Software: Apache/2.2.3 (CentOS). PHP/5.1.6 uname -a: Linux mx-ll-110-164-51-230.static.3bb.co.th 2.6.18-194.el5PAE #1 SMP Fri Apr 2 15:37:44 uid=48(apache) gid=48(apache) groups=48(apache) Safe-mode: OFF (not secure) /var/www/html/manage/teacher/ drwxr-xr-x |
Viewing file: AddDetailMoney.php (13.44 KB) -rw-r--r-- Select action/file-type: (+) | (+) | (+) | Code (+) | Session (+) | (+) | SDB (+) | (+) | (+) | (+) | (+) | (+) | <?php session_start(); /** Define Validate Access */ define( '_VALID_ACCESS', 1 ); /** Check Session User Login */ if( !session_is_registered("valid_user") && !session_is_registered("Priority") ) { echo "<meta http-equiv=\"Content-Type\" content=\"text/html; charset=windows-874\" />"; echo "<p style=padding-top:115px><p align=center><br /><font color=red><strong>กรุณาทำการ Login ก่อน</strong></font></p></p>"; echo "<meta http-equiv=\"refresh\" content=\"1; URL=../login.php\" />"; exit(); } else { /** Configuration */ require_once( "../configuration.php" ); require_once( $_Config_absolute_path . "/includes/framework.php" ); require_once( "../include/Function.php" ); require_once("../link/function.php"); /** Create Database Object */ $dbObj = new DBConn; function getShortMonthTh($mm) { if($mm=='01') { $mm='ม.ค.'; } else if($mm=='02') { $mm='ก.พ.'; } else if($mm=='03') { $mm='มี.ค.'; } else if($mm=='04') { $mm='เม.ย.'; } else if($mm=='05') { $mm='พ.ค.';} else if($mm=='06') { $mm='มิ.ย.'; } else if($mm=='07') { $mm='ก.ค.'; } else if($mm=='08') { $mm='ส.ค.'; } else if($mm=='09') { $mm='ก.ย.'; } else if($mm=='10') { $mm='ต.ค.';} else if($mm=='11') { $mm='พ.ย.';} else if($mm=='12') { $mm='ธ.ค.'; } return "$mm"; } /** Config Table for This Page */ $myTable = "personal_tb"; $myTable1 = "budget_year_tb"; $myTable2 ="durable_type_tb"; $Username = $valid_user; /*----- personal_tb--------*/ $query = "SELECT *, prefixName as First_name FROM personal_tb LEFT JOIN prefix ON personal_tb.First_name = prefix.prefixId LEFT JOIN position_tb ON personal_tb.PositionId = position_tb.PositionId LEFT JOIN faculty_tb ON personal_tb.Faculty_code = faculty_tb.Faculty_code LEFT JOIN formagree ON formagree.Teacher_code = personal_tb.Teacher_code WHERE personal_tb.Teacher_code = '".$_REQUEST["Teacher_code"]." ' "; $result = $dbObj->execQuery($query); $rss = $dbObj->fetchArray($result); $query = "SELECT *, prefixName as First_name FROM personal_tb LEFT JOIN prefix ON personal_tb.First_name = prefix.prefixId LEFT JOIN position_tb ON personal_tb.PositionId = position_tb.PositionId LEFT JOIN faculty_tb ON personal_tb.Faculty_code = faculty_tb.Faculty_code LEFT JOIN training_tb ON personal_tb.Teacher_code = training_tb.Teacher_code LEFT JOIN formaoffice ON training_tb.Teacher_code = formaoffice.Teacher_code LEFT JOIN formofficemoney ON formaoffice.codeId = formofficemoney.codeId WHERE formofficemoney.Teacher_code = '".$_REQUEST["Teacher_code"]." ' AND formofficemoney.monId = '".$_REQUEST["monId"]." ' AND formofficemoney.Training_code = '".$_REQUEST["Training_code"]." ' "; $result5 = $dbObj->execQuery($query); $rs = $dbObj->fetchArray($result5); $query6 = "SELECT * FROM formaoffice WHERE Teacher_code = '$Teacher_code' AND codeId = '$codeId' AND Training_code = '$Training_code' "; $result6 = $dbObj->execQuery($query6); $rs6 = $dbObj->fetchArray($result6); $query = " SELECT * FROM $myTable WHERE Username='$Username' "; $result = $dbObj->execQuery($query); $rs1 = $dbObj->fetchObject($result); $query1 = " SELECT * FROM $myTable1 "; $result1 = $dbObj->execQuery($query1); $rss1 = $dbObj->fetchObject($result1); /*----------*/ //*** Delete Condition ***// if($_GET["Action"] == "Del") { $strSQL = "DELETE FROM form_money "; $strSQL .="WHERE F_monId = '".$_GET["F_monId"]."' "; $objQuery = mysql_query($strSQL); echo "<script type='text/javascript'>alert('ลบข้อมูลเรียบร้อย');history.back();</script>"; if(!$objQuery) { echo "Error Delete [".mysql_error()."]"; } } } # else ?> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=windows-874" /> <title><?=$_Config_sitename;?></title> <link href="../css/default.css" rel="stylesheet" type="text/css" /> <script language="javascript" src="../js/utilities.js"></script> <script language="javascript" src="../js/ajaxScript.js"></script> <script type="text/javascript" src="../js/calendarDateInput2.js"></script> <script language="javascript"> function checkData() { var formObj = document.pc; if( (formObj.Training_name.value == "" ) && (formObj.Training_name.value == "" ) ) { alert("กรุณากรอกข้อมูลให้ครบด้วยค่ะ" ); formObj.SMDay.style.backgroundColor='#F1F9FC'; formObj.STDay.focus(); return false; } if(formObj.Training_name.value == "" ) { alert("กรุณากรอกโครงการ "); formObj.Training_name.style.backgroundColor='#F1F9FC'; formObj.Training_name.focus(); return false;} if(formObj.agreeName.value == "" ) { alert("กรุณากรอก "); formObj.agreeName.style.backgroundColor='#F1F9FC'; formObj.agreeName.focus(); return false;} if(formObj.Budget_agree.value == "" ) { alert("กรุณากรอก "); formObj.Budget_agree.style.backgroundColor='#F1F9FC'; formObj.Budget_agree.focus(); return false;} else return true ; } </script> </head> <body topmargin="0" rightmargin="0" bottommargin="0" leftmargin="0"> <?php include("../templates/incHeader.php"); ?> <table width="1001" border="0" cellspacing="0" cellpadding="0"> <tr> <td width="198" align="left" valign="top" style="padding:10px 0px 0px 5px"><?php include("./_incMainMenu.php");?></td> <td width="803" height="440" align="left" valign="top" style="padding:10px 0px 5px 10px"><fieldset> <legend><font color="<?php echo $GLOBALS["COLOR_FONT_3"]; ?>"><a href="menu_From.php?Teacher_code=<? echo $rss[Teacher_code] ?>">หน้าหลัก</a></font><font size="2" color="<?php echo $GLOBALS["COLOR_FONT_3"]; ?>"><img src="../picture/ico3.gif" width="10" height="10" border="0" align="absmiddle" /><a href="Menu_Form.php?Teacher_code=<?=$Teacher_code;?>">แบบฟอร์มราชการ</a></font><font color="<?php echo $GLOBALS["COLOR_FONT_3"]; ?>"></span></font><font color="<?php echo $GLOBALS["COLOR_FONT_3"]; ?>"><img src="../picture/ico3.gif" width="10" height="10" border="0" align="absmiddle" /></font><font size="2" color="<?php echo $GLOBALS["COLOR_FONT_3"]; ?>"><a href="RepMoneyAList.php?Flag=<?=$rs1->Teacher_code;?>&Budget_year=<?=$rss1->Budget_year;?>">รายการขอเดินทางไปราชการ</a></font><font color="<?php echo $GLOBALS["COLOR_FONT_3"]; ?>"><img src="../picture/ico3.gif" width="10" height="10" border="0" align="absmiddle" /></font><font size="2" color="<?php echo $GLOBALS["COLOR_FONT_3"]; ?>"><span class="NOTE">ใบรับรองแทนใบเสร็จรับเงิน</span></font></legend> <table width="791" border="0" cellspacing="0" cellpadding="0"> <form id="pc" name="pc" method="post" action="InsertDetailMoney.php?monId=<?=$monId;?>&Teacher_code=<?=$Teacher_code;?>&Training_code=<?=$Training_code;?>" onSubmit="return checkData();"> <tr> <td colspan="5"> </td> </tr> <tr> <td colspan="5"> </td> </tr> <tr> <td colspan="5" align="center"><table width="788" border="0" cellpadding="0" cellspacing="3"> <tr height="31"> <td height="20" colspan="3" align="right" > แบบ บก. 111 </td> </tr> <tr height="29"> <td height="16" colspan="3" align="center" l><strong><span class="NOTE">ใบรับรองแทนใบเสร็จรับเงิน</span></strong></td> </tr> <tr height="29"> <td height="16" colspan="3" l> </td> </tr> <tr height="29"> <td width="608" height="29" align="right">วันที่ไป </td> <td width="166"><script>DateInput('mDate', true, 'DD/MM/YYYY','<?=(isset($rss["Date_finish"]))?ymdT2dmyE($rss["Date_finish"]):date("d/m/Y");?>');</script></td> <td width="2"></td> </tr> <tr height="29"> <td height="16" colspan="3"> </td> </tr> <tr height="29"> <td height="29" colspan="3" > ข้าพเจ้า <input name="Name6" type="text" id="Name6" style="BORDER-RIGHT: 0px; BORDER-TOP: 0px; BORDER-LEFT: 0px; BORDER-BOTTOM: black 1px dashed ; text-align:center" size="30" value="<? echo $rss[First_name];?> <? echo $rss[Teacher_name]?> <? echo $rss[Teacher_lastname]?>" readonly="readonly"/> ตำแหน่ง <input name="Name7" type="text" id="Name7" style="BORDER-RIGHT: 0px; BORDER-TOP: 0px; BORDER-LEFT: 0px; BORDER-BOTTOM: black 1px dashed ; text-align:center" size="30" value="<?=$rss["Position_name"];?>" readonly="readonly"/> มีความประสงค์ขอยืมเงิน </td> </tr> <tr height="29"> <td height="29" colspan="3" align="left">เพื่อเป็นค่าใช้จ่ายในการเดินทางไปราชการ เรื่อง <input name="Training_name" type="text" id="Training_name" style="BORDER-RIGHT: 0px; BORDER-TOP: 0px; BORDER-LEFT: 0px; BORDER-BOTTOM: black 1px dashed" value="<?= $rs6['Training_name'];?>" size="80" /></td> </tr> <tr height="29"> <td height="35" colspan="3" align="left"><table width="780" id="addPerson"> <tr> <td width="42">รายการ </td> <td width="488"><input name="F_detail" type="text" id="F_detail" style="BORDER-RIGHT: 0px; BORDER-TOP: 0px; BORDER-LEFT: 0px; BORDER-BOTTOM: black 1px dashed" value="" size="80" /></td> <td width="234">จำนวนเงิน <input name="F_money" type="text" id="F_money" style="BORDER-RIGHT: 0px; BORDER-TOP: 0px; BORDER-LEFT: 0px; BORDER-BOTTOM: black 1px dashed" onkeypress="return checkNumeric();" value="" size="16" /> บาท</td> </tr> </table></td> </tr> <tr height="29"> <td height="29" colspan="3" align="left">หมายเหตุ <input name="F_note" type="text" id="F_note" style="BORDER-RIGHT: 0px; BORDER-TOP: 0px; BORDER-LEFT: 0px; BORDER-BOTTOM: black 1px dashed" value="" size="115" /></td> </tr> <tr height="29"> <td height="29" colspan="3" align="left"> </td> </tr> </table> <input type="submit" name="Submit" value="บันทึก" class="WIDTH60 CURSOR-HAND" /> <input name="Reset" type="reset" class="WIDTH60 CURSOR-HAND" id="Reset" value="รีเซ็ต" /> <input name="Button" type="button" id="Reset" value="ยกเลิก" class="CURSOR-HAND WIDTH60" onclick="location.href='FormDurableList.php?Teacher_code=<?=$Teacher_code;?>&monId=<?=$monId;?>&Training_code=<?=$Training_code;?>'" /> <input name="codeId" type="hidden" id="codeId" value="<?=$codeId;?>" /> <input name="Teacher_code" type="hidden" id="Teacher_code" value="<?=$Teacher_code;?>" /> <input name="Training_code" type="hidden" id="Training_code" value="<?=$Training_code;?>"/></td> </tr> <tr> <td colspan="5"> </td> </tr> <? $sql12 = " SELECT * FROM form_money , formaoffice WHERE form_money.Teacher_code=formaoffice.Teacher_code AND form_money.Teacher_code='$Teacher_code' AND formaoffice.Training_code='$Training_code' AND form_money.codeId='$codeId' ORDER BY F_date "; $query12 = mysql_query($sql12); $num_rows = mysql_num_rows($query12); if($num_rows){ ?> <tr> <td colspan="5"><table width="790" border="0"cellpadding="0" cellspacing="0" class="BORDER-GREY"> <tr bgcolor="#FFCCFF" valign="middle"> <td width="98" height="24"><div align="center"><strong>วันที่</strong></div></td> <td width="343" class="BORDER-LEFT"><div align="center"><strong>รายการ</strong></div></td> <td width="107" class="BORDER-LEFT"><div align="center"><strong>จำนวนเงิน (บาท) </strong></div></td> <td width="214" class="BORDER-LEFT"><div align="center"><strong>หมายเหตุ</strong></div></td> <td width="28" class="BORDER-LEFT"><div align="center"><strong>ลบ</strong></div></td> </tr> <? while($rs12 = mysql_fetch_array($query12)) { ?> <tr> <td height="24" class="PADDING-LEFT-5 BORDER-TOP"><div align="center"> <? $sday = $rs12['F_date']; $yearthai = explode("-",$sday); $day = intval($yearthai[2]); $month = getShortMonthTh(intval($yearthai[1])); $year = intval($yearthai[0]); echo $day." ".$month." ".$year; ?> </div></td> <td class="PADDING-LEFT-5 BORDER-TOP BORDER-LEFT"><div align="left"><?=$rs12['F_detail']; ?></div></td> <td class="PADDING-LEFT-5 BORDER-TOP BORDER-LEFT"><div align="right"><?=number_format($rs12['F_money'],'2','.',','); ?></div></td> <td class="PADDING-LEFT-5 BORDER-TOP BORDER-LEFT"><div align="left"><?=$rs12['F_note']; ?></div></td> <td class="PADDING-LEFT-5 BORDER-TOP BORDER-LEFT"><div align="center"> <a href="JavaScript:if(confirm('ต้องการลบข้อมูล ?')==true){window.location='<?=$_SERVER["PHP_SELF"];?>?Action=Del&F_monId=<?=$rs12["F_monId"];?>';}"><img src="../picture/delete.png" alt=" ลบข้อมูล" width="16" height="16" border="0" style="vertical-align:middle"/></a> </div></td> </tr> <? } } ?> </table></td> </tr> </form> </table> </fieldset></td> </tr> </table> <?php include("../templates/incFooter.php"); ?> </body> </html> <?php /** Free Resource */ $dbObj->freeresult($result); /** Close the Database */ $dbObj->disconn(); /** Unset Class */ unset($dbObj); ?> |
:: Command execute :: | |
:: Shadow's tricks :D :: | |
Useful Commands
|
:: Preddy's tricks :D :: | |
Php Safe-Mode Bypass (Read Files)
|
--[ c999shell v. 1.0 pre-release build #16 Modded by Shadow & Preddy | RootShell Security Group | r57 c99 shell | Generation time: 0.0064 ]-- |