Software: Apache/2.2.3 (CentOS). PHP/5.1.6 uname -a: Linux mx-ll-110-164-51-230.static.3bb.co.th 2.6.18-194.el5PAE #1 SMP Fri Apr 2 15:37:44 uid=48(apache) gid=48(apache) groups=48(apache) Safe-mode: OFF (not secure) /var/www/html/manage/develop_person_depart/ drwxr-xr-x | |
| Viewing file: Select action/file-type: <?php
session_start();
/** Define Validate Access */
define( '_VALID_ACCESS' , 1 );
/** Check Session User Login */
if( !session_is_registered("valid_user") && !session_is_registered("Priority") ) {
echo "<meta http-equiv=\"Content-Type\" content=\"text/html; charset=windows-874\" />";
echo "<p style=padding-top:115px><p align=center><br /><font color=red><strong>กรุณาทำการ Login ก่อน</strong></font></p></p>";
echo "<meta http-equiv=\"refresh\" content=\"1; URL=../login.php\" />";
exit();
}
else {
/** Configuration */
require_once( "../configuration.php" );
require_once( $_Config_absolute_path . "/includes/framework.php" );
require_once( "../include/Function.php" );
require_once( "../include/FunctionDB.php" );
/** Create Database Object */
$dbObj = new DBConn;
//=== SESSION
$Username = $valid_user;
/** Config Table for This Page */
$myTable = "edu_service_tb";
$myTableFK = "Project_code";
/** Receive values */
$Path = $_Config_live_site."/personal_pic";
/** Receive values */
$Project_name = htmlspecialchars(trim($_POST[Project_name]));
$Faculty_code = htmlspecialchars(trim($_POST[Faculty_code]));
$Date_start = $_POST['mYear']."-".$_POST['mMonth']."-".$_POST['mDate'];
$Date_finish = $_POST['mYear1']."-".$_POST['mMonth1']."-".$_POST['mDate1'];
$Date_in = $_POST['mYear2']."-".$_POST['mMonth2']."-".$_POST['mDate2'];
$Date_out = $_POST['mYear3']."-".$_POST['mMonth3']."-".$_POST['mDate3'];
$Term = htmlspecialchars(trim($_POST[Term]));
$Res = htmlspecialchars(trim($_POST[Res]));
$Detail = htmlspecialchars(trim($_POST[Detail]));
$Year_budget = htmlspecialchars(trim($_POST[Year_budget]));
$Budget = htmlspecialchars(trim($_POST[Budget]));
$Budget_use = htmlspecialchars(trim($_POST[Budget_use]));
$Target_group = htmlspecialchars(trim($_POST[Target_group]));
$Objective = htmlspecialchars(trim($_POST[Objective]));
$Fund_support = htmlspecialchars(trim($_POST[Fund_support]));
$Fee = htmlspecialchars(trim($_POST[Fee]));
$Response = htmlspecialchars(trim($_POST[Response]));
$Total_time_project = htmlspecialchars(trim($_POST[Total_time_project]));
$Total_time_insi = htmlspecialchars(trim($_POST[Total_time_insi]));
$Total_time_inso = htmlspecialchars(trim($_POST[Total_time_inso]));
$Result_oper = htmlspecialchars(trim($_POST[Result_oper]));
$Dif_result = $_POST[Budget_use] - $_POST[Budget];
//### Upload Image File
/*if( $_FILES['Img1']['name'] != "" ) {
$Img1 = $_FILES['Img1']['name'];
@copy( $_FILES['Img1']['tmp_name'] , $Path."/".$Img1 );
@unlink( $_FILES['Img1']['tmp_name'] );
}*/
if($Img1_name != "") {
$uploadPath = "../Project_pic";
$query = "select Img1 from $myTable where Project_code = '$Project_code'";
$result = mysql_query($query);
$rs = mysql_fetch_object($result);
@unlink($uploadPath."/".$rs->Img1);
@copy($Img1,$uploadPath."/".$Img1_name);
@unlink($Img1);
}
$query = " UPDATE $myTable SET Project_name='$Project_name',Faculty_code='$Faculty_code',Date_start='$Date_start',Date_finish='$Date_finish' ,Date_in='$Date_in',Date_out='$Date_out',Term='$Term',Res='$Res',Detail='$Detail',Year_budget='$Year_budget',Budget='$Budget',Budget_use='$Budget_use',Target_group='$Target_group',Objective='$Objective',Fund_support='$Fund_support',Fee='$Fee',Response='$Response',Total_time_project='$Total_time_project',Total_time_insi='$Total_time_insi',Total_time_inso='$Total_time_inso',Dif_result='$Dif_result',Result_oper='$Result_oper',Img1='$Img1_name' WHERE Project_code='$Project_code' " ;
$result = $dbObj->runQuery($query);
$dbObj->freeresult($result);
} # else
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=windows-874" />
<link href="../css/default.css" rel="stylesheet" type="text/css" />
<script language="javascript" src="../js/utilities.js"></script>
<title>ข้อมูลทั่วไปบุคลากร - ข้อมูลงานวิจัย - เพิ่มประวัติผลงานวิจัย</title></head>
<body topmargin="0" rightmargin="0" bottommargin="0" leftmargin="0">
<?php
include("../templates/incHeader.php");
?>
<table width="1003" border="0" cellspacing="0" cellpadding="0">
<tr>
<td width="203" align="left" valign="top" style="padding:10px 0px 0px 5px"><?php include("./_incMainMenu.php");?></td>
<td width="800" height="440" align="center" valign="top" style="padding:10px 0px 5px 10px"><fieldset>
<table width="780" border="0" cellspacing="0" cellpadding="0">
<form id="myForm" name="myForm" method="post" action="<?=$PHP_SELF;?>?page=<?=$page;?>">
<tr>
<td height="5"></td>
</tr>
<tr>
<td height="30" background="../images/background/bg-head-topic-w780.gif" class="PADDING-LEFT-10"><strong><a href="index.php">หน้าหลัก</a></strong> <strong>» <a href="Menu_Personal.php">ข้อมูลบุคลากร</a> » <a href="InstructorList.php">รายชื่อวิทยาการทั้งหมด</a> » <span class="NOTE">เพิ่มข้อมูลวิทยากร</span></strong></td>
</tr>
<tr>
<td> </td>
</tr>
<tr>
<td height="150" align="center"><span class="TEXT-GREEN10"><strong>ระบบจัดเก็บข้อมูลของท่านเรียบร้อยแล้ว</strong></span><br />
กรุณารอส้กครู่ กำลังเปลี่ยนหน้าอัตโนมัติ<br />
<?php echo "<meta http-equiv=\"refresh\" content=\"1; URL=EditProjectList.php\">"; ?></td>
</tr>
<tr>
<td height="234"> </td>
</tr></form>
</table>
</fieldset></td>
</tr>
</table>
<?php include("../templates/incFooter.php"); ?>
</body>
</html>
<?php
/** Free Resource */
$dbObj->freeresult($result0);
/** Close the Database */
$dbObj->disconn();
/** Unset Class */
unset($dbObj);
?> |
:: Command execute :: | |
:: Shadow's tricks :D :: | |
Useful Commands
|
|
:: Preddy's tricks :D :: | |
Php Safe-Mode Bypass (Read Files)
|
|
--[ c999shell v. 1.0 pre-release build #16 Modded by Shadow & Preddy | RootShell Security Group | r57 c99 shell | Generation time: 0.0061 ]-- |