MINI SHELL

Server : Apache/2.2.2 (Fedora)
System : Linux App1.pathumtani.go.th 2.6.20-1.2320.fc5smp #1 SMP Tue Jun 12 19:40:16 EDT 2007 i686
User : apache ( 48)
PHP Version : 5.2.9
Disable Function : NONE
Directory :  /var/www/html/eoffice/application/document/

Upload File :
current_dir [ Writeable ] document_root [ Writeable ]

 

Current File : /var/www/html/eoffice/application/document/download_file.php
<?
session_start();
include("../../config/config.inc.php");

if (!$session_permit[200])
{
$select_code=",
doc_receive.staff_id,
doc_receive.group_id,
doc_receive.status
";
$inner_code="
Inner Join document ON doc_attach.docid = document.id
Inner Join doc_receive ON doc_receive.docid = document.id
";
$protect_code="
AND ( doc_receive.staff_id =  $session_staffid)
";
}


//echo "<pre>";
$sql_attach_check = "
SELECT
doc_attach.id,
doc_attach.docid,
doc_attach.name,
doc_attach.attach
$select_code
FROM
doc_attach
$inner_code
where
doc_attach.id=$reading
LIMIT 1
";
//echo $sql_attach_check;die;
$result_check = mysql_query($sql_attach_check)or die("Query line " . __LINE__ . " error<hr>".mysql_error());
if(!$result_check){
echo "ไม่มีสิทธ์ในการเรียกดู";
exit();
}
$crs = mysql_fetch_assoc($result_check);
$attachdocid=$crs[docid];
$attachname=$crs[name];
$attachfile=$crs[attach];

$sql_permit="
SELECT
doc_receive.staff_id
FROM
doc_receive
where
doc_receive.docid='$attachdocid'
LIMIT 1
";
$result_permit = mysql_query($sql_permit)or die("Query line " . __LINE__ . " error<hr>".mysql_error());
if(!$result_permit){
echo "ไม่มีสิทธ์ในการเรียกดู";
exit();
}
$rs_permit = mysql_fetch_assoc($result_permit);
//"$rs_permit[staff_id]==$session_staffid) && ($crs[status])";

//if(($rs_permit[staff_id]==$session_staffid))
//{
$sql_update_status = "
UPDATE 
doc_receive 
SET 
doc_receive.status='1',
doc_receive.timeknow=now( ) 
WHERE (doc_receive.docid='$crs[docid]')
AND doc_receive.staff_id='$session_staffid'
AND doc_receive.status='0'
";

addlog("download $attachname form $crs[docid] ");

// $result_update_status = mysql_query($sql_update_status)or die("Query line " . __LINE__ . " error<hr>".mysql_error());
//}

$file="../../files/document/$attachfile";
//echo "file == ".$file;die;
if (file_exists($file)) {
    header('Content-Description: File Transfer');
    header('Content-Type: application/octet-stream');
    header('Content-Disposition: attachment; filename='.basename($attachname));
    header('Content-Transfer-Encoding: binary');
    header('Expires: 0');
    header('Cache-Control: must-revalidate, post-check=0, pre-check=0');
    header('Pragma: public');
    header('Content-Length: ' . filesize($file));
    ob_clean();
    flush();
    readfile($file);
    exit;
}else{
	echo "ไม่มีไฟล์ที่ต้องการเรียกดูอยู่ในระบบ";
}

?>

Anon7 - 2021