Software: Apache/2.2.3 (CentOS). PHP/5.1.6 uname -a: Linux mx-ll-110-164-51-230.static.3bb.co.th 2.6.18-194.el5PAE #1 SMP Fri Apr 2 15:37:44 uid=48(apache) gid=48(apache) groups=48(apache) Safe-mode: OFF (not secure) /var/www/html/manage_22222/teacher/ drwxr-xr-x |
Viewing file: post.php (8 KB) -rw-r--r-- Select action/file-type: (+) | (+) | (+) | Code (+) | Session (+) | (+) | SDB (+) | (+) | (+) | (+) | (+) | (+) | <? include("../include/FunctionDB.php"); include("../config.inc.php"); include("../function.php"); ConnectDB(); ?> <html> <head> <title><?echo $title?></title> <meta http-equiv="Content-Type" content="text/html; charset=Windows-874"> <link href="../style.css" rel="stylesheet" type="text/css"> </head> <body background="pic/bg2.gif"> <? if(getenv(HTTP_X_FORWARDED_FOR)) { $IP = getenv(HTTP_X_FORWARDED_FOR); } else { $IP = getenv("REMOTE_ADDR"); } $Member = 0; // ป้องกันการแทรก html กับ ละเครื่องหมาย ' " $QTitle = htmlspecialchars($QTitle); $QNote = htmlspecialchars($QNote); $QName = htmlspecialchars($QName); $QEmail = htmlspecialchars($QEmail); // ป้องกันคำหยาบ $word = array("ashole","a s h o l e","a.s.h.o.l.e","bitch","b i t c h","b.i.t.c.h","shit","s h i t","s.h.i.t","fuck","dick","f u c k","d i c k","f.u.c.k","d.i.c.k","มึง","มึ ง","กู","ควย","ค ว ย","ค.ว.ย","ปี้","เหี้ย","เฮี้ย","ชาติหมา","ชาดหมา","ช า ด ห ม า","ช.า.ด.ห.ม.า","ช า ติ ห ม า","ช.า.ติ.ห.ม.า","ไอ้","สัดหมา","สัด","เย็ด","หี"); $ban = "<font color=red>***</font>"; for ($i=0 ; $i<sizeof($word) ; $i++) { $QTitle = eregi_replace($word[$i],$ban,$QTitle); $QNote = eregi_replace($word[$i],$ban,$QNote); $QName = eregi_replace($word[$i],$ban,$QName); $QEmail = eregi_replace($word[$i],$ban,$QEmail); } // ตรวจสอบการแทรกรูปภาพ $txt = array(":smile:", ":sad:",":red:", ":big:", ":ent:", ":shy:", ":sleepy:", ":sun:", ":sg:", ":embarass:", ":dead:", ":cool:", ":clown:", ":pukey:", ":eek:", ":roll:", ":smoke:", ":angry:", ":confused:", ":cry:", ":lol:", ":yawn:", ":devil:", ":tongue:", ":alien:", ":tasty:", ":crazy:",":h:",":true:",":false:"); $pic = array("smile.gif","frown.gif","redface.gif","biggrin.gif","blue.gif","shy.gif","sleepy.gif","sunglasses.gif","supergrin.gif","embarass.gif","dead.gif","cool.gif","clown.gif","pukey.gif","eek.gif","sarcblink.gif","smokin.gif","reallymad.gif","confused.gif","crying.gif","lol.gif","yawn.gif","devil.gif","tongue.gif","aysmile.gif","tasty.gif","grazy.gif","h.gif" ,"true.gif","false.gif"); for ($a=0 ; $a<sizeof($txt) ; $a++) { $QNote = eregi_replace($txt[$a],"<img src=\"pic/$pic[$a]\">",$QNote); } // ตรวจสอบว่า มีการป้อน url หรือ email มาหรือไม่ ถ้ามีให้ทำ link //$QNote = stripslashes(htmlspecialchars($QNote)); //$QNote = eregi_replace ( "<" , "<" , $QNote ) ; //$QNote = eregi_replace ( ">" , ">" , $QNote ) ; //$QNote = eregi_replace ( "\n", "<br>" , $QNote ) ; //สำหรับเปลี่ยนอักขระที่กำหนด ให้เป็นแทก html ต่างๆ $QNote = eregi_replace ( "\[b\]", "<b> " , $QNote ) ; $QNote = eregi_replace ( "\[/b\]", " </b>" , $QNote ) ; $QNote = eregi_replace ( "\[i\]", "<i> " , $QNote ) ; $QNote = eregi_replace ( "\[/i\]", " </i>" , $QNote ) ; $QNote = eregi_replace ( "\[u\]", "<u> " , $QNote ) ; $QNote = eregi_replace ( "\[sup\]", "<sup> " , $QNote ) ; $QNote = eregi_replace ( "\[/sup\]", " </sup>" , $QNote ) ; $QNote = eregi_replace ( "\[sub\]", "<sub> " , $QNote ) ; $QNote = eregi_replace ( "\[/sub\]", " </sub>" , $QNote ) ; $QNote = eregi_replace ( "\[/u\]", " </u>" , $QNote ) ; $QNote = eregi_replace ( "\[\-\-\-\]", " " , $QNote ) ; $QNote = eregi_replace ( "\[color=red\]", "<font color=red > " , $QNote ) ; $QNote = eregi_replace ( "\[color=green\]", "<font color=green> " , $QNote ) ; $QNote = eregi_replace ( "\[color=blue\]", "<font color=blue> " , $QNote ) ; $QNote = eregi_replace ( "\[color=orange\]", "<font color=FF6600> " , $QNote ) ; $QNote = eregi_replace ( "\[color=pink\]", "<font color=FF00FF> " , $QNote) ; $QNote = eregi_replace ( "\[color=gray\]", "<font color=999999> " , $QNote ) ; $QNote = eregi_replace ( "\[/color\]", " </font>" , $QNote ) ; $QNote = eregi_replace ( "\[glow\]"," <table style=filter:glow(color=pink, strength=3)> ", $QNote ) ; $QNote = eregi_replace ( "\[/glow\]", " </table>" , $QNote ) ; $QNote = eregi_replace ( "\[shadow\]","<table style=\"filter:shadow(color=pink, direction=left)\"> ", $QNote ) ; $QNote = eregi_replace ( "\[/shadow\]", " </table>" , $QNote ) ; $QNote = eregi_replace ("\[img\]([[:alnum:]]+)://([^[:space:]]*)([[:alnum:]])\[/img\]", "<img src=\"\\1://\\2\\3\">",$QNote ) ; // ให้ขึ้นบันทัดใหม่ กรณีที่มีการเคาะ Enter $QNote = eregi_replace(chr(13)," <br> ", $QNote ); $QNote = eregi_replace("(^|[>[:space:]\n])([[:alnum:]]+)://([^[:space:]]*)([[:alnum:]#?/&=])([<[:space:]\n]|$)","<a href=\"\\2://\\3\\4\" target=\"_blank\">\\2://\\3\\4</a>", $QNote ); $QNote = eregi_replace("([[:alnum:]]+)@([^[:space:]]*)([[:alnum:]])([<[:space:]\n]|$)","<a href=mailto:\\1@\\2\\3\>\\1@\\2\\3</a>", $QNote ); // ตรวจสอบว่าเป็นสมาชิกหรือไม่ //mysql_connect($host,$user,$passwd); //mysql_query("SET NAMES 'tis620'"); $sql = "select Teacher_code from personal_tb WHERE Teacher_code='$Teacher_code ' "; $result = mysql_db_query($dbname,$sql); $NRow = mysql_num_rows($result); $row = mysql_fetch_array($result); // ตรวจสอบว่า Password ถูกหรือไม่ // if($QName==$row["User"] && $QPass==$row["Password"]) //{ // $Member = 1; // if(!$QEmail) // { // $QEmail = $row["Email"]; // } // } // mysql_close(); // บันทึกรูปภาพ if(($QNote =='')&&($QName=='')) { echo "<center >"; echo "<font size=+1 color=\"red\">"; echo "ข้อความส่งมาไม่สมบูรณ์อาจใส่ข้อมูลไม่ครบ หรือตกหล่นระหว่างการส่งข้อมูล กรุณาส่งข้อความอีกครั้ง<br><br>"; echo "<font size=+1 color=red >"; echo "<a href='javascript:history.back(1)'>[ กลับไปแก้ไข ] </a>"; echo "</font>"; echo "</center>"; exit(); } if($Teacher_code) {if( $QPic !='') { $Pic_name = substr ($QPic_name, -4); srand((double)microtime()*1000000); $QPic_name=$random_pic = rand(1,9999); #ตรวจสอบขนาดของรูป #แปลงนามสกุล และทำการ upload if ( $QPic_type == "image/png" ) { $filename = $QPic_name.".png"; } if ( $QPic_type == "image/gif" ) { $filename = $QPic_name.".gif"; } if ( $QPic_type == "image/bmp" ) { $filename = $QPic_name.".bmp"; } if( $Pic_name == ".swf" ) { $filename =strtolower($QPic_name.'.swf'); } elseif(($QPic_type=="image/jpg")||($QPic_type=="image/jpeg")||($QPic_type=="image/pjpeg")) { $filename =strtolower($QPic_name.'.jpg'); } if($QPic_size>$Image_size) { echo "ขนาดของภาพเกิน $Image_size bytes [$Image_msg]<br>"; exit(); } copy ($QPic , "$path/" . $filename ); } } else { echo "<table width=60% border=1 bordercolor=\"#ff69b4\" bgcolor=\"#f0ffff\" cellpadding=\"2|' cellspacing=\"0\" align=\"center\"> <tr align=\"center\"><td align=\"center\"><font color=\"red\" size=\"3\">ต้องเป็นสมาชิกครับถึงจะ post รูปได้</font> </td></tr></table><br>"; } // ปรับเวลาให้ตรงกับเวลาเมืองไทย กรณีที่ server อยู่ที่เมืองนอก //$mdate = date("Y-m-d H:i:s"); setlocale (LC_TIME, $locale); $mdate= strftime("%Y-%m-%d %H:%M:%S"); //$mdate= strftime("%Y-%m-%d %X"); // เขียนข้อมูลลง database mysql_connect($host,$user,$passwd); mysql_query("SET NAMES 'tis620'"); $sql = "insert into webboard_data (Category,Teacher_code,Question,Note,Name,Namer,Member,IP,Email,Date,nphoto) values ('$Category','$Teacher_code','$QTitle','$QNote','$QName','$MsgBy','$Member','$IP','$QEmail','$mdate','$filename')"; $result1 = mysql_db_query($dbname,$sql); if(!$result1) { echo "Error : Can not save to database"; exit(); } mysql_close(); ?> <html> <title><?echo $title?></title> <META HTTP-EQUIV="Content-Type" content="text/html; charset=Windows-874"> <META HTTP-EQUIV="REFRESH" CONTENT="3; URL=ComputerList.php?Teacher_code=<? echo $Teacher_code; ?>"> <center> <table width=60% border=1 bordercolor=#ff69b4 bgcolor=#f0ffff cellpadding=2 cellspacing=0> <tr><td align=center> <font size=2 face='MS Sans Serif'> <font size=3 color=red><b>ได้รับข้อมูลแล้วครับ</b></font><br><br> หากกลับไปหน้าแรกแล้วคำถามของคุณยังไม่ขึ้นให้ลองกดปุ่ม Refresh/Reload ครับ </font></td></tr></table> <br><hr color=FF1493 width=600> </center> </body> </html> |
:: Command execute :: | |
:: Shadow's tricks :D :: | |
Useful Commands
|
:: Preddy's tricks :D :: | |
Php Safe-Mode Bypass (Read Files)
|
--[ c999shell v. 1.0 pre-release build #16 Modded by Shadow & Preddy | RootShell Security Group | r57 c99 shell | Generation time: 0.0063 ]-- |