403Webshell
Server IP : 119.59.102.212  /  Your IP : 3.133.157.170
Web Server : Apache/2
System : Linux narin 2.6.32-042stab142.1 #1 SMP Tue Jan 28 23:44:17 MSK 2020 x86_64
User : yangkam ( 1022)
PHP Version : 5.6.40
Disable Function : exec,system,passthru,shell_exec,proc_close,proc_open,dl,popen,show_source,posix_kill,posix_mkfifo,posix_getpwuid,posix_setpgid,posix_setsid,posix_setuid,posix_setgid,posix_seteuid,posix_setegid,posix_uname
MySQL : ON  |  cURL : ON  |  WGET : OFF  |  Perl : OFF  |  Python : OFF  |  Sudo : OFF  |  Pkexec : OFF
Directory :  /home/yangkam/domains/yangkam.go.th/public_html/coremain/module/move/

Upload File :
current_dir [ Writeable ] document_root [ Writeable ]

 

Command :

[ Back ]     

Current File : /home/yangkam/domains/yangkam.go.th/public_html/coremain/module/move/show.php
<?php
session_start();
import_request_variables('pG', 'p_');
if($p_name_post!="")									{	     $name_post=trim($p_name_post);						}
if($p_web_name!="")									{	     $web_name=trim($p_web_name);						}

echo"<link href='../../ccs/style.css' rel='stylesheet' type='text/css'>";
if($_SESSION["web_name"]=="")    $_SESSION["web_name"]=$web_name;
if($_SESSION["name_post"]=="")   $_SESSION["name_post"]="$name_post";

echo"<table width='97%' border='0' cellpadding='0' cellspacing='0' align=center><tr><td>";
echo "<fieldset><legend align=left><font color='green'>กระดานสนทนา</font></legend><br>";
include('../../../coremain/connec_out.php');


echo"<title>กระดานข่าว Webboard</title>";

import_request_variables('pG', 'p_');
if($p_re!="")							{	    $re=trim($p_re);				}
if($p_evar!="")						{	    $evar=trim($p_evar);		}
if($p_No!="")							{	    $No=trim($p_No);				}
if($p_del!="")							{	    $del=trim($p_del);				}
if($p_num!="")						{	    $num=trim($p_num);		}
if($_SESSION['admin_web']=="admin"){
if($del=="1")
	{
		$sql1 = "DELETE FROM cms_webboard_data WHERE No='$num'";
		$sql2 = "DELETE FROM cms_webboard_ans WHERE QuestionNo='$num'";
    	$result1=mysql_query($sql1);
    	$result2=mysql_query($sql2);
		echo "<br><br><br><center>ประเด็นได้ถูกลบแล้ว<br><br>";
?>
			<script language="JavaScript"> 
				window.opener.location.href='../../../index.php?mod=move&path=move';
				window.close();
			</script>
<?	}
if($del=="2")
{
// ตรวจสอบดูว่ามีกระทู้เท่าไหร่และลบออก 1 เสมอ
$sql="SELECT Reply FROM `cms_webboard_data` WHERE No='$No'";
$data_ch=mysql_query($sql);
$data=mysql_fetch_array($data_ch);
$ch_k=$data[0]+0;
		if($ch_k>0){
			$ch_=$ch_k-1;
			$sql="UPDATE `cms_webboard_data` SET `Reply` = '$ch_' WHERE No='$No'";
			$data_ch=mysql_query($sql);
		}
// ลบกระทู้ย่อย
$sql = "DELETE FROM cms_webboard_ans WHERE No='$num'";
$result=mysql_query($sql);
}

if($re=="0")
{
	echo "<meta http-equiv='refresh' content='0; url='>" ;
	$re=1;
}
}
echo"<center>";
	// ติดต่อ database เพื่ออ่านข้อมูล
	$sql = "select * from cms_webboard_data where No='$No'";
	$result = mysql_query($sql);
	$NRow = mysql_num_rows($result);
	
	if($NRow==0) { echo "Error"; exit(); }
	$row = mysql_fetch_array($result);
	// กำหนดค่าตัวแปร เพื่อนำไปแสดง
	$Question = ($row["Question"]);
	$Note = ($row["Note"]);
	$Name = $row["Name"];
	$Member = $row["Member"];
	$Email = $row["Email"];
	$Date = $row["Date"];
	$Image = $row["Image"];

	// ตรวจสอบรูปแบบการแสดง IP Address 
	switch ($showIP) {
		case "ALL" : $IP = "(".$row["IP"].")"; break;
		case "BAN" : $IP = "(".substr($row["IP"],0,strrpos($row["IP"],".")).".*)"; break;
		case "NONE": $IP = ""; break;
		default : $IP = $row["IP"];
	}

	if($Member) {
		$sql = "select * from webboard_member where User='$Name'";
		$result = mysql_db_query($dbname,$sql);
		$NRow = mysql_num_rows($result);
		if($NRow==0) { echo "Error"; exit(); }

		$row = mysql_fetch_array($result);
		// กำหนดค่าตัวแปร เพื่อนำไปแสดง
		$ICQ = $row["ICQ"]; 
		$WebName = $row["WebName"];
		$URL = $row["URL"];
	}

	// แสดงข้อมูลของประเด็น(กระทู้)
	//echo "<table width=60% border=1 bordercolor='$datatm[line_title_table]' cellspacing=0 cellpadding=5>";
		echo "<table width=670 border=1  cellspacing=0 cellpadding=2 bordercolor='#000099'>\n";
		echo "<tr bgcolor='#eeeeee'>\n";
	echo "<td>";
if($_SESSION['admin_web']=="admin"){

	echo"<a href='show.php?num=$No&del=1' onclick='return goURL1();'><img src='img/delete.gif' border=0></a> \n";
	}
	echo "\t<font class=Menu1><b>$Question</b></font>\n";
	echo "</td></tr>\n";

	echo "<tr><td>\n";
	echo "<br>\n";
		echo "\t<table border=0 width=590 align=center>\n";
		echo "\t<tr><td>\n";

		echo "$Note";
		echo "\t</td></tr>\n";
		echo "\t</table>\n";
		echo "<br>\n";
		echo "</td></tr>\n";

	echo "<tr><td>\n";
		echo "\t<table border=0 align=center width=100% bgcolor='#eeeeee'>\n";
		echo "\t<tr ><td align=left>\n";
		echo "\t</td>\n";
		echo "\t<td align=right>\n";


						
			echo "\t\tโดยคุณ $Name $Email\n";

		echo "\t\t$IP\n";
		echo "\t\t[$Date]\n";
		echo "\t</font></td></tr>\n";
		echo "\t</table>\n";

	echo "</td></tr>\n";
	echo "</table>\n";
?>


<br>

<?
	// ส่วนแสดงคำตอบของประเด็น(กระทู้)
	$sql = "select * from cms_webboard_ans where QuestionNo='$No' order by No desc"; 
	$result = mysql_query($sql);
	$NRow = mysql_num_rows($result);

	if($order=="ASC") $i = 1; else $i = $NRow; 

	if($result==0) { 
		echo "<b>Error</b>"; 
		exit();
	} 

	// วนลูปแสดงข้อมูลที่อ่านได้
	while ($row = mysql_fetch_array($result)) {

		// กำหนดค่าตัวแปร เพื่อนำไปแสดง
		$QuestionNo = $row["No"];
		$Name = $row["Name"];
		$Member = $row["Member"];
		$Email = $row["Email"];
		$Msg = $row["Msg"];
		$Date = $row["Date"];
		$Image = $row["Image"];
		
		// ตรวจสอบรูปแบบการแสดง IP Address 
		switch ($showIP) {
		case "ALL" : $IP = "(".$row["IP"].")"; break;
		case "BAN" : $IP = "(".substr($row["IP"],0,strrpos($row["IP"],".")).".*)"; break;
		case "NONE": $IP = ""; break;
		default : $IP = $row["IP"];
		}


		echo "<table width=670 border=1  cellspacing=0 cellpadding=2>\n";
		echo "<tr bgcolor='#ffffff'><td>\n";

			echo "\t<table border=0 width=660>\n";
			echo "\t<tr><td>\n";
			echo "\t\t<font class=Menu face='MS Sans Serif'>\n";

if($_SESSION['admin_web']=="admin"){
		
				echo "<a href='show.php?num=$QuestionNo&del=2&No=$No' onclick='return goURL2();'><img src='img/delete.gif' border=0></a>";
	}
				echo "\t\tโดยคุณ <b>$Name</b> $Email\n";

			echo "\t\t$IP\n";
			echo "\t\t[$Date]  ($i/$NRow)\n";

			echo "\t\t</font>\n";
			echo "\t</td>\n";

			echo "\t<td align=right>\n";
			if($Member){

				if($ICQ) {
					echo "\t\t<img src=\"http://online.mirabilis.com/scripts/online.dll?icq=$ICQ&img=$ICQ_Image_Type"."online.gif\" alt='ICQ - $ICQ'>\n";
				}
			}
			echo "\t</td>\n";
			echo "\t</tr></table>\n";

			echo "\t<table border=0 width=590 align=center>\n";
			echo "\t<tr><td>\n";

			echo "\t\t&nbsp; &nbsp; &nbsp;";
			echo ($Msg);
			echo "\t</td></tr>\n";
			echo "\t</table>\n";

		echo "</td></tr>\n";
		echo "</table><br>";

		if($order=="ASC") $i++; else $i--;
	}

//  ไม่ใช่กระเบื้องใหญ่
if($_SESSION[web_name]!="krabuangyai"){
echo"<form method=post action='../move/reply.php?No=$No' name='add' onsubmit='return checkadd()'>"; 
		echo "<table width=670 border=1  cellspacing=0 cellpadding=2>\n";
		echo "<tr bgcolor=$datatm[bg_list_table]>\n";
echo"<td align=center>";
echo"  <font class=Menu1 color=000000><b>ขอเชิญร่วมตอบประเด็น</font></b>";
echo"</td></tr>";
echo"<tr><td><table border=0>";
echo"<tr>";
echo"  <td align=right valign=top>ความคิดเห็น</td>";
echo"  <td>";
				  include("../../../coremain/editor/fckeditor.php") ;
				  $oFCKeditor = new FCKeditor('evar') ;
				  $oFCKeditor->BasePath	= '../../../coremain/editor/';
				  $oFCKeditor->Value		= "$evar";
  				  $oFCKeditor->Width = '456';
				  $oFCKeditor->Height = '250';
				  $oFCKeditor->Create() ;
echo"</td>";
echo"</tr>";
echo"<tr>";
echo"  <td>โดย</td>";
echo"  <td><input size=74 type=text name='MsgBy' maxlength='100' value=''></td>";
echo"</tr>";

echo"<tr>";
echo"  <td>อีเมล์</td>";
echo"  <td><input type=text name='Email' maxlength=100 size='74' value='$_SESSION[name_email]'></td>";
echo"</tr>";
echo "							<tr> ";
echo "							  <td>รหัสลับ</td>";
echo "							  <td><img src='../../../coremain/module/webboard/login1_image.php' align='center' title='ป้อนตามที่เห็นในภาพ'></td>";
echo "							</tr> ";


echo "							<tr> ";
echo "							  <td>ป้อนรหัสลับ</td>";
echo "							  <td><input name='from_pic'>&nbsp;<img src='../../../coremain/images/bu.gif' title='ป้อนรหัสลับตามที่ปรากฏ' onmouseover=this.style.cursor='hand'></td>";
echo "							</tr> ";
echo "</table>";
echo"</td></tr>";
echo"  <td>";
echo"</tr>";
echo"</table>";

echo"<br>";


echo"<input type=submit value='ตอบประเด็น' name='submit' onmouseover=this.style.cursor='hand'>"; 
echo"&nbsp;&nbsp;<input type=button value='  ปิดหน้านี้  ' onclick='window.close()' name='submit' onmouseover=this.style.cursor='hand'> "; 
echo"</form>";
}
// สำหรับกระเบื้องใหญ่ที่เป็น admin เท่านั้นที่ตอบกระทู้ได้
else{
		if($_SESSION['admin_web']=="admin"){
				echo"<form method=post action='../move/reply.php?No=$No' name='add' onsubmit='return checkadd()'>"; 
						echo "<table width=670 border=1  cellspacing=0 cellpadding=2>\n";
						echo "<tr bgcolor=$datatm[bg_list_table]>\n";
				echo"<td align=center>";
				echo"  <font class=Menu1 color=000000><b>ขอเชิญร่วมตอบประเด็น</font></b>";
				echo"</td></tr>";
				echo"<tr><td><table border=0>";
				echo"<tr>";
				echo"  <td align=right valign=top>ความคิดเห็น</td>";
				echo"  <td>";
								  include("../../../coremain/editor/fckeditor.php") ;
								  $oFCKeditor = new FCKeditor('evar') ;
								  $oFCKeditor->BasePath	= '../../../coremain/editor/';
								  $oFCKeditor->Value		= "$evar";
								  $oFCKeditor->Width = '456';
								  $oFCKeditor->Height = '250';
								  $oFCKeditor->Create() ;
				echo"</td>";
				echo"</tr>";
				echo"<tr>";
				echo"  <td>โดย</td>";
				echo"  <td><input size=74 type=text name='MsgBy' maxlength='100' value=''></td>";
				echo"</tr>";

				echo"<tr>";
				echo"  <td>อีเมล์</td>";
				echo"  <td><input type=text name='Email' maxlength=100 size='74' value='$_SESSION[name_email]'></td>";
				echo"</tr>";
				echo "							<tr> ";
				echo "							  <td>รหัสลับ</td>";
				echo "							  <td><img src='../../../coremain/module/move/login1_image.php' align='center' title='ป้อนตามที่เห็นในภาพ'></td>";
				echo "							</tr> ";


				echo "							<tr> ";
				echo "							  <td>ป้อนรหัสลับ</td>";
				echo "							  <td><input name='from_pic'>&nbsp;<img src='../../../coremain/images/bu.gif' title='ป้อนรหัสลับตามที่ปรากฏ' onmouseover=this.style.cursor='hand'></td>";
				echo "							</tr> ";
				echo "</table>";
				echo"</td></tr>";
				echo"  <td>";
				echo"</tr>";
				echo"</table>";

				echo"<br>";


				echo"<input type=submit value='ตอบประเด็น' name='submit' onmouseover=this.style.cursor='hand'>"; 
				echo"&nbsp;&nbsp;<input type=button value='  ปิดหน้านี้  ' onclick='window.close()' name='submit' onmouseover=this.style.cursor='hand'> "; 
				echo"</form>";
				}
}

		mysql_close($handle_out);

?>
<link href="../ccs/style.css" rel="stylesheet" type="text/css"></head>

<script language="javascript">
function checkadd() {
if(document.add.from_pic.value=="") {
alert("กรุณากรอก รหัสลับ!") ;
document.add.from_pic.focus() ;
return false ;
}

else 
return true ;
}
</script>


<script language="JavaScript">
<!--
function goURL1() {
var blnLink
blnLink = confirm("Click OK เพื่อยืนยันการลบหัวข้อกระทู้ !")
if (!blnLink) { return false; }
return true;
}
<!--
function goURL2() {
var blnLink
blnLink = confirm("Click OK เพื่อยืนยันการลงคำตอบของกระทู้ !")
if (!blnLink) { return false; }
return true;
}
</script>

Youez - 2016 - github.com/yon3zu
LinuXploit