Software: Apache/2.2.3 (CentOS). PHP/5.1.6 uname -a: Linux mx-ll-110-164-51-230.static.3bb.co.th 2.6.18-194.el5PAE #1 SMP Fri Apr 2 15:37:44 uid=48(apache) gid=48(apache) groups=48(apache) Safe-mode: OFF (not secure) /var/www/html/manage/register/ drwxr-xr-x |
Viewing file: InsertHistory.php (9.88 KB) -rw-r--r-- Select action/file-type: (+) | (+) | (+) | Code (+) | Session (+) | (+) | SDB (+) | (+) | (+) | (+) | (+) | (+) | <?php session_start(); if (session_is_registered("valid_user")) { include("../include/FunctionDB.php"); include("../include/Function.php"); ConnectDB(); $Flag = true; $First_name = htmlspecialchars(trim($_POST[First_name])); $Teacher_name = htmlspecialchars(trim($_POST[Teacher_name])); $Teacher_lastname = htmlspecialchars(trim($_POST[Teacher_lastname])); $Address = htmlspecialchars(trim($_POST[Address])); $Skill = htmlspecialchars(trim($_POST[Skill])); $DateBirth = $_POST[mYear]."-".$_POST[mMonth]."-".$_POST[mDate]; $Degree_His1 = $_POST[D1]." ".$_POST[B1]." ".$_POST[S1]; $Degree_His2 = $_POST[D2]." ".$_POST[B2]." ".$_POST[S2]; $Degree_His3 = $_POST[D3]." ".$_POST[B3]." ".$_POST[S3]; $Type_degree1 = htmlspecialchars(trim($_POST[Type_degree1])); $Type_degree2 = htmlspecialchars(trim($_POST[Type_degree2])); $Type_degree3 = htmlspecialchars(trim($_POST[Type_degree3])); $Teacher_id = $_POST[Id1]."-".$_POST[Id2]."-".$_POST[Id3]."-".$_POST[Id4]; $Sex = htmlspecialchars(trim($_POST[Sex])); $Nationality = htmlspecialchars(trim($_POST[Nationality])); $Nation = htmlspecialchars(trim($_POST[Nation])); $Religion = htmlspecialchars(trim($_POST[Religion])); $Citizen_id = htmlspecialchars(trim($_POST[Citizen_id])); $Father_name = htmlspecialchars(trim($_POST[Father_name])); $Mother_name = htmlspecialchars(trim($_POST[Mother_name])); $Status =htmlspecialchars(trim($_POST[Status])); $Status2 =htmlspecialchars(trim($_POST[Status2])); $Status3 =htmlspecialchars(trim($_POST[Status3])); $Soulmate = htmlspecialchars(trim($_POST[Soulmate])); $Total_child = htmlspecialchars(trim($_POST[Total_child])); $Type_Degree = $_POST[Type_Degree]; $Degree_code = $_POST[Degree_code]; $Club_nid = $_POST[Club_nid]; $Skill = htmlspecialchars(trim($_POST[Skill])); $Gover_id = $_POST[Gover_id]; $Forum_nid = $_POST[Club_nid]; $Year_gov = $_POST[Year_gov]; $Year_coll = $_POST[Year_coll]; $Year_fac = $_POST[Year_fac]; $Gover_pos = $_POST[Gover_pos]; $Manage_pos = $_POST[Manage_pos]; $Faculty_code = $_POST[Faculty_code]; $Group = htmlspecialchars(trim($_POST[Group])); $Username = $_POST[Username]; $Password = $_POST[Password]; $Salary_1 = htmlspecialchars(trim($_POST[Salary_1])); $Salary_2 = htmlspecialchars(trim($_POST[Salary_2])); $Salary_3 = htmlspecialchars(trim($_POST[Salary_3])); /////////////// Check Duplicate Teacher Id ///////////////////////////////////// /*echo " $Teacher_id <br>"; $sql3 = "Select * From teachertb Where Teacher_id='$Teacher_id'"; $result3 = mysql_query($sql3) or die("Error $result3".mysql_error()); $sum = mysql_num_rows($result3); if ($sum>0) { $msg .="<li>รหัสอาจารย์ซ้ำ"; $button ="<input type=\"button\" value=\"Back to Edit\" onclick=\"history.back();\" style=\"font-weight:bold;color:#FFF;background-color:#036;border-style:outset;border-color:#69F;font-family:Tohoma;\">"; $Flag = false; } //////////////////// check Status Personal Register $sql2 ="Select * From accounttb Where Teacher_id = '$Teacher_id' "; $result1 = mysql_query($sql2) or die("Error $result1 $sql2".mysql_error()); $row = mysql_num_rows($result1); if ($row < 0) { $msg .="<li>Teacher id Incorrect"; $button ="<input type=\"button\" value=\"Back to Edit\" onclick=\"history.back();\" style=\"font-weight:bold;color:#FFF;background-color:#036;border-style:outset;border-color:#69F;font-family:Tohoma;\">"; $Flag = false; }*/ ////////////////////////// check First name if ($First_name =="") { $msg .="<li>กรุณาระบุ คำนำหน้า"; $button ="<input type=\"button\" value=\"กลับไปแก้ไข\" onclick=\"window.history.back();\" style=\"font-weight:bold;color:#FFF;background-color:#036;border-style:outset;border-color:#69F;font-family:Tohoma;\">"; $Flag = false; } ///////////////////// check name if ($Teacher_name =="") { $msg .="<li>กรุณาระบุ ชื่อ"; $button ="<input type=\"button\" value=\"กลับไปแก้ไข\" onclick=\"history.back();\" style=\"font-weight:bold;color:#FFF;background-color:#036;border-style:outset;border-color:#69F;font-family:Tohoma;\">"; $Flag = false; } /////////////////// Check Lastname if ($Teacher_lastname =="") { $msg .="<li>กรุณาระบุ นามสกุล"; $button ="<input type=\"button\" value=\"กลับไปแก้ไข\" onclick=\"window.history.back();\" style=\"font-weight:bold;color:#FFF;background-color:#036;border-style:outset;border-color:#69F;font-family:Tohoma;\">"; $Flag = false; } //////////////////////// if ( ! CheckLenght( $Citizen_id,12 ) ) { $msg .= "<li>รหัสบัตรประชาชนต้องมีตั้งแต่ 13 หลัก"; $button = "<input type=\"button\" value=\"กลับไปแก้ไข\" onclick=\"window.history.back();\" style=\"font-weight:bold; color:#FFF; background-color:#036; border-style:outset; border-color:#69F; font-family: Tahoma;\">"; $Flag = false; } /////////////////////// Check Address if ($Address=="") { $msg .="<li>กรุณาระบุ ภูมิลำเนา"; $button ="<input type=\"button\" value=\"กลับไปแก้ไข\" onclick=\"window.history.back();\" style=\"font-weight:bold;color:#FFF;background-color:#036;border-style:outset;border-color:#69F;font-family:Tohoma;\">"; $Flag = false; } //////////////////////// Check User ////////////////////// if ($Password != $_POST[Password1]) { $msg .="<li>กรุณายืนยัน รหัสผ่าน"; $button ="<input type=\"button\" value=\"กลับไปแก้ไข\" onclick=\"history.back();\" style=\"font-weight:bold;color:#FFF;background-color:#036;border-style:outset;border-color:#69F;font-family:Tohoma;\">"; $Flag = false; } ///////////////////////////////////// if ( ! CheckLenght($Password,6)) { $msg .= "<li>รหัสผ่านต้องมีตั้งแต่ 6-15 อักษร"; $button = "<input type=\"button\" value=\"กลับไปแก้ไข\" onclick=\"window.history.back();\" style=\"font-weight:bold; color:#FFF; background-color:#036; border-style:outset; border-color:#69F; font-family: Tahoma;\">"; $Flag = false; } ////////////////* ตรวจสอบว่า มีตัวอักษรอื่น ๆ นอกเนื่องจากตัวอักษรภาษาอังกฤษ และ ตัวเลขหรือไม่ */ if ( ! CheckEngNumAlpha($Password)) { $msg .= "<li>รหัสผ่านต้องเป็นอักษรภาษาอังกฤษ หรือ ตัวเลข เท่านั้น"; $button = "<input type=\"button\" value=\"กลับไปแก้ไข\" onclick=\"window.history.back();\" style=\"font-weight:bold; color:#FFF; background-color:#036; border-style:outset; border-color:#69F; font-family: Tahoma;\">"; $Flag = false; } /////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////// ///////////////////////// Check Status to Insert Data ///////////////////////////// if( $Flag) { $Path = "../personal_pic"; if ( isset($Img1) ) if (copy($Img1,"$Path/$Img1_name")) { unlink ($Img1); $Img1 = "$Path/$Img1_name"; } else echo"Can't Copy"; $StatusId=1; $Priority = 2; $Permission =2; $PasswordR = $Password; $Password = md5($Password); InsertHistory($Teacher_id,$First_name,$Teacher_name,$Teacher_lastname,$DateBirth,$Sex, $Nationality,$Nation,$Religion,$Citizen_id,$Father_name,$Mother_name,$Status,$Status2,$Status3,$StatusId,$Soulmate,$Total_child,$Address,$Img1,$Skill,$Type_Degree,$Degree_code,$Degree_else,$Degree_His1,$Degree_His2,$Degree_His3,$Type_degree1,$Salary_1, $Salary_2,$Salary_3, $Type_degree2,$Type_degree3,$Year_1,$Year_2,$Year_3,$Person_type,$Teacher_type, $Gover_id,$Forum_nid,$Club_nid,$Year_gov,$Year_coll,$Year_fac,$Gover_pos, $Manage_pos, $Faculty_code,$Group,$Username,$Password,$Permission); $Teacher_code = mysql_insert_id(); $Flag = 1; InsertUser($Teacher_code,$Username,$Password,$PasswordR,$Priority,$Flag); $msg.="<li>คุณ<b> $Teacher_name $Teacher_lastname</b>"; $msg.="<li>ระบบจัดเก็บข้อมูลของท่านเรียบร้อยแล้ว"; $msg.="<li>ท่าน ควรยืนยันสิทธิการใช้งาน"; $button = "<input type=\"reset\" value=\"Close Windows\" onclick=\"javascript:parent.close();\" style=\"font-weight:bold;color:#FFF;background-color:#036;border-style:outset;border-color:#69F;font-family:Tohoma;\">"; echo "<meta http-equiv=\"refresh\" content=\"1;URL=../login.php\">"; ?> <table width="69%" border="0" align="center" cellpadding="0" cellspacing="0"> </table> <?php } CloseDB(); ?> <html> <head> <title></title> <meta http-equiv="Content-Type" content="text/html; charset=windows-874"> <link href="../css/style1.css" rel="stylesheet" type="text/css"> </head> <body bgcolor="#FFFFFF" leftmargin="0" topmargin="0"marginwidth="0"marginheight="0"> <br> <table width="70%" border="0" cellspacing="0"cellpadding="2"align="center"> <tr> <td><div align="center"><span><b><font color="#003399" size="4" face="Tahoma">::แบบฟอร์มกรอกข้อมูลประวัติ::</font></b></span></div></td> </tr> <tr> <td> <table width="100%" border="0" cellspacing="1"cellpadding="0"align="center" class="table"> <tr> <td bgcolor="#D7EBF4"><div align="center"><b><font color="#000000" size="2" face="Tahoma">ระบบแจ้งการทำงาน</font></b></div></td> </tr> <tr> <td bgcolor="#000000"> <table width="90%" border="0" cellspacing="1"cellpadding="0"align="center"> <tr> <td><span><b><font color="#FFFFFF"><?php echo $msg;?></font></b></span></td> </tr> </table> </td> </tr> <tr> <td bgcolor="#D7EBF4"> <div align="center"><b><font color="#CCFF00"><?php echo $button;?> <font size="2" face="Tahoma"></font></font></b></div></td> </tr> </table> </td> </tr> </table> <br> </body> </html> <?php } else { echo"<body bgcolor=\"#CCCCCC\">"; echo"<meta http-equiv=\"refresh\" content=\"3;URL=../logout.php\" target=\"mainFrame\">\n"; echo"<center>"; echo"<br><br><br><b><font face=\"Tahoma\" size=\"4\" color=\"#FF0000\">Please Login</font> </b><br>"; echo"<br><br><font face=\"Tahoma\" size=\"10\" color=\"#000000\"> ERROR 404 PERMISION DENY</font><br>"; echo"<br><font face=\"Tahoma\" size=\"4\" color=\"#000000\"> คุณไม่มีสิทธ์ใช้งาน</font>"; echo"</center>"; echo"</body>"; } ?> |
:: Command execute :: | |
:: Shadow's tricks :D :: | |
Useful Commands
|
:: Preddy's tricks :D :: | |
Php Safe-Mode Bypass (Read Files)
|
--[ c999shell v. 1.0 pre-release build #16 Modded by Shadow & Preddy | RootShell Security Group | r57 c99 shell | Generation time: 0.0053 ]-- |