403Webshell
Server IP : 172.67.187.206  /  Your IP : 172.71.28.156
Web Server : Apache/2.4.25 (Win32) OpenSSL/1.0.2j PHP/5.6.30
System : Windows NT WIN-ECQAAA40806 6.2 build 9200 (Windows Server 2012 Standard Edition) i586
User : SYSTEM ( 0)
PHP Version : 5.6.30
Disable Function : NONE
MySQL : ON  |  cURL : ON  |  WGET : OFF  |  Perl : OFF  |  Python : OFF  |  Sudo : OFF  |  Pkexec : OFF
Directory :  /Inetpub/www/myschool/ratana/2568/modules_backup/tkk9/

Upload File :
current_dir [ Writeable ] document_root [ Writeable ]

 

Command :

[ Back ]     

Current File : /Inetpub/www/myschool/ratana/2568/modules_backup/tkk9/readtkk9.php
<?
$db->connectdb(DB_NAME,DB_USERNAME,DB_PASSWORD);
		$res[user] = $db->select_query("SELECT * FROM ".TB_user." WHERE username='".$_SESSION['user_user']."' ");
		$arr[user] = $db->fetch($res[user]);
		?>
	<TABLE align=center cellSpacing=0 cellPadding=0 width=100% height=450 border=0  >
			<TR>
          <TD valign="top">
		  <BR>
<TABLE align=center cellSpacing=0 cellPadding=0 width=90% background="images/124.jpg" border=0  >
        <TR align="right">
			<td width=90%></td>
			<TD  width=10% align="right" valign="bottom"colspan="3"background="images/1234.jpg"><A HREF="?name=tkk9&file=bookperson&category=<?=$arr[user][id];?>"><FONT COLOR="red"><B>ออกจากหน้านี้</B></FONT></A></TD>
			</TR>
			</TABLE>
	
	
<?
$_GET['id'] = intval($_GET['id']);
//CheckUser($_SESSION['user_user']);
		$db->connectdb(DB_NAME,DB_USERNAME,DB_PASSWORD);
		$res[user] = $db->select_query("SELECT * FROM ".TB_user." WHERE username='".$_SESSION['user_user']."' ");
		$arr[user] = $db->fetch($res[user]);
//แสดงข่าวสาร/ประชาสัมพันธ์
$db->connectdb(DB_NAME,DB_USERNAME,DB_PASSWORD);
$res[tkk9] = $db->select_query("SELECT * FROM ".TB_TKK9." WHERE id='".$_GET[id]."' ");
$arr[tkk9] = $db->fetch($res[tkk9]);
$db->closedb ();
if(!$arr[tkk9][id]){
	echo "<BR><BR><BR><BR><CENTER><IMG SRC=\"images/icon/notview.gif\" BORDER=\"0\" ><BR><BR><B>ไม่มีเรื่อง</B></CENTER><BR><BR><BR><BR>";
}else{
$Filetkk9Topic = "data/tkk9text/".$arr[tkk9][post_date].".txt";
	$file_open = @fopen($Filetkk9Topic, "r");
	$content = @fread ($file_open, @filesize($Filetkk9Topic));
	$Detail = stripslashes(FixQuotes($content));
	//ทำการเพิ่มจำนวนคนเข้าชม
	$db->connectdb(DB_NAME,DB_USERNAME,DB_PASSWORD);
	$q[Pageview] = "UPDATE ".TB_TKK9." SET pageview = pageview+1 WHERE id = '".$_GET[id]."' ";
	$sql[Pageview] = mysql_query ( $q[Pageview] ) or sql_error ( "db-query",mysql_error() );
	
	$db->closedb ();
?>
		<table align="center" width="90%" border="0" cellspacing="0" cellpadding="0" background="images/1234.jpg">
		<tr>
		<td width="90%" valign="top"><B></B>
		</td>
			<tr>
		 <td width="850"  colspan="5"><B><FONT COLOR="#000066">เรื่อง : <?=$arr[tkk9][topic];?> (<?=$arr[tkk9][pageview];?>)</B>
		</td>
			<tr>
			<tr>
			<td>
			<?=$Detail;?>
			</td>
			</tr>
</table>
<TABLE align="center" width="90%"  border="0" cellspacing="2" cellpadding="2">
	<tr>
<?
					 if($arr[tkk9][full_text]){ 	  
?>
	<td width="90%" align="center" bgcolor=#99FFFF ><b>รายการ</b></td>
    <td width="10%" align="center"  bgcolor=#99FFFF align="center"><B>ดาวน์โหลด</B></td>
	</tr>
<TR bgcolor=#ECFEE9>

	<td width="90%"  >
<b><img src="images/attach.gif"> เอกสารแนบฉบับที่ 1</b>
</td>
<td width="10%" align="center">
<a href="data/tkk9/<?=$arr[tkk9][full_text];?>" target="_blank"><b><img src="images/yfile1.png"></b> </a>
</td>
<? } else {
echo "";
}?>
	</tr>
	<tr bgcolor=#FFFFC6>
<?
					 if($arr[tkk9][full_texts]){ 	  
?>
<td width="90%"  >
<b><img src="images/attach.gif"> เอกสารแนบฉบับที่ 2</b>
</td>
<td width="10%"  align="center">
<a href="data/tkk9/<?=$arr[tkk9][full_texts];?>" target="_blank"><b><img src="images/yfile2.png"></b></A>
</td>
<? } else {
echo "";
}?>
	</tr>
	<tr bgcolor=#ECFEE9>
<?
					 if($arr[tkk9][full_textu]){ 	  
?>
	<td width="90%" >
<b><img src="images/attach.gif"> เอกสารแนบฉบับที่ 3</b>
</td>
<td width="10%"  align="center">
<a href="data/tkk9/<?=$arr[tkk9][full_textu];?>" target="_blank"><b><img src="images/yfile3.png"></b></A>
</td>
<? } else {
echo "";
}?>
	</tr>
	<tr bgcolor=#FFFFC6>
<?
					 if($arr[tkk9][full_texto]){ 	  
?>
	<td width="90%">
<b><img src="images/attach.gif"> เอกสารแนบฉบับที่ 4</b>
</td>
<td width="10%"  align="center">
<a href="data/tkk9/<?=$arr[tkk9][full_texto];?>" target="_blank"><b><img src="images/yfile4.png"></b></A>
</td>
<? } else {
echo "";
}?>
	</tr>
	</table>

<table width="100%" align="center"  border="0" cellspacing="1" cellpadding="1">
<tr>
<td valign="top" >
<table width="90%" align="center"  border="0" cellspacing="1" cellpadding="1">
<td valign="top"width="50%"valign="top"  background="images/124.jpg">
<b><FONT COLOR="#000000">บุคลากรที่รับหนังสือรับแล้ว</font></b><br>
<?
$db->connectdb(DB_NAME,DB_USERNAME,DB_PASSWORD);
	$res[comment] = $db->select_query("SELECT * FROM ".TB_TKK9_COMMENT." WHERE tkk9_id='".$arr[tkk9][id]."' and catno <>'' ORDER BY id ");
	$count=0;
	$i=0;
	while($arr[comment] = $db->fetch($res[comment])){

		$res[user] = $db->select_query("SELECT * FROM ".TB_user." WHERE id='".$arr[comment][catno]."' ");
		$arr[user] = $db->fetch($res[user]);

		$count  ++;
	$i++;
?>

<FONT COLOR="#000000"><?=$i.".".$arr[user][category_name];?></font><br>

  
<?
}

}
//$db->closedb ();
?>

<td width=50% valign="top"><FONT COLOR="#990000"><b><u> บุคลากรที่ยังไม่รับหนังสือ<br>

  <?
//=======================================================================================================================================
//			เริ่มแสดงรายชื่อบุคลากรที่ยังไม่รับหนังสือเวียน
//=======================================================================================================================================
?>

<?
	
	//เรียกชื่อบุคลากรทั้งหมดมาเก็บค่าไว้
	$sql="select * from web_user order by category_name";

	$dbquery = mysql_db_query($dbname,$sql);
	$num_rows = mysql_num_rows($dbquery);
	//echo $num_rows;
	$i=0;
	$j=1;
	$tmpschoolname="";
	$name="";
	while ($i < $num_rows)
	{

		$result = mysql_fetch_array($dbquery);

		$name = $result['category_name'];
		$schoolid = $result['id'];

		//echo $name." = ";
		
	//เรียกชื่อบุคลากรที่มีชื่อที่ต้องรับหนังสือ
		$sql1="select * from web_tkk9 where web_tkk9.id='".$arr[tkk9][id]."' and category like '%,".$schoolid.",%' order by id";
		
		$dbquery1 = mysql_db_query($dbname, $sql1);
		$num_rows1 = mysql_num_rows($dbquery1);

		$result1 = mysql_fetch_array($dbquery1);
		
		if($num_rows1!=0)
		{
			//$name2 = $name2.",".$name." ";
			//echo "พบในรายการรับ = ";
			
			//เริ่มกระบวนการตรวจสอบว่ารับหนังสือรึยัง
			$sql2="select * from web_tkk9_comment where tkk9_id='".$arr[tkk9][id]."' and catno = '".$schoolid."'";
		
			$dbquery2 = mysql_db_query($dbname, $sql2);
			$num_rows2 = mysql_num_rows($dbquery2);

			$result2 = mysql_fetch_array($dbquery2);

			if($num_rows2==0)
			{
				//echo "ยัง<br>";
				$name1 = $name1." ".$j." . ".$name." <br>";
				$j++;
			} else {
				//echo " รับแล้ว<br>";
			}
			
		}else{
			//echo "no = <br>";
		}
		$i++;
	} 

	if ($name1!=""){;
	?>


	


<FONT COLOR="#ff0000"><? echo $name1; ?></font>
<?
	} else {
?>
	
<FONT COLOR="#FF0000"><b><u> บุคลากรรับหนังสือครบแล้ว<br></u></b></font>

<?
$db->closedb ();	
}
?>
	
			<!-- End tkk9 -->	
		</td></tr>
  </table>	
  </td></tr>
  </table>	
		  </TD>
        </TR>
      </TBODY>
    </TABLE>

Youez - 2016 - github.com/yon3zu
LinuXploit