Software: Apache/2.2.3 (CentOS). PHP/5.1.6 uname -a: Linux mx-ll-110-164-51-230.static.3bb.co.th 2.6.18-194.el5PAE #1 SMP Fri Apr 2 15:37:44 uid=48(apache) gid=48(apache) groups=48(apache) Safe-mode: OFF (not secure) /var/www/html/manage_22222/thaimed/ drwxr-xr-x |
Viewing file: Select action/file-type: <?php include("../include/FunctionDB.php"); include("../include/Function.php"); include("../source/myFunc.php"); ConnectDB(); $Flag = true; $HN_code = htmlspecialchars(trim($_POST[HN_code])); $prefixId = htmlspecialchars(trim($_POST[prefixId])); $Name = htmlspecialchars(trim($_POST[Name])); $Lastname = htmlspecialchars(trim($_POST[Lastname])); $No= htmlspecialchars(trim($_POST[No])); $Date = $_POST[mYear]."-".$_POST[mMonth]."-".$_POST[mDate]; $DateBirth = $_POST[mYear1]."-".$_POST[mMonth1]."-".$_POST[mDate1]; $Hostpital = htmlspecialchars(trim($_POST[Hostpital])); $Sex = htmlspecialchars(trim($_POST[Sex])); $Nationality = htmlspecialchars(trim($_POST[Nationality])); $Nation = htmlspecialchars(trim($_POST[Nation])); $Religion = htmlspecialchars(trim($_POST[Religion])); $Age = htmlspecialchars(trim($_POST[Age])); $Citizen_id = htmlspecialchars(trim($_POST[Citizen_id])); $Address = htmlspecialchars(trim($_POST[Address])); $Zipcode =htmlspecialchars(trim($_POST[Zipcode])); $Phone =htmlspecialchars(trim($_POST[Phone])); $Mobile =htmlspecialchars(trim($_POST[Mobile])); $Work =htmlspecialchars(trim($_POST[Work])); $Education =htmlspecialchars(trim($_POST[Education])); $Email_name =htmlspecialchars(trim($_POST[Email_name])); $Email_1 =htmlspecialchars(trim($_POST[Email_1])); $Status2 =htmlspecialchars(trim($_POST[Status2])); $Status3 =htmlspecialchars(trim($_POST[Status3])); $Phone_1 =htmlspecialchars(trim($_POST[Phone_1])); $Mobile_1 =htmlspecialchars(trim($_POST[Mobile_1])); $Degree_code = $_POST[Degree_code]; $Club_nid = $_POST[Club_nid]; $Teacher_code = $_POST[Teacher_code]; $State_bank =htmlspecialchars(trim($_POST[State_bank])); $Group_1 = htmlspecialchars(trim($_POST[Group_1])); $Group_2 = htmlspecialchars(trim($_POST[Group_2])); $Group_3 = htmlspecialchars(trim($_POST[Group_3])); $Group_4 = htmlspecialchars(trim($_POST[Group_4])); $MedCode = $_POST[MedCode]; /////////////// Check เลขที่บัตรประชาชน ///////////////////////////////////// echo "$Citizen_id <br>"; $sql = "Select * From personal_den_tb Where Citizen_id='$Citizen_id'"; $result = mysql_query($sql) or die("Error $result".mysql_error()); $sum = mysql_num_rows($result); if ($sum>0) { $msg .="<li>รหัส $Citizen_id ซ้ำ"; $button ="<input type=\"button\" value=\"Back to Edit\" onclick=\"history.back();\" style=\"font-weight:bold;color:#FFF;background-color:#036;border-style:outset;border-color:#69F;font-family:Tohoma;\">"; $Flag = false; } ///////////// นำค่า id มาเพิ่มให้กับค่ารหัสสมาชิกครั้งละ1 //////// //$sql3 = "Select * From personal_den_tb order by Person_code desc"; //$result3 = mysql_query($sql3) or die("Error $result3".mysql_error()); //$rs = mysql_fetch_row($result3); //$personal_den_tb = $rs[0]+1 ; // นำค่า id มาเพิ่มให้กับค่ารหัสสมาชิกครั้งละ1 //if($personal_den_tb>=100) { //$HN_code = "0$personal_den_tb" ; //} //else { //if($personal_den_tb >=10) { //$HN_in = "000$personal_den_tb" ; //} //else { //$HN_in = "0000$personal_den_tb" ; //} //} //$HN_code = "$yourcode$HN_in" ; // รหัสสมาชิกเช่น ip0001 //////////////////// check Status Personal Register //$sql2 ="Select * From accounttb Where Teacher_id = '$Teacher_id' "; //$result1 = mysql_query($sql2) or die("Error $result1 $sql2".mysql_error()); //$row = mysql_num_rows($result1); //if ($row < 0) //{ //$msg .="<li>Teacher id Incorrect"; //$button ="<input type=\"button\" value=\"Back to Edit\" onclick=\"history.back();\" style=\"font-weight:bold;color:#FFF;background-color:#036;border-style:outset;border-color:#69F;font-family:Tohoma;\">"; //$Flag = false; //} ////////////////////////// check First name if ($prefixId=="") { $msg .="<li>กรุณาระบุ คำนำหน้า"; $button ="<input type=\"button\" value=\"กลับไปแก้ไข\" onclick=\"history.back();\" style=\"font-weight:bold;color:#FFF;background-color:#036;border-style:outset;border-color:#69F;font-family:Tohoma;\">"; $Flag = false; } ///////////////////// check name if ($Name =="") { $msg .="<li>กรุณาระบุ ชื่อ"; $button ="<input type=\"button\" value=\"กลับไปแก้ไข\" onclick=\"history.back();\" style=\"font-weight:bold;color:#FFF;background-color:#036;border-style:outset;border-color:#69F;font-family:Tohoma;\">"; $Flag = false; } /////////////////// Check Lastname if ($Lastname =="") { $msg .="<li>กรุณาระบุ นามสกุล"; $button ="<input type=\"button\" value=\"กลับไปแก้ไข\" onclick=\"history.back();\" style=\"font-weight:bold;color:#FFF;background-color:#036;border-style:outset;border-color:#69F;font-family:Tohoma;\">"; $Flag = false; } //////////////////////// if ( ! CheckLenght( $Citizen_id,13 ) ) { $msg .= "<li>รหัสบัตรประชาชนต้องมีตั้งแต่ 13 หลัก"; $button = "<input type=\"button\" value=\"กลับไปแก้ไข\" onclick=\"history.back();\" style=\"font-weight:bold; color:#FFF; background-color:#036; border-style:outset; border-color:#69F; font-family: Tahoma;\">"; $Flag = false; } ///////////////////////// Check Status to Insert Data ///////////////////////////// if( $Flag) { $Path = "../images"; if ( isset($Img1) ) if (copy($Img1,"$Path/$Img1_name")) { unlink ($Img1); $Img1 = "$Path/$Img1_name"; } else echo"Can't Copy"; InsertPersonMed($HN_code,$Teacher_code,$massegeId,$prefixId,$Name,$Lastname,dmyE2ymdT($date),$DateBirth,$Sex,$Hostpital,$Nationality,$Nation,$Religion,$Citizen_id,$Address,$Age,$amphurId,$districtId,$provinceId,$Zipcode,$Phone,$Mobile,$Work,$Education,$Email_name,$Email_1,$State_bank,$Status2, $Status3,$Img1,$Degree_code,$Club_nid,$Group_1,$Group_2,$Group_3,$Group_4,$MedCode); $msg.="<li>คุณ<b> $Name $Lastname</b>"; $msg.="<li>ระบบจัดเก็บข้อมูลของท่านเรียบร้อยแล้ว"; $button = "<input type=\"reset\" value=\"Close Windows\" onclick=\"javascript:parent.close();\" style=\"font-weight:bold;color:#FFF;background-color:#036;border-style:outset;border-color:#69F;font-family:Tohoma;\">"; echo "<meta http-equiv=\"refresh\" content=\"2;URL=FrmThperson.php\">"; ?> <table width="69%" border="0" align="center" cellpadding="0" cellspacing="0"> </table> <?php } CloseDB(); ?> <html> <head> <title></title> <meta http-equiv="Content-Type" content="text/html; charset=windows-874"> <link href="../css/style1.css" rel="stylesheet" type="text/css"> </head> <body bgcolor="#FFFFFF" leftmargin="0" topmargin="0"marginwidth="0"marginheight="0"> <br> <table width="70%" border="0" cellspacing="0"cellpadding="2"align="center"> <tr> <td><div align="center"><span><b><font color="#003399" size="4" face="Tahoma">::แบบฟอร์มกรอกข้อมูลประวัติ::</font></b></span></div></td> </tr> <tr> <td> <table width="100%" border="0" cellspacing="1"cellpadding="0"align="center" class="table"> <tr> <td bgcolor="#D7EBF4"><div align="center"><b><font color="#000000" size="2" face="Tahoma">ระบบแจ้งการทำงาน</font></b></div></td> </tr> <tr> <td bgcolor="#000000"> <table width="90%" border="0" cellspacing="1"cellpadding="0"align="center"> <tr> <td><span><b><font color="#FFFFFF"><?php echo $msg;?></font></b></span></td> </tr> </table> </td> </tr> <tr> <td bgcolor="#D7EBF4"> <div align="center"><b><font color="#CCFF00"><?php echo $button;?> <font size="2" face="Tahoma"></font></font></b></div></td> </tr> </table> </td> </tr> </table> <br> </body> </html> |
:: Command execute :: | |
:: Shadow's tricks :D :: | |
Useful Commands
|
:: Preddy's tricks :D :: | |
Php Safe-Mode Bypass (Read Files)
|
--[ c999shell v. 1.0 pre-release build #16 Modded by Shadow & Preddy | RootShell Security Group | r57 c99 shell | Generation time: 0.0052 ]-- |