403Webshell
Server IP : 61.19.30.66  /  Your IP : 216.73.216.59
Web Server : Apache/2.2.22 (Ubuntu)
System : Linux klw 3.11.0-15-generic #25~precise1-Ubuntu SMP Thu Jan 30 17:39:31 UTC 2014 x86_64
User : www-data ( 33)
PHP Version : 5.3.10-1ubuntu3.48
Disable Function : pcntl_alarm,pcntl_fork,pcntl_waitpid,pcntl_wait,pcntl_wifexited,pcntl_wifstopped,pcntl_wifsignaled,pcntl_wexitstatus,pcntl_wtermsig,pcntl_wstopsig,pcntl_signal,pcntl_signal_dispatch,pcntl_get_last_error,pcntl_strerror,pcntl_sigprocmask,pcntl_sigwaitinfo,pcntl_sigtimedwait,pcntl_exec,pcntl_getpriority,pcntl_setpriority,
MySQL : ON  |  cURL : OFF  |  WGET : ON  |  Perl : ON  |  Python : ON  |  Sudo : ON  |  Pkexec : OFF
Directory :  /var/www/gpa/

Upload File :
current_dir [ Writeable ] document_root [ Writeable ]

 

Command :

[ Back ]     

Current File : /var/www/gpa//ordinal.php
<?
require_once "config/teacher.php";
require_once "head.php";

?>

<html>
<head>
<meta http-equiv=Content-Type content="text/html; charset=tis-620">

<title>ฝ่ายบริหารงานวิชาการ</title>

</head>
<?
$regisroom=$objResult["regisroom"];
$teach1=$objResult["teachcode"];
$class=$objResult["regisroom"];
$idt=$objResult["idt"];

?>

<body>
<?
require_once "config/connectdb.php";
//require_once "config/connectdb2.php";



$year=date(" Y ")+542; 
//*** Update Condition ***//
if($_GET["Action"] == "Save")
{
	for($i=1;$i<=$_POST["hdnLine"];$i++)
	{
		$strSQL = "UPDATE klw SET ";
		//$strSQL .="Password = '".$_POST["txtpin$i"]."' ";
		$strSQL .="ordinal = '".$_POST["txtactivity$i"]."' ";
		$strSQL .="WHERE UserID = '".$_POST["hdnid$i"]."' ";
		$objQuery = mysql_query($strSQL);
	}


echo "รอสักครู Deleted.";
echo "<script>window.alert(\"บันทึกข้อมูลเรียบแล้วครับ\");history.go (-2);</script>";
	//header("location:$_SERVER[PHP_SELF]");
	//exit();
}
$strSQL = "SELECT * FROM klw where cllass='$regisroom' and room='$_GET[id]' order by sex asc,Username asc ";
$objQuery = mysql_query($strSQL) or die ("Error Query [".$strSQL."]");
$i = 1;

?>
<table width="773" border="0" align="center" cellpadding="0" cellspacing="0">
                <tr> 
                  <td width="198"><a href="admin_page.php"><font color="#FF0000" size="2">หน้าหลัก</font></a> &nbsp;&nbsp;  <a href=editcllass.php?id=<? echo "$idt"; ?>><font size="+1">เปลี่ยนชั้น .<? echo "$class"; ?></a>
				  
                    </table></td>
                </tr>
              </table>
<form name="frmMain" method="post" action="ordinal.php?Action=Save">
<table  width="100%" border="0" bgcolor="#999999">  
  <tr bgcolor="#FFFFFF">
    <th width="10"> <div align="center"></div></th>
	 <th width="10"> <div align="center">#</div></th>
    <th width="10"> <div align="center">เลขประจำตัว</div></th>
   	<th width="10"> <div align="center">ชื่อ - นามสกุล</div></th>

	<th width="10"> <div align="center">เลขที่เดิม</div></th>
	
    <th width="10"> <div align="center">เลขที่ใหม่</div></th>

	<th width="10"> <div align="center">pin</div></th>
	<th width="10"> <div align="center">pinx</div></th>
	<th width="10"> <div align="center">pinxx</div></th>
	<th width="10"> <div align="center">namee</div></th>

  </tr>
<?
$i =0;
while($objResult = mysql_fetch_array($objQuery))
{
if($bg == "#EEEEEE") { //ส่วนของการ สลับสี 
$bg = "#FFFFFF";
} else {
$bg = "#EEEEEE";
}

$Username=$objResult["Username"];
$Name=$objResult["Name"];
$surname=$objResult["surname"];
$room=$objResult["ordinal"];
$activity=$objResult["activity"];
$pin=$objResult["Password"];


	$i = $i + 1;
?>
  <tr bgcolor="<?=$bg?>">
    <td><div align="center">
	<input type="hidden" name="hdnid<?=$i;?>" size="5" value="<?=$objResult["UserID"];?>">
	 <td><?=$i?></td>
	
	</div></td>
    <td><? echo $Username; ?></td>
	

<td><? echo $Name; ?> &nbsp;&nbsp;  <? echo $surname; ?></td>
<td><a href="ordinal.php?id=<? echo $room; ?>"><? echo $room; ?></td>




<td>

<input type="text" name="txtactivity<?=$i;?>" value="<?=$i?>">


</td>

<td>
<?

				$crsql="SELECT (pin) FROM `member4`
				WHERE name='$Name' and surname='$surname'";
				$slr=mysql_query($crsql) or die(mysql_error()."<br>".$crsql);
				$dcrd = mysql_fetch_array($slr);
				$pindata=$dcrd[0];


				$crsql="SELECT (name) FROM `member4`
				WHERE name='$Name' and surname='$surname'";
				$slr=mysql_query($crsql) or die(mysql_error()."<br>".$crsql);
				$dcrd = mysql_fetch_array($slr);
				$nam=$dcrd[0];


				$crsql="SELECT (surname) FROM `member4`
				WHERE name='$Name' and surname='$surname'";
				$slr=mysql_query($crsql) or die(mysql_error()."<br>".$crsql);
				$dcrd = mysql_fetch_array($slr);
				$nams=$dcrd[0];

				

 ?>

<input type="text" name="txtpin<?=$i;?>" value="<?=$pindata?>">


</td>


<td><? echo $pin; ?> </td>
<td><? echo $pindata; ?> </td>
<td><? echo $nam; ?>/ <? echo $nams; ?></td>

  </tr>
<?
	  $i = $i;
  }
  ?>
</table>
  <input type="submit" name="submit" value="บันทึก">
  <input type="hidden" name="hdnLine" value="<?=$i;?>">
  
</form>
</body>
</html>

Youez - 2016 - github.com/yon3zu
LinuXploit