| Server IP : 104.21.80.248 / Your IP : 172.71.28.156 Web Server : Apache/2.4.25 (Win32) OpenSSL/1.0.2j PHP/5.6.30 System : Windows NT WIN-ECQAAA40806 6.2 build 9200 (Windows Server 2012 Standard Edition) i586 User : SYSTEM ( 0) PHP Version : 5.6.30 Disable Function : NONE MySQL : ON | cURL : ON | WGET : OFF | Perl : OFF | Python : OFF | Sudo : OFF | Pkexec : OFF Directory : /Inetpub/www/news/edu2018/admin/ |
Upload File : |
<?php
$id=$_SESSION['sess_id'];
?>
<?
$update = $_GET['update'];
if ($update=="student") {
$idstu = $_GET['idstu'];
$prefix = $_REQUEST['prefix'];
$name = $_REQUEST['name'];
$sname = $_REQUEST['sname'];
$nicname = $_REQUEST['nicname'];
$ad = $_REQUEST['ad'];
$moo = $_REQUEST['moo'];
$tambol = $_REQUEST['tambol'];
$ampher = $_REQUEST['ampher'];
$province = $_REQUEST['province'];
$zipcode = $_REQUEST['zipcode'];
$class = $_REQUEST['class'];
$rsroom = $_REQUEST['rsroom'];
$SQL13= $mysqli->query("select * from student where code='$idstu'");
$Row13 = mysqli_fetch_array($SQL13);
$oldfile=$Row13['pic'];
//$date_news = date("Ymd-H-i-s");
$filename = $_FILES["fileUpload"]["name"];
$file_basename = substr($filename, 0, strripos($filename, '.')); // get file extention
$file_ext = substr($filename, strripos($filename, '.')); // get file name
$filesize = $_FILES["fileUpload"]["size"];
$allowed_file_types = array('.jpg','.jpeg','.png','.gif');
$newfilename = $idstu . $file_ext;
if ($filename=="") {
$mysqli->query("UPDATE student SET prefix='$prefix',name='$name',sname='$sname',nicname='$nicname',ad='$ad',moo='$moo',tambol='$tambol',ampher='$ampher',province='$province',zipcode='$zipcode',class='$class',rsroom='$rsroom' where code='$idstu'");
}else {
$mysqli->query("UPDATE student SET prefix='$prefix',name='$name',sname='$sname',nicname='$nicname',ad='$ad',moo='$moo',tambol='$tambol',ampher='$ampher',province='$province',zipcode='$zipcode',class='$class',rsroom='$rsroom',pic='$newfilename' where code='$idstu'");
@unlink("../student/photo/$oldfile");
move_uploaded_file($_FILES["fileUpload"]["tmp_name"], "../student/photo/" .$newfilename);
}
echo "<script language=javascript>alert('ทำการปรับปรุงข้อมูล $idstu เรียบร้อยแล้ว');</script>";
echo "<script>window.parent.location=\"index.php?dash=6512bd43d9caa6e02c990b0a82652dca&id=$idstu\"</script>";
} else if ($update=="grand") {
$tid = $_GET['tid'];
$idstu = $_GET['idstu'];
$tprefix = $_REQUEST['tprefix'];
$tname = $_REQUEST['tname'];
$tsname = $_REQUEST['tsname'];
$tstatus = $_REQUEST['tstatus'];
$ttel1 = $_REQUEST['ttel1'];
$ttel2 = $_REQUEST['ttel2'];
$idcard = $_REQUEST['idcard'];
$SQL13= $mysqli->query("select * from grand where tid='$tid'");
$Row13 = mysqli_fetch_array($SQL13);
$oldfile=$Row13['tpic'];
$filename = $_FILES["fileUpload"]["name"];
$file_basename = substr($filename, 0, strripos($filename, '.')); // get file extention
$file_ext = substr($filename, strripos($filename, '.')); // get file name
$filesize = $_FILES["fileUpload"]["size"];
$allowed_file_types = array('.jpg','.jpeg','.png','.gif');
$newfilename = $tid . $file_ext;
if ($filename=="") {
$mysqli->query("UPDATE grand SET tprefix='$tprefix',tname='$tname',tsname='$tsname',tstatus='$tstatus',ttel1='$ttel1',ttel2='$ttel2',idcard='$idcard' where tid='$tid'");
}else {
$mysqli->query("UPDATE grand SET tprefix='$tprefix',tname='$tname',tsname='$tsname',tstatus='$tstatus',ttel1='$ttel1',ttel2='$ttel2',idcard='$idcard',tpic='$newfilename' where tid='$tid'");
@unlink("../photo/grand/$oldfile");
move_uploaded_file($_FILES["fileUpload"]["tmp_name"], "../photo/grand/" .$newfilename);
}
echo "<script language=javascript>alert('ทำการปรับปรุงข้อมูล $tprefix$tname $tsname เรียบร้อยแล้ว');</script>";
echo "<script>window.parent.location=\"index.php?dash=45c48cce2e2d7fbdea1afc51c7c6ad26&id=$tid&stucode=$idstu\"</script>";
} else if ($update=="teacher"){
$idteacher = $_GET['id'];
$username = $_REQUEST['username'];
$password = $_REQUEST['password'];
$fullname = $_REQUEST['fullname'];
$npw=md5($password);
if ($password==""){
$mysqli->query("UPDATE users SET fullname='$fullname',username='$username' where id_user='$idteacher'");
}else {
$mysqli->query("UPDATE users SET fullname='$fullname',username='$username',password='$npw' where id_user='$idteacher'");
}
echo "<script language=javascript>alert('ทำการปรับปรุงข้อมูล $fullname เรียบร้อยแล้ว');</script>";
echo "<script>window.parent.location=\"manage_user.php\"</script>";
}else if($update=="catscore") {
$status = $_POST['status'];
$title = $_POST['title'];
$score = $_POST['score'];
$mysqli->query("INSERT INTO catscore(status, title, score) VALUES ('$status', '$title', '$score')") ;
echo "<script language=javascript>alert('ทำการบันทึกข้อมูล $title เรียบร้อยแล้ว');</script>";
echo "<script>window.parent.location=\"index.php?dash=9bf31c7ff062936a96d3c8bd1f8f2ff3&op=spre&m=6\"</script>";
} else if ($update=="adduscore"){
$code = $_GET['code'];
$idcate = $_GET['idcat'];
$detail = $_POST['detail'];
$mysqli->query("INSERT INTO score(idcat,code,detail,teacher) VALUES ('$idcate','$code','$detail','$id')") ;
echo "<script language=javascript>alert('ทำการบันทึกข้อมูล $code เรียบร้อยแล้ว');</script>";
echo "<script>window.parent.location=\"index.php?dash=c74d97b01eae257e44aa9d5bade97baf&op=spread&m=7\"</script>";
} else if ($update=="addstudent"){
$code = $_REQUEST['code'];
$prefix = $_REQUEST['prefix'];
$name = $_REQUEST['name'];
$sname = $_REQUEST['sname'];
$nicname = $_REQUEST['nicname'];
$ad = $_REQUEST['ad'];
$moo = $_REQUEST['moo'];
$tambol = $_REQUEST['tambol'];
$ampher = $_REQUEST['ampher'];
$province = $_REQUEST['province'];
$zipcode = $_REQUEST['zipcode'];
$class = $_REQUEST['class'];
$rsroom = $_REQUEST['rsroom'];
$filename = $_FILES["fileUpload"]["name"];
$file_basename = substr($filename, 0, strripos($filename, '.')); // get file extention
$file_ext = substr($filename, strripos($filename, '.')); // get file name
$filesize = $_FILES["fileUpload"]["size"];
$allowed_file_types = array('.jpg','.jpeg','.png','.gif');
if ($filename=="") {
$newfilename="";
}else {
$newfilename = $code . $file_ext;
move_uploaded_file($_FILES["fileUpload"]["tmp_name"], "../student/photo/" .$newfilename);
}
$mysqli->query("INSERT INTO student(code,prefix,name,sname,nicname,ad,moo,tambol,ampher,province,zipcode,class,rsroom,pic,status,active) VALUES
('$code','$prefix','$name','$sname','$nicname','$ad','$moo','$tambol','$ampher','$province','$zipcode','$class','$rsroom','$newfilename','in','yes')");
echo "<script language=javascript>alert('เพิ่มข้อมูลนักเรียนเรียบร้อยแล้ว');</script>";
echo "<script>window.parent.location=\"index.php?dash=a87ff679a2f3e71d9181a67b7542122c\"</script>";
} else if ($update=="addgrand"){
$idstu = $_GET['id'];
$tprefix = $_REQUEST['tprefix'];
$tname = $_REQUEST['tname'];
$tsname = $_REQUEST['tsname'];
$tstatus = $_REQUEST['tstatus'];
$ttel1 = $_REQUEST['ttel1'];
$ttel2 = $_REQUEST['ttel2'];
$idcard = $_REQUEST['idcard'];
$filename = $_FILES["fileUpload"]["name"];
$file_basename = substr($filename, 0, strripos($filename, '.')); // get file extention
$file_ext = substr($filename, strripos($filename, '.')); // get file name
$filesize = $_FILES["fileUpload"]["size"];
$allowed_file_types = array('.jpg','.jpeg','.png','.gif');
if ($filename=="") {
$newfilename="";
}else {
$pp="$idcard";
$newfilename = $pp.$file_ext;
move_uploaded_file($_FILES["fileUpload"]["tmp_name"], "../photo/grand/" .$newfilename);
}
$mysqli->query("INSERT INTO grand(stucode,tprefix,tname,tsname,tstatus,ttel1,ttel2,idcard,tpic) VALUES
('$idstu','$tprefix','$tname','$tsname','$tstatus','$ttel1','$ttel2','$idcard','$newfilename')");
echo "<script language=javascript>alert('เพิ่มผู้ปกครองเรียบร้อยแล้ว');</script>";
echo "<script>window.parent.location=\"index.php?dash=8f14e45fceea167a5a36dedd4bea2543&id=$idstu\"</script>";
}else if($update=="addteacher") {
$username = $_REQUEST['username'];
$password = md5($_REQUEST['password']);
$fullname = $_REQUEST['fullname'];
$mysqli->query("INSERT INTO users(fullname, username, password, level_user) VALUES ('$fullname','$username','$password','teacher')") ;
echo "<script language=javascript>alert('ทำการบันทึกข้อมูล $fullname เรียบร้อยแล้ว');</script>";
echo "<script>window.parent.location=\"manage_user.html\"</script>";
} else if ($update=="idmprofile"){
$username = $_REQUEST['username'];
$password = md5($_REQUEST['password']);
$fullname = $_REQUEST['fullname'];
$SQL13= $mysqli->query("select * from users where id_user='$Row[id_user]'");
$Row13 = mysqli_fetch_array($SQL13);
$oldfile=$Row13['photo'];
$filename = $_FILES["fileUpload"]["name"];
$file_basename = substr($filename, 0, strripos($filename, '.')); // get file extention
$file_ext = substr($filename, strripos($filename, '.')); // get file name
$filesize = $_FILES["fileUpload"]["size"];
$allowed_file_types = array('.jpg','.jpeg','.png','.gif');
$newfilename = $Row['id_user'] . $file_ext;
if ($filename=="" AND $password=="d41d8cd98f00b204e9800998ecf8427e") {
$mysqli->query("UPDATE users SET username='$username',fullname='$fullname' where id_user='$Row[id_user]'");
}else if($filename==""){
$mysqli->query("UPDATE users SET username='$username',password='$password',fullname='$fullname' where id_user='$Row[id_user]'");
}else if($password=="d41d8cd98f00b204e9800998ecf8427e"){
$mysqli->query("UPDATE users SET username='$username',fullname='$fullname',photo='$newfilename' where id_user='$Row[id_user]'");
@unlink("../photo/profile/$oldfile");
move_uploaded_file($_FILES["fileUpload"]["tmp_name"], "../photo/profile/" .$newfilename);
} else {
$mysqli->query("UPDATE users SET username='$username',password='$password',fullname='$fullname',photo='$newfilename' where id_user='$Row[id_user]'");
@unlink("../photo/profile/$oldfile");
move_uploaded_file($_FILES["fileUpload"]["tmp_name"], "../photo/profile/" .$newfilename);
}
echo "<script language=javascript>alert('ปรับปรุงข้อมูลเรียบร้อยแล้ว');</script>";
echo "<script>window.parent.location=\"index.php?dash=1f0e3dad99908345f7439f8ffabdffc4\"</script>";
}
?>