403Webshell
Server IP : 119.59.102.212  /  Your IP : 18.118.193.52
Web Server : Apache/2
System : Linux narin 2.6.32-042stab142.1 #1 SMP Tue Jan 28 23:44:17 MSK 2020 x86_64
User : yangkam ( 1022)
PHP Version : 5.6.40
Disable Function : exec,system,passthru,shell_exec,proc_close,proc_open,dl,popen,show_source,posix_kill,posix_mkfifo,posix_getpwuid,posix_setpgid,posix_setsid,posix_setuid,posix_setgid,posix_seteuid,posix_setegid,posix_uname
MySQL : ON  |  cURL : ON  |  WGET : OFF  |  Perl : OFF  |  Python : OFF  |  Sudo : OFF  |  Pkexec : OFF
Directory :  /home/yangkam/domains/yangkam.go.th/private_html/coremain/module/web/gallery/

Upload File :
current_dir [ Writeable ] document_root [ Writeable ]

 

Command :

[ Back ]     

Current File : /home/yangkam/domains/yangkam.go.th/private_html/coremain/module/web/gallery/gallery_update.php
<?php
// Status Package Module
$status_module=select_query("status_module","cms_status_module","id","18");
if($status_module[0]!=1)	{	
	fieldset_no_module();
}

$navig['gallery']="ภาพกิจกรรม";
$navig['gallery_add']="ภาพทั้งหมด";
navigator($navig);
echo "<br>";
bar_header("ภาพทั้งหมด");
fieldset_top("ภาพกิจกรรม");

import_request_variables('pG', 'p_');
include_once("coremain/module/gallery/class.upload.php");
if($p_g_type!="")													{	     $g_type=trim($p_g_type);									}
if($p_id_update!="")												{	     $id_update=trim($p_id_update);						}
if($p_yearthai1!="")												{	     $yearthai1=trim($p_yearthai1);							}
if($p_id_hide!="")													{	     $id_hide=trim($p_id_hide);									}
if($p_id_show!="")												{	     $id_show=trim($p_id_show);								}
if($p_id_del!="")													{		 $id_del=trim($p_id_del);										}
if($p_block!="")														{		 $block=trim($p_block);										}


//###################### สำหรับ Admin
if($_SESSION[admin_web]=="admin" or (id_top_permission("b"))){
// Hide - Show port_gallery_record
		if($id_hide!=""){
			$sql="UPDATE port_gallery_record SET status='0'  WHERE id_record='$id_hide'";
			mysql_query($sql);		
		}
		if($id_show!=""){
			$sql="UPDATE port_gallery_record SET status='1'  WHERE id_record='$id_show'";
			mysql_query($sql);
		}
// Delete port_gallery_record
		if($id_del!=""){
			// delete port_gallery_record
			$sql="SELECT pic FROM port_gallery_record WHERE id_record='$id_del'";
			$result=mysql_query($sql);
			while($data=mysql_fetch_array($result)){
					if($data[0]!="")		{			unlink("$_SESSION[web_name]/gallery/$data[0]");	 unlink("$_SESSION[web_name]/gallery/thumb/$data[0]");	}
			}
			$sql = "delete from port_gallery_record  where id_record='$id_del'";
			$result = mysql_query($sql);
		}

if($p_hiddata!="")							{  $hiddata=trim($p_hiddata);											}
$num = "'";
$hiddata = ereg_replace('"', $num, $hiddata);

// Update
if($hiddata!=""){
$sql="UPDATE `port_gallery_topic` SET fulltexts ='$hiddata' ,'en_fulltexts'='$hiddata2' WHERE id_topic='$id_update'";
$result=mysql_query($sql);
}

//  ################Upload Picture เพิ่มเติม #########################
if($p_upload_pic!="")						{	     $upload_pic=trim($p_upload_pic);		}
if($p_explain!="")								{	     $explain=trim($p_explain);					}
if($p_en_explain!="")								{	     $en_explain=trim($p_en_explain);					}
$userfile1_name=trim($_FILES['userfile1']['name']);
if($userfile1_name!=""){
		$strings1=substr($userfile1_name,-4);
			if($strings1!=".gif" and $strings1!=".jpg" and $strings1!=".GIF" and $strings1!=".JPG"){
					echo"<center><br>ชนิดไฟล์ไม่ถูกต้อง <br>ไฟล์ต้องมีนามสกุลเป็น .gif หรือ .jpg เท่านั้น<br><br>";
					echo"<a href='javascript:history.back()'><font color='ff0000'>[แก้ไขใหม่]</font></center></a>";
					exit;
			}
}
if($userfile1_name!="")
{
	     // กำหนดชื่อไฟล์ที่ upload ใหม่ ทั้งนี้เพื่อให้ ไฟล์ไม่ซ้ำกัน
		$sqlmax1="select max(id_record+1)  from port_gallery_record";
		$resultmax1=mysql_query($sqlmax1);
		$datamax1=mysql_fetch_row($resultmax1);
		$str  = "23456789abcdefghijkmnpqrstuvwxyz";
		$pic = substr(str_shuffle($str), 0, 5);
		// ชื่อไฟล์
		$strings=substr($userfile1_name,-4);
		$strings = strtolower($strings);
		$name1="pic$pic$datamax1[0]$strings";
		$dlink="gallery/".$name1;
/*		$temp_name=$_FILES['userfile1']['tmp_name'];
		if (is_uploaded_file($_FILES['userfile1']['tmp_name'])) {
		if(!move_uploaded_file($temp_name,$dlink)){						}					}*/
		$hup = new upload($_FILES['userfile1']);
		if($hup->uploaded){
			$hup->image_resize = true;
			$hup->image_y  = 400;
			$hup->image_x = 640;
			$hup->image_ratio = true;
			$hup->image_ratio_no_zoom_in = true;
			$hup->jpeg_quality = 95;
			$hup->file_new_name_body = "pic{$pic}{$datamax1[0]}";
			$hup->Process("$_SESSION[web_name]/gallery/");
			if($hup->processed){

			}else{
				//echo 'failed';
			}
			$hup->image_resize = true;
			$hup->image_y  = 100;
			$hup->image_x = 150;
			$hup->image_ratio = true;			
			$hup->jpeg_quality = 95;
			$hup->image_ratio_no_zoom_in = true;			
			$hup->file_new_name_body = "pic{$pic}{$datamax1[0]}";			
			$hup->Process("$_SESSION[web_name]/gallery/thumb/");
			if($hup->processed){
				//echo 'success2';
				chmod("$_SESSION[web_name]/gallery/thumb/{$name1}",0777);				
			}else{
				echo 'failed';
			}			
		}		
}
// ########### Add ข้อมูลลงใน Record
if($userfile1_name!=""){
		// หาค่า id สูงสุด + 1
		$sqlmax1="select max(id_record+1) from port_gallery_record";
		$resultmax1=mysql_query($sqlmax1);
		$datamax1=mysql_fetch_row($resultmax1);		if ($datamax1[0]=="")		{			$datamax1[0]="1";		}

		$sql = "INSERT INTO port_gallery_record values('$datamax1[0]','$id_update','$name1','$explain','$en_explain','1')";
		$result = mysql_query($sql) or die(mysql_error());
}
}

// ################################ภาพกิจกรรม ###################################
$sql="SELECT * FROM `port_gallery_topic`  WHERE  id_topic='$id_update'"; 
$result=mysql_query($sql);
$data = mysql_fetch_array($result);

echo "$data[fulltexts]";	


 // เพิ่มรูปภาพกิจกรรม 
if($_SESSION[admin_web]=="admin" or (id_top_permission("b"))){
echo"<form  action='index.php?id_update=$id_update&mod=gallery_update&path=gallery&id_hide=$data[id_record]&block=$block' method='post' enctype='multipart/form-data' name='add' id='add' onSubmit='return checkadd()'>";
echo"<table width='98%' border='0' align='center' cellpadding='1' cellspacing='1'>";
	echo"   <tr>";
	echo"     <td colspan='2' align='center'><b>Upload รูปเพิ่มเติม</b><br><br></td> ";
	echo"  </tr>";

	echo"   <tr>";
	echo"     <td width='22%' align=center><img src='coremain/images/marker.gif'>  <strong>Upload รูป</strong></td> ";
	echo"	 <td><input name='userfile1' type='file' size='40'> &nbsp; <img src='coremain/images/bu.gif' border='0' title='รูปควรมีขนาดประมาณ 400*300 Pixel' onmouseover=this.style.cursor='hand'>";
	echo"	</td> ";
	echo"  </tr>";
	
	echo"   <tr>";
	echo"     <td align=center><img src='coremain/images/marker.gif'> <strong> คำอธิบายรูป &nbsp;  &nbsp; </strong></td> ";
	echo"	 <td><input name='explain' type='text' size='40' >";
	echo "<INPUT TYPE='hidden' name='check_upload' value='1'>";
	echo"	</td> ";
	echo"  </tr>";	


	echo"<tr>  	";
	echo"	 <td colspan=2 align=center><br>       ";
	echo"<input type='submit' name='upload_pic' value='Upload รูป' onmouseover=this.style.cursor='hand'>";
	echo"</td>"; 
	echo"  </tr>";

echo "</table>";
echo "</form>";
 }

echo"<table width='97%' border='0' cellpadding='0' cellspacing='0' align=center>";
if($_SESSION[admin_web]=="admin" or (id_top_permission("b")))	$sql="SELECT * FROM `port_gallery_record`  WHERE  id_topic='$id_update'";
else															$sql="SELECT * FROM `port_gallery_record`  WHERE  id_topic='$id_update' and status='1'";
$result=mysql_query($sql);
$count=2;
while($data = mysql_fetch_array($result)){
$count++;   $mots=$count%3;
	//###################### คอลัมน์ที่ 1 ###############
	if($mots==0){
		echo "<tr>";
		echo "<td width=33% align=center>";
				 echo"<TABLE BORDER=0 CELLPADDING=0 CELLSPACING=0 align='center'>";
				 echo"     <TR> ";
				 echo"       <TD valign='top'> <IMG SRC='coremain/images/border/popup_border_01.gif' WIDTH=15 HEIGHT=15 ALT='' border='0'></TD>";
             echo"       <TD valign='top' background='coremain/images/border/popup_border_02.gif' border='0'></TD>";
            echo"        <TD valign='top'> <IMG SRC='coremain/images/border/popup_border_03.gif' WIDTH=17 HEIGHT=15 ALT='' border='0'></TD>";
             echo"     </TR>";
             echo"     <TR> ";
              echo"      <TD valign='top' background='coremain/images/border/popup_border_04.gif' border='0'> </TD>";
?>				 
<TD valign='top'><a href="#WIN" onClick="window.open('coremain/module/gallery/gallery_show.php?pic=<?php echo $data[pic];?>&web_name=<?php echo $_SESSION[dbname]?>&id_topic=<?echo $id_update;?>&id_record=<?echo $data[id_record]?>&id_top=<?echo $id_update;?>&folder=<?echo $_SESSION[web_name];?>','blah2','width=700,height=500,location=0,menubar=0,toolbar=0,scrollbars=yes,resizable=yes')"><img src='<?php echo "$_SESSION[web_name]/gallery/thumb/$data[pic]";?>' border='0'></a></TD>
<?php
				  echo"       <TD valign='top' background='coremain/images/border/popup_border_06.gif' border='0'></TD>";
            echo"      </TR>";

            echo"      <TR> ";
            echo"        <TD valign='top'> <IMG SRC='coremain/images/border/popup_border_07.gif' WIDTH=15 HEIGHT=16 ALT='' border='0'></TD>";
             echo"       <TD valign='top' background='coremain/images/border/popup_border_08.gif' border='0'> </TD>";
             echo"       <TD valign='top'> <IMG SRC='coremain/images/border/popup_border_09.gif' WIDTH=17 HEIGHT=16 ALT='' border='0'></TD>";
				 echo"      </TR>";
				 echo"  </TABLE>";
				 if($data[explain]!="")				
				 	 echo $data[explain];
					  else											
				 	 echo "&nbsp;";
				
if($_SESSION[admin_web]=="admin" or (id_top_permission("b"))){
			// show - hide
			if($data[status]=='1'){
				echo "<br><a href='index.php?id_update=$id_update&mod=gallery_update&path=gallery&id_hide=$data[id_record]&block=$block'><img src='coremain/images/show.gif' border='0' title='ซ่อน'></a>";	
			}else{	
				echo "<br><a href='index.php?id_update=$id_update&mod=gallery_update&path=gallery&id_show=$data[id_record]&block=$block'><img src='coremain/images/hide.gif' border='0' title='แสดง'></a>";
			}
			// delete
				echo " &nbsp;<a href='index.php?id_update=$id_update&mod=gallery_update&path=gallery&id_del=$data[id_record]&block=$block' onclick='return goURL();'><img src='coremain/images/del1.gif' border='0' title='ลบข้อมูล'></a>";	
}
		echo"</td>";
	}
	//###################### คอลัมน์ที่ 2 ###############	
	else if($mots==1){
		echo "<td width=33% align=center>";
				 echo"<TABLE BORDER=0 CELLPADDING=0 CELLSPACING=0 align='center'>";
				 echo"     <TR> ";
				 echo"       <TD valign='top'> <IMG SRC='coremain/images/border/popup_border_01.gif' WIDTH=15 HEIGHT=15 ALT='' border='0'></TD>";
             echo"       <TD valign='top' background='coremain/images/border/popup_border_02.gif' border='0'></TD>";
            echo"        <TD valign='top'> <IMG SRC='coremain/images/border/popup_border_03.gif' WIDTH=17 HEIGHT=15 ALT='' border='0'></TD>";
             echo"     </TR>";
             echo"     <TR> ";
              echo"      <TD valign='top' background='coremain/images/border/popup_border_04.gif' border='0'> </TD>";
?>				 
<TD valign='top'><a href="#WIN" onClick="window.open('coremain/module/gallery/gallery_show.php?pic=<?php echo $data[pic];?>&web_name=<?php echo $_SESSION[dbname];?>&id_top=<?echo $id_update;?>&folder=<?echo $_SESSION[web_name];?>','blah2','width=700,height=500,location=0,menubar=0,toolbar=0,scrollbars=yes,resizable=yes')"><img src='<?php echo "$_SESSION[web_name]/gallery/thumb/$data[pic]";?>' border='0'></a></TD>
<?php
				  echo"       <TD valign='top' background='coremain/images/border/popup_border_06.gif' border='0'></TD>";
            echo"      </TR>";

            echo"      <TR> ";
            echo"        <TD valign='top'> <IMG SRC='coremain/images/border/popup_border_07.gif' WIDTH=15 HEIGHT=16 ALT='' border='0'></TD>";
             echo"       <TD valign='top' background='coremain/images/border/popup_border_08.gif' border='0'> </TD>";
             echo"       <TD valign='top'> <IMG SRC='coremain/images/border/popup_border_09.gif' WIDTH=17 HEIGHT=16 ALT='' border='0'></TD>";
				 echo"      </TR>";
				 echo"  </TABLE>";
				 if($data[explain]!="")				
				 	 echo $data[explain];
					  else											
				 	 echo "&nbsp;";
// Admin
if($_SESSION[admin_web]=="admin" or (id_top_permission("b"))){
			// show - hide
			if($data[status]=='1'){
				echo "<br><a href='index.php?id_update=$id_update&mod=gallery_update&path=gallery&id_hide=$data[id_record]&block=$block'><img src='coremain/images/show.gif' border='0' title='ซ่อน'></a>";	
			}else{	
				echo "<br><a href='index.php?id_update=$id_update&mod=gallery_update&path=gallery&id_show=$data[id_record]&block=$block'><img src='coremain/images/hide.gif' border='0' title='แสดง'></a>";
			}
			// delete
				echo " &nbsp;<a href='index.php?id_update=$id_update&mod=gallery_update&path=gallery&id_del=$data[id_record]&block=$block' onclick='return goURL();'><img src='coremain/images/del1.gif' border='0' title='ลบข้อมูล'></a>";	
}
		echo"</td>";
	}
	//###################### คอลัมน์ที่ 3 ###############	
	else{
		echo "<td width=33% align=center>";
				 echo"<TABLE BORDER=0 CELLPADDING=0 CELLSPACING=0 align='center'>";
				 echo"     <TR> ";
			 echo"       <TD valign='top'> <IMG SRC='coremain/images/border/popup_border_01.gif' WIDTH=15 HEIGHT=15 ALT='' border='0'></TD>";
             echo"       <TD valign='top' background='coremain/images/border/popup_border_02.gif' border='0'></TD>";
            echo"        <TD valign='top'> <IMG SRC='coremain/images/border/popup_border_03.gif' WIDTH=17 HEIGHT=15 ALT='' border='0'></TD>";
             echo"     </TR>";
             echo"     <TR> ";
              echo"      <TD valign='top' background='coremain/images/border/popup_border_04.gif' border='0'> </TD>";
?>				 
<TD valign='top'><a href="#WIN" onClick="window.open('coremain/module/gallery/gallery_show.php?pic=<?php echo $data[pic];?>&web_name=<?php echo $_SESSION[dbname];?>&id_top=<?echo $id_update;?>&folder=<?echo $_SESSION[web_name];?>','blah2','width=700,height=500,location=0,menubar=0,toolbar=0,scrollbars=yes,resizable=yes')"><img src='<?php echo "$_SESSION[web_name]/gallery/thumb/$data[pic]";?>' border='0'></a></TD>
<?php
				  echo"       <TD valign='top' background='coremain/images/border/popup_border_06.gif' border='0'></TD>";
            echo"      </TR>";

            echo"      <TR> ";
            echo"        <TD valign='top'> <IMG SRC='coremain/images/border/popup_border_07.gif' WIDTH=15 HEIGHT=16 ALT='' border='0'></TD>";
             echo"       <TD valign='top' background='coremain/images/border/popup_border_08.gif' border='0'> </TD>";
             echo"       <TD valign='top'> <IMG SRC='coremain/images/border/popup_border_09.gif' WIDTH=17 HEIGHT=16 ALT='' border='0'></TD>";
				 echo"      </TR>";
				 echo"  </TABLE>";
				
				 if($data[explain]!="")				
				 	 echo $data[explain];
					  else											
				 	 echo "&nbsp;";
			
// Admin
if($_SESSION[admin_web]=="admin" or (id_top_permission("b"))){
			// show - hide
			if($data[status]=='1'){
				echo "<br><a href='index.php?id_update=$id_update&mod=gallery_update&path=gallery&id_hide=$data[id_record]&block=$block'><img src='coremain/images/show.gif' border='0' title='ซ่อน'></a>";	
			}else{	
				echo "<br><a href='index.php?id_update=$id_update&mod=gallery_update&path=gallery&id_show=$data[id_record]&block=$block'><img src='coremain/images/hide.gif' border='0' title='แสดง'></a>";
			}
			// delete
			echo " &nbsp;<a href='index.php?id_update=$id_update&mod=gallery_update&path=gallery&id_del=$data[id_record]&block=$block' onclick='return goURL();'><img src='coremain/images/del1.gif' border='0' title='ลบข้อมูล'></a>";	
}
		echo"</td>";
		echo "</tr>";
		echo "<tr height='20'><td></td><td></td></tr>";
	}

}
echo "</table>";

fieldset_down();
?>


<script language="JavaScript">
<!--
function goURL() {
var blnLink
blnLink = confirm("Click OK เพื่อยืนยันการลบข้อมูล?")
if (!blnLink) { return false; }
return true;
}
//-->	
</script>

<script language="javascript">
function checkadd() {
if(document.add.userfile1.value=="") {
alert("กรุณาเลือกรูปที่จะอัพโหลด") ;
document.add.userfile1.focus() ;
return false ;}
else 
return true ;
}
</script>

Youez - 2016 - github.com/yon3zu
LinuXploit