MINI SHELL

Server : Apache/2.2.2 (Fedora)
System : Linux App1.pathumtani.go.th 2.6.20-1.2320.fc5smp #1 SMP Tue Jun 12 19:40:16 EDT 2007 i686
User : apache ( 48)
PHP Version : 5.2.9
Disable Function : NONE
Directory :  /var/www/html/eoffice/application/document/

Upload File :
current_dir [ Writeable ] document_root [ Writeable ]

 

Current File : /var/www/html/eoffice/application/document/active_circular_p.php
<?
session_start();
//$bypass=1;
$type=org;
include("../../config/config.inc.php");
$table_groupmember = $profile_groupmember;
$table_staffgroup= $profile_staffgroup;
$db_mode="self";

?>
<SCRIPT language="javascript">
function mOvr(src,clrOver){ 
if (!src.contains(event.fromElement)) src.bgColor = clrOver; 
} 

function mOut(src,clrIn){ 
if (!src.contains(event.toElement)) src.bgColor = clrIn; 
} 

function showEle(divname){
if(document.getElementById(divname).style.display == 'none'){
document.getElementById(divname).style.display = 'block';
} else {  
document.getElementById(divname).style.display = 'none';
}
}

function  checkEle(divname){
//alert(document.post.getting.length);
if(document.post.getting.selectedIndex== document.post.getting.length-1){
document.getElementById(divname).style.display = 'block';
}else
{
document.getElementById(divname).style.display = 'none';
}

}
function  openEle(divname){
document.getElementById(divname).style.display = 'block';
}
function  closeEle(divname){
document.getElementById(divname).style.display = 'none';
}

</SCRIPT>

<?
if ($_SERVER[REQUEST_METHOD] == "POST"){ 

$xtype=""; $a=0;
if($_POST[checkbox]){
foreach ( $_POST[checkbox] as $num )
{
          $xtype.=$num.",";
		  if($a==0){  $select_code.="AND ( ";   }else{  $select_code.=" OR ";    }$a++;
		  $select_code.=" $table_staff.staffid =  $num";
}
$select_code.=")";

$sql_check_group="
SELECT
$table_staff.staffid,
$table_staff.prename,
$table_staff.staffname,
$table_staff.staffsurname,
$table_staff.title
FROM
$table_staff
WHERE
$table_staff.username NOT LIKE  'admin_%'
AND $table_staff.username NOT LIKE  'root%'

$select_code
";

//AND $table_staff.org_id='3'


$show_sid="";$a=0;
	$results = mysql_query($sql_check_group)or die("Query line " . __LINE__ . " error<hr>".mysql_error());
	while($rs_slist = mysql_fetch_assoc($results)){
		 if($a>0){  $show_sid.=" , ";    }$a++;
		$show_sid.="(".$rs_slist[prename].$rs_slist[staffname]." ".$rs_slist[staffsurname].") ";
//		if($show_sid){ $show_sid="(".$show_sid.") ";}
		$show_sid.=" ". $rs_slist[title];
		}
	}

	$_SESSION[session_ap][$id] = $xtype;
?>
<SCRIPT language="javascript">
	//opener.document.post.gid_show.value=opener.document.post.pid_hide.value+' , '+opener.document.post.sid_hide.value;
//opener.document.post.activity_person.checked="true";
	/*
	if(opener.document.post.gid_hide.value==''){
		opener.document.post.gid_show.value=opener.document.post.sid_hide.value;
	}else	if(opener.document.post.sid_hide.value==''){
		opener.document.post.gid_show.value=opener.document.post.pid_hide.value;
	}else{
	*/
//	}
var xvar = new Array('<? echo substr($xtype,0,-1); ?>');
opener.document.post.sid.value=xvar;
opener.document.post.sid_hide.value="<?=$show_sid?>";

	if(opener.document.post.pid_hide.value!=""){
		opener.document.post.gid_show.value=opener.document.post.pid_hide.value
	}
	 if(opener.document.post.sid_hide.value!=""){
		opener.document.post.gid_show.value=opener.document.post.sid_hide.value;
	}
	if(opener.document.post.pid_hide.value!="" & opener.document.post.sid_hide.value!=""){
		opener.document.post.gid_show.value=opener.document.post.pid_hide.value+' , '+opener.document.post.sid_hide.value;
	}


 window.close();
</SCRIPT>
<?



 }else
 {
if($id){
$sql_history="
SELECT
document.`status`,
document.time_rec,
document.owner,
doc_receive.status,
doc_receive.staff_id,
doc_receive.group_id,
$table_staff.prename,
$table_staff.staffname,
$table_staff.staffsurname
FROM
doc_receive
Inner Join document ON doc_receive.docid = document.id
Inner Join $table_staff ON doc_receive.staff_id = $table_staff.staffid
WHERE
document.id = $id
	AND $table_staff.org_id!='1'
Group by $table_staff.staffid
";
	$result = mysql_query($sql_history)or die("Query line " . __LINE__ . " error<hr>".mysql_error());
		while($hrs = mysql_fetch_assoc($result)){
			if(!$hrs[group_id]){
			$person_check[$hrs[staff_id]]=$hrs[staff_id];
			}
		}
	}
}
?>



<HTML>
<HEAD>
<TITLE> àÅ×Í¡ºØ¤¤Å</TITLE>
<META http-equiv="Content-Type" content="text/html; charset=windows-874">
<SCRIPT type="text/javascript" src="dtree/dtree.js"></SCRIPT>
<SCRIPT src="../../common/functions.js" type="text/javascript" language="javascript"></SCRIPT>
<LINK href="../../common/style_menu.css" rel=StyleSheet type="text/css">
<LINK href="../../common/dtree.css" rel="StyleSheet" type="text/css"  />
<LINK href="../../common/style.css" rel="stylesheet" type="text/css">
</HEAD>
<BODY bgcolor="#FFFFFF">
<FORM action="<?=$PHP_SELF?>?type=<?=$type?>&action=add" name="post" method="post" enctype="multipart/form-data" onSubmit="return check();">
<TABLE width="101%" border="0" align="right" cellpadding="10" cellspacing="0">
<TR>
<TD height="18">

<TABLE width="100%" border="1" cellpadding="0" cellspacing="0" bordercolor="#CCCCCC">
	<TR>
		<TD><TABLE width="100%" border="0" cellspacing="1" cellpadding="1">
			<TR>
				<TD colspan="2" bgcolor="#CCCCCC"><TABLE width="100%" border="0" cellspacing="0" cellpadding="0">
						<TR>
							<TD align="left"><!-- <STRONG>ºØ¤¤Å</STRONG> --></TD>
							<TD align="right"><INPUT type="submit" name="Button" value="ºÑ¹·Ö¡¢éÍÁÙÅ" onClick="sendvalue();"></TD>
						</TR>
					</TABLE></TD>
			</TR>
<?
$check_c=explode(",",$_SESSION[session_ap][$id]);
foreach($check_c as $num => $val)
{
if($val) { $ch[$val]="on";}
}


$sql_member="
SELECT
$table_staff.prename,
$table_staff.staffname,
$table_staff.staffsurname
FROM
$table_staff
Inner Join $table_groupmember ON $table_groupmember.staffid = $table_staff.staffid
WHERE
$table_staff.username NOT LIKE  'admin_%'
AND $table_staff.username NOT LIKE  'root%'
AND $table_staff.org_id='3'
Order by $table_staff.staffname
";			
$result = mysql_query($sql_member)or die("Query line " . __LINE__ . " error<hr>".mysql_error());
while($rs_list = mysql_fetch_assoc($result)){
$list[$rs_list[gid]][$rs_list[staffid]]=$rs_list[prename].$rs_list[staffname]." ".$rs_list[staffsurname];

}
// echo "<pre>";
// print_r($list);	
			
$sql_org="
SELECT
org_groupmember.gid,
org_staffgroup.groupname,
org_groupmember.staffid
FROM
org_groupmember
INNER Join org_staffgroup on org_staffgroup.gid = org_groupmember.gid
";
$result = mysql_query($sql_org)or die("Query line " . __LINE__ . " error<hr>".mysql_error());
while($hrs = mysql_fetch_assoc($result)){
	$org_staff[$hrs[staffid]]=$hrs[groupname];
}

$sql_sid="
SELECT
$table_staff.staffid,
$table_staff.prename,
$table_staff.staffname,
$table_staff.staffsurname,
$table_staff.title
FROM
$table_staff
WHERE
$table_staff.username NOT LIKE  'admin_%'
AND $table_staff.username NOT LIKE  'root%'
AND $table_staff.org_id!=''
ORDER by binary($table_staff.prename) ASC , binary($table_staff.staffname) ASC, binary($table_staff.staffsurname) ASC
";
// $result_sid = mysql_query($sql_sid)or die("Query line " . __LINE__ . " error<hr>".mysql_error());
if($result_sid){
while($hrs = mysql_fetch_assoc($result_sid)){
// if($list[$hrs[gid]]) {
	if(!$hrs[title]){
		$nametag=$hrs[prename].$hrs[staffname]." ".$hrs[staffsurname]." <br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;".$org_staff[$hrs[staffid]];
	}else{
		$nametag="(".$hrs[prename].$hrs[staffname]." ".$hrs[staffsurname].") <br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;".$hrs[title]."<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; ".$org_staff[$hrs[staffid]];
	}
	if($bgcolor == "#F5F5F5"){$bgcolor="#ffffff";}else{$bgcolor="#F5F5F5";}
?>			
			<TR bgcolor="<?=$bgcolor?>">
				<TD align="left" valign="top">
					<INPUT type="checkbox" name="checkbox[<?=$hrs[staffid]?>]" value="<?=$hrs[staffid]?>" <? if(($ch[$hrs[staffid]]=="on")||($person_check[$hrs[staffid]])) {echo " checked ";} ?>>
					<?=$nametag?>					</TD>
			</TR>
<? }  }?>
			<TR>
				<TD colspan="2" bgcolor="#CCCCCC"><TABLE width="100%" border="0" cellspacing="0" cellpadding="0">
					<TR>
						<TD align="left"><STRONG>¡ÅØèÁ§Ò¹</STRONG></TD>
						<TD align="right">&nbsp;</TD>
					</TR>
				</TABLE></TD>
			</TR>


<?
$sql_sid="
SELECT
$table_staff.staffid,
$table_staff.prename,
$table_staff.staffname,
$table_staff.staffsurname,
$table_staff.title
FROM
$table_staff
WHERE
$table_staff.username NOT LIKE  'admin_%'
AND $table_staff.username NOT LIKE  'root%'
AND $table_staff.org_id='2'
ORDER by binary($table_staff.prename) ASC , binary($table_staff.staffname) ASC, binary($table_staff.staffsurname) ASC
";
$result = mysql_query($sql_sid)or die("Query line " . __LINE__ . " error<hr>".mysql_error());
while($hrs = mysql_fetch_assoc($result)){

		$nametag=$hrs[prename].$hrs[staffname]." ".$hrs[staffsurname];
if($org_staff[$hrs[staffid]]) {
		$nametag.=" <br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;".$org_staff[$hrs[staffid]];
}

	if($bgcolor == "#F5F5F5"){$bgcolor="#ffffff";}else{$bgcolor="#F5F5F5";}
?>			
			<TR bgcolor="<?=$bgcolor?>">
				<TD colspan="2"><INPUT type="checkbox" name="checkbox[<?=$hrs[staffid]?>]2" value="<?=$hrs[staffid]?>" <? if(($ch[$hrs[staffid]]=="on")||($person_check[$hrs[staffid]])) {echo " checked ";} ?>>
					<?=$nametag?></TD>
			</TR>
<? }?>			
			
			<TR>
				<TD colspan="2"><INPUT name="id" type="hidden" id="id"  readonly="readonly" value="<?=$id?>"/></TD>
			</TR>
			<TR>
				<TD colspan="2">&nbsp;</TD>
			</TR>
		</TABLE></TD>
	</TR>
</TABLE></TD>
</TR>  
</TABLE>
</FORM>
</BODY>
</HTML>

Anon7 - 2021