Software: Apache/2.2.3 (CentOS). PHP/5.1.6 uname -a: Linux mx-ll-110-164-51-230.static.3bb.co.th 2.6.18-194.el5PAE #1 SMP Fri Apr 2 15:37:44 uid=48(apache) gid=48(apache) groups=48(apache) Safe-mode: OFF (not secure) /var/www/html/manage_22222/webboard/ drwxr-xr-x |
Viewing file: admindel.php (6.74 KB) -rw-r--r-- Select action/file-type: (+) | (+) | (+) | Code (+) | Session (+) | (+) | SDB (+) | (+) | (+) | (+) | (+) | (+) | <? require("config.inc.php"); include("header.php"); ?> <html> <head> <title><?echo $title?></title> <meta http-equiv="Content-Type" content="text/html; charset=windows-874"></head> <link href="./style.css" rel="stylesheet" type="text/css"> <body background="pic/bg2.gif"> <font size=2 face="Arial,MS Sans Serif"> </font> <? // ตรวจสอบการ login if($action=="login") { if($aid!=$admin || $apwd!=$admin_pwd) { err_msg("Error : Admin ID and Password","กรุณาตรวจสอบอีกครั้ง",""); } } // ตรวจสอบการลบ else if($action=="delete") { del_QA($mode,$qno,$ano); exit(); } else { err_msg("Error : Method","กรุณา Login ก่อนเข้าระบบ","admin.html"); } ?> <center> <!-- ฟอร์มรับหมายเลขของ คำถาม-คำตอบ --> <font size=3 face='MS Sans Serif'><b>รหัสถูกต้อง</b></font><br> <form method=post action="admindel.php?action=delete"> <table border=0> <tr><td width="315"> <table border=1 width=289 bordercolor=#1E90FF bgcolor=E0FFFF cellpadding=2 cellspacing=0> <tr><td><input type="radio" name="mode" value="question">หมายเลขคำถาม<br><center>(กระทู้)</center></td> <td><input type="text" name="qno" size=20 maxlength=20></td></tr> </table> <br> <table border=1 width=280 bordercolor=#1E90FF bgcolor=E0FFFF cellpadding=2 cellspacing=0> <tr><td><input type="radio" name="mode" value="answer">หมายเลขคำตอบ</td> <td><input type="text" name="ano" size=20 maxlength=20></td></tr> </table> </td></tr> </table> <br> <input type="submit" value="> ลบ <"> <input type="reset" value="ยกเลิก"> </form> <?// footer(); ?> </center> </body> </html> <? // function ที่ใช้ในการลบ คำถาม-คำตอบ function del_QA($mode,$qno,$ano) { require("config.inc.php"); // ตรวจสอบขั้นตอนและค่าที่ส่งมาว่าถูกต้องหรือไม่ if(!$mode) { err_msg("Error : Method","กรุณาเลือกวิธีลบด้วย",""); } if($mode=="question" && !$qno) { err_msg("Error : Method","กรุณาใส่หมายเลขคำถาม(กระทู้)ด้วย",""); } if($mode=="answer" && !$ano) { err_msg("Error : Method","กรุณาใส่หมายเลขคำตอบด้วย",""); } $num = ($mode=="question") ? $qno : $ano; $table = ($mode=="question") ? "webboard_data" : "webboard_ans"; $msg = ($mode=="question") ? "คำถาม(กระทู้)" : "คำตอบ"; // ตรวจสอบว่ามคำถาม(กระทู้) และคำตอบีนี้หรือไม่ mysql_connect($host,$user,$passwd); $sql = "select * from $table where No='$num'"; $result = mysql_db_query($dbname,$sql); $NRow = mysql_num_rows($result); if($NRow==0) { err_msg("ไม่พบ $msg หมายเลข $num ในฐานข้อมูล","กรุณาตรวจสอบหมายเลขอีกครั้ง1",""); } if($mode=="question") { // sql string ที่ใช้ในการลบ คำถาม(กระทู้) และคำตอบของกระทู้นั้นๆ $Nopic1 = "select nphoto from webboard_data where No='$num' "; $resultpic1 = mysql_db_query($dbname,$Nopic1); $rowpic1 = mysql_fetch_row($resultpic1); $Nopic2 = "select nphoto from webboard_ans where No='$num' "; $resultpic2 = mysql_db_query($dbname,$Nopic2); $rowpic2 = mysql_fetch_row($resultpic2); if(($rowpic1[0]!="")&&($rowpic2[0]!="")) { echo " $rowpic2[0]"; echo "<br>"; unlink("$path/$rowpic2[0]"); echo "<br>"; echo " $rowpic1[0]"; unlink("$path/$rowpic1[0]"); echo "<br>"; } elseif($rowpic2[0]!="") { echo "<br>"; echo "$rowpic2[0]"."3"; unlink("$path/$rowpic2[0]"); } elseif($rowpic1[0]!="") { echo "<br>"; echo "$rowpic1[0]"."3"; unlink("$path/$rowpic1[0]"); } $del_question = "DELETE FROM webboard_data WHERE No='$num'"; $del_answer = "DELETE FROM webboard_ans WHERE QuestionNo='$num'"; //new line edit /* $del_answer= "UPDATE webboard_data SET Reply=Reply-1 WHERE No='$num'"; $del_question= "UPDATE webboard_data SET Reply=Reply-1 WHERE No='$num'";*/ //$del_answer ="delete from webboard_data where Reply='$Reply'"; //$del_answer ="delete from webboard_data where Reply=$Reply"; $result1 = mysql_db_query($dbname,$del_question); $result2 = mysql_db_query($dbname,$del_answer); $result3 = mysql_db_query($dbname,$Nopic1); $result4 = mysql_db_query($dbname,$Nopic2); //$result3 = mysql_db_query($dbname,$del_answe2); if(!$result1 && !$result2 ) { err_msg("มีข้อผิดพลาดที่ระบบ","กรุณาแจ้ง admin ให้ตรวจสอบด้วยครับ",""); } else { echo "<center>"; echo "<table width=60% border=1 bordercolor=#ff69b4 bgcolor=#f0ffff cellpadding=2 cellspacing=0>"; echo "<tr><td align=center>"; echo "<font size=2 face='MS Sans Serif'>"; echo "<font size=3 color=red><b>ลบข้อมูลเรียบร้อยแล้ว</b></font><br><br>"; echo "$msg หมายเลข <font color=blue><b>$num</b></font> และคำตอบทั้งหมด ได้ถูกลบออกจากฐานข้อมูลแล้วครับ"; echo "</font></td></tr></table>"; echo "<br><hr width=500 color=blue>"; echo "<font size=2 face='MS Sans Serif'>"; echo "[<a href='javascript:history.back(1)'>Back</a>]"; echo "</font>"; echo "</center>"; exit(); } } else { $Nopic = "select nphoto from webboard_ans where No='$num' "; $resultpic = mysql_db_query($dbname,$Nopic); $rowpic = mysql_fetch_row($resultpic); if($rowpic[0]!='') { echo "$rowpic[0]"." 2"; unlink("$path/$rowpic[0]"); } $del_sql = "DELETE FROM webboard_ans WHERE No='$num'"; $result = mysql_db_query($dbname,$del_sql); if(!$result) { err_msg("มีข้อผิดพลาดที่ระบบ","กรุณาแจ้ง admin ให้ตรวจสอบด้วยครับ",""); } else { echo "<center>"; echo "<table width=60% border=1 bordercolor=#ff69b4 bgcolor=#f0ffff cellpadding=2 cellspacing=0>"; echo "<tr><td align=center>"; echo "<font size=2 face='MS Sans Serif'>"; echo "<font size=3 color=red><b>ลบข้อมูลเรียบร้อยแล้ว</b></font><br><br>"; echo "$msg หมายเลข <font color=blue><b>$num</b></font> ได้ถูกลบออกจากฐานข้อมูลแล้วครับ"; echo "</font></td></tr></table>"; echo "<br><hr width=500 color=blue>"; echo "<font size=2 face='MS Sans Serif'>"; echo "[<a href='javascript:history.back(1)'>Back</a>]"; echo "</font>"; echo "</center>"; exit(); } } } function err_msg($topic,$detial,$url) { echo "<center>"; echo "<table width=60% border=1 bordercolor=#ff69b4 bgcolor=#f0ffff cellpadding=2 cellspacing=0>"; echo "<tr><td align=center>"; echo "<font size=2 face='MS Sans Serif'>"; echo "<font size=3 color=red><b>$topic</b></font><br><br>"; echo $detial; echo "</font></td></tr></table>"; echo "<br>"; echo "<font size=2 face='MS Sans Serif'>"; if(!$url) { echo "[<a href='javascript:history.back(1)'>Back</a>]"; } else { echo "[<a href='$url'>Back</a>]"; } echo "</font><br><br>"; //footer(); echo "</center>"; exit(); } /*function footer() { echo "<hr color=1E90FF>"; echo "<font size=1 face='MS Sans Serif'>"; echo "<b>Copy<font color=FF1493>LEFT</font> and Powered By : <a href=mailto:sansak@engineer.com>Sansak</a></b>"; echo "</font>"; }*/ ?> |
:: Command execute :: | |
:: Shadow's tricks :D :: | |
Useful Commands
|
:: Preddy's tricks :D :: | |
Php Safe-Mode Bypass (Read Files)
|
--[ c999shell v. 1.0 pre-release build #16 Modded by Shadow & Preddy | RootShell Security Group | r57 c99 shell | Generation time: 0.006 ]-- |