET[op] == "tkk6_add" AND $_GET[action] == "add"){
	//////////////////////////////////////////// กรณีเพิ่ม Database
	if(CheckLevelUser($_SESSION['user_user'],$_GET[op])){
//	CheckUser($_SESSION['user_user']);
		$db->connectdb(DB_NAME,DB_USERNAME,DB_PASSWORD);
		$res[user] = $db->select_query("SELECT * FROM ".TB_user." WHERE username='".$_SESSION['user_user']."' ");
		$arr[user] = $db->fetch($res[user]);
		if (!$_POST[CATEGORY] OR !$_POST[TOPIC]){
			echo "<script language='javascript'>" ;
			echo "alert('กรุณาเลือกการมอบหมายงาน')" ;
			echo "</script>" ;
			echo "<script language='javascript'>javascript:history.back()</script>";
			exit();


//ทำการเพิ่มข้อมูลลงดาต้าเบส
		$db->connectdb(DB_NAME,DB_USERNAME,DB_PASSWORD);
		$db->add_db(TB_TKK6,array(
			"category"=>"$_POST[CATEGORY]",
			"yearla"=>"$_POST[YEARLA]",
			"address"=>"$_POST[ADDRESS]",
			"date"=>"$_POST[DATE]",
			"topic"=>"$_POST[TOPIC]",
			"name"=>"$_POST[NAME]",
			"position"=>"$_POST[POSITION]",
			"kom"=>"$_POST[KOM]",
			"la"=>"$_POST[LA]",
			"numpoi"=>"$_POST[NUMPOI]",
			"reason"=>"$_POST[REASON]",
			"date1"=>"$_POST[DATE1]",
			"date2"=>"$_POST[DATE2]",
			"tel"=>"$_POST[TEL]",
			"satanti"=>"$_POST[SATANTI]",
			"status"=>"$_POST[STATUS]",
			"comment1"=>"2",
			"cat"=>"$_POST[CAT]",
			"post_date"=>"".TIMESTAMP."",
			"enable_comment"=>"1"));
		$db->closedb ();
} else {
			//ทำการเพิ่มข้อมูลลงดาต้าเบส
		$db->connectdb(DB_NAME,DB_USERNAME,DB_PASSWORD);
		$db->add_db(TB_TKK6,array(
			"category"=>"$_POST[CATEGORY]",
			"yearla"=>"$_POST[YEARLA]",
			"address"=>"$_POST[ADDRESS]",
			"date"=>"$_POST[DATE]",
			"topic"=>"$_POST[TOPIC]",
			"name"=>"$_POST[NAME]",
			"position"=>"$_POST[POSITION]",
			"kom"=>"$_POST[KOM]",
			"la"=>"$_POST[LA]",
			"numpoi"=>"$_POST[NUMPOI]",
			"reason"=>"$_POST[REASON]",
			"date1"=>"$_POST[DATE1]",
			"date2"=>"$_POST[DATE2]",
			"tel"=>"$_POST[TEL]",
			"satanti"=>"$_POST[SATANTI]",
			"status"=>"$_POST[STATUS]",
			"comment1"=>"2",
			"cat"=>"$_POST[CAT]",
			"post_date"=>"".TIMESTAMP."",
			"enable_comment"=>"1"));
		$db->closedb ();
}

		$ProcessOutput .= "<BR><BR>";
		$ProcessOutput .= "<CENTER><IMG SRC=\"images/icon/login-welcome.gif\" BORDER=\"0\"></A><BR><BR>";
		$ProcessOutput .= "<FONT COLOR=\"#336600\"><B>ได้ทำการเพิ่ม  เข้าสู่ระบบเรียบร้อยแล้ว</B></FONT><BR><BR>";
	$ProcessOutput .= "<meta http-equiv=\"refresh\" content=\"1 ;url=?name=tkk6&op=tkk6_read&category=".$arr[user][id]."\">";
		$ProcessOutput .= "</CENTER>";
		$ProcessOutput .= "<BR><BR>";
	}else{
		//กรณีไม่ผ่าน
		$ProcessOutput = $PermissionFalse ;
	}
	echo $ProcessOutput ;
}
else if($_GET[op] == "tkk6_add"){
	//////////////////////////////////////////// กรณีเพิ่ม Form
	if(CheckLevelUser($_SESSION['user_user'],$_GET[op])){
//	CheckUser($_SESSION['user_user']);
		$db->connectdb(DB_NAME,DB_USERNAME,DB_PASSWORD);
		$res[user] = $db->select_query("SELECT * FROM ".TB_user." WHERE username='".$_SESSION['user_user']."' ");
		$arr[user] = $db->fetch($res[user]);
	//ดึงค่า
		$db->connectdb(DB_NAME,DB_USERNAME,DB_PASSWORD);
		$res[yearla] = $db->select_query("SELECT * FROM ".TB_YEARLA_CAT." ORDER BY id ");
		$arr[yearla] = $db->fetch($res[yearla]);	
		
		$db->connectdb(DB_NAME,DB_USERNAME,DB_PASSWORD);
		$res[working] = $db->select_query("SELECT * FROM ".TB_WORKING_CAT." WHERE id='".$arr[user][working]."'  ");
		$arr[working] = $db->fetch($res[working]);
		
		$res[usersch] = $db->select_query("SELECT * FROM ".TB_usersch." WHERE id='".$arr[user][sangkad]."'  ");
		$arr[usersch] = $db->fetch($res[usersch]);
		
		$res[category] = $db->select_query("SELECT * FROM ".TB_TKK6_CAT." WHERE  yearla='".$arr[yearla][name]."' ");
		$arr[category] = $db->fetch($res[category]);
		?>
<script type="text/javascript" src="datepicker.js"></script>
<FORM NAME="myform" METHOD=POST ACTION="?name=tkk6&file=addrest2&op=tkk6_add&action=add" enctype="multipart/form-data" id="myform" onSubmit="return checkregis()">
<tr><td width="100%" align="center"><font size="3" color="#FF0000"><B>บันทึกลาพักผ่อน ของ  <?=$arr[user][category_name];?></B></font>
<BR><INPUT TYPE="hidden" NAME="YEARLA" VALUE="<?=$arr[yearla][name];?>">
<table width="1000" height="300">
 <tr> 
    <td width="330" height="22" align="right" valign="top"><strong>เขียนที่ :</strong></td>
    <td width="670" align="left" valign="top">
	<INPUT TYPE="text" NAME="ADDRESS" size="50"style="background-color:#FFFF99">
	</td>
  </tr>
  <tr> 
    <td height="22" align="right" valign="top"><strong>วันที่เขียน :</strong></td>
    <td align="left" valign="top">
	<input name="DATE" readonly value="<?=$_GET[dates];?>"style="background-color:#FFFF99"> <IMG SRC="images/admin/dateselect.gif" BORDER="0" ALT="เลือกวันที่" onclick="displayDatePicker('DATE', false, 'ymd', '-');" align="absmiddle">
	<INPUT TYPE="hidden" NAME="TOPIC" size="30"   VALUE="ขอลาพักผ่อน">
	<INPUT TYPE="hidden" NAME="LA" size="30"   VALUE="พักผ่อน">
	<INPUT TYPE="hidden" NAME="NAME" size="30"   VALUE="<?=$arr[user][category_name];?>">
<?
					 if($arr[user][level]==3){ 	  
?>
<INPUT TYPE="hidden" NAME="POSITION" size="30"VALUE="<?=$arr[user][posit];?>">
<INPUT TYPE="hidden" NAME="KOM" size="30"VALUE="<?=$arr[usersch][name];?>">
  <?  }?>	 
 <?
					 if($arr[user][level]>6){ 	  
?>
<INPUT TYPE="hidden" NAME="POSITION" size="30"VALUE="<?=$arr[user][posit];?>">
<INPUT TYPE="hidden" NAME="KOM" size="30"VALUE="<?=$arr[working][category_name];?>">
  <?  }?>	 
 <?
					 if(($arr[user][level]==4)OR($arr[user][level]==5)){ 	  
?>
<INPUT TYPE="hidden" NAME="POSITION" size="30"VALUE="<?=$arr[user][posit];?>">
<INPUT TYPE="hidden" NAME="KOM" size="30"VALUE="<?=$arr[working][category_name];?>">
  <?  }?>	 
	</td>
  </tr>
  <tr> 
    <td height="24" align="right" valign="top"><strong>ขอลาพักผ่อน ตั้งแต่วันที่ :</strong></td>
    <td align="left" valign="top">
	<input name="DATE1" readonly value="<?=$_GET[dates];?>"style="background-color:#FFFF99"> <IMG SRC="images/admin/dateselect.gif" BORDER="0" ALT="เลือกวันที่" onclick="displayDatePicker('DATE1', false, 'ymd', '-');" align="absmiddle"> 
	</td>
  </tr>
  <tr> 
    <td height="24" align="right" valign="top"><strong>ถึงวันที่ :</strong></td>
    <td align="left" valign="top">
	<input name="DATE2" readonly value="<?=$_GET[dates];?>"style="background-color:#FFFF99"> <IMG SRC="images/admin/dateselect.gif" BORDER="0" ALT="เลือกวันที่" onclick="displayDatePicker('DATE2', false, 'ymd', '-');" align="absmiddle">
	</td>
  </tr>
  <tr> 
    <td height="24" align="right" valign="top"><strong>มีกำหนด :</strong></td>
    <td align="left" valign="top">
	<input NAME="NUMPOI" type="text"size="20"OnKeyPress="return chkNumber(this)"style="background-color:#FFFF99"> วัน</B></td>
  </tr>
  <tr> 
    <td height="24" align="right" valign="top"><strong>ในระหว่างลาติดต่อข้าพเจ้าได้ที่ 
      : </strong></td>
    <td align="left" valign="top">
	<INPUT TYPE="text" NAME="SATANTI" VALUE="<?=$arr[tkk6][satanti];?>" size="50"  style="background-color:#FFFF99">
	</td>
  </tr>
  <tr> 
    <td height="24" align="right" valign="top"><strong>โทรศัพท์ :</strong></td>
    <td align="left" valign="top">
	<INPUT TYPE="text" NAME="TEL" VALUE="<?=$arr[tkk6][tel];?>" size="20" OnKeyPress="return chkNumber(this)" style="background-color:#FFFF99">
	</td>
  </tr>
  <tr> 
    <td height="24" colspan="2" align="right" valign="top">
	<INPUT TYPE="hidden" NAME="CAT" VALUE="<?=$arr[user][id];?>" readonly style=\"color: #FF0000" >
	<INPUT TYPE="hidden" NAME="CATEGORY" VALUE="<?=$arr[user][id];?>" readonly style=\"color: #FF0000" >
	<div align="center"><INPUT TYPE="submit" value=" บันทึกการลา" name="submit"></div>
	</td>
  </tr>
</table>
	
</FORM>

<?
	}else{
		//กรณีไม่ผ่าน
		echo  $PermissionFalse ;
	}
}

?>
					</TD>
				</TR>
			</TABLE>
			<BR><BR>
			<!-- user -->
		  </TD>
        </TR>
      </TBODY>
    </TABLE>

Youez - 2016 - github.com/yon3zu
LinuXploit