403Webshell
Server IP : 119.59.102.212  /  Your IP : 3.22.217.190
Web Server : Apache/2
System : Linux narin 2.6.32-042stab142.1 #1 SMP Tue Jan 28 23:44:17 MSK 2020 x86_64
User : yangkam ( 1022)
PHP Version : 5.6.40
Disable Function : exec,system,passthru,shell_exec,proc_close,proc_open,dl,popen,show_source,posix_kill,posix_mkfifo,posix_getpwuid,posix_setpgid,posix_setsid,posix_setuid,posix_setgid,posix_seteuid,posix_setegid,posix_uname
MySQL : ON  |  cURL : ON  |  WGET : OFF  |  Perl : OFF  |  Python : OFF  |  Sudo : OFF  |  Pkexec : OFF
Directory :  /home/yangkam/domains/yangkam.go.th/public_html/coremain/module/webboard/

Upload File :
current_dir [ Writeable ] document_root [ Writeable ]

 

Command :

[ Back ]     

Current File : /home/yangkam/domains/yangkam.go.th/public_html/coremain/module/webboard/show.php
<?php
session_start();
include ("../../function_import_request.php");
include('../../function_word_sencor.php');
include('../../function_msg.php');
include("../../../$_SESSION[web_name]/connect.php");
include('config.inc.php');
//import_request_variables('pG', 'p_');
//if($p_name_post!="")									{	     $name_post=trim($p_name_post);						}
//if($p_web_name!="")									{	     $web_name=trim($p_web_name);						}
echo"<link href='coremain/ccs/style.css' rel='stylesheet' type='text/css'>";
//if($_SESSION["web_name"]=="")    $_SESSION["web_name"]=$web_name;
//if($_SESSION["name_post"]=="")   $_SESSION["name_post"]="$name_post";
import_request_variables('pG', 'p_');
//#5.3#//if($p_re!="")							{	    $re=trim($p_re);				}
$re = isset($p_re) ? $p_re : '';
//#5.3#//if($p_evar!="")						{	    $evar=trim($p_evar);		}
$evar = isset($p_evar) ? $p_evar : '';
//#5.3#//if($p_No!="")							{	    $No=trim($p_No);				}
$No = isset($p_No) ? $p_No : '';
//#5.3#//if($p_del!="")							{	    $del=trim($p_del);				}
$del = isset($p_del) ? $p_del : '';
//#5.3#//if($p_num!="")						{	    $num=trim($p_num);		}
$num = isset($p_num) ? $p_num : '';
$_SESSION['root_path'] = '../../../';
?>

<fieldset>
  <legend align=left><font color='green'>กระดานสนทนา</font></legend>
  <br>
  <title>กระดานข่าว Webboard</title>
<?php
if($_SESSION['admin_web'] == "admin"){
  if ($del == "1") {
    $sql1 = "DELETE FROM cms_webboard_data WHERE No='$num'";
    $sql2 = "DELETE FROM cms_webboard_ans WHERE QuestionNo='$num'";
    $result1 = mysql_query($sql1);
    $result2 = mysql_query($sql2);
    echo "<br><br><br><center>ประเด็นได้ถูกลบแล้ว<br><br><br><br>";
?>
  <?php
    exit();
  }
  
  if ($del == "2") {
// ตรวจสอบดูว่ามีกระทู้เท่าไหร่และลบออก 1 เสมอ
    $sql = "SELECT Reply FROM `cms_webboard_data` WHERE No='$No'";
    $data_ch = mysql_query($sql);
    $data = mysql_fetch_array($data_ch);
    $ch_k = $data[0] + 0;
    if ($ch_k > 0) {
      $ch_ = $ch_k - 1;
      $sql = "UPDATE `cms_webboard_data` SET `Reply` = '$ch_' WHERE No='$No'";
      $data_ch = mysql_query($sql);
    }
// ลบกระทู้ย่อย
    $sql = "DELETE FROM cms_webboard_ans WHERE No='$num'";
    $result = mysql_query($sql);
  }
  
//  if ($re == "0") {
//    echo "<meta http-equiv='refresh' content='0; url='>";
//    $re = 1;
//  }
}

// ติดต่อ database เพื่ออ่านข้อมูล
$sql = "select * from cms_webboard_data where No='$No'";
$result = mysql_query($sql);
$NRow = mysql_num_rows($result);

if($NRow==0) { echo "Error"; exit(); }
$row = mysql_fetch_array($result);
// กำหนดค่าตัวแปร เพื่อนำไปแสดง
$Question = check_word_sencor($row["Question"]);
$Note = check_word_sencor($row["Note"]);
$Name = $row["Name"];
$Member = $row["Member"];
$Email = $row["Email"];
$Date = $row["Date"];
$Image = $row["Image"];

// ตรวจสอบรูปแบบการแสดง IP Address 
switch ($showIP) {
    case "ALL" : $IP = "(".$row["IP"].")"; break;
    case "BAN" : $IP = "(".substr($row["IP"],0,strrpos($row["IP"],".")).".*)"; break;
    case "NONE": $IP = ""; break;
    default : $IP = $row["IP"];
}

if($Member) {
    $sql = "select * from webboard_member where User='$Name'";
    $result = mysql_db_query($dbname,$sql);
    $NRow = mysql_num_rows($result);
    if($NRow==0) { echo "Error"; exit(); }

    $row = mysql_fetch_array($result);
    // กำหนดค่าตัวแปร เพื่อนำไปแสดง
    $ICQ = $row["ICQ"]; 
    $WebName = $row["WebName"];
    $URL = $row["URL"];
}
?>
<center>
  <!--// แสดงข้อมูลของประเด็น(กระทู้)-->
  <!--<table width=60% border=1 bordercolor='$datatm[line_title_table]' cellspacing=0 cellpadding=5>";>-->
  <table width=670 border=1  cellspacing=0 cellpadding=2 bordercolor='#000099'>
    <tr bgcolor='#eeeeee'>
      <td>
    <?php if ($_SESSION['admin_web'] == "admin") { ?>
        <!--<a href='show.php?num=<?php //echo $No ?>&del=1' onclick='return goURL1();'><img src='coremain/module/webboard/img/delete.gif' border=0></a>-->
        <a href="javascript:void(0);" class="btn_delete_header" id="<?= $No ?>"><img src='coremain/module/webboard/img/delete.gif' border=0></a>
    <?php } ?>
        <font class=Menu1><b><?php echo $Question ?></b></font>
      </td>
    </tr>
    <tr>
      <td>
        <br>
        <table border=0 width=590 align=center>
          <tr><td><?php echo $Note ?></td></tr>
        </table>
        <br>
      </td>
    </tr>
    <tr>
      <td>
        <table border=0 align=center width=100% bgcolor='#eeeeee'>
          <tr>
            <td align=left></td>
            <td align=right>โดยคุณ <?php echo $Name.' '.$Email.' '.$IP.' ['.$Date.']' ?></td>
          </tr>
        </table>
      </td>
    </tr>
  </table>
  <br>

<?php
	// ส่วนแสดงคำตอบของประเด็น(กระทู้)
	$sql = "select * from cms_webboard_ans where QuestionNo='$No' order by No desc"; 
	$result = mysql_query($sql);
	$NRow = mysql_num_rows($result);

	if($order=="ASC") $i = 1; else $i = $NRow; 

	if($result==0) { 
		echo "<b>Error</b>"; 
		exit();
	} 

	// วนลูปแสดงข้อมูลที่อ่านได้
	while ($row = mysql_fetch_array($result)) {

		// กำหนดค่าตัวแปร เพื่อนำไปแสดง
		$QuestionNo = $row["No"];
		$Name = $row["Name"];
		$Member = $row["Member"];
		$Email = $row["Email"];
		$Msg = $row["Msg"];
		$Date = $row["Date"];
		$Image = $row["Image"];
		
		// ตรวจสอบรูปแบบการแสดง IP Address 
		switch ($showIP) {
          case "ALL" : $IP = "(".$row["IP"].")"; break;
          case "BAN" : $IP = "(".substr($row["IP"],0,strrpos($row["IP"],".")).".*)"; break;
          case "NONE": $IP = ""; break;
          default : $IP = $row["IP"];
		}
      ?>
    <table width=670 border=1  cellspacing=0 cellpadding=2>
      <tr bgcolor='#ffffff'>
        <td>
          <table border=0 width=660>
            <tr>
              <td>
                <font class=Menu face='MS Sans Serif'>
                <?php if($_SESSION['admin_web']=="admin"){ ?>
                  <!--<a href='show.php?num=<?php //echo $QuestionNo ?>&del=2&No=<?php //echo $No ?>' onclick='return goURL2();'><img src='coremain/module/webboard/img/delete.gif' border=0></a>-->
                  <a href="javascript:void(0);" class="btn_delete_reply" id="<?php echo $QuestionNo.'#@#'.$No ?>"><img src="coremain/module/webboard/img/delete.gif" /></a>
                <?php } ?> โดยคุณ <b><?php echo $Name ?></b> <?php echo $Email.' '.$IP.' ['.$Date.']  ('.$i.'/'.$NRow.')' ?>
                </font>
              </td>
              <td align=right>
            <?php 
			if($Member){
              if(isset($ICQ) && $ICQ != '') { ?>
                <img src="http://online.mirabilis.com/scripts/online.dll?icq=<?php echo $ICQ ?>&img=<?php echo $ICQ_Image_Type ?>.online.gif" alt='ICQ - $ICQ'>
              <?php }
			} ?>
              </td>
            </tr>
          </table>
          
          <table border=0 width=590 align=center>
            <tr>
              <td>&nbsp; &nbsp; &nbsp;<?php echo $Msg;//check_word_sencor($Msg); ?></td>
            </tr>
          </table>
        </td>
      </tr>
    </table>
    <br>
  <?php
      if($order=="ASC") $i++; else $i--;
	}

//  ไม่ใช่กระเบื้องใหญ่
if($_SESSION['web_name']!="krabuangyai"){
?>
  <!--<form method=post action='../webboard/reply.php?No=<?php //echo $No ?>' name='add' onsubmit='return checkadd()'>-->
  <form id="fm_add" name="add">
    <table width=670 border=1  cellspacing=0 cellpadding=2 style="border-collapse: collapse;">
      <tr bgcolor=<?php echo $_SESSION['tb_head_bgcolor'] ?>>
        <td align=center>
          <font class=Menu1 color=000000><b>ขอเชิญร่วมตอบประเด็น</b></font>
        </td>
      </tr>
      <tr>
        <td>
          <table border=0>
            <?php text_editor('456', '200', 'ความคิดเห็น'); ?>
            <tr>
              <td><img src='coremain/images/marker.gif'> <b>โดย</b></td>
              <td><input style="width: 100%;" type=text name='MsgBy' maxlength='100' value=''></td>
            </tr>
            <tr>
              <td><img src='coremain/images/marker.gif'> <b>อีเมล์</b></td>
              <td><input type=text name='Email' maxlength=100 style="width: 100%;" value='<?php echo isset($_SESSION['name_email']) ? $_SESSION['name_email'] : '' ?>'></td>
            </tr>
            <tr>
              <td><img src='coremain/images/marker.gif'> <b>รหัสลับ</b></td>
              <td><img src='coremain/module/webboard/login1_image.php' align='center' title='ป้อนตามที่เห็นในภาพ'></td>
            </tr>
            <tr>
              <td><img src='coremain/images/marker.gif'> <b>ป้อนรหัสลับ</b></td>
              <td><input name='from_pic'>&nbsp;<img src='coremain/images/bu.gif' title='ป้อนรหัสลับตามที่ปรากฏ' onmouseover=this.style.cursor='hand'></td>
            </tr>
          </table>
        </td>
      </tr>
    </table>
    <br>

    <?php button_text('ตอบประเด็น', 'btn_webboard_reply', 0, 'btn_webboard_reply'); ?>
    <!--<input type=submit value='ตอบประเด็น' name='submit' onmouseover=this.style.cursor='hand'>-->
    <!--&nbsp;&nbsp;<input type=button value='  ปิดหน้านี้  ' onclick='window.close()' name='submit' onmouseover=this.style.cursor='hand'>-->
  </form>
<?php
}
// สำหรับกระเบื้องใหญ่ที่เป็น admin เท่านั้นที่ตอบกระทู้ได้
else{
  if($_SESSION['admin_web']=="admin"){
?>
  <!--<form method=post action='../webboard/reply.php?No=<?php //echo $No ?>' name='add' onsubmit='return checkadd()'>-->
  <form id="fm_add" name="add">
    <table width=670 border=1  cellspacing=0 cellpadding=2>
      <tr bgcolor=<?php echo $_SESSION['tb_head_bgcolor'] ?>>
        <td align=center>
          <font class=Menu1 color=000000><b>ขอเชิญร่วมตอบประเด็น</b></font>
        </td>
      </tr>
      <tr>
        <td>
          <table border=0>
            <?php text_editor('456', '250', 'ความคิดเห็น'); ?>
            <tr>
              <td>โดย</td>
              <td><input size=74 type=text name='MsgBy' maxlength='100' value=''></td>
            </tr>
            <tr>
              <td>อีเมล์</td>
              <td><input type=text name='Email' maxlength=100 size='74' value='<?php echo isset($_SESSION['name_email']) ? $_SESSION['name_email'] : '' ?>'></td>
            </tr>
            <tr>
              <td>รหัสลับ</td>
              <td><img src='coremain/module/webboard/login1_image.php' align='center' title='ป้อนตามที่เห็นในภาพ'></td>
            </tr>
            <tr>
              <td>ป้อนรหัสลับ</td>
              <td><input name='from_pic'>&nbsp;<img src='coremain/images/bu.gif' title='ป้อนรหัสลับตามที่ปรากฏ' onmouseover=this.style.cursor='hand'></td>
            </tr>
          </table>
        </td>
      </tr>
    </table>
    <br>

    <?php button_text('ตอบประเด็น', 'btn_webboard_reply', 0, 'btn_webboard_reply'); ?>
    <!--<input type=submit value='ตอบประเด็น' name='submit' onmouseover=this.style.cursor='hand'>-->
    <!--&nbsp;&nbsp;<input type=button value='  ปิดหน้านี้  ' onclick='window.close()' name='submit' onmouseover=this.style.cursor='hand'>-->
  </form>
<?php }
}
?>
</center>
</fieldset>

<link href="coremain/ccs/style.css" rel="stylesheet" type="text/css"></head>

<script language="javascript">
  function checkadd() {
    if(document.add.from_pic.value=="") {
      alert("กรุณากรอก รหัสลับ!") ;
      document.add.from_pic.focus() ;
      return false ;
    }else 
    return true ;
  }
  
  $('#btn_webboard_reply').click(function(){
    if(checkadd()){
      var arrayData = $('#fm_add').serializeArray();
      var row = [
          { name: 'No', value: '<?php echo $No ?>' }
      ];
      arrayData = arrayData.concat(row);
      var getTextArea = getTextEditData('#fm_add');
      arrayData = arrayData.concat(getTextArea);

      $.ajax({
          type: 'post',
          url: 'coremain/module/webboard/reply.php',
          data: {formData: arrayData},
          success: function(result){
            if(result == 'OK'){
              webboard_show(row);
            }else{
              alert(result);
              webboard_show(row);
            }
          }
      });
    }
  });
  
  $('.btn_delete_reply').click(function(){
    if(goURL2()){
      var arr = $(this).attr('id').split('#@#');
      var arrData = [
        { name: 'num', value: arr[0] },
        { name: 'del', value: 2 },
        { name: 'No', value: arr[1] }
      ];
      webboard_show(arrData);
    }
  });
  $('.btn_delete_header').click(function(){
    if(goURL1()){
      var num = $(this).attr('id');
      var arrData = [
        { name: 'num', value: num },
        { name: 'del', value: 1 }
      ];
      webboard_show(arrData);
    }
  });
  
  function webboard_show(arrData){
    $.ajax({
      type: 'post',
      url: 'coremain/module/webboard/show.php',
      data: arrData,
      success: function(result){
        $('#dialog-popup').html(result);
      }
    });
  }
  
  
  
  function goURL1() {
    var blnLink
    blnLink = confirm("Click OK เพื่อยืนยันการลบหัวข้อกระทู้ !")
    if (!blnLink) { return false; }
    return true;
  }

  function goURL2() {
    var blnLink
    blnLink = confirm("Click OK เพื่อยืนยันการลบคำตอบของกระทู้ !")
    if (!blnLink) { return false; }
    return true;
  }
</script>

Youez - 2016 - github.com/yon3zu
LinuXploit