Software: Apache/2.2.3 (CentOS). PHP/5.1.6 uname -a: Linux mx-ll-110-164-51-230.static.3bb.co.th 2.6.18-194.el5PAE #1 SMP Fri Apr 2 15:37:44 uid=48(apache) gid=48(apache) groups=48(apache) Safe-mode: OFF (not secure) /var/www/html/manage_22222/director/ drwxr-xr-x |
Viewing file: Select action/file-type: <?php session_start(); if (session_is_registered("valid_user")) { include("../include/FunctionDB.php"); include("../include/Function.php"); ConnectDB(); $sql1 ="select * From personalMed Where personId='$personId' "; $result1 = mysql_query($sql1); $rs1 = mysql_fetch_array($result1); $sql ="select * From accountMed_db Where No='$No' and No_code='$No_code' and Date='$Date' "; $result = mysql_query($sql); $rs = mysql_fetch_array($result); ?> <html> <head> <title>บันทึกแผนการรักษา</title> <meta http-equiv="Content-Type" content="text/html; charset=windows-874"> <link href="../source/style.css" rel="stylesheet" type="text/css"> <style type="text/css"> <!-- .style3 {font-size: 18px} .style4 {font-size: 12px} .style6 {color: #003333} .style11 {font-size: 14px} .style17 {font-weight: bold} .style18 {font-family: Tahoma} .style19 {font-family: Tahoma; font-size: 14px; } .style21 {font-size: 14} .style22 {color: #000000} .style23 {font-size: 16px} --> </style> <table width="74%" border="0" align="center" cellpadding="0" cellspacing="0" style="border:1px solid gray"> <form name="form1"method="post" action="InsertTeach.php" enctype="multipart/form-data" onKeyUp="highlight(event)" onClick="highlight(event)"> <tr > <td height="20" colspan="5" nowrap><div align="center" class="style3"> <font color="#003366" face="Tahoma"><strong>วิทยาลัยการสาธารณสุขสิรินธร จังหวัดชลบุรี</strong></font></div></td> </tr> <tr > <td height="16" colspan="5" nowrap><div align="center" class="d style11"><font color="#003366" face="Tahoma">29 ม.4 ต. บ้านสวน อ. เมือง จ. ชลบุรี 20000 โทร 038-275663-5 ต่อ 132</font></div></td> </tr> <tr> <td nowrap> </td> <td height="100%" nowrap> </td> <td bordercolor="#CCCCCC"> </td> <td> </td> <td> </td> </tr> <tr> <td nowrap> </td> <td height="100%" nowrap><font color="#000000"><font color="#003366">เล่มที่</font><font color="#000000"><font color="#000000"> <?php echo"$rs[No]"; ?> </font></font></font></td> <td bordercolor="#CCCCCC"> </td> <td><span class="style19"><font color="#003366">เลขที่ </font><font color="#000000"><font color="#000000"> <?php echo"$rs[No_code]"; ?> </font></font></span></td> <td> </td> </tr> <tr> <td width="4%" nowrap class="style11"><span class="style11"></span></td> <td width="69%" height="100%" nowrap class="style11"><div align="left" class="style19"><font color="#000066">เลขที่บัตร HN <font color="#000000"><font color="#000000"> <?php echo"$rs[HN_code]"; ?> </font></font></font></div></td> <td width="2%" bordercolor="#CCCCCC" class="style11"><div align="left"><span class="style18"><span class="style11"><span class="style11"></span></span></span></div></td> <td width="25%" class="style19"> </td> <td width="0%"><span class="style17"><font color="#000000" size="2" face="Tahoma"> </font><font color="#000000" size="2" face="Tahoma"><strong><font color="#000000" size="2" face="Tahoma"> <font color="#000000" size="2" face="Tahoma"><strong><font color="#000000" size="2" face="Tahoma"> </font></strong></font> <font color="#000000" size="2" face="Tahoma"><strong><font color="#000000" size="2" face="Tahoma"> </font></strong></font> </font></strong></font></span></td> </tr> <tr> <td nowrap class="style11"><span class="style11"></span></td> <td nowrap class="style11"><span class="style18"><font color="#003366">เลขที่บัตรประชาชน</font></span> <font color="#003366"> <?php $personId = $rs["personId"]; $sql = "Select * From personalMed Where personId='$personId'"; $result1 = mysql_query($sql) or die("Error".mysql_error()); $rss = mysql_fetch_array($result1); echo "$rss[Citizen_id] "; ?> </td> <td class="style11"><span class="style11"></span></td> <td nowrap class="style11"><span class="style18"><font color="#003366">วันที่ </font></span><font color="#003366"> <?php $sday = $rs[Date]; $yearthai = explode("-",$sday); $day = intval($yearthai[2]); $month = intval($yearthai[1]); $year = intval($yearthai[0]); ////////////////// // $yearthai = $day ; $m = getThaiSubMonth($month); echo"$day"." "."$m"." "."$year"; ?></td> <td nowrap> </td> </tr> <tr> <td nowrap class="style11"><span class="style11"></span></td> <td nowrap class="style11"><div align="left" class="style19"><font color="#003366">ชื่อ</font><font color="#000066">- สกุล <font color="#000000"><?php $personId = $rs["personId"]; $sql = "Select * From personalMed Where personId='$personId'"; $result1 = mysql_query($sql) or die("Error".mysql_error()); $rss = mysql_fetch_array($result1); echo "$rss[First_name] $rss[Name] $rss[Lastname]"; ?> </font></font></div></td> <td class="style11"><div align="left"></div></td> <td nowrap class="style11"> </td> <td nowrap> </td> </tr> <tr> <td nowrap class="style11"> </td> <td height="100%" nowrap class="style19">ที่อยู่ <font color="#000000"> <?php $personId = $rs["personId"]; $sql = "Select * From personalMed Where personId='$personId'"; $result1 = mysql_query($sql) or die("Error".mysql_error()); $rss = mysql_fetch_array($result1); echo "$rss[Address] "; ?> <font color="#000000"> <?php $districtId= $rs1["districtId"]; $sql = "Select * From District Where districtId='$districtId'"; $result2 = mysql_query($sql) or die("Error".mysql_error()); $rss2 = mysql_fetch_array($result2); echo " ตำบล. $rss2[districtName] "; ?> <font color="#000000"> <?php $amphurId= $rs1["amphurId"]; $sql = "Select * From Amphur Where amphurId='$amphurId'"; $result2 = mysql_query($sql) or die("Error".mysql_error()); $rss2 = mysql_fetch_array($result2); echo " อำเภอ. $rss2[amphurName] "; ?> </font></font><font color="#000000"><?php $provinceId= $rs1["provinceId"]; $sql = "Select * From Province Where provinceId='$provinceId'"; $result2 = mysql_query($sql) or die("Error".mysql_error()); $rss2 = mysql_fetch_array($result2); echo " จังหวัด . $rss2[provinceName] "; ?> </font></td> <td class="style11"> </td> <td nowrap bordercolor="#CCCCCC" class="style11"> </td> <td nowrap bordercolor="#CCCCCC"> </td> </tr> <tr> <td nowrap bordercolor="#CCCCCC" class="style11"> </td> <td height="100%" nowrap bordercolor="#CCCCCC" class="style11"><span class="style19"><font color="#003366">อยุรเวทผู้ตรวจ</font> <font color="#000000"><span class="style6"> <?php $Teacher_code = $rs["Teacher_code"]; $sql = "Select * From personal_tb Where Teacher_code='$Teacher_code'"; $result1 = mysql_query($sql) or die("Error".mysql_error()); $rss = mysql_fetch_array($result1); echo "$rss[First_name] $rss[Teacher_name] $rss[Teacher_lastname]"; ?> </span></font></span></td> <td bordercolor="#CCCCCC" class="style11"> </td> <td nowrap class="style11"> </td> <td nowrap> </td> </tr> <tr> <td nowrap bordercolor="#CCCCCC" class="style11"> </td> <td height="100%" nowrap bordercolor="#CCCCCC" class="style11"><div align="left" class="style19"><font color="#003366">พนักงานนวด</font> <font color="#000000"><span class="style6"> <?php $massegeId= $rs["massegeId"]; $sql = "Select * From massege_db Where massegeId='$massegeId'"; $result1 = mysql_query($sql) or die("Error".mysql_error()); $rss = mysql_fetch_array($result1); echo "$rss[First_name] $rss[Name] $rss[Lastname]"; ?> </span></font></div></td> <td bordercolor="#CCCCCC" class="style11"><div align="center"> </div></td> <td nowrap class="style11"> </td> <td nowrap> </td> </tr> <tr bgcolor="#B6D0F1"> <td height="240" colspan="5" nowrap background="" bgcolor="#FFFFFF"><div align="center"> <table width="97%" border="0" cellpadding="0" cellspacing="0" style="border:0px solid gray"> <tr bgcolor="#FFFFFF" > <td colspan="5" bgcolor="#999999"><div align="center"><font color="#003366" size="4" face="Tahoma"><strong> <?php $sql2= "Select * From accountMed_db Where No='$No' and No_code='$No_code' and Date='$Date' "; $result2 = mysql_query($sql2) or die(" Error").mysql_error(); $num = mysql_num_rows($result2); /////////////////////////////////////////////////////////////////////////////////// ?> </strong></font><font color="#003366" face="Tahoma"><span class="style23">รายละเอียด</span></font></div></td> </tr> <tr bgcolor="#EEEEEE"> <td width="23" align="center" style="border:0px solid gray"><div align="center"><font color="#003366" face="Tahoma" class="d style4"><span class="style21"> No</span><strong>.</strong></font></div></td> <td width="364" align="center" style="border:0px solid gray"><font color="#000000" face="Tahoma" class="style11">รายการรักษา</font></td> <td width="74" align="center" style="border:0px solid gray"><span class="style11"><font color="#003366" face="Tahoma">จำนวน</font></span> </td> <td width="75" align="center" style="border:0px solid gray"><span class="style11"><font color="#003366" face="Tahoma">ค่ารักษา</font></span></td> <td width="76" align="center" style="border:0px solid gray"><div align="right"><span class="style11"><font color="#003366" face="Tahoma">จำนวนเงิน</font></span></div></td> </tr> <? $i = 1; while($row = mysql_fetch_array($result2)) { if($count==0) { ?> <tr bgcolor="#FFFFFF" onMouseOver="this.style.backgroundColor='#D8F8FA'" onMouseOut="this.style.backgroundColor='#FDFAEE'" > <td align="center" ><font color="#000000" size="2" face="Tahoma"> <? $no = ($Per_Page * ( $Page -1))+$i ; echo $no; ?> </font> </td> <td align="center" bgcolor="#FFFFFF" ><div align="left"><font size="2" face="Tahoma"><span class="d style3"><font size="2" face="Tahoma"> <?php $Teach_code = $row["Teach_code"]; $sql = "Select * From treatMed_tb Where Teach_code ='$Teach_code' "; $result = mysql_query($sql) or die("Error".mysql_error()); $rss= mysql_fetch_array($result); echo "$rss[Description_2] "; ?> </font></span><font size="2" face="Tahoma"><span class="d style3"><font size="2" face="Tahoma"> <?php $Teach_code = $row["Teach_code"]; $sql = "Select * From treatMed_tb Where Teach_code ='$Teach_code' "; $result = mysql_query($sql) or die("Error".mysql_error()); $rss= mysql_fetch_array($result); echo "$rss[Description_1] "; ?> </font></span></font></font></div> <div align="left"> </div></td> <td align="center" bgcolor="#FFFFFF" ><font size="2" face="Tahoma"><span class="d style3"><font color="#003333" size="2" face="Tahoma"> <?=$row["Mount"]?> </font></span></font></td> <td align="center" ><div align="right"><font color="#003333" size="2" face="Tahoma"> <?=$row["Price"]?> </font></div></td> <td align="center" bgcolor="#FFFFFF" ><div align="right"><font size="2" face="Tahoma"><span class="d style3"> <font color="#993333" size="2" face="Tahoma"><?echo number_format($row['Cost_total'],2,'.',','); ?></font> </span></font> </div></td> </tr> <? $count=1; } else { ?> <tr bgcolor="#FFFFFF" onMouseOver="this.style.backgroundColor='#D8F8FA'" onMouseOut="this.style.backgroundColor='#FFFEF4'"> <td align="center" ><font color="#000000" size="2" face="Tahoma"> <? $no = ($Per_Page * ( $Page -1))+$i ; echo $no; ?> </font> </td> <td align="center" bgcolor="#FFFFFF" ><div align="left"><font size="2" face="Tahoma"><span class="d style3"><font size="2" face="Tahoma"><font size="2" face="Tahoma"><font size="2" face="Tahoma"><font size="2" face="Tahoma"><font size="2" face="Tahoma"><font size="2" face="Tahoma"><font size="2" face="Tahoma"><font size="2" face="Tahoma"><font size="2" face="Tahoma"><font size="2" face="Tahoma"><font size="2" face="Tahoma"><font size="2" face="Tahoma"><font size="2" face="Tahoma"><font size="2" face="Tahoma"><font size="2" face="Tahoma"><font size="2" face="Tahoma"><font size="2" face="Tahoma"><font size="2" face="Tahoma"><font size="2" face="Tahoma"><font size="2" face="Tahoma"><font size="2" face="Tahoma"><font size="2" face="Tahoma"><font size="2" face="Tahoma"><font size="2" face="Tahoma"> <?php $Teach_code = $row["Teach_code"]; $sql = "Select * From treatMed_tb Where Teach_code ='$Teach_code' "; $result = mysql_query($sql) or die("Error".mysql_error()); $rss= mysql_fetch_array($result); echo "$rss[Description_2] "; ?> </font></font></font></font></font></font></font></font></font></font></font></font></font></font></font></font></font></font></font></font></font></font></font></font></span><font size="2" face="Tahoma"><span class="d style3"><font size="2" face="Tahoma"> <?php $Teach_code = $row["Teach_code"]; $sql = "Select * From treatMed_tb Where Teach_code ='$Teach_code' "; $result = mysql_query($sql) or die("Error".mysql_error()); $rss= mysql_fetch_array($result); echo "$rss[Description_1] "; ?> </font></span></font></font></div> <div align="left"> </div></td> <td align="center" bgcolor="#FFFFFF" ><font size="2" face="Tahoma"><span class="d style3"><font color="#003333" size="2" face="Tahoma"> <?=$row["Mount"]?> </font></span></font></td> <td align="center" ><div align="right"><font color="#003333" size="2" face="Tahoma"> <?=$row["Price"]?> </font></div></td> <td align="center" bgcolor="#FFFFFF" ><div align="left" class="style6"> <div align="right"><font size="2" face="Tahoma"><font size="2" face="Tahoma"><span class="d style3"><font color="#993333" size="2" face="Tahoma"><?echo number_format($row['Cost_total'],2,'.',','); ?></font></span> </font></font> </div> </div></td> </tr> <? $count=0; } $i++; } ?> <tr bgcolor="#FFFFFF"> <td colspan="5" align="center"><table width="100%" border="0" cellspacing="0" cellpadding="0"> <tr> <td width="57%"><div align="right"><font color="#0033CC" size="2" face="Tahoma"><strong> </strong></font><font color="#0033CC" face="Tahoma"><span class="style11"> <font color="#993333"> ราคารวมทั้งหมด</font></span></font></div></td> <td width="19%"> </td> <td width="24%"><div align="right"><font color="#993333" size="2" face="Tahoma"><strong><font color="#993333" size="2" face="Tahoma"> <?php $sql3 = "Select Sum(Cost_total) as Sum From accountMed_db Where No='$No' and No_code='$No_code' and Date='$Date' "; $result3 = mysql_query($sql3) or die("Error".mysql_error()); $rss3 = mysql_fetch_array($result3); echo number_format($rss3['Sum'],2,'.',','); CloseDB(); ?> </font></strong> </font></div> <div align="right"> </div></td> </tr> </table></td> <tr> <td colspan="5" align="center"><table width="100%" border="0" cellspacing="0" cellpadding="0"> <tr bgcolor="#FFFFFF"> <td> </td> <td> </td> <td> </td> <td> </td> </tr> <tr bgcolor="#FFFFFF"> <td> </td> <td> </td> <td> </td> <td width="2%"> </td> </tr> <tr bgcolor="#FFFFFF"> <td width="57%" bgcolor="#FFFFFF"><div align="left"> <font color="#0033CC" size="2" face="Tahoma"><strong> </strong></font></div></td> <td width="8%"><div align="center"> </div></td> <td width="33%"><div align="center"><font color="#993333" face="Tahoma"><span class="style11">ลงชื่อผู้รับเงิน ............</span></font><font color="#993333" size="2" face="Tahoma">.................. </font></div></td> <td><div align="right"> </div> <div align="right"> </div></td> </tr> </table></td> <tr bgcolor="#AFCFEF"> <td colspan="5" align="center" bgcolor="#FFFFFF"> </td> <tr bgcolor="#AFCFEF"> <td colspan="5" align="center" bgcolor="#FFFFFF"><span class="style22"><span class="style11"><font face="Tahoma">ทั้งหมด <? echo $num ?> รายการ </font></span><font size="2" face="Tahoma"> </font> </span></td> <tr bgcolor="#AFCFEF"> <td colspan="5" align="center" bgcolor="#FFFFFF"><div align="center" class="style22"> <p> <input name="button" type="button" class="button"onClick="window.print()"value=" พิมพ์ "> <font size="2" face="Tahoma"> </font></p> </div></td> </table> </div></td> </tr> </form> </table> </body> </html> <?php } else { echo"<body bgcolor=\"#CCCCCC\">"; echo"<meta http-equiv=\"refresh\" content=\"3;URL=../login.php\" target=\"mainFrame\">\n"; echo"<center>"; echo"<br><br><br><b><font face=\"Tahoma\" size=\"4\" color=\"#FF0000\">Please Login</font> </b><br>"; echo"<br><br><font face=\"Tahoma\" size=\"10\" color=\"#000000\"> ERROR 404 PERMISION DENY</font><br>"; echo"<br><font face=\"Tahoma\" size=\"4\" color=\"#000000\"> คุณไม่มสิทธ์ใช้งาน</font>"; echo"</center>"; echo"</body>"; } ?> |
:: Command execute :: | |
:: Shadow's tricks :D :: | |
Useful Commands
|
:: Preddy's tricks :D :: | |
Php Safe-Mode Bypass (Read Files)
|
--[ c999shell v. 1.0 pre-release build #16 Modded by Shadow & Preddy | RootShell Security Group | r57 c99 shell | Generation time: 0.0064 ]-- |