MINI SHELL

Server : Apache/2.2.2 (Fedora)
System : Linux App1.pathumtani.go.th 2.6.20-1.2320.fc5smp #1 SMP Tue Jun 12 19:40:16 EDT 2007 i686
User : apache ( 48)
PHP Version : 5.2.9
Disable Function : NONE
Directory :  /var/www/html/pathumthani_eoffice/application/bin/auction_news/

Upload File :
current_dir [ Writeable ] document_root [ Writeable ]

 

Current File : /var/www/html/pathumthani_eoffice/application/bin/auction_news/display.php
<? session_start();
//echo "<pre>";print_r($_SESSION);
//include("chk_permission.php"); 
//echo $_SESSION[session_group][$rs_g[gid]] ;
//echo $session_group.[$rs_g];
include("../../config/config.inc.php");
include("libary/function.php"); 
if(!isset($page) || $page == ""){ $page = 1; }
$epage = 10;
if($action == ""){
// Searching Section
if($keyword == ""){ $where = " where 1 ";}else{ $where = " where $topic like '%$keyword%' ";}

// Devide Page Section 
$queryd = "select * from `auction` where owner=$session_staffid";
$devide = mysql_query($queryd)or die("Query line " . __LINE__ . " Error<hr>".mysql_error());
$totalpage = mysql_num_rows($devide);
if(($page == "0") || ($page == "1") || ($page == "")){ $i = 0; } else { $i = ($page - 1) * $epage;}
$all = ceil($totalpage / $epage);
}
?>
<html>
<head><title>Administrator Section :.</title>
<meta http-equiv="Content-Type" content="text/html; charset=windows-874">
<link href="../../common/style.css" rel="stylesheet" type="text/css">
<script language="javascript" src="libary/popcalendar.js"></script>
<style type="text/css">
<!--
.style1 {color: <?=$bgcolor?>}
.style2 {color: <?=$bgcolor?>}
.style3 {color: <?=$bgcolor?>}
.style4 {color: <?=$bgcolor?>}
.style5 {color: <?=$bgcolor?>}
.style6 {color: <?=$bgcolor?>}
-->
</style>
</head>
<body topmargin="0">
<? if($action=="") { ?>
<? include("../control/headder.php");?>
<table width="100%"  border="0" cellspacing="0" cellpadding="0">
  <tr>
    <td width="75%" height="38" bgcolor="#eeeeee" class="normal">&nbsp;<img src="../../images/arrow-b.gif" border="0" align="absmiddle" />&nbsp;<b class="normal_blue">Main Menu&nbsp;<font class="normal_black">:</font></b>&nbsp;ระบบข่าวประกวดราคา
      <hr color="#cdcdcd" /></td>
    <td width="25%"  valign="bottom" bgcolor="#eeeeee" class="normal">ชื่อผู้ใช้ :
      <?=$_SESSION[session_fullname]?>
        <br />
        <hr color="#cdcdcd" /></td>
  </tr>
  <tr>
    <td height="100%" colspan="3" valign="middle"><table width="100%" border="0" cellspacing="0" cellpadding="0" bordercolor="#cdcdcd">
      <tr>
        <td>
		<table width="100%" border="0" cellpadding="0" cellspacing="0">
  <tr>
    <td><? include("menu_bar.php");?></td>
  </tr>
</table>

          <p>&nbsp;</p>
          <table width="96%" height="136" border="0" align="center" cellpadding="0" cellspacing="0" bordercolor="#eeeeee">
          <tr>
            <td height="72" valign="top"><table width="98%" border="0" align="center" cellpadding="3" cellspacing="1" bgcolor="#000000">
              <tr bgcolor="#C1E2F8" class="normal_blue">
                <td width="45" height="20" align="center" class="bodyblue">ลำดับ</td>
                <td width="213" align="left" class="bodyblue">&nbsp;โครงการ</td>
                <td width="235" align="left" class="bodyblue">&nbsp;หน่วยงาน</td>
                <td width="123" align="left" class="bodyblue">&nbsp;ประเภท</td>
                <td width="211" align="left" bgcolor="#C1E2F8" class="bodyblue">&nbsp;วันที่</td>
               <!-- <td width="64" align="left" class="bodyblue">เอกสาร</td>-->
				  <td width="95"  align="center">ดำเนินการ</td>
                    </tr>
              <?
			$sql = mysql_query("select count(*) as curr_auction_order from `auction` where  owner =$session_staffid ") or die("Query line " . __LINE__ . " Error<hr>".mysql_error()); 
					$rsx = mysql_fetch_assoc($sql);
					$epage=$epage-$rsx[curr_auction_order];
					#$sql = "select * FROM  auction  WHERE   owner =$session_staffid  order by id desc";
					$sql = "select * FROM  auction  order by id desc";	
					$result = mysql_query($sql)or die("Query line " . __LINE__ . " error<hr>".mysql_error());
					$k=0;
					while($rs = mysql_fetch_assoc($result)){	
							$bgcolor = ($k%2)?'#F1F1F1':'FFFFFF';$k++;
						$ij= $ij + 1;
						$sql1 = mysql_query("select detail from `auction_type` where id = '$rs[type]' ")or die("Query line " . __LINE__ . " error<hr>".mysql_error());
						$rs1 = mysql_fetch_assoc($sql1);
						$edit = "<a href='auction_edit.php?id=$rs[id]'\"&page=$page\" style=\"text-decoration:none\"><img src=\"../../images/b_edit.png\" border=\"0\" height=\"13\" width=\"12\" align=\"absmiddle\"></a>";
	$del = "<img src=\"../../images/b_drop.png\" height=\"13\" width=\"11\" border=\"0\" align=\"absmiddle\" alt=\"ลบ\" onclick=\"if (confirm('ยืนยันลบข้อมูล ?'))document.post.action='auction_index.php?action=del&id=$rs[id]';document.post.submit();\">";
	$stat="<a href='auction_chstat.php?id=$rs[id]' \"style=\"text-decoration:none\"><img src=\"../../images/hammer.png\" border=\"0\" height=\"13\" width=\"12\" align=\"absmiddle\" alt=\"เปลี่ยนสถานะ\"></a>";
						if($rs[attach] != ""){ 
							$attch="../../files/file_temp/auction/".$rs[attach]; 
							if (chkattach($attch)) {
								$dl="<a href=\"".$attch."\"><font class=\"blue\">".$rs[attach]."</font></a>";
							}
						} else { $dl = "N/A"; }
			?>
              <tr class="normal" bgcolor="<?=$bgcolor?>" onMouseOver='mOvr(this,"dbf2ae");' onMouseOut='mOut(this,"<?=$bgcolor?>");'>
                <td align="center" height="20" class="normal_black" onClick="window.location.replace('auction_view.php?action=view&id=<?=$rs[id]?>')"><?=$ij?></td>
                <td class="normal_blue" onClick="window.location.replace('auction_view.php?action=view&id=<?=$rs[id]?>')">&nbsp;
                    <?=trimtxt($rs[detail], 25)?></td>
                <td onClick="window.location.replace('auction_view.php?action=view&id=<?=$rs[id]?>')">&nbsp;
                    <?=trimtxt($rs[depname], 25)?></td>
                <td onClick="window.location.replace('auction_view.php?action=view&id=<?=$rs[id]?>')">&nbsp;
                    <?=trimtxt($rs1[detail], 15)?></td>
                <td align="left" onClick="window.location.replace('auction_view.php?action=view&id=<?=$rs[id]?>')"><?=daythai(substr($rs[stamp],0,10));?></td>
                <?php /*?><td width="64" align="left"><?=$dl;?></td><?php */?>
				<td align="center"><img src="../../images/man.gif" alt="ผลการจัดซื้อจัดจ้าง" width="16" height="16" align="absmiddle" onClick="location.href='auction_result.php?BidID=<?=$rs[id]?>'">&nbsp;
				  <?=$stat?>				  &nbsp;
				  <?=$edit?>&nbsp;				  <?=$del?></td>
                    </tr>
              <?
} 

// Normal
if ($page>1) { $epage=$epage+$rsx[curr_auction_order]-$ij; } //else { $i=$i-$ij; }
$sql = "select * from `auction` where owner =$session_staffid  order by id, pur_doc_d1, stamp, depname desc limit $i, $epage";
$result = mysql_query($sql)or die("Query line " . __LINE__ . " error<hr>".mysql_error());
$k=1;
while($rs = mysql_fetch_assoc($result)){	
		$bgcolor = ($k%2)?'#F1F1F1':'FFFFFF';$k++;
	$i = $i+1;
	$sql1 = mysql_query("select detail from `auction_type` where id = '$rs[type]' ") or die("Query line " . __LINE__ . " error<hr>".mysql_error());
	$rs1 = mysql_fetch_assoc($sql1);
	if($rs[attach] != ""){ 
		$attch="../../files/file_temp/auction/".$rs[attach]; 
		if (chkattach($attch)) {
			$dl="<a href=\"".$attch."\"><font class=\"blue\">".$rs[attach]."</font></a>";
		}
	} else { $dl = "N/A"; }
}
mysql_free_result($result);
?>
   <tr class="normal" bgcolor="<?=$bgcolor?>" >
                <td height="20" colspan="7" align="left" bgcolor="<?=$bgcolor?>" class="normal_black"><span class="style1">
                  <? 
if($all >= 1) { 
//Keyword that you want to send to other page 
if($keyword == ""){ $kwd = ""; }else{ $kwd = "&keyword=".$keyword."&topic=".$topic ; }
?>
                </span>
                  <table width="100%" border="0" cellpadding="0" cellspacing="0">
                    <tr>
                      <td width="46%" valign="top" bgcolor="<?=$bgcolor?>" class="normal style3"><div align="left">
 Page :&nbsp;                             
 <?
$page_all = $all / 11 ;
$page_all = ceil($page_all);
//first Eleven Page
if($page <= 11){

	$max = $page;
	if($page <= 11 ){ 	
		if($all <= 11){ $max = $all ; }else{ $max = 11 ; }
		for($i=1;$i<=$max;$i++) 
		{
			if($i != $page){ echo "&nbsp;<a href=\"$PHP_SELF?page=$i$kwd\" style=\"text-decoration:none\"><font class=\"normal\">$i</font></a>&nbsp;";  } else { echo "<font class=\"blue\">$i</font>&nbsp;";  }
		}
		if($all > 11){ 	echo "&nbsp;<a href=\"$PHP_SELF?page=12$kwd\" style=\"text-decoration:none\"><font class=\"blue\">Next ></font></a>&nbsp;"; }
	}
	
} elseif($page >= 12) {

	$min = $page - 5;		
	$max = $page + 5;
	if($max >= $all){ $max = $all; $last_page = "y";} 
	$next = $max + 1; 
	$prev = $min - 1;	

	echo "&nbsp;<a href=\"$PHP_SELF?page=$prev$kwd\" style=\"text-decoration:none\"><font class=\"blue\">< Prev</font></a>&nbsp;";
	for($i=$min;$i<=$max;$i++) 
	{
		if($i != $page){ echo "<a href=\"$PHP_SELF?page=$i$kwd\" style=\"text-decoration:none\"><font class=\"normal\">$i</font></a>&nbsp;";  }
		else { echo "<font class=\"blue\">$i</font>&nbsp;";  }
	}
	if($last_page != "y"){
	echo "&nbsp;<a href=\"$PHP_SELF?page=$next$kwd\" style=\"text-decoration:none\"><font class=\"blue\">Next ></font></a>";
	}
}

?>
                      </div></td>
                      <td width="24%" valign="top" bgcolor="<?=$bgcolor?>" class="normal style4"><div align="right">All Record : <font class="blue">
                          <?=$totalpage?>
                      </font> Records</div></td>
                      <td width="30%" valign="top" bgcolor="<?=$bgcolor?>" class="normal style5"><div align="right">Number of all page is :&nbsp;<font class="blue">
                          <?=$all?>
                      </font>&nbsp;Pages&nbsp;</div></td>
                    </tr>
                  </table>
                  <span class="style6">
                  <? } ?>
                  </span></td>
                </tr>
            </table>
              <!-- --------------------- End Main Body	--------------------------- --></td>
          </tr>
          <tr>
            <td colspan="2" align="center"  valign="bottom"><!-- --------------------Devide Page Section---------------------------------- --></td>
            </tr>
        </table>
        <p>&nbsp;</p>
        <p>&nbsp;</p></td></tr>
    </table></td>
  </tr>
</table>
</div>
</td>
</tr>
</table>
<? } elseif ($action=="view") { 

	$sql_view = mysql_query("select * from `auction` where id = '$id'")or die("Query line " . __LINE__ . " Error<hr>".mysql_error());
	$rs = mysql_fetch_assoc($sql_view);
	
	$detail = detail($rs[detail]);
	$price = $rs[price];
	$depname = detail($rs[depname]);				
	$pur_doc_detail = detail($rs[pur_doc_detail]);		
	$pur_offer_detail = detail($rs[pur_offer_detail]);		
	$pur_close_detail = detail($rs[pur_close_detail]);	
		
	if($rs[attach] != ""){ 
		$attch="../../files/file_temp/auction/".$rs[attach]; 
		if (chkattach($attch)) {
			$dl="<a href=\"".$attch."\"><font class=\"blue\">".$rs[attach]."</font></a>";
		}
	} else { $dl = "N/A"; }

	$xsql =  mysql_query("select detail as atype from `auction_type` where id = '$rs[type]'")or die("Query line " . __LINE__ . " Error<hr>".mysql_error());
	$xrs = mysql_fetch_assoc($xsql);
?></td>
  </tr>
</table>
<?
	} elseif ( $action == "auction_re" ) {
		echo "<script language=\"javascript\">location.href=\"rpt_auc_monthly_summary.php\";</script>";
	}
?>
</body>
</html>
<?
//	echo "<pre>";
//	print_r($_SESSION);
//	echo "</pre>";
?>

Anon7 - 2021