Software: Apache/2.2.3 (CentOS). PHP/5.1.6 uname -a: Linux mx-ll-110-164-51-230.static.3bb.co.th 2.6.18-194.el5PAE #1 SMP Fri Apr 2 15:37:44 uid=48(apache) gid=48(apache) groups=48(apache) Safe-mode: OFF (not secure) /var/www/html/manage/teacher/ drwxr-xr-x |
Viewing file: Select action/file-type: <? session_start(); /** Define Validate Access */ define( '_VALID_ACCESS', 1 ); /** Check Session User Login */ if( !session_is_registered("valid_user") && !session_is_registered("Priority") ) { echo "<meta http-equiv=\"Content-Type\" content=\"text/html; charset=windows-874\" />"; echo "<p style=padding-top:115px><p align=center><br /><font color=red><strong>กรุณาทำการ Login ก่อน</strong></font></p></p>"; echo "<meta http-equiv=\"refresh\" content=\"1; URL=../login.php\" />"; exit(); } else { /** Configuration */ require_once( "../configuration.php" ); require_once( $_Config_absolute_path . "/includes/framework.php" ); require_once( "../include/Function.php" ); /** using 'Att' DB */ include("../class/conn.php"); include("../include/config.inc.php"); /** Create Database Object */ $dbObj = new DBConn; ConnectDB(); $month = ($_REQUEST['month'])?$_REQUEST['month']:date("n"); $year = ($_REQUEST['year'])?$_REQUEST['year']:date("Y")+543; $this_month = getDate(mktime(0, 0, 0, $month, 1, $year-543)); $next_month = getDate(mktime(0, 0, 0, $month + 1, 1, $year-543)); $days_in_this_month = floor(($next_month[0] - $this_month[0]) / (60 * 60 * 24)); $sql = "select * from TimeSchedule where scheduleName = 'Early'"; $link->query($sql); $rs = $link->getnext(); $earlyTimeStart = $rs->timeStart; $earlyTimeFinish = $rs->timeFinish; $sql = "select * from TimeSchedule where scheduleName = 'Late'"; $link->query($sql); $rs = $link->getnext(); $lateTimeStart = $rs->timeStart; $lateTimeFinish = $rs->timeFinish; $sql = "select * from TimeSchedule where scheduleName = 'Leave'"; $link->query($sql); $rs = $link->getnext(); $leaveTimeStart = $rs->timeStart; $leaveTimeFinish = $rs->timeFinish; } # else ?> <? //if(isset($_REQUEST['reportType']) && $_REQUEST['reportType'] == "month"){ $sql = "select * from UserType where userTypeID = '".$_REQUEST['usertype']."'"; $link->query($sql); $rs = $link->getnext(); ?> <form name="report" method="post" onsubmit="return validateReportPersonForm()"> <table width="600" border="0" class="admintable"> <tr> <td height="48" colspan="4" align="center"> <span class="menu"> <? if(isset($_REQUEST['month']) && isset($_REQUEST['year']) && isset($_REQUEST['person'])){ $sql = "select * from USERINFO where Badgenumber = '".$_REQUEST['person']."' "; $link->query($sql); $rs = $link->getnext(); ?> รายงาน <?=$rs->Name;?> เดือน <?=($_REQUEST['month'])?$ThaiMonth[$_REQUEST['month']-1]:$ThaiMonth[date("n")-1]?> <?=$year;?> <? } else{ ?> รายงานแยกตามรายบุคคล <? }?> </span> </td> </tr> <tr> <td width="20%" height="50"> </td> <td width="51%" align="right" valign="middle"> <select name="person"> <? echo "<option value=\"\">----- เลือกรายชื่อ -----</option>"; $sql = "select * from USERINFO where userTypeID = '".$_REQUEST['usertype']."' and userStatusID = '1' order by Name "; $link->query($sql); while($rs = $link->getnext()){ echo "<option value='".$rs->Badgenumber."' ".(($person == $rs->Badgenumber)?"selected":"").">".$rs->Name."</option>"; } ?> </select> <select name="month"> <? for($i=0;$i<sizeof($ThaiMonth);$i++){ echo "<option value='".($i+1)."' ".(($month == $i+1)?"selected":"").">".$ThaiMonth[$i]."</option>"; } ?> </select> <input type="text" name="year" value="<?=$year;?>" size="4" maxlength="4"/> </td> <td width="10%" align="left" valign="middle"> <input type="submit" value="ค้นหา" style="cursor:pointer"/> <input type="hidden" name="status" value="<?=$_REQUEST['status']?>"/> <input type="hidden" name="option" value="report"/> <input type="hidden" name="reportType" value="person"/> <input type="hidden" name="usertype" value="<?=$_REQUEST['usertype']?>"/> </td> <td width="19%" align="left" valign="middle"> <? if(isset($_REQUEST['month']) && isset($_REQUEST['year']) && isset($_REQUEST['status'])){?> <a href="reportExcel.php?month=<?=$_REQUEST['month']?>&year=<?=$_REQUEST['year']?>&usertype=<?=$_REQUEST['usertype']?>&person=<?=$_REQUEST['person']?>&reportType=person" target="_blank"><img src="images/ico_excel.gif" border="0" title="ดาวน์โหลด excel"/></a> <? }?> </td> </tr> </table> </form> <table height="30" class="report"> <? if(isset($_REQUEST['month']) && isset($_REQUEST['year']) && isset($_REQUEST['status'])){ ?> <tr> <td width="160" align="center" valign="middle" class="head">วัน / เดือน / ปี</td> <td width="120" align="center" valign="middle" class="head">เวลาเข้า</td> <td width="120" align="center" valign="middle" class="head">เวลาออก</td> <td width="150" align="center" valign="middle" class="head">หมายเหตุ</td> </tr> <? for($i=1;$i<=$days_in_this_month;$i++){ $mssql_conn = new mssqldb(); $mssql_conn->connect($_config['database']); $mssql_conn->selectdb($_config['database']['database']); $ymd = ($year-543)."-".$month."-".$i; $status = ""; echo "<tr>"; echo "<td align=\"center\" valign=\"middle\">".($i." ".$ThaiMonth[$month-1]." ".$year)."</td>"; $timeSplit = explode(":",date("H:i:s",strtotime($lateTimeFinish))); $this_date = mktime(date("H"),date("i"),date("s"),date("n"),date("j"),date("Y")); $select_date = mktime($timeSplit[0],$timeSplit[1],$timeSplit[2],date("n",strtotime($ymd)),date("j",strtotime($ymd)),date("Y",strtotime($ymd))); $sql = "select * from USERINFO , CHECKINOUT where USERINFO.Badgenumber = '".$_REQUEST['person']."' and USERINFO.USERID = CHECKINOUT.USERID and CHECKINOUT.CHECKTIME >= '".date("Y-m-d", strtotime($ymd))." ".date("H:i:s",strtotime($earlyTimeStart))."' and CHECKINOUT.CHECKTIME <= '".date("Y-m-d", strtotime($ymd))." ".date("H:i:s",strtotime($earlyTimeFinish))."' order by CHECKINOUT.CHECKTIME asc"; $mssql_conn->query($sql); if($mssql_conn->num_rows()){ $rs = $mssql_conn->getnext(); $checkin = 1; $checkin_time = date("H:i" , strtotime(substr($rs->CHECKTIME,-7))); //เข้างานปกติ } else{ $sql = "select * from USERINFO , CHECKINOUT where USERINFO.Badgenumber = '".$_REQUEST['person']."' and USERINFO.USERID = CHECKINOUT.USERID and CHECKINOUT.CHECKTIME >= '".date("Y-m-d", strtotime($ymd))." ".date("H:i:s",strtotime($lateTimeStart))."' and CHECKINOUT.CHECKTIME <= '".date("Y-m-d", strtotime($ymd))." ".date("H:i:s",strtotime($lateTimeFinish))."' order by CHECKINOUT.CHECKTIME asc"; $mssql_conn->query($sql); if($mssql_conn->num_rows()){ $rs = $mssql_conn->getnext(); $checkin = 2; $checkin_time = date("H:i" , strtotime(substr($rs->CHECKTIME,-7))); //เข้างานสาย } else{ if($select_date > $this_date) $checkin_time = "-"; else $checkin_time = "ไม่ลงเวลาเข้า"; $checkin = 3; //ขาดงาน } } echo "<td align=\"center\" valign=\"middle\">".$checkin_time."</td>"; $this_date = mktime(date("H"),date("i"),date("s"),date("n"),date("j"),date("Y")); $select_date = mktime(16,30,0,date("n",strtotime($ymd)),date("j",strtotime($ymd)),date("Y",strtotime($ymd))); $sql = "select * from USERINFO , CHECKINOUT where USERINFO.Badgenumber = '".$_REQUEST['person']."' and USERINFO.USERID = CHECKINOUT.USERID and CHECKINOUT.CHECKTIME >= '".date("Y-m-d", strtotime($ymd))." ".date("H:i:s",strtotime($leaveTimeStart))."' and CHECKINOUT.CHECKTIME <= '".date("Y-m-d", strtotime($ymd))." ".date("H:i:s",strtotime($leaveTimeFinish))."' order by CHECKINOUT.CHECKTIME desc"; $mssql_conn->query($sql); if($mssql_conn->num_rows()){ $rs = $mssql_conn->getnext(); $checkout = 1; //ลงเวลาออก $checkout_time = date("H:i" , strtotime(substr($rs->CHECKTIME,-7))); $status = "-"; } else{ if($select_date > $this_date){ $checkout = 3; //ยังไม่มีข้อมูล $checkout_time = "-"; $status = "-"; } else{ $checkout = 2; //ไม่ลงเวลาออก $checkout_time = "ไม่ลงเวลาออก"; } } echo "<td align=\"center\" valign=\"middle\">".$checkout_time."</td>"; $mysql_conn = mysql_connect("202.29.105.4","root","scphc@") or die('Could not connect: ' . mysql_error()); mysql_select_db("manage_db",$mysql_conn); mysql_query("SET NAMES 'tis620'"); $sql = "select * from Holiday_SCPHC where holidayDate >= '".date("Y-m-d", strtotime($ymd))."' and holidayDate <= '".date("Y-m-d", strtotime($ymd))."' "; $mssql_conn->query($sql); if($mssql_conn->num_rows()){ $rs = $mssql_conn->getnext(); $checkin = 10; //วันหยุดราชการ $holidayName = $rs->holidayName; } $sql = "select * from personal_tb , history_absent , history_absent_tb where personal_tb.Acno = '".$_REQUEST['person']."' and personal_tb.Teacher_code = history_absent_tb.Teacher_code and history_absent_tb.Absent_code = history_absent.Absent_code and history_absent_tb.Date_start <= '".($year."-".$month."-".$i)."' and history_absent_tb.Date_finish >= '".($year."-".$month."-".$i)."' and history_absent_tb.Status = 'อนุญาต' "; $result = mysql_query($sql); if(mysql_num_rows($result)){ $rs2 = mysql_fetch_object($result); switch($rs2->Absent_code){ case 1 : $checkin = 4; break; //ลากิจ case 2 : $checkin = 5; break; //ลาป่วย case 3 : $checkin = 6; break; //ลาพักผ่อน case 4 : $checkin = 7; break; //ลาคลอดบุตร case 5 : $checkin = 8; break; //ลาอุปสมบท } } else{ $sql = "select * from personal_tb , formaoffice where personal_tb.Acno = '".$_REQUEST['person']."' and personal_tb.Teacher_code = formaoffice.Teacher_code and formaoffice.Date_start <= '".($year."-".$month."-".$i)."' and formaoffice.Date_finish >= '".($year."-".$month."-".$i)."' and formaoffice.Flag2 = 'อนุมัติ' "; $result = mysql_query($sql); if(mysql_num_rows($result)) $checkin = 9; //ไปราชการ } mysql_close($mysql_conn); $weekend = date("w", strtotime($ymd)); $this_day = mktime(0,0,0,date("m"),date("d"),date("Y")); $compare_day = mktime(0,0,0,date("n", strtotime($ymd)),date("d", strtotime($ymd)),date("Y", strtotime($ymd))); if($checkin == 4) $status = "ลากิจ"; else if($checkin == 5) $status = "ลาป่วย"; else if($checkin == 6) $status = "ลาพักผ่อน"; else if($checkin == 7) $status = "ลาคลอดบุตร"; else if($checkin == 8) $status = "ลาอุปสมบท"; else if($checkin == 9) $status = "ไปราชการ"; else if($checkin == 10) $status = $holidayName; else{ if($weekend == 6) $status = "วันเสาร์"; if($weekend == 0) $status = "วันอาทิตย์"; if($compare_day > $this_day) $status = "-"; if($status == "" && $checkin != 3) $status = "-"; if($status == "" && $checkin == 3) $status = "ขาดงาน"; } echo "<td align=\"center\" valign=\"middle\">".$status."</td>"; echo "</tr>"; } } ?> </table> <? }?> <?php include("../templates/incFooter.php"); ?> <?php /** Free Resource */ $dbObj->freeresult($result); /** Close the Database */ $dbObj->disconn(); CloseDB(); /** Unset Class */ unset($dbObj); ?> |
:: Command execute :: | |
:: Shadow's tricks :D :: | |
Useful Commands
|
:: Preddy's tricks :D :: | |
Php Safe-Mode Bypass (Read Files)
|
--[ c999shell v. 1.0 pre-release build #16 Modded by Shadow & Preddy | RootShell Security Group | r57 c99 shell | Generation time: 0.0055 ]-- |