403Webshell
Server IP : 172.67.187.206  /  Your IP : 172.71.28.156
Web Server : Apache/2.4.25 (Win32) OpenSSL/1.0.2j PHP/5.6.30
System : Windows NT WIN-ECQAAA40806 6.2 build 9200 (Windows Server 2012 Standard Edition) i586
User : SYSTEM ( 0)
PHP Version : 5.6.30
Disable Function : NONE
MySQL : ON  |  cURL : ON  |  WGET : OFF  |  Perl : OFF  |  Python : OFF  |  Sudo : OFF  |  Pkexec : OFF
Directory :  E:/Inetpub/www/myschool/ratchaborika/modules/kamsang/

Upload File :
current_dir [ Writeable ] document_root [ Writeable ]

 

Command :

[ Back ]     

Current File : E:/Inetpub/www/myschool/ratchaborika/modules/kamsang/tabainkamsang.php
 <?
	//	CheckUser($_SESSION['user_user']);
	$db->connectdb(DB_NAME, DB_USERNAME, DB_PASSWORD);
	$res[user] = $db->select_query("SELECT * FROM " . TB_user . " WHERE username='" . $_SESSION['user_user'] . "' ");
	$arr[user] = $db->fetch($res[user]);

	$res[category] = $db->select_query("SELECT * FROM " . TB_YEARS_CAT . " ORDER BY id DESC LIMIT 1");
	$arr[category] = $db->fetch($res[category]);
	?>
 <table width=100% height=500 border="0" align="left" cellpadding="0" cellspacing="0">
 	<tr>
 		<td Valign="top">
 			<form name="form3" method="post" action="?name=kamsang&file=tabainkamsang">
 				<table width=100% border="0" align="left" cellpadding="0" cellspacing="0">
 					<tr class="unnamed1">
 						<td align="left" width="60%" class="unnamed2"><A HREF="?name=kamsang&file=tabainkamsang">&nbsp;&nbsp;<img src="images/back.png" align="absmiddle"></A>&nbsp;&nbsp;<B>ทะเบียนคำสั่ง <? echo $arr[user][school]; ?></B></td>
 						<td width="20%" class="unnamed2">
 							<div align="right"><B>ระบุชื่อหนังสือที่ต้องการคันหา&nbsp;&nbsp;</B> </div>
 						</td>
 						<td align="right" width="15%"><input name="search" type="text" id="search" value="<?= $_GET["search"]; ?>"></td>
 						<td width="5%">
 							<div align="right"><input type="submit" name="Submit2" value="ค้นหา">&nbsp;&nbsp;</div>
 						</td>
 					</tr>
 				</table>
 			</form>
 			<br>
 			<table width="100%" border="0" align="center" cellpadding="1" cellspacing="1" bordercolor="#999999" bordercolordark="#FFFFFF">
 				<tr height=25 bgcolor="#6dbae0">
 					<?
						if (($arr[user][work] == 8) or ($arr[usersch][status] == 1)) {
						?>
 						<td width="5%" class="unnamed2">
 							<font color="#FFFFFF">
 								<div align="center" class="style3"><B>แก้ไข</B></div>
 							</font>
 						</td>
 					<? } ?>
 					<td width="10%" class="unnamed2">
 						<font color="#FFFFFF">
 							<div align="center" class="style3"><B>เลขที่คำสั่ง</B></div>
 						</font>
 					</td>
 					<td width="40%" class="unnamed2">
 						<font color="#FFFFFF">
 							<div align="center" class="style3">เรื่อง</div>
 						</font>
 					</td>
 					<td width="15%" class="unnamed2">
 						<font color="#FFFFFF">
 							<div align="center" class="style3"><B>ทั้งนี้ต้งแต่วันที่</B></div>
 						</font>
 					</td>
 					<td width="15%" class="unnamed2">
 						<font color="#FFFFFF">
 							<div align="center" class="style3"><B>สั่ง ณ วันที่</B></div>
 						</font>
 					</td>
 					<td width="15%" class="unnamed2">
 						<font color="#FFFFFF">
 							<div align="center" class="style3"><B>ไฟล์แนบ</B></div>
 						</font>
 					</td>
 				</tr>

 				<?
					//แสดงบทความ
					$db->connectdb(DB_NAME, DB_USERNAME, DB_PASSWORD);
					$limit = 10;
					$SUMPAGE = $db->num_rows(TB_KAMSANG, "id", "$SQLwhere  year='" . $arr[category][name] . "' and topic like '%$search%'  ");
					$page = $_GET[page];
					if (empty($page)) {
						$page = 1;
					}
					$search = $_POST[search];
					$rt = $SUMPAGE % $limit;
					$totalpage = ($rt != 0) ? floor($SUMPAGE / $limit) + 1 : floor($SUMPAGE / $limit);
					$goto = ($page - 1) * $limit;
					$res[kamsang] = $db->select_query("SELECT * FROM " . TB_KAMSANG . " WHERE  sangkad='" . $arr[user][sangkad] . "' and year='" . $arr[category][name] . "' and topic like '%$search%'  ORDER BY id DESC LIMIT $goto, $limit   ");

					while ($arr[kamsang] = $db->fetch($res[kamsang])) {
					?>
 					<tr bgcolor="#FFFFFF">
 						<?
							if (($arr[user][work] == 8) or ($arr[usersch][status] == 1)) {
							?>
 							<td align="center"><A HREF="?name=kamsang&file=addedit&op=kamsang_edit&id=<? echo $arr[kamsang][id]; ?>"><B><img src=" images/admin/edit.gif"></B></a></td>
 						<? } ?>
 						<td align="center"><? echo $arr[kamsang][idtabain]; ?>/<? echo $arr[kamsang][year]; ?></td>
 						<td align="left"><? echo $arr[kamsang][topic]; ?></td>
 						<td valign="top" align="left">&nbsp;<? echo thai_date_fullmonth(strtotime($arr[kamsang][date]), '', ''); ?></td>
 						<td valign="top" align="left">&nbsp;<? echo thai_date_fullmonth(strtotime($arr[kamsang][date1]), '', ''); ?></td>
 						<td valign="top" align="center">
 							<?
								if ($arr[kamsang][full_text]) {
								?>
 								<a href="data/kamsang/<? echo $arr[kamsang][full_text]; ?>">ไฟล์ 1</A>,
 							<? } else {
									echo "ไม่มีไฟล์แนบ";
								} ?>
 							<?
								if ($arr[kamsang][full_texts]) {
								?>
 								<a href="data/kamsang/<? echo $arr[kamsang][full_texts]; ?>">ไฟล์ 2</A>,
 							<? } ?>
 							<?
								if ($arr[kamsang][full_textu]) {
								?>
 								<a href="data/kamsang/<? echo $arr[kamsang][full_textu]; ?>">ไฟล์ 3</A>,
 							<? } ?>
 							<?
								if ($arr[kamsang][full_texto]) {
								?>
 								<a href="data/kamsang/<? echo $arr[kamsang][full_texto]; ?>">ไฟล์ 4</A>,
 							<? } ?>
 							</div>
 						</td>
 					</tr>
 					<tr>
 						<td colspan="6" height="1" class="dotline" color=FFFF00></td>
 					</tr>
 				<?
					}
					?>
 			</table>
 			<?
				SplitPage($page, $totalpage, "?name=kamsang&file=tabainkamsang&op=kamsang_read");
				echo $ShowSumPages;
				echo $ShowPages;
				?>
 		</td>
 	</tr>
 </table>

Youez - 2016 - github.com/yon3zu
LinuXploit