403Webshell
Server IP : 172.67.187.206  /  Your IP : 172.71.28.155
Web Server : Apache/2.4.25 (Win32) OpenSSL/1.0.2j PHP/5.6.30
System : Windows NT WIN-ECQAAA40806 6.2 build 9200 (Windows Server 2012 Standard Edition) i586
User : SYSTEM ( 0)
PHP Version : 5.6.30
Disable Function : NONE
MySQL : ON  |  cURL : ON  |  WGET : OFF  |  Perl : OFF  |  Python : OFF  |  Sudo : OFF  |  Pkexec : OFF
Directory :  /Inetpub/www/myoffice/2566/modules_22222/calendarswork/

Upload File :
current_dir [ Writeable ] document_root [ Writeable ]

 

Command :

[ Back ]     

Current File : /Inetpub/www/myoffice/2566/modules_22222/calendarswork/add2.php
<?
CheckUser($_SESSION['user_user'], $_SESSION['user_pwd']);
?>
<link href="style_p.css" rel="stylesheet" type="text/css" />
<script type="text/javascript">
function myoffice(val, group_num)
{
if(val==true)
{
	document.getElementById("group"+group_num+"").style.display="";
}
else
{
	document.getElementById("group"+group_num+"").style.display="none";
}

}
</script>
<?
if($_GET[op] == "calendar_add"){
	if(CheckLevelUser($_SESSION['user_user'],$_GET[op])){
		if (!$_POST[EventDate] ){
			echo "<script language='javascript'>" ;
			echo "alert('กรุณากรอกข้อมูลต่างๆให้ครบถ้วน')" ;
			echo "</script>" ;
			echo "<script language='javascript'>javascript:history.back()</script>";
			exit();
		}
		
			$db->connectdb(DB_NAME,DB_USERNAME,DB_PASSWORD);
			$db->add_db(TB_CALENDARSWORK,array(
					"person"=>"".$_POST[PERSON]."",
					"work"=>"".$_POST[WORK]."",
					"p_work"=>"".$_POST[P_WORK]."",
					"date_event"=>"".$_POST[EventDate]."",
					"timeout"=>"".$_POST[times]."",
					"post_date"=>"".TIMESTAMP.""
				));
			$nums=$_POST[num];
			$is=1;
			for($i=1;$i<$nums;$i++){
				$db->connectdb(DB_NAME,DB_USERNAME,DB_PASSWORD);
						$Date=date($_POST[EventDate]); // วันปัจจุบัน สมมุติว่าวันที่ 2006-01-25
						$DateUpdate =date("Y-m-d", strtotime("+$is day",strtotime($Date))); // บวกไปอีก10วัน 
						$sub=$_POST[subject];
						$id=$i+1;
						$subs="".$_POST[subject]."  (วันที่ $id)";
				$db->add_db(TB_CALENDARSWORK,array(
					"person"=>"".$_POST[PERSON]."",
					"work"=>"".$_POST[WORK]."",
					"p_work"=>"".$_POST[P_WORK]."",
					"date_event"=>"".$_POST[EventDate]."",
					"timeout"=>"".$_POST[times]."",
					"post_date"=>"".TIMESTAMP.""
				));
				$is++;
			} 

	
			$ProcessOutput .= "<BR><BR>";
			$ProcessOutput .= "<CENTER><A HREF=\"?name=admin&file=main\"><IMG SRC=\"images/icon/login-welcome.gif\" BORDER=\"0\"></A><BR><BR>";
			$ProcessOutput .= "<FONT COLOR=\"#336600\"><B>ได้ทำการลงเวลามาปฏิบัติราชการ เรียบร้อยแล้ว</B></FONT>";
			$ProcessOutput .= "<meta http-equiv=\"refresh\" content=\"1 ;url=?name=calendarswork&file=index\">";
			$ProcessOutput .= "</CENTER>";
			$ProcessOutput .= "<BR><BR>";
		
	echo $ProcessOutput ;
	}
}
else if($_GET[op] == ""){
?>

<script type="text/javascript" src="datepicker.js"></script>
	<TABLE cellSpacing=0 cellPadding=0 width=100% border=0 background="images/1234.jpg">
      <TBODY>
        <TR>
          <TD align="center" vAlign=top>
					<B>&nbsp;&nbsp;<IMG SRC="images/icon/calendar.gif" BORDER="0" ALIGN="absmiddle">&nbsp;&nbsp; ลงเวลาปฏิบัติราชการ</B>
					<BR>
<?
$db->connectdb(DB_NAME,DB_USERNAME,DB_PASSWORD);
$res[user] = $db->select_query("SELECT * FROM ".TB_user." WHERE username='".$_SESSION['user_user']."' ");
$arr[user] = $db->fetch($res[user]);
?>
<form NAME="myform" METHOD=POST ACTION="?name=calendarswork&file=add2&op=calendar_add">
<table width="1000" height="438" >
  <tr> 
    <td  align="right" height="20" valign="top"><b>วันที่ :</b></td>
    <td  align="left" valign="top">
	<input type="text"  name="EventDate"  id="EventDatedate" value="<?=date('Y-m-d ')?>"/>
	</td>
  </tr>
  <tr> 
    <td width="200" height="20"  align="right" valign="top"><b></b></td>
    <td width="800" align="left" valign="top">
	<input type="hidden" NAME="WORK"  value="<?=$arr[user][work];?>">
	<input type="radio" NAME="P_WORK"  value="ไปราชการ">ไปราชการ	<input type="radio" NAME="P_WORK"  value="ลาป่วย">ลาป่วย	<input type="radio" NAME="P_WORK"  value="ลากิจส่วนตัว">ลากิจ	<input type="radio" NAME="P_WORK"  value="ลาพักผ่อน">ลาพักผ่อน	<input type="radio" NAME="P_WORK"  value="ลาดูแลภรรยา">ลาดูแลภรรยา	<input type="radio" NAME="P_WORK"  value="ลาอื่นๆ">ลาอื่นๆ
	<BR>
	<TABLE width=800 align="left" border=0 cellPadding=0 cellSpacing=0>
<tr>
<td><font color=red><b>เลือกบุคลากร</b><font>
<BR>
<?
$db->connectdb(DB_NAME,DB_USERNAME,DB_PASSWORD);
		$res[category] = $db->select_query("SELECT * FROM ".TB_WORKING_CAT."  WHERE status='1' or status='2' ORDER by id ");
		while ($arr[category] = $db->fetch($res[category])){
?>
<font color=blue><B><u><input type="checkbox"  onclick="myoffice(this.checked, '<?=$arr[category][id];?>')" /><?=$arr[category][category_name];?></u></B></font><BR>
<div id="group<?=$arr[category][id];?>" style="display:none;">
<a href="javascript:checkall('myform','v<?=$arr[category][id];?>',true)">เลือกทั้งหมด</a>  &nbsp;&nbsp;
<a href="javascript:checkall('myform','v<?=$arr[category][id];?>',false)">เอาออกทั้งหมด</a> <BR>
<TABLE WIDTH="800" align="center" bgcolor="#FFFFcd" border=0 cellspacing="0" cellpadding="0">
<tr>
<?
$db->connectdb(DB_NAME,DB_USERNAME,DB_PASSWORD);
$res[user] = $db->select_query("SELECT * FROM ".TB_user." WHERE working='".$arr[category][id]."' and status='1' ORDER BY id  ");
while ($arr[user] = $db->fetch($res[user])){
?>
<td width="30%"  valign="top">
<input type="radio" name="PERSON"  id="v<?=$arr[category][id];?>"  value="<?=$arr[user][id];?>"><b> <?=$arr[user][category_name];?></b>
<?
$count++;

if (($count%3) == 0) { echo "<TR><TD></TD></TR>"; $count=0; 
} else{
	echo "</TD>";
} 
?>
<?
}
$db->closedb ();
?>
    </tr>
  </table>
</div>
<?
}
?>

</TD>
</TR>
</table>
</div>
	</td>
  </tr>

  <tr> 
    <td align="right" valign="top"><strong></strong></td>
    <td align="left" valign="top">
<input type="submit" value="<<:บันทึกลงเวลา:>>" name="submit">
	</td>
  </tr>
 
</table>
</form>
<?
	echo $ProcessOutput ;
}
?>
					</TD>
				</TR>
			</TABLE>

Youez - 2016 - github.com/yon3zu
LinuXploit