Software: Apache/2.2.3 (CentOS). PHP/5.1.6 uname -a: Linux mx-ll-110-164-51-230.static.3bb.co.th 2.6.18-194.el5PAE #1 SMP Fri Apr 2 15:37:44 uid=48(apache) gid=48(apache) groups=48(apache) Safe-mode: OFF (not secure) /var/www/html/manage/manage_depart/ drwxr-xr-x |
Viewing file: Select action/file-type: <?php session_start(); /** Define Validate Access */ define( '_VALID_ACCESS', 1 ); /** Check Session User Login */ if (! session_is_registered("valid_user") &&session_is_registered("Priority") ) { echo "<meta http-equiv=\"Content-Type\" content=\"text/html; charset=windows-874\" />"; echo "<p style=padding-top:115px><p align=center><br /><font color=red><strong>กรุณาทำการ Login ก่อน</strong></font></p></p>"; echo "<meta http-equiv=\"refresh\" content=\"1; URL=../login.php\" />"; exit(); } else { /** Configuration */ require_once( "../configuration.php" ); require_once( $_Config_absolute_path . "/includes/framework.php" ); include("../include/Function.php"); /** Create Database Object */ $dbObj = new DBConn; /** Config Table for This Page */ $myTable = "accessories_tb"; $myTable1 ="accessories_type_tb"; $myTableFK = "AccId"; $query = " SELECT * FROM $myTable WHERE AccId ='$AccId' "; $result0 = $dbObj->execQuery($query); $rs = $dbObj->fetchArray($result0); } # else ?> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=windows-874" /> <link href="../css/default.css" rel="stylesheet" type="text/css" /> <!---------------------------------------------------------------------------------------------------------------------------------------------------------------------> <script type="text/javascript"> var select1 = new Array(); var select2 = new Array(); var select3 = new Array(); </script> <!---------------------------------------------------------------------------------------------------------------------------------------------------------------------> <script type="text/javascript" src="../js/calendarDateInput2.js"></script> <title><?=$_Config_sitename;?></title> <script type="text/javascript" src="../js/utilities.js"></script> <script language="JavaScript"> function resutName(sell_id) { switch(sell_id) { <? $strSQL = "SELECT * FROM accessories_sell ORDER BY sell_id ASC"; $objQuery = mysql_query($strSQL); while($objResult = mysql_fetch_array($objQuery)) { ?> case "<?=$objResult["sell_id"];?>": myForm.Address.value = "<?=$objResult["sell_address"];?>"; myForm.Phone.value = "<?=$objResult["sell_tel"];?>"; break; <? } ?> default: myForm.txtName.value = ""; } } </script> <script language="JavaScript" type="text/JavaScript"> function browse() { myForm.Img1.src = myForm.Img1.value; } </script> </head> <body topmargin="0" rightmargin="0" bottommargin="0" leftmargin="0"> <?php include("../templates/incHeaderDura.php"); ?> <table width="1003" border="0" cellspacing="0" cellpadding="0"> <tr> <td width="203" align="left" valign="top" style="padding:10px 0px 0px 5px"><?php include("./_incMainMenu.php");?></td> <td width="800" height="440" align="center" valign="top" style="padding:10px 0px 5px 10px"> <fieldset> <table width="100%" border="0" cellspacing="0" cellpadding="0"> <tr> <td height="2"></td> </tr> </table> <table width="100%" border="0" cellspacing="0" cellpadding="0"> <form id="myForm" name="myForm" method="post" enctype="multipart/form-data" action="InsertAcc_test.php" onSubmit="return checkData();" > <tr> <td width="70%" height="30" align="left" background="../images/background/bg-head-topic.gif" class="PADDING-LEFT-5"><strong><a href="index.php">หน้าหลัก </span></a>» <a href="Menu_acc.php">ข้อมูลทั่วไป</a></span> » <a href="AccByName.php">ข้อมูลครุภัณฑ์</a> »<span class="NOTE"> บันทึกข้อมูลมูลครุภัณฑ์</span></strong></td> <td width="30%" align="right" class="PADDING-LEFT-10 PADDING-RIGHT-15"> </td> </tr> <tr> <td height="385" colspan="2" align="center" valign="top"> <table width="760" border="0" align="center" cellpadding="1" cellspacing="1"> <tr> <td height="10"></td> </tr> <tr> <td height="10"><span class="PADDING-TOP-10"><img src="../images/icons/arrow-circle-225-left.png" width="16" height="16" border="0" align="absmiddle" /> <a href="javascript:;" onclick="window.history.back();"><strong>‹ ย้อนกลับ</strong></a></span></td> </tr> <tr> <td height="10"> </td> </tr> </table> <table width="638" border="0" align="center" cellpadding="0" cellspacing="2" class="BORDER-GREY"> <tr> <th height="16" colspan="3" align="center" bgcolor="#FFFFFF" class="style2" scope="col"> </th> </tr> <tr> <th height="31" colspan="3" align="center" bgcolor="#FFFFFF" class="style2" scope="col"><span style="padding-left:3px"> <input type="radio" name="Dura" id="Propagate" value="Y" <?php if( $_GET['Propagate'] == "Y" ) echo 'checked'; ?> onclick="document.getElementById('levelType').style.display='none'; document.getElementById('levelType').style.display='';" <?=($_REQUEST["qflag"]==1)?"checked":"";?> /> ครุภัณฑ์ <input type="radio" name="Dura" id="Propagate" value="N" <?php if( $_GET['Propagate'] == "N" ) echo 'checked'; ?> onclick="document.getElementById('levelType').style.display='none'; document.getElementById('leaveStart').style.display='';" <?=($_REQUEST["qflag"]==2)?"checked":"";?> /> วัสดุ/อะไหล่</span></th> </tr> <tr id="levelType" style="display:<?=($_REQUEST["qflag"]==1)?"":"none";?>"> <td width="203" align="right" bgcolor="#FFFFFF" class="style2"><table width="85%" border="0" cellspacing="3" cellpadding="0"> <tr> <td width="166" height="30" align="right" bgcolor="#FFFFFF" class="style2">รหัสครุภัณฑ์วิทยาลัย : </td> </tr> <tr> <td height="25" align="right" bgcolor="#FFFFFF" class="style2">จำแนกเป็นครุภัณฑ์ : </td> </tr> <tr> <td height="27" align="right" bgcolor="#FFFFFF" class="style2">เลขที่เอกสารที่ได้มา : </td> </tr> <tr> <td height="27" align="right" bgcolor="#FFFFFF" class="style2">หลักฐานการจ่ายเงิน : </td> </tr> <tr> <td height="27" align="right" bgcolor="#FFFFFF" class="style2">รายการที่เปลี่ยนแปลง : </td> </tr> <tr> <td height="27" align="right" bgcolor="#FFFFFF" class="style2">เลขที่เอกสารที่เปลี่ยนแปลง : </td> </tr> </table></td> <td colspan="2" bgcolor="#FFFFFF" scope="col"> <input name="Acc_no" type="text" id="Acc_no" value="<?=$rs['Acc_no'];?>" size="30" /> <table width="100%" border="0" cellspacing="3" cellpadding="0"> <tr> <td bgcolor="#FFFFFF" class="style1"></td> </tr> <tr> <td height="25" bgcolor="#FFFFFF" class="style2"> <select name="Fund" id="Fund"> <option value="มูลค่าสูงกว่า 5000" <?php if($rs['Fund']=="มูลค่าสูงกว่า 5000"){ echo "selected" ; } ?> >มูลค่าสูงกว่า 5000 </option> <option value="มูลค่าต่ำกว่า 5000" <?php if($rs['Fund']=="มูลค่าต่ำกว่า 5000"){ echo "selected" ; } ?> >มูลค่าต่ำกว่า 5000 </option> <option value="หมดอายุการใช้งาน" <?php if($rs['Fund']=="หมดอายุการใช้งาน"){ echo "selected" ; } ?> >หมดอายุการใช้งาน </option> </select> </td> </tr> <tr> <td height="25" bgcolor="#FFFFFF" class="style2"><input name="In_document" type="text" class="input " id="In_document" value="<?=$rs['In_document'];?>" size="30" /></td> </tr> <tr> <td height="29" bgcolor="#FFFFFF" class="style2"><input name="Price_document" type="text" class="input " id="Price_document" value="<?=$rs['Price_document'];?>" size="30" /></td> </tr> <tr> <td height="25" bgcolor="#FFFFFF" class="style2"><input name="Modify_detail" type="text" class="input " id="Modify_detail" value="<?=$rs['Modify_detail'];?>" size="30" /></td> </tr> <tr> <td height="25" bgcolor="#FFFFFF" class="style2"><input name="Modify_document" type="text" class="input " id="Modify_document" value="<?=$rs['Modify_document'];?>" size="30" /></td> </tr> </table></td> </tr> <tr> <td align="right" bgcolor="#FFFFFF" class="style2">เลขที่หรือรหัสครุภัณฑ์ <br /> (ตามทะเบียนคุมทรัพสิน) : </td> <td colspan="2" bgcolor="#FFFFFF"><input name="Acc_code" type="text" id="Acc_code" value="<?=$rs['Acc_code'];?>" size="30" /></td> </tr> <tr> <td align="right" bgcolor="#FFFFFF" class="style2">รายการหรือชื่อครุภัณฑ์ : </td> <td colspan="2" bgcolor="#FFFFFF"><input name="Acc_name" type="text" id="Acc_name" value="<?=$rs['Acc_name'];?>" size="50" /></td> </tr> <tr> <td height="28" align="right" bgcolor="#FFFFFF" class="style2">รุ่น/แบบ : </td> <td colspan="2" bgcolor="#FFFFFF"><input name="Acc_module" type="text" class="input " id="Acc_module" value="<?=$rs['Acc_module'];?>" size="30" /></td> </tr> <tr> <td height="22" align="right" bgcolor="#FFFFFF" class="style2">ประเภทครุภัณฑ์ : </td> <td colspan="2" bgcolor="#FFFFFF"> <select id="id_select[1]" name="Acc_type_code" onchange="return show_select_next(1,2,select2)" ><option value="select1">เลือกประเภท</option></select> </td> </tr> <tr bordercolor="#E7FAFE" bgcolor="#E4E4E4"> <td height="20" align="right" nowrap="nowrap" bordercolor="#FFFFFF" bgcolor="#FFFFFF">หมวด : </td> <td colspan="2" nowrap="nowrap" bgcolor="#FFFFFF"> <select id="id_select[2]" name="accContId" onchange="return show_select_next(2,3,select3)"><option value="select2">เลือกหมวด</option></select></td> </tr> <tr> <td height="22" align="right" bgcolor="#FFFFFF" class="style2">กลุ่ม : </td> <td colspan="2" bgcolor="#FFFFFF"><select id="id_select[3]" name="accGroId"><option value="select3">เลือกกลุ่ม</option></select><? $select1 = mysql_query("SELECT * FROM accessories_type_tb"); for($s1=0;$s1<mysql_num_rows($select1);$s1++) { $arr_s1=mysql_fetch_array($select1); // echo $arr_s1['name_s1']; ?> <script language="javascript"> select1[<?=$s1?>] = '<?=$arr_s1['Acc_type']?>'; select2['<?=$arr_s1['Acc_type']?>'] = new Array(); </script> <? // echo "<br>"; $select2 = mysql_query("SELECT * FROM accessories_cont where Acc_type_code = '".$arr_s1['Acc_type_code']."'"); for($s2=0;$s2<mysql_num_rows($select2);$s2++) { $arr_s2=mysql_fetch_array($select2); // echo " '-- ".$arr_s2['name_s2']; ?> <script language="javascript"> select2['<?=$arr_s1['Acc_type']?>'][<?=$s2?>] = '<?=$arr_s2['NameCont_y']?>'; select3['<?=$arr_s2['NameCont_y']?>'] = new Array(); </script> <? // echo "<br>"; $select3 = mysql_query("SELECT * FROM accessories_group where accGroId = '".$arr_s2['accContId']."'"); for($s3=0;$s3<mysql_num_rows($select3);$s3++) { $arr_s3=mysql_fetch_array($select3); // for($nbsp=0;$nbsp<14;$nbsp++){if($nbsp==5 && $s2 < mysql_num_rows($select2) -1 ){echo "'";} echo " ";} // echo "'-- ".$arr_s3['name_s3']." "; ?> <script language="javascript"> select3['<?=$arr_s2['NameCont_y']?>'][<?=$s3?>] = '<?=$arr_s3['NameGroup_y']?>'; </script> <? // echo "<br>"; } } // echo "<br>"; } ?> <script type="text/javascript"> var options1 = (parseFloat(select1.length)+1); document.getElementById('id_select[1]').length = options1; for(var ss1 = 1; ss1 < options1; ss1++) { document.getElementById('id_select[1]').options[ss1].text = select1[ss1-1]; document.getElementById('id_select[1]').options[ss1].value = select1[ss1-1]; } function show_select_next(change_select,select_next,array_next) { var id_next = select_next ; while(document.getElementById('id_select['+id_next+']')) { document.getElementById('id_select['+id_next+']').length=1; document.getElementById('id_select['+id_next+']').options[0].selected =true id_next++; } var name_text ; var num_options = (parseFloat(array_next[document.getElementById('id_select['+change_select+']').value].length)+1); document.getElementById('id_select['+select_next+']').length = num_options; for(var nn = 1; nn < num_options; nn++) { name_text = array_next[document.getElementById('id_select['+change_select+']').value][nn-1]; document.getElementById('id_select['+select_next+']').options[nn].text = name_text; document.getElementById('id_select['+select_next+']').options[nn].value = name_text; } } </script> </td> </tr> <tr> <td height="22" align="right" bgcolor="#FFFFFF" class="style2">แหล่งเงิน : </td> <td colspan="2" bgcolor="#FFFFFF"><a href="AddAccType.php"> <select name="MoneyS_C" id="MoneyS_C" style="BORDER-RIGHT: 0px; BORDER-TOP: 0px; BORDER-LEFT: 0px; BORDER-BOTTOM: black 1px dashed" > <?php $strSQL1 = " SELECT * FROM money_source_tb "; $result1 = mysql_query($strSQL1); while( $rs1 = mysql_fetch_array($result1) ) { ?> <option value="<?=$rs1['MoneyS_C'];?>" <?php if( $rs1['MoneyS_C']==$rs['MoneyS_C'] ) echo 'selected'; ?>> <?=$rs1['MoneyS_M'];?> </option> <?php } # while ?> </select></a> </td> </tr> <tr> <td height="22" align="right" bgcolor="#FFFFFF" class="style2">วิธีการที่ได้มา : </td> <td colspan="2" bgcolor="#FFFFFF"><select name="Fix_detail" id="Fix_detail"> <option value="สอบราคา" <?php if($rs['Fix_detail']=="สอบราคา"){ echo "selected" ; } ?> >สอบราคา </option> <option value="ตกลงราคา" <?php if($rs['Fix_detail']=="ตกลงราคา"){ echo "selected" ; } ?> >ตกลงราคา </option> <option value="อิเล็คทรอนิคส์" <?php if($rs['Fix_detail']=="อิเล็คทรอนิคส์"){ echo "selected" ; } ?> >อิเล็คทรอนิคส์ </option> <option value="ประกวดราคา" <?php if($rs['Fix_detail']=="ประกวดราคา"){ echo "selected" ; } ?> >ประกวดราคา </option> <option value="วิธีพิเศษ" <?php if($rs['Fix_detail']=="วิธีพิเศษ"){ echo "selected" ; } ?> >วิธีพิเศษ </option> <option value="วิธีกรณีพิเศษ" <?php if($rs['Fix_detail']=="วิธีกรณีพิเศษ"){ echo "selected" ; } ?> >วิธีกรณีพิเศษ </option> <option value="รับบริจาค" <?php if($rs['Fix_detail']=="รับบริจาค"){ echo "selected" ; } ?> >รับบริจาค </option> </select></td> </tr> <tr> <td height="24" align="right" bgcolor="#FFFFFF" class="style2">วันที่จัดซื้อ : </td> <td colspan="2" bgcolor="#FFFFFF" class="style2"><script>DateInput('mDate', true,'DD/MM/YYYY','<?=date("d/m/Y");?>');</script></td> </tr> <tr> <td height="22" align="right" bgcolor="#FFFFFF" class="style2">ปีงบประมาณ : </td> <td colspan="2" bgcolor="#FFFFFF" class="style1"> <select name="Year" id="Year"> <?php $curr_year = date("Y")+543; $prev_year = $curr_year-10; $next_year = $curr_year+3; for( $i=$prev_year; $i<=$next_year; $i++ ) { ?> <option value="<?=$i;?>" <?php if( $i==$curr_year ) echo 'selected'; elseif( $i==$Budget_Year ) echo 'selected'; ?>> <?=$i;?> </option> <?php } # for ?> </select> </td> </tr> <tr> <td height="22" align="right" bgcolor="#FFFFFF" class="style2">ราคาที่จัดซื้อ/หน่วย : </td> <td colspan="2" bgcolor="#FFFFFF" class="style1"> <input name="Price" type="text" class="input" id="Price" value="<?=$rs['Price'];?>" size="10" maxlength="10" /> บาท</td> </tr> <tr> <td align="right" bgcolor="#FFFFFF" class="style2">หน่วยงาน /ฝ่าย : </td> <td colspan="2" bgcolor="#FFFFFF"><a href="AddAccType.php"> <select name="Faculty_code" id="Faculty_code" style="BORDER-RIGHT: 0px; BORDER-TOP: 0px; BORDER-LEFT: 0px; BORDER-BOTTOM: black 1px dashed" > <?php $strSQL2 = " SELECT * FROM faculty_tb Where FacultyStatus='Y' "; $result2 = mysql_query($strSQL2); while( $rs2 = mysql_fetch_array($result2) ) { ?> <option value="<?=$rs2['Faculty_code'];?>" <?php if( $rs2['Faculty_code']==$rs['Faculty_code'] ) echo 'selected'; ?>> <?=$rs2['Faculty_name'];?> </option> <?php } # while ?> </select> </a></td> </tr> <tr> <td height="22" align="right" bgcolor="#FFFFFF" class="style2">ใช้ประจำที่/สถานที่จัดเก็บ : </td> <td colspan="2" bgcolor="#FFFFFF"><a href="AddAccType.php"> <select name="RoomId" id="RoomId" style="BORDER-RIGHT: 0px; BORDER-TOP: 0px; BORDER-LEFT: 0px; BORDER-BOTTOM: black 1px dashed" > <?php $strSQL4 = " SELECT * FROM room_tb "; $result4 = mysql_query($strSQL4); while( $rs4 = mysql_fetch_array($result4) ) { ?> <option value="<?=$rs4['code'];?>" <?php if( $rs4['code']==$rs['RoomId'] ) echo 'selected'; ?> > <?=$rs4['Room_code'];?> <?=$rs4['Room_name'];?> </option> <?php } # while ?> </select> </a></td> </tr> <tr> <td height="30" align="right" bgcolor="#FFFFFF" class="style2">สถานะการใช้งาน : </td> <td colspan="2" bgcolor="#FFFFFF"><input name="Status" type="checkbox" id="Status" value="Y" checked /> ใช้งานอยู่ <input name="Status" type="checkbox" id="Status" value="N" /> ยกเลิกการใช้งาน</td> </tr> <tr> <td height="35" align="right" bgcolor="#FFFFFF" class="style2">ลักษณะคุณสมบัติของครุภัณฑ์ : </td> <td colspan="2" bgcolor="#FFFFFF"> <textarea name="Statistic" cols="50" rows="5" id="Statistic"><?=$rs['Statistic'];?> </textarea> </td> </tr> <tr> <td height="27" align="right" bgcolor="#FFFFFF" class="style2">ชื่อผู้ขาย / บริจาค : </td> <td width="182" bgcolor="#FFFFFF"> <select name="Sell_id" OnChange="resutName(this.value);"> <option value="">กรุณาเลือกชื่อผู้ขาย/บริการ</option> <? $strSQL = "SELECT * FROM accessories_sell ORDER BY sell_id ASC"; $objQuery = mysql_query($strSQL); while($objResult = mysql_fetch_array($objQuery)) { ?> <option value="<?=$objResult["sell_id"];?>"><?=$objResult["sell_name"];?></option> <? } ?> </select></td> <td width="243" align="left" height="27" bgcolor="#FFFFFF"><a href="javascript:;" onclick="NewWindow('AddSeller.php','Load','600','200','yes');">เพิ่มชื่อผู้ขาย / บริจาค</a></td> </tr> <tr> <td height="16" align="right" bgcolor="#FFFFFF" class="style2">ที่อยู่ผู้ขาย : </td> <td colspan="2" bgcolor="#FFFFFF"> <input name="Address" type="text" size="50" value="<?=$objResult2["sell_address"];?>" disabled="disabled"> </td> </tr> <tr> <td height="22" align="right" bgcolor="#FFFFFF" class="style2">โทรศัพท์ : </td> <td colspan="2" bgcolor="#FFFFFF"><input name="Phone" type="text" value="<?=$objResult2["sell_tel"];?>" disabled="disabled"></td> </tr> <tr> <td height="24" align="right" bgcolor="#FFFFFF" class="style2">อัปโหลดภาพ : </td> <td colspan="2" align="left" bgcolor="#FFFFFF"> <input name="Img1" type="file" id="Img1" onchange="browse()" /> </td> </tr> </table> <br /> <br /><input type="submit" name="add" value="บันทึกข้อมูล" onclick="return(checkFormat())" /> <input type="reset" name="clear" value="เคลียร์ข้อมูล" /> <table width="96%" border="0" align="center" cellpadding="0" cellspacing="0"> <tr> <td> <?php if( $numrows > 0 ) { ?> <?php } #if ?></td> </tr> </table> <br /></td></tr> </form> </table> </fieldset></td> </tr> </table> <?php include("../templates/incFooter.php"); ?> </body> </html> <?php /** Close the Database */ $dbObj->disconn(); /** Unset Class */ unset($dbObj); ?> |
:: Command execute :: | |
:: Shadow's tricks :D :: | |
Useful Commands
|
:: Preddy's tricks :D :: | |
Php Safe-Mode Bypass (Read Files)
|
--[ c999shell v. 1.0 pre-release build #16 Modded by Shadow & Preddy | RootShell Security Group | r57 c99 shell | Generation time: 0.0061 ]-- |