Software: Apache/2.2.3 (CentOS). PHP/5.1.6 uname -a: Linux mx-ll-110-164-51-230.static.3bb.co.th 2.6.18-194.el5PAE #1 SMP Fri Apr 2 15:37:44 uid=48(apache) gid=48(apache) groups=48(apache) Safe-mode: OFF (not secure) /var/www/html/manage/Plan_new/ drwxr-xr-x | |
| Viewing file: Select action/file-type: <?php
session_start();
/** Define Validate Access */
define( '_VALID_ACCESS', 1 );
/** Check Session User Login */
if( !session_is_registered("valid_user") && !session_is_registered("Priority") ) {
echo "<meta http-equiv=\"Content-Type\" content=\"text/html; charset=windows-874\" />";
echo "<p style=padding-top:115px><p align=center><br /><font color=red><strong>กรุณาทำการ Login ก่อน</strong></font></p></p>";
echo "<meta http-equiv=\"refresh\" content=\"1; URL=../login.php\" />";
exit();
}
else {
/** Configuration */
require_once( "../configuration.php" );
require_once( $_Config_absolute_path . "/includes/framework.php" );
require_once( "../include/Function.php" );
require_once( "../include/FunctionDB.php" );
/** Create Database Object */
$dbObj = new DBConn;
//=== SESSION
$Username = $valid_user;
/** Config Table for This Page */
$myTable1 = "personal_tb";
$myTable2 = "formproject_edit_tb";
$myTable3 = "project_tb";
/** Table --> personal_tb */
$query = " SELECT *, prefixName as First_name FROM personal_tb LEFT JOIN prefix ON personal_tb.First_name = prefix.prefixId WHERE Teacher_code='$Teacher_code' ";
$result = $dbObj->execQuery($query);
$rss = $dbObj->fetchArray($result);
$Teacher_code = $rss['Teacher_code'];
/** Table --> tech_plan_tb */
$query1 = " SELECT * FROM $myTable2 WHERE Teacher_code='$Teacher_code' and upId='$upId' ";
$result1 = $dbObj->execQuery($query1);
$rs1 = $dbObj->fetchArray($result1);
/** Table --> techplan_method_tb */
$query2 = " SELECT * FROM $myTable3 WHERE ProjectId='$ProjectId' ";
$result2 = $dbObj->execQuery($query2);
$rs2 = $dbObj->fetchArray($result2);
} # else
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=windows-874" />
<link href="../css/default.css" rel="stylesheet" type="text/css" />
<script language="javascript" src="../js/utilities.js"></script>
<script type="text/javascript" src="../js/ajaxScript.js"></script>
<title>ข้อมูลทั่วไปบุคลากร - แก้ไขข้อมูลโครงการ</title>
</head>
<body topmargin="0" rightmargin="0" bottommargin="0" leftmargin="0">
<table width="791" border="0" align="center" cellpadding="0" cellspacing="0">
<tr>
<td width="791" height="440" align="center" valign="top" style="padding:10px 0px 5px 10px"><fieldset>
<table width="780" border="0" cellspacing="0" cellpadding="0">
<form id="form1" name="form1" method="post" action="EditUpProject.php?Teacher_code=<?=$Teacher_code;?>&upId=<?=$upId;?>">
<tr>
<td height="5"></td>
</tr>
<tr>
<td align="center">
<table width="750" cellpadding="0" cellspacing="0">
<tr height="31">
<td height="31" colspan="6" align="center" class="PATRON11">บันทึกข้อความ</td>
</tr>
<tr height="29">
<td height="29" colspan="6" l="l">ส่วนราชการ <font size="2" face="Tahoma">
<?php
$collegeCode = $rss["collegeCode"];
$sql = "Select * From college Where collegeStatus ='1'";
$result1 = mysql_query($sql) or die("Error".mysql_error());
$rs2 = mysql_fetch_array($result1);
echo "$rs2[collegeName] ";
?>
</font></td>
</tr>
<tr>
<td height="29" colspan="2" align="left">ที่ <font color="#0000FF" size="2" face="Tahoma">
<input name="maNo" type="text" id="maNo" style="BORDER-RIGHT: 0px; BORDER-TOP: 0px; BORDER-LEFT: 0px; BORDER-BOTTOM: black 1px dashed" value="<? echo $rs1[upNo];?>" size="15" />
</font></td>
<td width="148" height="29" align="left"><input name="Flag" type="hidden" id="Flag" value="<? echo $rs1["Flag"]?>" /></td>
<td height="29" align="left"> </td>
<td height="29" colspan="2" align="left">วันที่ </a>
<input name="Date" type="text" id="Date" style="BORDER-RIGHT: 0px; BORDER-TOP: 0px; BORDER-LEFT: 0px; BORDER-BOTTOM: black 1px dashed" size="10" value=" <?php
$sday = $rs1[Date];
$yearthai = explode("-",$sday);
$day = intval($yearthai[2]);
$month = intval($yearthai[1]);
$year = intval($yearthai[0]);
//////////////////
// $yearthai = $day ;
$m = getThaiSubMonth($month);
echo"$day"." "."$m"." "."$year";
?>" />
</a></td>
</tr>
<tr height="29">
<td height="29" colspan="3" align="left">เรื่อง
<input name="Detail" type="text" id="Detail" style="BORDER-RIGHT: 0px; BORDER-TOP: 0px; BORDER-LEFT: 0px; BORDER-BOTTOM: black 1px dashed" value="ขออนุมัติใช้เงินโครงการตามแผนดำเนินการ" size="35" /></td>
<td width="35"></td>
<td width="202"></td>
<td width="155"></td>
</tr>
<tr height="29">
<td height="29" colspan="5" align="left">เรียน ผู้อำนวยการ <font size="2" face="Tahoma">
<?php
$collegeCode = $rss["collegeCode"];
$sql = "Select * From college Where collegeStatus ='1'";
$result1 = mysql_query($sql) or die("Error".mysql_error());
$rs2 = mysql_fetch_array($result1);
echo "$rs2[collegeName] ";
?>
</font></td>
<td></td>
</tr>
<tr height="29">
<td width="125" height="25"></td>
<td colspan="5" align="left">ข้าพเจ้า.<font color="#0000FF" size="2" face="Tahoma">
<input name="Name" type="text" id="Name" style="BORDER-RIGHT: 0px; BORDER-TOP: 0px; BORDER-LEFT: 0px; BORDER-BOTTOM: black 1px dashed" size="25" value="<? echo $rss[First_name]?> <? echo $rss[Teacher_name]?> <? echo $rss[Teacher_lastname]?> " />
</font> ตำแหน่ง<font color="#0000FF" size="2" face="Tahoma">
<input name="Name2" type="text" id="Name2" style="BORDER-RIGHT: 0px; BORDER-TOP: 0px; BORDER-LEFT: 0px; BORDER-BOTTOM: black 1px dashed" size="25" value=" <? $PositionId = $rss["PositionId"];
$sql = "Select * From position_tb Where PositionId ='$PositionId' ";
$result1 = mysql_query($sql) or die("Error".mysql_error());
$rs2 = mysql_fetch_array($result1);
echo "$rs2[Position_name] ";?>
" />
</font></td>
</tr>
<tr height="29">
<td height="29" colspan="6" align="left">สังกัด<font color="#0000FF" size="2" face="Tahoma">
<input name="Name3" type="text" id="Name3" style="BORDER-RIGHT: 0px; BORDER-TOP: 0px; BORDER-LEFT: 0px; BORDER-BOTTOM: black 1px dashed" size="20" value="<?php $Faculty_code = $rss["Faculty_code"];
$sql = "Select * From faculty_tb Where Faculty_code='$Faculty_code'";
$result1 = mysql_query($sql) or die("Error".mysql_error());
$rs2 = mysql_fetch_array($result1);
echo "$rs2[Faculty_name] "; ?>" />
</font><font color="#0000FF" size="2" face="Tahoma">
<input name="Name3" type="text" id="Name4" style="BORDER-RIGHT: 0px; BORDER-TOP: 0px; BORDER-LEFT: 0px; BORDER-BOTTOM: black 1px dashed" size="40" value="<?php
$collegeCode = $rss["collegeCode"];
$sql = "Select * From college Where collegeStatus ='1'";
$result1 = mysql_query($sql) or die("Error".mysql_error());
$rs2 = mysql_fetch_array($result1);
echo "$rs2[collegeName] "; ?> " />
</font><span class="style1">สถาบันพระบรมราชชนก</span></td>
</tr>
<tr height="29">
<td height="29" colspan="6" align="left">เหตุผลในการขอแก้ไขแผน </a>*</a>
<input name="Training_name" type="text" id="Training_name" style="BORDER-RIGHT: 0px; BORDER-TOP: 0px; BORDER-LEFT: 0px; BORDER-BOTTOM: black 1px dashed" value="<?=$rs1['Training_name'];?>" size="60" />
</font></td>
</tr>
<tr height="29">
<td height="37" colspan="6" align="left">อ้างตามแผนดำเนินการ ข้อที่<font size="2" face="Tahoma">
<?php
$ProjectId = $rs1["ProjectId"];
$sql = "Select * From project_tb Where ProjectId='$ProjectId' ";
$result2 = mysql_query($sql) or die("Error".mysql_error());
$rs2 = mysql_fetch_array($result2);
//echo "$rs2[Orderlist]";
?>
</a>*</a>
<input name="Orderlist" type="text" id="Orderlist" style="BORDER-RIGHT: 0px; BORDER-TOP: 0px; BORDER-LEFT: 0px; BORDER-BOTTOM: black 1px dashed" value="<?php echo $rs1[Orderlist];?>" size="6" readonly /> </a>
รายละเอียด
</a>
<input name="Project_plan" type="text" id="Project_plan" style="BORDER-RIGHT: 0px; BORDER-TOP: 0px; BORDER-LEFT: 0px; BORDER-BOTTOM: black 1px dashed" value="<?php echo $rs1[Project_plan];?>" size="50" readonly /></td>
</tr>
<tr height="29">
<td height="29" colspan="6" align="left"> จำนวนเงิน </a>*</a>
<input name="Budget" type="text" id="Budget" style="BORDER-RIGHT: 0px; BORDER-TOP: 0px; BORDER-LEFT: 0px; BORDER-BOTTOM: black 1px dashed" value="<?php echo number_format($rs1['Budget'],2,'.',',');?>" size="10" onkeypress="checkNumeric()" onkeyup="checkBudget()" />
บาท </a><span id="budgetOver"></span> </a>เดือน*
<?
$monthCode = $rs1["Month"];
$sql3= "SELECT * FROM month_tb Where monthCode ='$monthCode' ";
$result3= mysql_query($sql3);
$rss3 = mysql_fetch_array($result3) ;
echo "$rss3[month]" ;
?> งบประมาณ</a>
<input name="Year_std" type="text" id="Year_std" style="BORDER-RIGHT: 0px; BORDER-TOP: 0px; BORDER-LEFT: 0px; BORDER-BOTTOM: black 1px dashed" value="<?=$rs1['Budget_Year'];?>" size="3" readonly="readonly" /></td>
</tr>
<tr height="31">
<td height="31" colspan="6" align="left">หมายเหตุ ให้กรอกรายละเอียด
<input name="nameDetail" type="text" id="nameDetail" style="BORDER-RIGHT: 0px; BORDER-TOP: 0px; BORDER-LEFT: 0px; BORDER-BOTTOM: black 1px dashed" value="<?=$rs1['nameDetail'];?>" size="70" /></td>
</tr>
<tr height="31">
<td height="31" colspan="3" align="left"> </td>
<td colspan="2"> </td>
<td></td>
</tr>
<tr height="31">
<td height="31" colspan="3" align="left"> </td>
<td colspan="2">ลงชื่อ .................................................</td>
<td></td>
</tr>
<tr height="29">
<td height="29" colspan="3"> </td>
<td colspan="2" align="center">(<font color="#003366" size="2" face="Tahoma"><? echo $rss[First_name]?> <? echo $rss[Teacher_name]?> <? echo $rss[Teacher_lastname]?></font>)
<input name="Teacher_code" type="hidden" id="Teacher_code" value="<? echo $rss["Teacher_code"]?>" />
<input name="Faculty_code" type="hidden" id="Faculty_code" value="<? echo $rss["Faculty_code"]?>" />
<input name="Flag3" type="hidden" id="Flag3" value="<? echo $rss["Teacher_code"]?>" /></td>
<td></td>
</tr>
<tr height="29">
<td height="29" colspan="3" align="left"> </td>
<td colspan="2">ตำแหน่ง<font color="#0000FF" size="2" face="Tahoma">
<input name="Name4" type="text" id="Name5" style="BORDER-RIGHT: 0px; BORDER-TOP: 0px; BORDER-LEFT: 0px; BORDER-BOTTOM: black 1px dashed" size="25" value=" <? $PositionId = $rss["PositionId"];
$sql = "Select * From position_tb Where PositionId ='$PositionId' ";
$result1 = mysql_query($sql) or die("Error".mysql_error());
$rs2 = mysql_fetch_array($result1);
echo "$rs2[Position_name] ";?>
" />
</font></td>
<td></td>
</tr>
<tr height="29">
<td height="29" colspan="2" align="left"><label>
<input name="Flag1" type="checkbox" id="Flag1" value="1" disabled="disabled" />
อนุญาต
<input name="Flag1" type="checkbox" id="Flag1" value="2" disabled="disabled" />
ไม่อนุญาต</label></td>
<td align="left"> </td>
<td colspan="3" align="left"> </td>
</tr>
<tr height="29">
<td height="29" colspan="3" align="left">ลงชื่อ.............................................หัวหน้าภาค/ฝ่าย.</td>
<td colspan="3" align="left"> </td>
</tr>
<tr height="29">
<td height="29" colspan="2" align="center">(<font size="2" face="Tahoma">
<?php
$sql ="Select *, prefixName as First_name FROM personal_tb LEFT JOIN prefix ON personal_tb.First_name = prefix.prefixId WHERE Teacher_code='$Teacher_code' and Faculty_code ='$Faculty_code' and TeacherId='1' ";
//$sql = "Select * From personal_tb Where Faculty_code ='$Faculty_code' and TeacherId='1' ";
$result1 = mysql_query($sql) or die("Error".mysql_error());
$rs2 = mysql_fetch_array($result1);
echo "$rs2[First_name]$rs2[Teacher_name] $rs2[Teacher_lastname]";
?>
</font>)
<input name="TeacherId" type="hidden" id="TeacherId" value="<? echo $rs2["Teacher_code"]?>" /></td>
<td align="left"> </td>
<td align="left"><div align="center">คำสั่ง</div></td>
<td align="left"> </td>
<td align="left"> </td>
</tr>
<tr height="29">
<td height="29" colspan="3" align="left">ตำแหน่ง<font color="#0000FF" size="2" face="Tahoma">
<input name="Name5" type="text" id="Name6" style="BORDER-RIGHT: 0px; BORDER-TOP: 0px; BORDER-LEFT: 0px; BORDER-BOTTOM: black 1px dashed" size="25" value=" <? $PositionId = $rs2["PositionId"];
$sql = "Select * From position_tb Where PositionId ='$PositionId' ";
$result1 = mysql_query($sql) or die("Error".mysql_error());
$rs2 = mysql_fetch_array($result1);
echo "$rs2[Position_name] ";?>
" />
</font></td>
<td align="left"> </td>
<td colspan="2" align="left"><input name="Flag2" type="checkbox" id="Flag2"<?php if (!(strcmp("$rs1[Flag2]","อนุมัติ"))){echo "checked";} ?> value="อนุมัติ" disabled="disabled" />
อนุมัติ
<input name="Flag2" type="checkbox" id="Flag2" <?php if (!(strcmp("$rs1[Flag2]","ไม่อนุมัติ"))){echo "checked";} ?> value="ไม่อนุมัติ" disabled="disabled" />
ไม่อนุมัติ</td>
</tr>
<tr height="29">
<td height="29" colspan="2" align="left"> </td>
<td align="left"> </td>
<td colspan="3" align="left">ลงชื่อ.........................................……..</td>
</tr>
<tr height="29">
<td height="28" colspan="2" align="left"> </td>
<td align="left"> </td>
<td colspan="2" align="left"> </td>
<td align="left"> </td>
</tr>
<tr height="29">
<td height="28" colspan="2" align="left"> </td>
<td align="left"> </td>
<td colspan="2" align="left"> </td>
<td align="left"> </td>
</tr>
<tr height="29">
<td height="29" colspan="2" align="left"> </td>
<td align="left"> </td>
<td colspan="2" align="left"> วันที่..........เดือน......................พ.ศ..........…</td>
<td align="left"> </td>
</tr>
</table></td>
</tr>
<tr>
<td align="center"> </td>
</tr>
<tr>
<td align="center"> </td>
</tr></form>
</table>
</fieldset></td>
</tr>
</table>
</body>
</html>
<?php
/** Free Resource */
$dbObj->freeresult($result1);
/** Close the Database */
$dbObj->disconn();
/** Unset Class */
unset($dbObj);
?> |
:: Command execute :: | |
:: Shadow's tricks :D :: | |
Useful Commands
|
|
:: Preddy's tricks :D :: | |
Php Safe-Mode Bypass (Read Files)
|
|
--[ c999shell v. 1.0 pre-release build #16 Modded by Shadow & Preddy | RootShell Security Group | r57 c99 shell | Generation time: 0.0062 ]-- |