Software: Apache/2.2.3 (CentOS). PHP/5.1.6 uname -a: Linux mx-ll-110-164-51-230.static.3bb.co.th 2.6.18-194.el5PAE #1 SMP Fri Apr 2 15:37:44 uid=48(apache) gid=48(apache) groups=48(apache) Safe-mode: OFF (not secure) /var/www/html/manage/Dev/ drwxr-xr-x |
Viewing file: FrmpersonalDev.php (22.51 KB) -rw-r--r-- Select action/file-type: (+) | (+) | (+) | Code (+) | Session (+) | (+) | SDB (+) | (+) | (+) | (+) | (+) | (+) | <?php session_start(); /** Define Validate Access */ define( '_VALID_ACCESS', 1 ); /** Check Session User Login */ if( !session_is_registered("valid_user") && !session_is_registered("Priority") ) { echo "<meta http-equiv=\"Content-Type\" content=\"text/html; charset=windows-874\" />"; echo "<p style=padding-top:115px><p align=center><br /><font color=red><strong>กรุณาทำการ Login ก่อน</strong></font></p></p>"; echo "<meta http-equiv=\"refresh\" content=\"1; URL=../login.php\" />"; exit(); } else { /** Configuration */ require_once( "../configuration.php" ); require_once( $_Config_absolute_path . "/includes/framework.php" ); require_once( "../includes/Function.php" ); /** Create Database Object */ $dbObj = new DBConn; //=== SESSION $Username = $valid_user; /** Config Table for This Page */ $myTable1 = "personal_tb"; /** Table --> personal_tb */ //$query = " SELECT * FROM $myTable1 WHERE Teacher_code = '$Teacher_code'"; //$result = $dbObj->execQuery($query); //$rs = $dbObj->fetchArray($result); //$Teacher_code = $rs['Teacher_code']; $query = " SELECT * FROM dev_hrperson WHERE Teacher_code = '".$_REQUEST["Teacher_code"]."' OR perid = '".$_REQUEST["perid"]."'" ; $result = $dbObj->execQuery($query); $numrow = mysql_num_rows($result); if($numrow){ $isDev = true; $query = "SELECT * FROM dev_hrperson as hr LEFT JOIN dev_adlinepos ON hr.poscode = dev_adlinepos.adlineId WHERE perid = '".$_REQUEST["perid"]."'"; } else{ $isDev = false; $query = " SELECT * FROM $myTable1 WHERE Teacher_code = '".$_REQUEST["Teacher_code"]."'"; } $result = $dbObj->execQuery($query); $rs = $dbObj->fetchArray($result); } # else ?> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=windows-874" /> <link href="../css/default.css" rel="stylesheet" type="text/css" /> <script language="javascript" src="../js/utilities.js"></script> <script language="javascript" src="../js/calendarDateInput2.js"></script> <script language="javascript" src="../js/ajaxScript.js"></script> <title>ข้อมูลประวัติส่วนตัว - แก้ไขข้อมูลประวัติส่วนตัว</title> </head> <body topmargin="0" rightmargin="0" bottommargin="0" leftmargin="0"> <?php include("../templates/incHeader.php"); ?> <table width="1003" border="0" cellspacing="0" cellpadding="0"> <tr> <td width="203" align="left" valign="top" style="padding:10px 0px 0px 5px"><?php include("./_incMainMenu.php");?></td> <td width="800" height="440" align="center" valign="top" style="padding:10px 0px 5px 10px"><fieldset> <table width="780" border="0" cellspacing="0" cellpadding="0"> <form id="myForm" name="myForm" method="post" action="UpdatePersonalDev.php" enctype="multipart/form-data"> <tr> <td height="5"></td> </tr> <tr style="display:<?=($isDev)?"":"none";?>"> <td height="30" background="../images/background/bg-head-topic-w780.gif" class="PADDING-LEFT-10"> <strong> <a href="index.php">หน้าหลัก</a></strong><strong> » <a href="DetailpersonalDev.php?perid=<?=$rs["perid"];?>">ข้อมูลบุคคล</a> » </strong> <span class="NOTE">แก้ไขข้อมูลบุคลากร</span> </td> </tr> <tr style="display:<?=($isDev)?"none":"";?>"> <td height="30" background="../images/background/bg-head-topic-w780.gif" class="PADDING-LEFT-10"><strong> <a href="index.php">หน้าหลัก</a></strong><strong> » <span class="NOTE">แก้ไขข้อมูลบุคลากร เพื่อบันทึกลงในฐานข้อมูลบุคลากร</span></strong></td> </tr> <tr> <td> </td> </tr> <tr> <td><span class="PADDING-TOP-10"><img src="../images/icons/arrow-circle-225-left.png" width="16" height="16" border="0" align="absmiddle" /> <a href="javascript:;" onclick="window.history.back();"><strong>‹ ย้อนกลับ</strong></a></span></td> </tr> <tr> <td height="150" align="center"><table width="99%" border="0" align="center" cellpadding="0" cellspacing="0"> <tr> <td width="76%"><table width="103%" border="0" align="center" cellpadding="1" cellspacing="1" bgcolor="#E4E4E4"> <tr bordercolor="#E7FAFE"> <td width="141" height="20" align="right" bordercolor="#FFFFFF" bgcolor="#FFFFFF">เลขที่บัตรประชาชน</td> <td bgcolor="#FFFFFF">:</td> <td width="450" bgcolor="#FFFFFF"> <input name="id" type="text" id="id" value="<?=($isDev)?citizenID_format($rs["id"]):citizenID_format($rs['Citizen_id']);?>" size="15" maxlength="17" onkeypress="return (NumOnly(event) && changeFormatPin(this,event));"/> </td> </tr> <tr bordercolor="#E7FAFE"> <td height="20" align="right" bordercolor="#FFFFFF" bgcolor="#FFFFFF">ชื่อ-นามสกุล</td> <td bgcolor="#FFFFFF">:</td> <td bgcolor="#FFFFFF"><table width="100%" border="0" cellpadding="0" cellspacing="0"> <tr> <td><select name="pcode" id="pcode"> <option value="">--- เลือก ---</option> <?php $sql2 = " SELECT * FROM prefix ORDER BY prefixId ASC " ; $result2 = mysql_query($sql2); while($rs2 = mysql_fetch_array($result2)) { ?> <option value="<?=$rs2['prefixId'];?>" <?=($isDev)?(($rs2['prefixId']==$rs['pcode'])?"selected":""):(($rs2['prefixId']==$rs['First_name'])?"selected":"");?>><?=$rs2['prefixName'];?></option> <?php } # while mysql_free_result($result2); ?> </select> <input name="fname" type="text" id="fname" value="<?=($isDev)?$rs["fname"]:$rs['Teacher_name'];?>" size="15" style="text-align:left" /> <input name="lname" type="text" id="lname" value="<?=($isDev)?$rs["lname"]:$rs['Teacher_lastname'];?>" size="15" style="text-align:left" /> </td> </tr> </table></td> </tr> <tr bordercolor="#E7FAFE"> <td height="20" align="right" nowrap="nowrap" bordercolor="#FFFFFF" bgcolor="#FFFFFF">เพศ</td> <td nowrap="nowrap" bgcolor="#FFFFFF">:</td> <td nowrap="nowrap" bgcolor="#FFFFFF"> <input type="radio" name="sex" id="sex" <?=($isDev)?(($rs["sex"]==1)?"checked":""):(($rs["Sex"]=="ชาย")?"checked":"");?> value="1" /> ชาย <input type="radio" name="sex" id="sex" <?=($isDev)?(($rs["sex"]==2)?"checked":""):(($rs["Sex"]=="หญิง")?"checked":"");?> value="2" /> หญิง </td> </tr> <tr bordercolor="#FFFFFF"> <td height="20" align="right" nowrap="nowrap" bordercolor="#FFFFFF" bgcolor="#FFFFFF">วันเกิด</td> <td width="6" nowrap="nowrap" bgcolor="#FFFFFF">:</td> <td nowrap="nowrap" bgcolor="#FFFFFF"> <script>DateInput('DateBirth', true,'DD/MM/YYYY','<?=($isDev)?((isset($rs["birthdate"]))?ymdE2dmyE2($rs["birthdate"]):date("d/m/Y")):((isset($rs["DateBirth"])&&$rs["DateBirth"]!="0000-00-00")?ymdT2dmyE($rs["DateBirth"]):date("d/m/Y"));?>');</script> </td> </tr> <tr bordercolor="#E7FAFE" bgcolor="#E7FAFE"> <td height="20" align="right" nowrap="nowrap" bordercolor="#FFFFFF" bgcolor="#FFFFFF">วันที่บรรจุ</td> <td nowrap="nowrap" bgcolor="#FFFFFF">:</td> <td nowrap="nowrap" bgcolor="#FFFFFF"> <script>DateInput('Year_gov', true,'DD/MM/YYYY','<?=($isDev)?((isset($rs["appointdate"]))?ymdE2dmyE2($rs["appointdate"]):date("d/m/Y")):((isset($rs["Year_gov"])&&$rs["Year_gov"]!="0000-00-00")?ymdT2dmyE($rs["Year_gov"]):date("d/m/Y"));?>');</script> </td> </tr> <tr bordercolor="#E7FAFE" bgcolor="#E7FAFE"> <td height="20" align="right" nowrap="nowrap" bordercolor="#FFFFFF" bgcolor="#FFFFFF">วันที่ปฏิบัติงาน</td> <td nowrap="nowrap" bgcolor="#FFFFFF">:</td> <td nowrap="nowrap" bgcolor="#FFFFFF"> <script>DateInput('Year_coll', true,'DD/MM/YYYY','<?=($isDev)?((isset($rs["startdate"]))?ymdE2dmyE2($rs["startdate"]):date("d/m/Y")):((isset($rs["Year_coll"])&&$rs["Year_coll"]!="0000-00-00")?ymdT2dmyE($rs["Year_coll"]):date("d/m/Y"));?>');</script> </td> </tr> <tr bordercolor="#E7FAFE"> <td height="20" align="right" nowrap="nowrap" bordercolor="#FFFFFF" bgcolor="#FFFFFF">สถานภาพการปฏิบัติงาน</td> <td nowrap="nowrap" bgcolor="#FFFFFF">:</td> <td nowrap="nowrap" bgcolor="#FFFFFF"> <select name="fperson" id="fperson"> <option value="">--- เลือก ---</option> <?php $sql2 = " SELECT * FROM dev_cfperson ORDER BY fperson ASC "; $result2 = mysql_query($sql2); while($rs2 = mysql_fetch_array($result2) ) { ?> <option value="<?=$rs2['fperson'];?>" <?=($isDev && ($rs2['fperson']==$rs['fperson']))?"selected":"";?>><?=$rs2['fpersonmn'];?></option> <?php } # while mysql_free_result($result1); ?> </select> </font></strong></font></td> </tr> <tr bordercolor="#E7FAFE"> <td height="20" align="right" nowrap="nowrap" bordercolor="#FFFFFF" bgcolor="#FFFFFF">สถานะการปฏิบัติงาน</td> <td bgcolor="#FFFFFF">:</td> <td bgcolor="#FFFFFF"> <select name="statusId" id="statusId"> <option value=""></option> <?php $sql2 = " SELECT * FROM dev_status ORDER BY statusId ASC"; $result2= mysql_query($sql2); while( $rs2 = mysql_fetch_array($result2) ) { ?> <option value="<?=$rs2['statusId'];?>" <?=($isDev && ($rs2['statusId']==$rs['statusId']))?"selected":"";?>> <?=$rs2['StatusTh'];?> </option> <?php } # while mysql_free_result($result1); ?> </select> </font></strong></font></td> </tr> <tr bordercolor="#E7FAFE"> <td height="20" align="right" nowrap="nowrap" bordercolor="#FFFFFF" bgcolor="#FFFFFF">ตำแหน่งเลขที่</td> <td nowrap="nowrap" bgcolor="#FFFFFF">:</td> <td nowrap="nowrap" bgcolor="#FFFFFF"><input name="posid" type="text" id="posid" value="<?=$rs['posid'];?>" size="10" style="text-align:left" /></td> </tr> <tr bordercolor="#E7FAFE"> <td height="20" align="right" nowrap="nowrap" bordercolor="#FFFFFF" bgcolor="#FFFFFF">ตำแหน่ง</td> <td nowrap="nowrap" bgcolor="#FFFFFF">:</td> <td nowrap="nowrap" bgcolor="#FFFFFF"> <input name="adlineName" type="text" class="PADDING-LEFT-5" id="adlineName" style="text-align:left" value="<?=$rs['adlineName'] ; ?>" size="30" readonly="readonly" /> <input name="poscode" type="hidden" id="poscode" value="<?=$rs['poscode'];?>" /> <a href="javascript:;" onclick="MM_openBrWindow('showPosition.php','Detail','scrollbars=yes,width=820,height=350')"><img src="../images/icons/search.gif" alt="เลือกหน่วยงาน" width="14" height="16" border="0" align="absmiddle" /></a></font></strong></font> </td> </tr> <tr bordercolor="#E7FAFE"> <td align="right" valign="top" nowrap="nowrap" bordercolor="#FFFFFF" bgcolor="#FFFFFF">ระดับ</td> <td width="6" nowrap="nowrap" bgcolor="#FFFFFF">:</td> <td nowrap="nowrap" bgcolor="#FFFFFF"><font size="2" face="Tahoma"><strong><font color="#003366" size="2" face="Tahoma"> <select name="levelcode" id="levelcode"> <option value="">--- เลือก ---</option> <?php $sql2 = " SELECT * FROM dev_clevelpos ORDER BY levelcode ASC"; $result2 = mysql_query($sql2); while( $rs2 = mysql_fetch_array($result2) ) { ?> <option value="<?=$rs2['levelcode'];?>" <?php if( $rs2['levelcode']==$rs['levelcode'] ) echo 'selected';?>><?=$rs2['kplevel'];?></option> <?php } # while mysql_free_result($result1); ?> </select> </font></strong></font></td> </tr> <tr bordercolor="#E7FAFE"> <td height="20" align="right" bordercolor="#FFFFFF" bgcolor="#FFFFFF">เงินเดือน</td> <td nowrap="nowrap" bgcolor="#FFFFFF">:</td> <td nowrap="nowrap" bgcolor="#FFFFFF"><input name="salary" type="text" class="PADDING-LEFT-5" id="salary" style="text-align:left" value="<?=($isDev)?number_format($rs["salary"]):number_format($rs['Salary_1']);?>" size="10" /></td> </tr> <tr bordercolor="#E7FAFE"> <td height="20" align="right" bordercolor="#FFFFFF" bgcolor="#FFFFFF">ใบประกอบโรคศิลปะ</td> <td nowrap="nowrap" bgcolor="#FFFFFF">:</td> <td nowrap="nowrap" bgcolor="#FFFFFF"> <select name="cercode" id="cercode"> <option value="">--- เลือก ---</option> <?php $sql2 = " SELECT * FROM dev_ccertificate ORDER BY cercode ASC "; $result2 = mysql_query($sql2); while( $rs2 = mysql_fetch_array($result2) ) { ?> <option value="<?=$rs2['cercode'];?>" <?php if( $rs2['cercode']==$rs['cercode'] ) echo 'selected';?>><?=$rs2['cername'];?></option> <?php } # while mysql_free_result($result); ?> </select> สภาวิชาชีพเลขที่ </a> <input name="cerid" type="text" id="cerid" style="text-align:left" value="<?=$rs['cerid']; ?>" size="10" /></td> </tr> <tr bordercolor="#E7FAFE"> <td height="20" align="right" bordercolor="#FFFFFF" bgcolor="#FFFFFF">ลักษณะของตำแหน่ง</td> <td nowrap="nowrap" bgcolor="#FFFFFF">:</td> <td nowrap="nowrap" bgcolor="#FFFFFF"><input type="radio" name="fposition" id="fposition" <?php if ( !strcmp("$rs[fposition]","1") ) { echo "checked"; } ?> value="1" /> ระดับผู้บริหาร <input type="radio" name="fposition" id="fposition" <?php if ( !strcmp("$rs[fposition]","2") ) { echo "checked"; } ?> value="2" /> หัวหน้าฝ่าย/หัวหน้างาน <input type="radio" name="fposition" id="fposition" <?php if ( !strcmp("$rs[fposition]","3") ) { echo "checked"; } ?> value="3" /> ระดับปฏิบัติงาน</td> </tr> <tr bordercolor="#E7FAFE"> <td height="20" align="right" bordercolor="#FFFFFF" bgcolor="#FFFFFF">หน่วยงานตาม จ.</td> <td nowrap="nowrap" bgcolor="#FFFFFF">:</td> <td nowrap="nowrap" bgcolor="#FFFFFF"> <? $query2 = " SELECT * FROM dev_cdepartment WHERE deptcode ='$rs[deptcode]' " ; $result2 = $dbObj->execQuery($query2); $rs2 = $dbObj->fetchArray($result2); ;?><input name="longpre" type="text" class="PADDING-LEFT-5" id="longpre" style="text-align:left" value="<?=$rs2['longpre'];?>" size="30" readonly/> <input name="deptname" type="text" class="PADDING-LEFT-5" id="deptname" style="text-align:left" value="<?=$rs2['deptname'];?>" size="30" readonly/> <input name="deptcode" type="hidden" id="deptcode" value="<? echo $rs['deptcode'] ; ?>" /> <a href="javascript:;" onclick="MM_openBrWindow('showDepartment.php','Detail','scrollbars=yes,width=820,height=350')"><img src="../images/icons/search.gif" alt="เลือกหน่วยงาน" width="14" height="16" border="0" align="absmiddle" /></a></td> </tr> <tr bordercolor="#E7FAFE"> <td height="20" align="right" bordercolor="#FFFFFF" bgcolor="#FFFFFF">หน่วยงานที่ปฏิบัติงานจริง</td> <td nowrap="nowrap" bgcolor="#FFFFFF">:</td> <td nowrap="nowrap" bgcolor="#FFFFFF"><? $query2 = " SELECT * FROM dev_cdepartment WHERE deptcode ='$rs[tcode]' " ; $result2 = $dbObj->execQuery($query2); $rs2 = $dbObj->fetchArray($result2); ?> <input name="tlongpre" type="text" id="tlongpre" style="text-align:left" value="<? echo $rs2['longpre'] ; ?>" size="30" readonly="readonly" /> <input name="tdeptname" type="text" class="PADDING-LEFT-5" id="tdeptname" style="text-align:left" value="<? echo $rs2['deptname'] ; ?>" size="30" readonly="readonly" /> <input name="tcode" type="hidden" id="tcode" value="<? echo $rs['tcode'] ; ?>" /> <a href="javascript:;" onclick="MM_openBrWindow('showTDepartment.php','Detail','scrollbars=yes,width=820,height=350')"><img src="../images/icons/search.gif" alt="เลือกหน่วยงานที่ปฏิบัติ" width="14" height="16" border="0" align="absmiddle" /></a></td> </tr> <tr bordercolor="#E7FAFE"> <td height="20" align="right" nowrap="nowrap" bordercolor="#FFFFFF" bgcolor="#FFFFFF">กลุ่มงาน/ฝ่าย/หน่วย</td> <td nowrap="nowrap" bgcolor="#FFFFFF">:</td> <td nowrap="nowrap" bgcolor="#FFFFFF"><font size="2" face="Tahoma"><strong><font color="#003366" size="2" face="Tahoma"> <select name="workcode" id="workcode"> <?php $sql2 = " SELECT * FROM faculty_tb"; $result2 = mysql_query($sql2); $teacherCode = ($isDev)?$rs["Teacher_code"]:$_REQUEST["Teacher_code"]; $sql3 = "SELECT * FROM personal_tb where Teacher_code = '".$teacherCode."'"; $result3 = mysql_query($sql3); $rs3 = mysql_fetch_array($result3); while( $rs2 = mysql_fetch_array($result2) ) { ?> <option value="<?=$rs2['Faculty_code'];?>" <?php if( $rs2['Faculty_code']==$rs3['Faculty_code'] ) echo 'selected'; ?>> <?=$rs2['Faculty_name'];?> </option> <?php } # while ?> </select> </font></strong></font></td> </tr> <tr bordercolor="#FFFFFF" bgcolor="#FFFFFF"> <td height="20" align="right" nowrap="nowrap" bordercolor="#FFFFFF" bgcolor="#FFFFFF" >สัญญาการใช้ทุน</td> <td nowrap="nowrap" bgcolor="#FFFFFF">:</td> <td nowrap="nowrap" bgcolor="#FFFFFF"><input type="radio" name="Dev_type" <?php if (!(strcmp("$rs[Dev_type]","Y"))){echo "checked";} ?> value="Y" onclick="document.getElementById('schDisplay').style.display=''"/> อยู่ระหว่างการใช้ทุน <input type="radio" name="Dev_type" <?php if (!(strcmp("$rs[Dev_type]","N"))){echo "checked";} ?> value="N" onclick="document.getElementById('schDisplay').style.display='none'"/> หมดระยะเวลาการใช้ทุนแล้ว</td> </tr> <tr bordercolor="#FFFFFF" bgcolor="#FFFFFF" id="schDisplay" style="display:<?=(isset($rs["Dev_type"])&&$rs["Dev_type"]=="Y")?"":"none";?>"> <td height="20" align="right" nowrap="nowrap" bordercolor="#FFFFFF" bgcolor="#FFFFFF" >อยู่ระหว่าง</td> <td nowrap="nowrap" bgcolor="#FFFFFF">:</td> <td nowrap="nowrap" bgcolor="#FFFFFF"> <table> <tr> <td>วันที่</td> <td><script>DateInput('schstartdate', true,'DD/MM/YYYY','<?=(isset($rs["schstartdate"])&&$rs["schstartdate"]!="0000-00-00")?ymdE2dmyE2($rs["schstartdate"]):date("d/m/Y");?>');</script></td> <td>สิ้นสุด วันที่ : </td> <td><script>DateInput('schstopdate', true,'DD/MM/YYYY','<?=(isset($rs["schstopdate"])&&$rs["schstartdate"]!="0000-00-00")?ymdE2dmyE2($rs["schstopdate"]):date("d/m/Y");?>');</script></td> </tr> </table> </td> </tr> <tr bgcolor="#CEE6FF"> <td colspan="3" bgcolor="#FFFFFF"> </td> </tr> <tr bgcolor="#CEE6FF"> <td height="20" bgcolor="#FFFFFF" align="center"> </td> <td height="20" bgcolor="#FFFFFF" align="center"> </td> <td height="20" bgcolor="#FFFFFF" align="center"><input type="hidden" name="Teacher_code" value="<? echo $rs['Teacher_code']; ?>" /> <input name="btnSubmit" type="submit" id="btnSubmit" class="WIDTH60 CURSOR-HAND" value="บันทึก" /> <input name="btnBack" type="button" id="btnBack" onclick="location.href='Show_Fam_History.php?Teacher_code=<? echo $rs['Teacher_code'];?>'" value="ยกเลิก" class="WIDTH60 CURSOR-HAND" /></td> </tr> </table></td> <td width="24%" valign="top" align="center"><table width="150" border="0" cellspacing="0" cellpadding="0"> <tr> <td><img src="<?=(is_file($personalPicPath.$rs3['Img1']))?$personalPicPath.$rs3['Img1']:(($isDev&&$rs["sex"]==1)?"../images/no_picture_male.jpg":(($rs["Sex"]=="ชาย")?"../images/no_picture_male.jpg":"../images/no_picture_female.jpg"));?>" width="150" height="170" /></td> </tr> </table></td> </tr> </table></td> </tr> <tr> <td> </td> </tr></form> </table> </fieldset></td> </tr> </table> <?php include("../templates/incFooter.php"); ?> </body> </html> <?php /** Free Resource */ $dbObj->freeresult($result1); /** Close the Database */ $dbObj->disconn(); /** Unset Class */ unset($dbObj); ?> |
:: Command execute :: | |
:: Shadow's tricks :D :: | |
Useful Commands
|
:: Preddy's tricks :D :: | |
Php Safe-Mode Bypass (Read Files)
|
--[ c999shell v. 1.0 pre-release build #16 Modded by Shadow & Preddy | RootShell Security Group | r57 c99 shell | Generation time: 0.0058 ]-- |