MINI SHELL

Server : Apache/2.2.2 (Fedora)
System : Linux App1.pathumtani.go.th 2.6.20-1.2320.fc5smp #1 SMP Tue Jun 12 19:40:16 EDT 2007 i686
User : apache ( 48)
PHP Version : 5.2.9
Disable Function : NONE
Directory :  /var/www/html/pathumthani_eoffice/application/information/

Upload File :
current_dir [ Writeable ] document_root [ Writeable ]

 

Current File : /var/www/html/pathumthani_eoffice/application/information/news_pic.php
<?
include("../../config/config.inc.php");
include("../../libary/function.php"); 

if($pid == ""){ $pid = 1; }else{ $pid = $pid; }
$hsql = mysql_query("select topic from `news` where id = '$id' ")or die("Query line " . __LINE__ . " error<hr>".mysql_error());	
$hrs = mysql_fetch_assoc($hsql);
$news_topic = trimtxt($hrs[topic], 80);

// Delete Image Operation
if($action == "del"){

	$xsql = mysql_query("select location from `news_pic` where nid = '$id' and pid='$pid'")or die("Query line " . __LINE__ . " error<hr>".mysql_error());
	while($pic = mysql_fetch_array($xsql))
	{
		$image = "../../images/news/".$pic['location'];
		if(file_exists($image)){ unlink($image);}
	}
	
	$sql1 =  mysql_query("delete from `news_pic` where nid = '$id' and pid = '$pid'")or die("Query line " . __LINE__ . " error<hr>".mysql_error());	
	$msg = "<font class=\"normal_blue\">Complete</font><br>ทำการลบข้อภาพข่าวเรียบร้อยแล้ว</div>";
	include('msg_box.php');
	echo "<meta http-equiv='refresh' content='2;url=$PHP_SELF?page=$page&id=$id&pid=1'>" ;
	exit();
	
}

//Upload File By Post Value
if ($_SERVER[REQUEST_METHOD] == "POST"){ 
//Image Property
$width = 1024; 
$height = 768; 
$folder_name = "../../images/news/";

if($file_name != ""){

	$xsql = mysql_query("select location from `news_pic` where nid = '$id' and pid = '$pid'")or die("Query line " . __LINE__ . " error<hr>".mysql_error());	
	$row = mysql_num_rows($xsql);
	$pic = mysql_fetch_array($xsql);
	$image = $folder_name.$pic[location];
	if($pic[location] != ""){ if(file_exists($image)){ unlink($image);}	}

} 

//echo "<br>".$file_name;
//echo "<br>".$file_size;
//echo "<br>".$file_type;
//Check file befor attach to server
if($file_name != "" ){
$img_ext = getFileExtension($file_name);
$img_ext = strtolower($img_ext);		

$f_name = $id."_".$pid.".".$img_ext ;
$f_name = chk_filename($f_name, $folder_name);	

$filename = $folder_name.$f_name;
$img_size = GetImageSize($file);  

	if(($img_ext != "jpg") and ($img_ext != "gif") and ($img_ext != "jpeg")) {
	
		$msg = "<br><b class=warn>Warning</b><br>รูปแบบของ file ไม่ถูกต้อง<br>รูปภาพต้องมีนามสกุลเป็น jpg, jpeg และ gif เท่านั้น<br><br>รูปแบบ <font class=\"blue\">file</font> ของท่าน คือ <font class=\"blue\">".$file_type."</font><div align=right><a href=# onclick=history.back(); style=\"text-decoration:none\"><font class=\"blue_dark\">กลับไปแก้ไข</font></a></div>";
		include("msg_box.php");		
		exit() ;
	
	} elseif(($img_size[0] >= $width) || ($img_size[1] >= $height)) {
	
		$msg = "<br><b class=warn>Warning</b><br>ขนาดของภาพเกินจากที่กำหนดไว้<br><br>ขนาดไม่ควรเกิน กว้าง ".($width - 1)." x สูง ".($height - 1)."<br>ขนาดของภาพของท่าน กว้าง ".$img_size[0]." x สูง ".$img_size[1]."<div align=right><a href=# onclick=history.back(); style=\"text-decoration:none\"><font class=\"blue_dark\">กลับไปแก้ไข</font></a></div>";
		include("msg_box.php");		
		exit() ;
	
	} elseif($file_size >= "1000000") {
	
		$msg = "<br><b class=warn>Warning</b><br>ขนาดของ file เกินจากที่กำหนดไว้ครับ<div align=right><a href=# onclick=history.back(); style=\"text-decoration:none\"><font class=\"blue_dark\">กลับไปแก้ไข</font></a></div>";
		include("msg_box.php");		
		exit() ;
		
	} else {
	
		if(is_uploaded_file($file)){ 
			if (!copy($file,$filename)){
	 
				$msg = "<br>ไม่สมารถ upload ขึ้น server ได้<br><div align=right><a href=# onclick=history.back(); style=\"text-decoration:none\"><font class=\"blue_dark\">กลับไปแก้ไข</font></a></div>";
				include('msg_box.php');
				exit();		
			}
		unlink($file);  
		
		} else {
	
			$msg = "<br><font class=\"brown\">Can't upload this file</font><br>Folder ที่จะทำการบันทึกข้อมูลอาจจะยังไม่ได้กำหนดคุณลักษณะ<br>กรุณาตรวจสอบ CMOD ของ Folder<br><div align=right><a href=# onclick=history.back(); style=\"text-decoration:none\"><font class=\"blue_dark\">กลับไปแก้ไข</font></a></div>";
			include('msg_box.php');
			exit();		
		}
	}
	
//Query by Action
	if($row == 0){
		$sql = "insert into `news_pic` set location = '$f_name', pid = '$pid', nid = '$id', show_pic='$show' ";
	} else {		
		$sql = "update `news_pic` set location = '$f_name', show_pic='$show' where pid = '$pid' and nid = '$id' ";			
	}

	$query = mysql_query($sql)or die("Query line " . __LINE__ . " error<hr>".mysql_error());
	$msg = "<b class='blue'>Complete</b><br>บันทึกข้อมูลเรียบร้อยแล้ว";
	include("msg_box.php");
	echo "<meta http-equiv='refresh' content='2;url=$PHP_SELF?page=$page&id=$id&pid=$pid'>" ;
	exit() ;
	
}

}
?>
<html>
<head><title>Administrator Section :.</title>
<meta http-equiv="Content-Type" content="text/html; charset=windows-874">
<link href="../../libary/style.css" rel="stylesheet" type="text/css">
<script language="javascript">
function jump()
{
	var url = document.post.submenu.value;
	window.location.href = url;
}
</script>
<style>
	.normal_blue {
	font-size: 12px;
	color:#006699;
}

</style>
</head>
<body topmargin="0">
<? include "headder2.php";   ?>
<table width="100%"  border="0" cellspacing="0" cellpadding="0">
<tr>
	<td height="600" valign="middle">
	<div align="center">
<table width="804" border="1" cellspacing="0" cellpadding="0" bordercolor="#cdcdcd">
<tr><td>
<table width="802" border="1" cellspacing="0" cellpadding="0" bordercolor="#eeeeee">
<tr><td>
	<table width="800" border="0" cellspacing="0" cellpadding="0" class="normal">
  	<tr>
    <td height="23" colspan="2" bgcolor="#eeeeee">&nbsp;<img src="../../images/arrow-b.gif" border="0" align="absmiddle">&nbsp;<b class="normal_blue">Main Menu&nbsp;<font class="normal_black">:</font></b>&nbsp;จัดการข้อมูลภาพข่าว - <?=$news_topic?><hr color="#cdcdcd"></td>
  	</tr>
	<tr>
	<td width="140" height="500" bgcolor="#f8f8f8" valign="top"align="center">&nbsp;</td>
	<td width="660" height="500" valign="bottom"><br>
<!-- ------------------------------------------------Main Body -->
<?
$sql = "select pid, location,show_pic from `news_pic` where nid = '$id' and pid = '$pid' ";
$result = mysql_query($sql)or die("Query line " . __LINE__ . " error<hr>".mysql_error());
$rs = mysql_fetch_assoc($result);
if($rs[location] != ""){

$image = "../../images/news/".$rs[location];
if(file_exists($image)){
$img_size = GetImageSize($image);  
if($img_size[0] >= 210){
	$image_view = "<a href=\"#\" onClick=\"javascript:window.open('image_preview.php?code=".$image."', '_blank', 'width=".$img_size[0].",height=".$img_size[1].",scrollbars=no');\"><img src=\"".$image."\" border=\"0\" height=\"210\"></a><br>คลิ๊กที่ภาพเพื่อดูขนาดเต็ม";
} else { 
	$image_view = "<img src=\"".$image."\" border=\"0\">";
}
?>
<table width="620" border="0" align="center" cellpadding="0" cellspacing="0">
<tr>
    <td align="left">
	<img src="../../images/folder.gif" align="absmiddle"><a href="information.php?page=<?=$page?>" class="link" style="text-decoration:none"><font class="normal_blue">หน้าหลัก</font></a>&nbsp;	
	<img src="../../images/page.gif" width="18" height="18" align="absmiddle"><a href="information.php?action=edit&page=<?=$page?>&id=<?=$id?>" class="link" style="text-decoration:none"><font class="normal_blue">แก้ไขข้อมูลข่าว</font></a>&nbsp;
	<img src="../../images/wb_4.jpg" align="absmiddle">&nbsp;<a href="information.php?action=view&page=<?=$page?>&id=<?=$id?>" class="link" style="text-decoration:none"><font class="normal_blue">ดูหน้าตัวอย่าง</font></a>	</td>
</tr>
<tr><td>&nbsp;</td></tr>
</table>
<table width="600" border="0" align="center" cellpadding="0" cellspacing="0">
<tr>
    <td width="24"><img src="../../images/status_01.jpg" width="24" height="23"></td>
    <td height="23" colspan="2" background="../../images/status_02.jpg" class="normal_blue"><img src="../../images/status_02.jpg" width="9" height="23" align="absmiddle"><b>Image Property&nbsp;<font color="#FF0000">:</font><font color="#FF9900">.</font></b></td>
    <td width="24"><img src="../../images/status_03.jpg" width="24" height="23"></td>
</tr>
<tr>
    <td rowspan="2" background="../../images/status_05.jpg"><img src="../../images/status_05.jpg" width="24" height="8"></td>
    <td colspan="2" class="normal" height="225" width="551" align="center"><?=$image_view?></td>
    <td rowspan="2" background="../../images/status_04.jpg"><img src="../../images/status_04.jpg" width="24" height="10"></td>
</tr>
<tr>
  <td colspan="2" class="normal" height="25" align="right"><font class="normal_blue">รายละเอียดของภาำพ</font> </b>:</b> ขนาด <?=$img_size[0]?> x <?=$img_size[1]?> <b>:</b> ลบภาพนี้ <a href="<?=$PHP_SELF?>?action=del&id=<?=$id?>&page=<?=$page?>&pid=<?=$rs[pid]?>" style="text-decoration:none"  onClick="return confirm('Are you sure to delete this Image ?')"> <img src="../../images/delete.jpg" width="15" height="15" align="absmiddle" border="0"></a>&nbsp;</td>
</tr>
<tr>
    <td><img src="../../images/status_06.jpg" width="24" height="27"></td>
    <td height="27" colspan="2" background="../../images/status_07.jpg"><img src="../../images/status_07.jpg" width="10" height="27"></td>
    <td><img src="../../images/status_08.jpg" width="24" height="27"></td>
</tr>
</table>
<? }} ?>
<form action="<?=$PHP_SELF?>" name="post" method="post" enctype="multipart/form-data" onSubmit="return check();">
<table width="600" border="0" align="center" cellpadding="0" cellspacing="0">
<tr>
    <td width="24"><img src="../../images/status_01.jpg" width="24" height="23"></td>
    <td height="23" colspan="2" background="../../images/status_02.jpg" class="normal_blue"><img src="../../images/status_02.jpg" width="9" height="23" align="absmiddle">&nbsp;<b>Image Uploading System &nbsp;<font color="#FF0000">:</font><font color="#FF9900">.</font></b></td>
    <td width="24"><img src="../../images/status_03.jpg" width="24" height="23"></td>
</tr>
<tr>
    <td rowspan="7" background="../../images/status_05.jpg"><img src="../../images/status_05.jpg" width="24" height="8"></td>
    <td height="20" colspan="2" class="normal">&nbsp;<img src="../../images/cam.gif" width="15" height="15" align="absmiddle">&nbsp;เลือกรูปที่อยุ่ในเครื่องของท่านเพื่อทำการ <font class="blue">upload</font> สู่ระบบครับ</td>
    <td rowspan="7" background="../../images/status_04.jpg"><img src="../../images/status_04.jpg" width="24" height="10"></td>
</tr>
<tr>
</tr>
<tr>
    <td colspan="2" class="normal" align="center">
	<input type="radio" name="show" value="1" id="rad1" style="border:0px;" <? if ($rs[show_pic] == 1){ echo "checked"; } ?>><label for="rad1">แสดงผลรูปในหน้าแรก</label> 
	  &nbsp;<input name="show" type="radio" value="0" id="rad2" style="border:0px;" <? if ($rs[show_pic] == 0){ echo "checked"; } ?>><label for="rad2">ไม่แสดงผลในหน้าแรก</label>
      <font class="blue">(รูปที่แสดงผลในหน้าแรกมีความกว้าง 100 x 70 pixal)</font></td>
</tr>
<tr>
    <td height="20" align="right" class="blue">เลือกจัดการข้อมูลรูปภาพ&nbsp;<b class="normal_black">:</b>&nbsp;</td>
    <td height="20">&nbsp;<img src="../../images/arrow-d.gif" border="0" align="absmiddle">&nbsp;<select name="submenu" onChange="jump()" style="width:200px;" class="input">
<?
	$sresult = mysql_query("select pid from `news_pic` where nid='$id'")or die("Query line " . __LINE__ . " error<hr>".mysql_error());
	$i = 0;
	while($srs = mysql_fetch_array($sresult, MYSQL_ASSOC))
	{
			$i = $i + 1;
			if($pid == $srs[pid]){ $selected = "selected"; }else{ $selected = ""; }
			echo "<option value=\"".$PHP_SELF."?id=$id&page=$page&pid=".$srs[pid]."\" class=\"normal_black\" $selected>แก้ไขภาพที่ $i</option>";			
	}		
	$mresult = mysql_query("select MAX(pid) as nextp from `news_pic` where nid='$id'")or die("Query line " . __LINE__ . " error<hr>".mysql_error());
	$mrs = mysql_fetch_assoc($mresult);
	if($action == "n"){ $selected = "selected"; }else{ $selected = ""; }
	echo "<option value=\"".$PHP_SELF."?id=$id&page=$page&pid=".($mrs[nextp] + 1)."&action=n\" class=\"blue\" $selected>เพิ่มภาพที่ ".($i + 1)."</option>";
?>  
	</select>	</td>
</tr>  
<tr>
    <td width="155" height="20" align="right" class="blue"><div>เลือกภาพ&nbsp;<b class="normal_black">:</b>&nbsp;</div></td>
    <td width="397" >&nbsp;<img src="../../images/arrow-d.gif" border="0" align="absmiddle">&nbsp;<input name="file" type="file" class="input" style="width:263;"></td>
</tr>
<tr>
    <td colspan="2" class="blue"><input type="hidden" name="id" value="<?=$id?>"><input type="hidden" name="page" value="<?=$page?>"><input type="hidden" name="pid" value="<?=$pid?>"></td>
</tr>
<tr>
    <td height="20" colspan="2" align="center"><input name="submit" type="submit" value="Upload Image" class="input" style="width:90px;">&nbsp;<input name="button" type="button" class="input" style="width:90;" onClick="window.location.replace('information.php?page=1&type=1');" value="ยกเลิก"></td>
</tr>
<tr>
    <td><img src="../../images/status_06.jpg" width="24" height="27"></td>
    <td height="27" colspan="2" background="../../images/status_07.jpg"><img src="../../images/status_07.jpg" width="10" height="27"></td>
    <td><img src="../../images/status_08.jpg" width="24" height="27"></td>
</tr>
</table>
<script language="javascript">
function check(){
if(document.post.file.value.length==0){
alert("โปรดระบุ file ที่จะทำการ upload");
document.post.file.focus();
return false;
} 		    
return true;
}	
</script>
</form>
<!-- -------------------------------------------End Main Body -->	</td>
  	</tr>
  	<tr>
	<td colspan="2" bgcolor="#eeeeee">&nbsp;</td>
	</tr>
	</table>

</td></tr>
</table>
</td></tr>
</table>
	</div>
	</td>
</tr>
</table>
</body>
</html>

Anon7 - 2021